]> granicus.if.org Git - openssl/commitdiff
Merge from stable branch.
authorDr. Stephen Henson <steve@openssl.org>
Sat, 14 Jun 2008 19:53:04 +0000 (19:53 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sat, 14 Jun 2008 19:53:04 +0000 (19:53 +0000)
155 files changed:
Configure
Makefile.org
Netware/build.bat
Netware/cpy_tests.bat
Netware/do_tests.pl
Netware/set_env.bat
apps/Makefile
apps/apps.c
apps/ca.c
apps/cms.c [new file with mode: 0644]
apps/dsa.c
apps/ocsp.c
apps/progs.h
apps/progs.pl
apps/req.c
apps/rsautl.c
apps/s_client.c
apps/s_server.c
crypto/aes/Makefile
crypto/aes/aes.h
crypto/aes/aes_core.c
crypto/aes/aes_wrap.c [new file with mode: 0644]
crypto/aes/asm/aes-586.pl
crypto/aes/asm/aes-x86_64.pl
crypto/asn1/Makefile
crypto/asn1/a_object.c
crypto/asn1/a_type.c
crypto/asn1/asn1.h
crypto/asn1/asn1_err.c
crypto/asn1/asn1_lib.c
crypto/asn1/asn1t.h
crypto/asn1/asn_mime.c [new file with mode: 0644]
crypto/asn1/tasn_fre.c
crypto/asn1/x_algor.c
crypto/bf/bf_skey.c
crypto/bio/b_sock.c
crypto/bio/bio.h
crypto/bio/bss_dgram.c
crypto/bio/bss_file.c
crypto/bn/asm/x86-mont.pl
crypto/cast/c_skey.c
crypto/cms/Makefile [new file with mode: 0644]
crypto/cms/cms.h [new file with mode: 0644]
crypto/cms/cms_asn1.c [new file with mode: 0644]
crypto/cms/cms_att.c [new file with mode: 0644]
crypto/cms/cms_cd.c [new file with mode: 0644]
crypto/cms/cms_dd.c [new file with mode: 0644]
crypto/cms/cms_enc.c [new file with mode: 0644]
crypto/cms/cms_env.c [new file with mode: 0644]
crypto/cms/cms_err.c [new file with mode: 0644]
crypto/cms/cms_ess.c [new file with mode: 0644]
crypto/cms/cms_io.c [new file with mode: 0644]
crypto/cms/cms_lcl.h [new file with mode: 0644]
crypto/cms/cms_lib.c [new file with mode: 0644]
crypto/cms/cms_sd.c [new file with mode: 0644]
crypto/cms/cms_smime.c [new file with mode: 0644]
crypto/comp/c_zlib.c
crypto/comp/comp.h
crypto/comp/comp_err.c
crypto/des/des.h
crypto/des/des_old.c
crypto/des/des_old.h
crypto/des/set_key.c
crypto/des/xcbc_enc.c
crypto/dsa/dsa_asn1.c
crypto/dsa/dsa_sign.c
crypto/dsa/dsa_vrf.c
crypto/engine/eng_all.c
crypto/engine/eng_err.c
crypto/engine/eng_int.h
crypto/engine/eng_padlock.c
crypto/engine/eng_pkey.c
crypto/engine/eng_table.c
crypto/engine/engine.h
crypto/err/err.h
crypto/err/err_all.c
crypto/err/err_str.c
crypto/err/openssl.ec
crypto/evp/e_camellia.c
crypto/evp/evp_cnf.c
crypto/idea/i_skey.c
crypto/md2/md2_dgst.c
crypto/md4/md4_dgst.c
crypto/md5/md5_dgst.c
crypto/mdc2/mdc2dgst.c
crypto/objects/obj_dat.h
crypto/objects/obj_mac.h
crypto/objects/obj_mac.num
crypto/objects/objects.txt
crypto/ossl_typ.h
crypto/pem/pem.h
crypto/perlasm/x86asm.pl
crypto/perlasm/x86nasm.pl
crypto/perlasm/x86unix.pl
crypto/pkcs12/p12_crt.c
crypto/pkcs7/pk7_mime.c
crypto/rand/md_rand.c
crypto/rand/rand_eng.c
crypto/rand/rand_lib.c
crypto/rc2/rc2_skey.c
crypto/rc4/asm/rc4-586.pl
crypto/rc4/asm/rc4-x86_64.pl
crypto/rc4/rc4_skey.c
crypto/rc5/rc5_skey.c
crypto/ripemd/rmd_dgst.c
crypto/sha/sha1dgst.c
crypto/sha/sha256.c
crypto/sha/sha512.c
crypto/sha/sha_dgst.c
crypto/stack/safestack.h
crypto/x509/x509.h
crypto/x509/x509_att.c
crypto/x86_64cpuid.pl
crypto/x86cpuid.pl
doc/apps/dgst.pod
doc/apps/s_server.pod
doc/apps/verify.pod
doc/c-indentation.el
doc/crypto/ASN1_generate_nconf.pod
engines/Makefile
engines/e_4758cca_err.h
engines/e_aep.c
engines/e_aep_err.h
engines/e_atalla_err.h
engines/e_capi.c [new file with mode: 0644]
engines/e_chil_err.h
engines/e_cswift_err.h
engines/e_gmp.c
engines/e_gmp_err.h
engines/e_nuron_err.h
engines/e_sureware_err.h
engines/e_ubsec_err.h
fips/aes/fips_aesavs.c
fips/des/fips_desmovs.c
fips/dsa/fips_dsatest.c
fips/fips.c
fips/fips.h
fips/fips_test_suite.c
fips/hmac/fips_hmactest.c
ssl/d1_clnt.c
ssl/kssl.c
ssl/s3_clnt.c
ssl/s3_lib.c
ssl/s3_srvr.c
ssl/ssl.h
ssl/ssl_err.c
ssl/ssl_lib.c
ssl/ssl_locl.h
ssl/ssl_rsa.c
ssl/ssl_sess.c
ssl/ssl_stat.c
ssl/t1_lib.c
ssl/tls1.h
util/mk1mf.pl
util/mkdef.pl

index df53a5ffd5e0be0c5f702feb5e1d9933950d0695..fc139153d4a5f6c5c0877ce7b2aae6b5729069bd 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -613,6 +613,8 @@ my $fips=0;
 
 my %disabled = ( # "what"         => "comment"
                  "camellia"       => "default",
+                 "capieng"        => "default",
+                 "cms"            => "default",
                  "gmp"            => "default",
                  "mdc2"           => "default",
                  "rc5"            => "default",
index d77a3e8762c37973a6103571de81d823036fe315..d19385144027d6d2494b1a736ce612b9050b4d76 100644 (file)
@@ -142,7 +142,7 @@ SDIRS=  \
        bn ec rsa dsa ecdsa dh ecdh dso engine \
        buffer bio stack lhash rand err \
        evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
-       store pqueue
+       store cms pqueue
 # keep in mind that the above list is adjusted by ./Configure
 # according to no-xxx arguments...
 
index 50ee7d51d0a76b777958405bf5a51b098762ff2a..823134bda161eb3cd5840fcabf2f3a219dc9f0e9 100644 (file)
@@ -7,8 +7,9 @@ rem   usage:
 rem      build [target] [debug opts] [assembly opts] [configure opts]
 rem
 rem      target        - "netware-clib" - CLib NetWare build (WinSock Sockets)
-rem                    - "netware-libc" - LibC NKS NetWare build (WinSock Sockets)
-rem                    - "netware-libc-bsdsock" - LibC NKS NetWare build (BSD Sockets)
+rem                    - "netware-clib-bsdsock" - CLib NetWare build (BSD Sockets)
+rem                    - "netware-libc" - LibC NetWare build (WinSock Sockets)
+rem                    - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets)
 rem 
 rem      debug opts    - "debug"  - build debug
 rem
@@ -71,10 +72,12 @@ if "%1" == "nw-nasm"  set NO_ASM=
 if "%1" == "nw-nasm"  set ARG_PROCESSED=YES
 if "%1" == "nw-mwasm" set ASM_MODE=nw-mwasm
 if "%1" == "nw-mwasm" set ASSEMBLER=Metrowerks
-if "%1" == "nw-mwasm"  set NO_ASM=
+if "%1" == "nw-mwasm" set NO_ASM=
 if "%1" == "nw-mwasm" set ARG_PROCESSED=YES
 if "%1" == "netware-clib" set BLD_TARGET=netware-clib
 if "%1" == "netware-clib" set ARG_PROCESSED=YES
+if "%1" == "netware-clib-bsdsock" set BLD_TARGET=netware-clib-bsdsock
+if "%1" == "netware-clib-bsdsock" set ARG_PROCESSED=YES
 if "%1" == "netware-libc" set BLD_TARGET=netware-libc
 if "%1" == "netware-libc" set ARG_PROCESSED=YES
 if "%1" == "netware-libc-bsdsock" set BLD_TARGET=netware-libc-bsdsock
@@ -94,6 +97,7 @@ if "%BLD_TARGET%" == "no_target" goto no_target
 rem build the nlm make file name which includes target and debug info
 set NLM_MAKE=
 if "%BLD_TARGET%" == "netware-clib" set NLM_MAKE=netware\nlm_clib
+if "%BLD_TARGET%" == "netware-clib-bsdsock" set NLM_MAKE=netware\nlm_clib_bsdsock
 if "%BLD_TARGET%" == "netware-libc" set NLM_MAKE=netware\nlm_libc
 if "%BLD_TARGET%" == "netware-libc-bsdsock" set NLM_MAKE=netware\nlm_libc_bsdsock
 if "%DEBUG%" == "" set NLM_MAKE=%NLM_MAKE%.mak
@@ -110,7 +114,14 @@ echo Generating x86 for %ASSEMBLER% assembler
 
 echo Bignum
 cd crypto\bn\asm
-perl x86.pl %ASM_MODE% > bn-nw.asm
+rem perl x86.pl %ASM_MODE% > bn-nw.asm
+perl bn-586.pl %ASM_MODE% > bn-nw.asm
+perl co-586.pl %ASM_MODE% > co-nw.asm
+cd ..\..\..
+
+echo AES
+cd crypto\aes\asm
+perl aes-586.pl %ASM_MODE% > a-nw.asm
 cd ..\..\..
 
 echo DES
@@ -160,6 +171,11 @@ cd crypto\rc5\asm
 perl rc5-586.pl %ASM_MODE% > r5-nw.asm
 cd ..\..\..
 
+echo CPUID
+cd crypto
+perl x86cpuid.pl %ASM_MODE% > x86cpuid-nw.asm
+cd ..\
+
 rem ===============================================================
 rem
 :do_config
@@ -176,8 +192,10 @@ echo mk1mf.pl options: %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET%
 echo .
 perl util\mk1mf.pl %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET% >%NLM_MAKE%
 
+make -f %NLM_MAKE% vclean
+echo .
 echo The makefile "%NLM_MAKE%" has been created use your maketool to
-echo build (ex: gmake -f %NLM_MAKE%)
+echo build (ex: make -f %NLM_MAKE%)
 goto end
 
 rem ===============================================================
@@ -189,8 +207,9 @@ echo .
 echo .  usage: build [target] [debug opts] [assembly opts] [configure opts]
 echo .
 echo .     target        - "netware-clib" - CLib NetWare build (WinSock Sockets)
-echo .                   - "netware-libc" - LibC NKS NetWare build (WinSock Sockets)
-echo .                   - "netware-libc-bsdsock" - LibC NKS NetWare build (BSD Sockets)
+echo .                   - "netware-clib-bsdsock" - CLib NetWare build (BSD Sockets)
+echo .                   - "netware-libc" - LibC NetWare build (WinSock Sockets)
+echo .                   - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets)
 echo .
 echo .     debug opts    - "debug"  - build debug
 echo .
index c2f07c00c742fd92bae2b0954d0cf69264e047e2..1583f28067f8cb936254e40deabc815f9f4f254f 100644 (file)
@@ -73,6 +73,7 @@ copy %loc%\test\testsid.pem   %2\openssl\test\
 copy %loc%\test\testx509.pem  %2\openssl\test\
 copy %loc%\test\v3-cert1.pem  %2\openssl\test\
 copy %loc%\test\v3-cert2.pem  %2\openssl\test\
+copy %loc%\crypto\evp\evptests.txt %2\openssl\test\
 
 rem   copy the apps directory stuff
 copy %loc%\apps\client.pem    %2\openssl\apps\
index 0be0838a13b3576714f2643d89aae941e01ea72d..ac482dbe2b8daa234177a17d8d8c0693e931dbb8 100644 (file)
@@ -34,12 +34,17 @@ sub main()
    # delete all the output files in the output directory
    unlink <$output_path\\*.*>;
 
-   # open the main log file 
+   # open the main log file
    open(OUT, ">$log_file") || die "unable to open $log_file\n";
 
-   
+   print( OUT "========================================================\n");
+   my $outFile = "$output_path\\version.out";
+   system("openssl2 version (CLIB_OPT)/>$outFile");
+   log_output("CHECKING FOR OPENSSL VERSION:", $outFile);
+
    algorithm_tests();
    encryption_tests();
+   evp_tests();
    pem_tests();
    verify_tests();
    ca_tests();
@@ -56,9 +61,10 @@ sub algorithm_tests
 {
    my $i;
    my $outFile;
-   my @tests = ( rsa_test, destest, ideatest, bftest, shatest, sha1test,
-                 md5test, dsatest, md2test, mdc2test, rc2test, rc4test, randtest,
-                 dhtest, exptest );
+   my @tests = ( rsa_test, destest, ideatest, bftest, bntest, shatest, sha1test,
+                 sha256t, sha512t, dsatest, md2test, md4test, md5test, mdc2test,
+                 rc2test, rc4test, rc5test, randtest, rmdtest, dhtest, ecdhtest,
+                 ecdsatest, ectest, exptest, casttest, hmactest );
 
    print( "\nRUNNING CRYPTO ALGORITHM TESTS:\n\n");
 
@@ -68,16 +74,16 @@ sub algorithm_tests
    foreach $i (@tests)
    {
       if (-e "$base_path\\$i.nlm")
-         {
+      {
          $outFile = "$output_path\\$i.out";
-         system("$i $outFile");
+         system("$i (CLIB_OPT)/>$outFile");
          log_desc("Test: $i\.nlm:");
          log_output("", $outFile );
-         }
-         else
-         {
+      }
+      else
+      {
          log_desc("Test: $i\.nlm: file not found");
-         }
+      }
    }
 }
 
@@ -109,24 +115,24 @@ sub encryption_tests
 
       # do encryption
       $outFile = "$output_path\\enc.out";
-      system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher $outFile" );
+      system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile" );
       log_output("Encrypting: $input --> $cipher", $outFile);
 
       # do decryption
       $outFile = "$output_path\\dec.out";
-      system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear $outFile");
+      system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile");
       log_output("Decrypting: $cipher --> $clear", $outFile);
 
       # compare files
       $x = compare_files( $input, $clear, 1);
       if ( $x == 0 )
       {
-         print( "SUCCESS - files match: $input, $clear\n");
+         print( "\rSUCCESS - files match: $input, $clear\n");
          print( OUT "SUCCESS - files match: $input, $clear\n");
       }
       else
       {
-         print( "ERROR: files don't match\n");
+         print( "\rERROR: files don't match\n");
          print( OUT "ERROR: files don't match\n");
       }
 
@@ -136,24 +142,24 @@ sub encryption_tests
 
       # do encryption B64
       $outFile = "$output_path\\B64enc.out";
-      system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher $outFile");
+      system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile");
       log_output("Encrypting(B64): $cipher --> $clear", $outFile);
 
       # do decryption B64
       $outFile = "$output_path\\B64dec.out";
-      system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear $outFile");
+      system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile");
       log_output("Decrypting(B64): $cipher --> $clear", $outFile);
 
       # compare files
       $x = compare_files( $input, $clear, 1);
       if ( $x == 0 )
       {
-         print( "SUCCESS - files match: $input, $clear\n");
+         print( "\rSUCCESS - files match: $input, $clear\n");
          print( OUT "SUCCESS - files match: $input, $clear\n");
       }
       else
       {
-         print( "ERROR: files don't match\n");
+         print( "\rERROR: files don't match\n");
          print( OUT "ERROR: files don't match\n");
       }
 
@@ -199,24 +205,24 @@ sub pem_tests
 
       if ($i ne "req" )
       {
-         system("openssl2 $i -in $input -out $tmp_out $outFile");
+         system("openssl2 $i -in $input -out $tmp_out (CLIB_OPT)/>$outFile");
          log_output( "openssl2 $i -in $input -out $tmp_out", $outFile);
       }
       else
       {
-         system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config $outFile");
+         system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config (CLIB_OPT)/>$outFile");
          log_output( "openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config", $outFile );
       }
 
       $x = compare_files( $input, $tmp_out);
       if ( $x == 0 )
       {
-         print( "SUCCESS - files match: $input, $tmp_out\n");
+         print( "\rSUCCESS - files match: $input, $tmp_out\n");
          print( OUT "SUCCESS - files match: $input, $tmp_out\n");
       }
       else
       {
-         print( "ERROR: files don't match\n");
+         print( "\rERROR: files don't match\n");
          print( OUT "ERROR: files don't match\n");
       }
       do_wait();
@@ -231,7 +237,8 @@ sub verify_tests
    my $i;
    my $outFile = "$output_path\\verify.out";
 
-   my @cert_files = <$cert_path\\*.pem>;
+   $cert_path =~ s/\\/\//g;
+   my @cert_files = <$cert_path/*.pem>;
 
    print( "\nRUNNING VERIFY TESTS:\n\n");
 
@@ -242,7 +249,7 @@ sub verify_tests
 
    foreach $i (@cert_files)
    {
-      system("openssl2 verify -CAfile $tmp_cert $i >$outFile");
+      system("openssl2 verify -CAfile $tmp_cert $i (CLIB_OPT)/>$outFile");
       log_desc("Verifying cert: $i");
       log_output("openssl2 verify -CAfile $tmp_cert $i", $outFile);
    }
@@ -263,103 +270,103 @@ sub ssl_tests
    print( OUT "\n========================================================\n");
    print( OUT "SSL TESTS:\n\n");
 
-   system("ssltest -ssl2 >$outFile");
+   system("ssltest -ssl2 (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv2:");
    log_output("ssltest -ssl2", $outFile);
 
-   system("$ssltest -ssl2 -server_auth >$outFile");
+   system("$ssltest -ssl2 -server_auth (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv2 with server authentication:");
    log_output("$ssltest -ssl2 -server_auth", $outFile);
 
-   system("$ssltest -ssl2 -client_auth >$outFile");
+   system("$ssltest -ssl2 -client_auth (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv2 with client authentication:");
    log_output("$ssltest -ssl2 -client_auth", $outFile);
 
-   system("$ssltest -ssl2 -server_auth -client_auth >$outFile");
+   system("$ssltest -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv2 with both client and server authentication:");
    log_output("$ssltest -ssl2 -server_auth -client_auth", $outFile);
 
-   system("ssltest -ssl3 >$outFile");
+   system("ssltest -ssl3 (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv3:");
    log_output("ssltest -ssl3", $outFile);
 
-   system("$ssltest -ssl3 -server_auth >$outFile");
+   system("$ssltest -ssl3 -server_auth (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv3 with server authentication:");
    log_output("$ssltest -ssl3 -server_auth", $outFile);
 
-   system("$ssltest -ssl3 -client_auth >$outFile");
+   system("$ssltest -ssl3 -client_auth (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv3 with client authentication:");
    log_output("$ssltest -ssl3 -client_auth", $outFile);
 
-   system("$ssltest -ssl3 -server_auth -client_auth >$outFile");
+   system("$ssltest -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv3 with both client and server authentication:");
    log_output("$ssltest -ssl3 -server_auth -client_auth", $outFile);
 
-   system("ssltest >$outFile");
+   system("ssltest (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv2/sslv3:");
    log_output("ssltest", $outFile);
 
-   system("$ssltest -server_auth >$outFile");
+   system("$ssltest -server_auth (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv2/sslv3 with server authentication:");
    log_output("$ssltest -server_auth", $outFile);
 
-   system("$ssltest -client_auth >$outFile");
+   system("$ssltest -client_auth (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv2/sslv3 with client authentication:");
    log_output("$ssltest -client_auth ", $outFile);
 
-   system("$ssltest -server_auth -client_auth >$outFile");
+   system("$ssltest -server_auth -client_auth (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv2/sslv3 with both client and server authentication:");
    log_output("$ssltest -server_auth -client_auth", $outFile);
 
-   system("ssltest -bio_pair -ssl2 >$outFile");
+   system("ssltest -bio_pair -ssl2 (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv2 via BIO pair:");
    log_output("ssltest -bio_pair -ssl2", $outFile);
 
-   system("ssltest -bio_pair -dhe1024dsa -v >$outFile");
+   system("ssltest -bio_pair -dhe1024dsa -v (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:");
    log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile);
 
-   system("$ssltest -bio_pair -ssl2 -server_auth >$outFile");
+   system("$ssltest -bio_pair -ssl2 -server_auth (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv2 with server authentication via BIO pair:");
    log_output("$ssltest -bio_pair -ssl2 -server_auth", $outFile);
 
-   system("$ssltest -bio_pair -ssl2 -client_auth >$outFile");
+   system("$ssltest -bio_pair -ssl2 -client_auth (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv2 with client authentication via BIO pair:");
    log_output("$ssltest -bio_pair -ssl2 -client_auth", $outFile);
 
-   system("$ssltest -bio_pair -ssl2 -server_auth -client_auth >$outFile");
+   system("$ssltest -bio_pair -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv2 with both client and server authentication via BIO pair:");
    log_output("$ssltest -bio_pair -ssl2 -server_auth -client_auth", $outFile);
 
-   system("ssltest -bio_pair -ssl3 >$outFile");
+   system("ssltest -bio_pair -ssl3 (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv3 via BIO pair:");
    log_output("ssltest -bio_pair -ssl3", $outFile);
 
-   system("$ssltest -bio_pair -ssl3 -server_auth >$outFile");
+   system("$ssltest -bio_pair -ssl3 -server_auth (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv3 with server authentication via BIO pair:");
    log_output("$ssltest -bio_pair -ssl3 -server_auth", $outFile);
 
-   system("$ssltest -bio_pair -ssl3 -client_auth >$outFile");
+   system("$ssltest -bio_pair -ssl3 -client_auth (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv3 with client authentication  via BIO pair:");
    log_output("$ssltest -bio_pair -ssl3 -client_auth", $outFile);
 
-   system("$ssltest -bio_pair -ssl3 -server_auth -client_auth >$outFile");
+   system("$ssltest -bio_pair -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv3 with both client and server authentication via BIO pair:");
    log_output("$ssltest -bio_pair -ssl3 -server_auth -client_auth", $outFile);
 
-   system("ssltest -bio_pair >$outFile");
+   system("ssltest -bio_pair (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv2/sslv3 via BIO pair:");
    log_output("ssltest -bio_pair", $outFile);
 
-   system("$ssltest -bio_pair -server_auth >$outFile");
+   system("$ssltest -bio_pair -server_auth (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv2/sslv3 with server authentication via BIO pair:");
    log_output("$ssltest -bio_pair -server_auth", $outFile);
 
-   system("$ssltest -bio_pair -client_auth >$outFile");
+   system("$ssltest -bio_pair -client_auth (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv2/sslv3 with client authentication via BIO pair:");
    log_output("$ssltest -bio_pair -client_auth", $outFile);
 
-   system("$ssltest -bio_pair -server_auth -client_auth >$outFile");
+   system("$ssltest -bio_pair -server_auth -client_auth (CLIB_OPT)/>$outFile");
    log_desc("Testing sslv2/sslv3 with both client and server authentication via BIO pair:");
    log_output("$ssltest -bio_pair -server_auth -client_auth", $outFile);
 }
@@ -389,43 +396,43 @@ sub ca_tests
    print( OUT "\n========================================================\n");
    print( OUT "CA TESTS:\n");
 
-   system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new >$outFile");
+   system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new (CLIB_OPT)/>$outFile");
    log_desc("Make a certificate request using req:");
    log_output("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new", $outFile);
 
-   system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey >$outFile");
+   system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey (CLIB_OPT)/>$outFile");
    log_desc("Convert the certificate request into a self signed certificate using x509:");
    log_output("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey", $outFile);
 
-   system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >$outFile");
+   system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 (CLIB_OPT)/>$outFile");
    log_desc("Convert a certificate into a certificate request using 'x509':");
    log_output("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2", $outFile);
 
-   system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout >$outFile");
+   system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout (CLIB_OPT)/>$outFile");
    log_output("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout", $outFile);
 
-   system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout >$outFile");
+   system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout (CLIB_OPT)/>$outFile");
    log_output( "openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout", $outFile);
 
-   system("openssl2 verify -CAfile $CAcert $CAcert >$outFile");
+   system("openssl2 verify -CAfile $CAcert $CAcert (CLIB_OPT)/>$outFile");
    log_output("openssl2 verify -CAfile $CAcert $CAcert", $outFile);
 
-   system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new >$outFile");
+   system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new (CLIB_OPT)/>$outFile");
    log_desc("Make another certificate request using req:");
    log_output("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new", $outFile);
 
-   system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial >$outFile");
+   system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial (CLIB_OPT)/>$outFile");
    log_desc("Sign certificate request with the just created CA via x509:");
    log_output("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial", $outFile);
 
-   system("openssl2 verify -CAfile $CAcert $Ucert >$outFile");
+   system("openssl2 verify -CAfile $CAcert $Ucert (CLIB_OPT)/>$outFile");
    log_output("openssl2 verify -CAfile $CAcert $Ucert", $outFile);
 
-   system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert >$outFile");
+   system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert (CLIB_OPT)/>$outFile");
    log_desc("Certificate details");
    log_output("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert", $outFile);
 
-   print(OUT "-- \n");
+   print(OUT "--\n");
    print(OUT "The generated CA certificate is $CAcert\n");
    print(OUT "The generated CA private key is $CAkey\n");
    print(OUT "The current CA signing serial number is in $CAserial\n");
@@ -435,6 +442,29 @@ sub ca_tests
    print(OUT "--\n");
 }
 
+############################################################################
+sub evp_tests
+{
+   my $i = 'evp_test';
+
+   print( "\nRUNNING EVP TESTS:\n\n");
+
+   print( OUT "\n========================================================\n");
+   print( OUT "EVP TESTS:\n\n");
+
+   if (-e "$base_path\\$i.nlm")
+   {
+       my $outFile = "$output_path\\$i.out";
+       system("$i $test_path\\evptests.txt (CLIB_OPT)/>$outFile");
+       log_desc("Test: $i\.nlm:");
+       log_output("", $outFile );
+   }
+   else
+   {
+       log_desc("Test: $i\.nlm: file not found");
+   }
+}
+
 ############################################################################
 sub log_output( $ $ )
 {
@@ -445,7 +475,7 @@ sub log_output( $ $ )
 
    if ($desc)
    {
-      print("$desc\n");
+      print("\r$desc\n");
       print(OUT "$desc\n");
    }
 
@@ -457,8 +487,8 @@ sub log_output( $ $ )
       # copy test output to log file
    open(IN, "<$file");
    while (<IN>)
-   { 
-      print(OUT $_); 
+   {
+      print(OUT $_);
       if ( $_ =~ /ERROR/ )
       {
          $error = 1;
@@ -485,13 +515,13 @@ sub log_output( $ $ )
       $key = getc;
       print("\n");
    }
-      
-      # Several of the testing scripts run a loop loading the 
+
+      # Several of the testing scripts run a loop loading the
       # same NLM with different options.
-      # On slow NetWare machines there appears to be some delay in the 
+      # On slow NetWare machines there appears to be some delay in the
       # OS actually unloading the test nlms and the OS complains about.
-      # the NLM already being loaded.  This additional pause is to 
-      # to help provide a little more time for unloading before trying to 
+      # the NLM already being loaded.  This additional pause is to
+      # to help provide a little more time for unloading before trying to
       # load again.
    sleep(1);
 }
@@ -562,7 +592,7 @@ sub do_wait()
 ############################################################################
 sub make_tmp_cert_file()
 {
-   my @cert_files = <$cert_path\\*.pem>;
+   my @cert_files = <$cert_path/*.pem>;
 
       # delete the file if it already exists
    unlink($tmp_cert);
@@ -570,7 +600,7 @@ sub make_tmp_cert_file()
    open( TMP_CERT, ">$tmp_cert") || die "\nunable to open $tmp_cert\n";
 
    print("building temporary cert file\n");
-   
+
    # create a temporary cert file that contains all the certs
    foreach $i (@cert_files)
    {
index e9012e340919d82592886593363f46fc59c78295..ace024e529c509815e01f8c58453808098f93819 100644 (file)
@@ -16,75 +16,97 @@ if "a%1" == "a" goto usage
                
 set LIBC_BUILD=
 set CLIB_BUILD=
+set GNUC=
 
 if "%1" == "netware-clib" set CLIB_BUILD=Y
 if "%1" == "netware-clib" set LIBC_BUILD=
 
-if "%1" == "netware-libc"  set LIBC_BUILD=Y
-if "%1" == "netware-libc"  set CLIB_BUILD=
+if "%1" == "netware-libc" set LIBC_BUILD=Y
+if "%1" == "netware-libc" set CLIB_BUILD=
+
+if "%2" == "gnuc" set GNUC=Y
+if "%2" == "codewarrior" set GNUC=
 
 rem   Location of tools (compiler, linker, etc)
-set TOOLS=d:\i_drive\tools
+if "%NDKBASE%" == "" set NDKBASE=c:\Novell
 
 rem   If Perl for Win32 is not already in your path, add it here
 set PERL_PATH=
 
 rem   Define path to the Metrowerks command line tools
+rem   or GNU Crosscompiler gcc / nlmconv
 rem   ( compiler, assembler, linker)
-set METROWERKS_PATH=%TOOLS%\codewar\pdk_21\tools\command line tools
-rem set METROWERKS_PATH=%TOOLS%\codewar\PDK_40\Other Metrowerks Tools\Command Line Tools
+if "%GNUC%" == "Y" set COMPILER_PATH=c:\usr\i586-netware\bin;c:\usr\bin
+if "%GNUC%" == "" set COMPILER_PATH=c:\prg\cwcmdl40
 
 rem   If using gnu make define path to utility
-set GNU_MAKE_PATH=%TOOLS%\gnu
+rem set GNU_MAKE_PATH=%NDKBASE%\gnu
+set GNU_MAKE_PATH=c:\prg\tools
 
 rem   If using ms nmake define path to nmake
-set MS_NMAKE_PATH=%TOOLS%\msvc\600\bin
+rem set MS_NMAKE_PATH=%NDKBASE%\msvc\600\bin
 
 rem   If using NASM assembler define path
-set NASM_PATH=%TOOLS%\nasm
+rem set NASM_PATH=%NDKBASE%\nasm
+set NASM_PATH=c:\prg\tools
 
 rem   Update path to include tool paths
-set path=%path%;%METROWERKS_PATH%
+set path=%path%;%COMPILER_PATH%
 if not "%GNU_MAKE_PATH%" == "" set path=%path%;%GNU_MAKE_PATH%
 if not "%MS_NMAKE_PATH%" == "" set path=%path%;%MS_NMAKE_PATH%
 if not "%NASM_PATH%"     == "" set path=%path%;%NASM_PATH%
 if not "%PERL_PATH%"     == "" set path=%path%;%PERL_PATH%
 
-rem   Set MWCIncludes to location of Novell NDK includes
-if "%LIBC_BUILD%" == "Y" set MWCIncludes=%TOOLS%\ndk\libc\include;%TOOLS%\ndk\libc\include\winsock;.\engines
-if "%CLIB_BUILD%" == "Y" set MWCIncludes=%TOOLS%\ndk\nwsdk\include\nlm;.\engines
-set include=
+rem   Set INCLUDES to location of Novell NDK includes
+if "%LIBC_BUILD%" == "Y" set INCLUDE=%NDKBASE%\ndk\libc\include;%NDKBASE%\ndk\libc\include\winsock
+if "%CLIB_BUILD%" == "Y" set INCLUDE=%NDKBASE%\ndk\nwsdk\include\nlm;%NDKBASE%\ws295sdk\include
 
 rem   Set Imports to location of Novell NDK import files
-if "%LIBC_BUILD%" == "Y" set IMPORTS=%TOOLS%\ndk\libc\imports
-if "%CLIB_BUILD%" == "Y" set IMPORTS=%TOOLS%\ndk\nwsdk\imports
+if "%LIBC_BUILD%" == "Y" set IMPORTS=%NDKBASE%\ndk\libc\imports
+if "%CLIB_BUILD%" == "Y" set IMPORTS=%NDKBASE%\ndk\nwsdk\imports
 
 rem   Set PRELUDE to the absolute path of the prelude object to link with in
 rem   the Metrowerks NetWare PDK - NOTE: for Clib builds "clibpre.o" is 
 rem   recommended, for LibC NKS builds libcpre.o must be used
+if "%GNUC%" == "Y" goto gnuc
 if "%LIBC_BUILD%" == "Y" set PRELUDE=%IMPORTS%\libcpre.o
-if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\clibpre.o
+rem if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\clibpre.o
+if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\prelude.o
+echo using MetroWerks CodeWarrior 
+goto info
+
+:gnuc
+if "%LIBC_BUILD%" == "Y" set PRELUDE=%IMPORTS%\libcpre.gcc.o
+rem if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\clibpre.gcc.o
+if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\prelude.gcc.o
+echo using GNU GCC Compiler 
 
+:info
+echo.
 
 if "%LIBC_BUILD%" == "Y" echo Enviroment configured for LibC build
 if "%LIBC_BUILD%" == "Y" echo use "netware\build.bat netware-libc ..." 
 
 if "%CLIB_BUILD%" == "Y" echo Enviroment configured for CLib build
 if "%CLIB_BUILD%" == "Y" echo use "netware\build.bat netware-clib ..." 
+
 goto end
 
 :usage
 rem ===============================================================
-echo .
-echo . No target build specified!
-echo .
-echo . usage: set_env [target]
-echo .
-echo .   target      - "netware-clib" - Clib build
-echo .               - "netware-libc" - LibC build
-echo .
-
-
+echo.
+echo No target build specified!
+echo.
+echo usage: set_env [target] [compiler]
+echo.
+echo target      - "netware-clib" - Clib build
+echo             - "netware-libc" - LibC build
+echo.
+echo compiler    - "gnuc"         - GNU GCC Compiler
+echo             - "codewarrior"  - MetroWerks CodeWarrior (default)
+echo.
 
 :end
+echo.
+
 
index e00e7a6cc56f61dc4d394a6bfba25535dc1584e3..e2bc2e2492ac8c1dcee0be84f3f1fb6474d73037 100644 (file)
@@ -38,7 +38,7 @@ EXE= $(PROGRAM)$(EXE_EXT)
 E_EXE= verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
        ca crl rsa rsautl dsa dsaparam ec ecparam \
        x509 genrsa gendsa s_server s_client speed \
-       s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
+       s_time version pkcs7 cms crl2pkcs7 sess_id ciphers nseq pkcs12 \
        pkcs8 spkac smime rand engine ocsp prime
 
 PROGS= $(PROGRAM).c
@@ -56,7 +56,7 @@ E_OBJ=        verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o er
        x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
        s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
        ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o \
-       ocsp.o prime.o
+       ocsp.o prime.o cms.o
 
 E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
        pkcs7.c crl2p7.c crl.c \
@@ -64,7 +64,7 @@ E_SRC=        verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.
        x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
        s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
        ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c \
-       ocsp.c prime.c
+       ocsp.c prime.c cms.c
 
 SRC=$(E_SRC)
 
index 613c3ba4955c411bbbc25e7b9fe15442d90d9113..5209caba2e2149595316e07555aaaa4764b1f62e 100644 (file)
@@ -2010,7 +2010,7 @@ int parse_yesno(const char *str, int def)
                case 'y': /* yes */
                case 'Y': /* YES */
                case '1': /* 1 */
-                       ret = 0;
+                       ret = 1;
                        break;
                default:
                        ret = def;
index e9d79def61d7086990d10d5b404d7089f271db3c..87f0405f5d57535c320133d737616d0d0a4bd405 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -2882,13 +2882,22 @@ int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
        p=(char *)str->data;
        for (j=str->length; j>0; j--)
                {
+#ifdef CHARSET_EBCDIC
+               if ((*p >= 0x20) && (*p <= 0x7e))
+                       BIO_printf(bp,"%c",os_toebcdic[*p]);
+#else
                if ((*p >= ' ') && (*p <= '~'))
                        BIO_printf(bp,"%c",*p);
+#endif
                else if (*p & 0x80)
                        BIO_printf(bp,"\\0x%02X",*p);
                else if ((unsigned char)*p == 0xf7)
                        BIO_printf(bp,"^?");
+#ifdef CHARSET_EBCDIC
+               else    BIO_printf(bp,"^%c",os_toebcdic[*p+0x40]);
+#else
                else    BIO_printf(bp,"^%c",*p+'@');
+#endif
                p++;
                }
        BIO_printf(bp,"'\n");
diff --git a/apps/cms.c b/apps/cms.c
new file mode 100644 (file)
index 0000000..6d227ac
--- /dev/null
@@ -0,0 +1,1347 @@
+/* apps/cms.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+/* CMS utility function */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+
+#ifndef OPENSSL_NO_CMS
+
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/x509_vfy.h>
+#include <openssl/x509v3.h>
+#include <openssl/cms.h>
+
+#undef PROG
+#define PROG cms_main
+static int save_certs(char *signerfile, STACK_OF(X509) *signers);
+static int cms_cb(int ok, X509_STORE_CTX *ctx);
+static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
+static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst,
+                                                               STACK *rr_from);
+
+#define SMIME_OP       0x10
+#define SMIME_IP       0x20
+#define SMIME_SIGNERS  0x40
+#define SMIME_ENCRYPT          (1 | SMIME_OP)
+#define SMIME_DECRYPT          (2 | SMIME_IP)
+#define SMIME_SIGN             (3 | SMIME_OP | SMIME_SIGNERS)
+#define SMIME_VERIFY           (4 | SMIME_IP)
+#define SMIME_CMSOUT           (5 | SMIME_IP | SMIME_OP)
+#define SMIME_RESIGN           (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
+#define SMIME_DATAOUT          (7 | SMIME_IP)
+#define SMIME_DATA_CREATE      (8 | SMIME_OP)
+#define SMIME_DIGEST_VERIFY    (9 | SMIME_IP)
+#define SMIME_DIGEST_CREATE    (10 | SMIME_OP)
+#define SMIME_UNCOMPRESS       (11 | SMIME_IP)
+#define SMIME_COMPRESS         (12 | SMIME_OP)
+#define SMIME_ENCRYPTED_DECRYPT        (13 | SMIME_IP)
+#define SMIME_ENCRYPTED_ENCRYPT        (14 | SMIME_OP)
+#define SMIME_SIGN_RECEIPT     (15 | SMIME_IP | SMIME_OP)
+#define SMIME_VERIFY_RECEIPT   (16 | SMIME_IP)
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+       {
+       ENGINE *e = NULL;
+       int operation = 0;
+       int ret = 0;
+       char **args;
+       const char *inmode = "r", *outmode = "w";
+       char *infile = NULL, *outfile = NULL, *rctfile = NULL;
+       char *signerfile = NULL, *recipfile = NULL;
+       STACK *sksigners = NULL, *skkeys = NULL;
+       char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
+       char *certsoutfile = NULL;
+       const EVP_CIPHER *cipher = NULL;
+       CMS_ContentInfo *cms = NULL, *rcms = NULL;
+       X509_STORE *store = NULL;
+       X509 *cert = NULL, *recip = NULL, *signer = NULL;
+       EVP_PKEY *key = NULL;
+       STACK_OF(X509) *encerts = NULL, *other = NULL;
+       BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL;
+       int badarg = 0;
+       int flags = CMS_DETACHED;
+       int rr_print = 0, rr_allorfirst = -1;
+       STACK *rr_to = NULL, *rr_from = NULL;
+       CMS_ReceiptRequest *rr = NULL;
+       char *to = NULL, *from = NULL, *subject = NULL;
+       char *CAfile = NULL, *CApath = NULL;
+       char *passargin = NULL, *passin = NULL;
+       char *inrand = NULL;
+       int need_rand = 0;
+       const EVP_MD *sign_md = NULL;
+       int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
+        int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
+#ifndef OPENSSL_NO_ENGINE
+       char *engine=NULL;
+#endif
+       unsigned char *secret_key = NULL, *secret_keyid = NULL;
+       size_t secret_keylen = 0, secret_keyidlen = 0;
+
+       ASN1_OBJECT *econtent_type = NULL;
+
+       X509_VERIFY_PARAM *vpm = NULL;
+
+       args = argv + 1;
+       ret = 1;
+
+       apps_startup();
+
+       if (bio_err == NULL)
+               {
+               if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+                       BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+               }
+
+       if (!load_config(bio_err, NULL))
+               goto end;
+
+       while (!badarg && *args && *args[0] == '-')
+               {
+               if (!strcmp (*args, "-encrypt"))
+                       operation = SMIME_ENCRYPT;
+               else if (!strcmp (*args, "-decrypt"))
+                       operation = SMIME_DECRYPT;
+               else if (!strcmp (*args, "-sign"))
+                       operation = SMIME_SIGN;
+               else if (!strcmp (*args, "-sign_receipt"))
+                       operation = SMIME_SIGN_RECEIPT;
+               else if (!strcmp (*args, "-resign"))
+                       operation = SMIME_RESIGN;
+               else if (!strcmp (*args, "-verify"))
+                       operation = SMIME_VERIFY;
+               else if (!strcmp(*args,"-verify_receipt"))
+                       {
+                       operation = SMIME_VERIFY_RECEIPT;
+                       if (!args[1])
+                               goto argerr;
+                       args++;
+                       rctfile = *args;
+                       }
+               else if (!strcmp (*args, "-cmsout"))
+                       operation = SMIME_CMSOUT;
+               else if (!strcmp (*args, "-data_out"))
+                       operation = SMIME_DATAOUT;
+               else if (!strcmp (*args, "-data_create"))
+                       operation = SMIME_DATA_CREATE;
+               else if (!strcmp (*args, "-digest_verify"))
+                       operation = SMIME_DIGEST_VERIFY;
+               else if (!strcmp (*args, "-digest_create"))
+                       operation = SMIME_DIGEST_CREATE;
+               else if (!strcmp (*args, "-compress"))
+                       operation = SMIME_COMPRESS;
+               else if (!strcmp (*args, "-uncompress"))
+                       operation = SMIME_UNCOMPRESS;
+               else if (!strcmp (*args, "-EncryptedData_decrypt"))
+                       operation = SMIME_ENCRYPTED_DECRYPT;
+               else if (!strcmp (*args, "-EncryptedData_encrypt"))
+                       operation = SMIME_ENCRYPTED_ENCRYPT;
+#ifndef OPENSSL_NO_DES
+               else if (!strcmp (*args, "-des3")) 
+                               cipher = EVP_des_ede3_cbc();
+               else if (!strcmp (*args, "-des")) 
+                               cipher = EVP_des_cbc();
+#endif
+#ifndef OPENSSL_NO_SEED
+               else if (!strcmp (*args, "-seed")) 
+                               cipher = EVP_seed_cbc();
+#endif
+#ifndef OPENSSL_NO_RC2
+               else if (!strcmp (*args, "-rc2-40")) 
+                               cipher = EVP_rc2_40_cbc();
+               else if (!strcmp (*args, "-rc2-128")) 
+                               cipher = EVP_rc2_cbc();
+               else if (!strcmp (*args, "-rc2-64")) 
+                               cipher = EVP_rc2_64_cbc();
+#endif
+#ifndef OPENSSL_NO_AES
+               else if (!strcmp(*args,"-aes128"))
+                               cipher = EVP_aes_128_cbc();
+               else if (!strcmp(*args,"-aes192"))
+                               cipher = EVP_aes_192_cbc();
+               else if (!strcmp(*args,"-aes256"))
+                               cipher = EVP_aes_256_cbc();
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+               else if (!strcmp(*args,"-camellia128"))
+                               cipher = EVP_camellia_128_cbc();
+               else if (!strcmp(*args,"-camellia192"))
+                               cipher = EVP_camellia_192_cbc();
+               else if (!strcmp(*args,"-camellia256"))
+                               cipher = EVP_camellia_256_cbc();
+#endif
+               else if (!strcmp (*args, "-text")) 
+                               flags |= CMS_TEXT;
+               else if (!strcmp (*args, "-nointern")) 
+                               flags |= CMS_NOINTERN;
+               else if (!strcmp (*args, "-noverify") 
+                       || !strcmp (*args, "-no_signer_cert_verify")) 
+                               flags |= CMS_NO_SIGNER_CERT_VERIFY;
+               else if (!strcmp (*args, "-nocerts")) 
+                               flags |= CMS_NOCERTS;
+               else if (!strcmp (*args, "-noattr")) 
+                               flags |= CMS_NOATTR;
+               else if (!strcmp (*args, "-nodetach")) 
+                               flags &= ~CMS_DETACHED;
+               else if (!strcmp (*args, "-nosmimecap"))
+                               flags |= CMS_NOSMIMECAP;
+               else if (!strcmp (*args, "-binary"))
+                               flags |= CMS_BINARY;
+               else if (!strcmp (*args, "-keyid"))
+                               flags |= CMS_USE_KEYID;
+               else if (!strcmp (*args, "-nosigs"))
+                               flags |= CMS_NOSIGS;
+               else if (!strcmp (*args, "-no_content_verify"))
+                               flags |= CMS_NO_CONTENT_VERIFY;
+               else if (!strcmp (*args, "-no_attr_verify"))
+                               flags |= CMS_NO_ATTR_VERIFY;
+               else if (!strcmp (*args, "-stream"))
+                               {
+                               args++;
+                               continue;
+                               }
+               else if (!strcmp (*args, "-indef"))
+                               {
+                               args++;
+                               continue;
+                               }
+               else if (!strcmp (*args, "-noindef"))
+                               flags &= ~CMS_STREAM;
+               else if (!strcmp (*args, "-nooldmime"))
+                               flags |= CMS_NOOLDMIMETYPE;
+               else if (!strcmp (*args, "-crlfeol"))
+                               flags |= CMS_CRLFEOL;
+               else if (!strcmp (*args, "-receipt_request_print"))
+                               rr_print = 1;
+               else if (!strcmp (*args, "-receipt_request_all"))
+                               rr_allorfirst = 0;
+               else if (!strcmp (*args, "-receipt_request_first"))
+                               rr_allorfirst = 1;
+               else if (!strcmp(*args,"-receipt_request_from"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       args++;
+                       if (!rr_from)
+                               rr_from = sk_new_null();
+                       sk_push(rr_from, *args);
+                       }
+               else if (!strcmp(*args,"-receipt_request_to"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       args++;
+                       if (!rr_to)
+                               rr_to = sk_new_null();
+                       sk_push(rr_to, *args);
+                       }
+               else if (!strcmp(*args,"-secretkey"))
+                       {
+                       long ltmp;
+                       if (!args[1])
+                               goto argerr;
+                       args++;
+                       secret_key = string_to_hex(*args, &ltmp);
+                       if (!secret_key)
+                               {
+                               BIO_printf(bio_err, "Invalid key %s\n", *args);
+                               goto argerr;
+                               }
+                       secret_keylen = (size_t)ltmp;
+                       }
+               else if (!strcmp(*args,"-secretkeyid"))
+                       {
+                       long ltmp;
+                       if (!args[1])
+                               goto argerr;
+                       args++;
+                       secret_keyid = string_to_hex(*args, &ltmp);
+                       if (!secret_keyid)
+                               {
+                               BIO_printf(bio_err, "Invalid id %s\n", *args);
+                               goto argerr;
+                               }
+                       secret_keyidlen = (size_t)ltmp;
+                       }
+               else if (!strcmp(*args,"-econtent_type"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       args++;
+                       econtent_type = OBJ_txt2obj(*args, 0);
+                       if (!econtent_type)
+                               {
+                               BIO_printf(bio_err, "Invalid OID %s\n", *args);
+                               goto argerr;
+                               }
+                       }
+               else if (!strcmp(*args,"-rand"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       args++;
+                       inrand = *args;
+                       need_rand = 1;
+                       }
+#ifndef OPENSSL_NO_ENGINE
+               else if (!strcmp(*args,"-engine"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       engine = *++args;
+                       }
+#endif
+               else if (!strcmp(*args,"-passin"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       passargin = *++args;
+                       }
+               else if (!strcmp (*args, "-to"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       to = *++args;
+                       }
+               else if (!strcmp (*args, "-from"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       from = *++args;
+                       }
+               else if (!strcmp (*args, "-subject"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       subject = *++args;
+                       }
+               else if (!strcmp (*args, "-signer"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       /* If previous -signer argument add signer to list */
+
+                       if (signerfile)
+                               {
+                               if (!sksigners)
+                                       sksigners = sk_new_null();
+                               sk_push(sksigners, signerfile);
+                               if (!keyfile)
+                                       keyfile = signerfile;
+                               if (!skkeys)
+                                       skkeys = sk_new_null();
+                               sk_push(skkeys, keyfile);
+                               keyfile = NULL;
+                               }
+                       signerfile = *++args;
+                       }
+               else if (!strcmp (*args, "-recip"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       recipfile = *++args;
+                       }
+               else if (!strcmp (*args, "-certsout"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       certsoutfile = *++args;
+                       }
+               else if (!strcmp (*args, "-md"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       sign_md = EVP_get_digestbyname(*++args);
+                       if (sign_md == NULL)
+                               {
+                               BIO_printf(bio_err, "Unknown digest %s\n",
+                                                       *args);
+                               goto argerr;
+                               }
+                       }
+               else if (!strcmp (*args, "-inkey"))
+                       {
+                       if (!args[1])   
+                               goto argerr;
+                       /* If previous -inkey arument add signer to list */
+                       if (keyfile)
+                               {
+                               if (!signerfile)
+                                       {
+                                       BIO_puts(bio_err, "Illegal -inkey without -signer\n");
+                                       goto argerr;
+                                       }
+                               if (!sksigners)
+                                       sksigners = sk_new_null();
+                               sk_push(sksigners, signerfile);
+                               signerfile = NULL;
+                               if (!skkeys)
+                                       skkeys = sk_new_null();
+                               sk_push(skkeys, keyfile);
+                               }
+                       keyfile = *++args;
+                       }
+               else if (!strcmp (*args, "-keyform"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       keyform = str2fmt(*++args);
+                       }
+               else if (!strcmp (*args, "-rctform"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       rctformat = str2fmt(*++args);
+                       }
+               else if (!strcmp (*args, "-certfile"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       certfile = *++args;
+                       }
+               else if (!strcmp (*args, "-CAfile"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       CAfile = *++args;
+                       }
+               else if (!strcmp (*args, "-CApath"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       CApath = *++args;
+                       }
+               else if (!strcmp (*args, "-in"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       infile = *++args;
+                       }
+               else if (!strcmp (*args, "-inform"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       informat = str2fmt(*++args);
+                       }
+               else if (!strcmp (*args, "-outform"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       outformat = str2fmt(*++args);
+                       }
+               else if (!strcmp (*args, "-out"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       outfile = *++args;
+                       }
+               else if (!strcmp (*args, "-content"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       contfile = *++args;
+                       }
+               else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
+                       continue;
+               else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
+                       badarg = 1;
+               args++;
+               }
+
+       if (((rr_allorfirst != -1) || rr_from) && !rr_to)
+               {
+               BIO_puts(bio_err, "No Signed Receipts Recipients\n");
+               goto argerr;
+               }
+
+       if (!(operation & SMIME_SIGNERS)  && (rr_to || rr_from))
+               {
+               BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
+               goto argerr;
+               }
+       if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners))
+               {
+               BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
+               goto argerr;
+               }
+
+       if (operation & SMIME_SIGNERS)
+               {
+               if (keyfile && !signerfile)
+                       {
+                       BIO_puts(bio_err, "Illegal -inkey without -signer\n");
+                       goto argerr;
+                       }
+               /* Check to see if any final signer needs to be appended */
+               if (signerfile)
+                       {
+                       if (!sksigners)
+                               sksigners = sk_new_null();
+                       sk_push(sksigners, signerfile);
+                       if (!skkeys)
+                               skkeys = sk_new_null();
+                       if (!keyfile)
+                               keyfile = signerfile;
+                       sk_push(skkeys, keyfile);
+                       }
+               if (!sksigners)
+                       {
+                       BIO_printf(bio_err, "No signer certificate specified\n");
+                       badarg = 1;
+                       }
+               signerfile = NULL;
+               keyfile = NULL;
+               need_rand = 1;
+               }
+
+       else if (operation == SMIME_DECRYPT)
+               {
+               if (!recipfile && !keyfile && !secret_key)
+                       {
+                       BIO_printf(bio_err, "No recipient certificate or key specified\n");
+                       badarg = 1;
+                       }
+               }
+       else if (operation == SMIME_ENCRYPT)
+               {
+               if (!*args && !secret_key)
+                       {
+                       BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
+                       badarg = 1;
+                       }
+               need_rand = 1;
+               }
+       else if (!operation)
+               badarg = 1;
+
+       if (badarg)
+               {
+               argerr:
+               BIO_printf (bio_err, "Usage cms [options] cert.pem ...\n");
+               BIO_printf (bio_err, "where options are\n");
+               BIO_printf (bio_err, "-encrypt       encrypt message\n");
+               BIO_printf (bio_err, "-decrypt       decrypt encrypted message\n");
+               BIO_printf (bio_err, "-sign          sign message\n");
+               BIO_printf (bio_err, "-verify        verify signed message\n");
+               BIO_printf (bio_err, "-cmsout        output CMS structure\n");
+#ifndef OPENSSL_NO_DES
+               BIO_printf (bio_err, "-des3          encrypt with triple DES\n");
+               BIO_printf (bio_err, "-des           encrypt with DES\n");
+#endif
+#ifndef OPENSSL_NO_SEED
+               BIO_printf (bio_err, "-seed          encrypt with SEED\n");
+#endif
+#ifndef OPENSSL_NO_RC2
+               BIO_printf (bio_err, "-rc2-40        encrypt with RC2-40 (default)\n");
+               BIO_printf (bio_err, "-rc2-64        encrypt with RC2-64\n");
+               BIO_printf (bio_err, "-rc2-128       encrypt with RC2-128\n");
+#endif
+#ifndef OPENSSL_NO_AES
+               BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
+               BIO_printf (bio_err, "               encrypt PEM output with cbc aes\n");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+               BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
+               BIO_printf (bio_err, "               encrypt PEM output with cbc camellia\n");
+#endif
+               BIO_printf (bio_err, "-nointern      don't search certificates in message for signer\n");
+               BIO_printf (bio_err, "-nosigs        don't verify message signature\n");
+               BIO_printf (bio_err, "-noverify      don't verify signers certificate\n");
+               BIO_printf (bio_err, "-nocerts       don't include signers certificate when signing\n");
+               BIO_printf (bio_err, "-nodetach      use opaque signing\n");
+               BIO_printf (bio_err, "-noattr        don't include any signed attributes\n");
+               BIO_printf (bio_err, "-binary        don't translate message to text\n");
+               BIO_printf (bio_err, "-certfile file other certificates file\n");
+               BIO_printf (bio_err, "-certsout file certificate output file\n");
+               BIO_printf (bio_err, "-signer file   signer certificate file\n");
+               BIO_printf (bio_err, "-recip  file   recipient certificate file for decryption\n");
+               BIO_printf (bio_err, "-skeyid        use subject key identifier\n");
+               BIO_printf (bio_err, "-in file       input file\n");
+               BIO_printf (bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");
+               BIO_printf (bio_err, "-inkey file    input private key (if not signer or recipient)\n");
+               BIO_printf (bio_err, "-keyform arg   input private key format (PEM or ENGINE)\n");
+               BIO_printf (bio_err, "-out file      output file\n");
+               BIO_printf (bio_err, "-outform arg   output format SMIME (default), PEM or DER\n");
+               BIO_printf (bio_err, "-content file  supply or override content for detached signature\n");
+               BIO_printf (bio_err, "-to addr       to address\n");
+               BIO_printf (bio_err, "-from ad       from address\n");
+               BIO_printf (bio_err, "-subject s     subject\n");
+               BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
+               BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
+               BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
+               BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
+               BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+#ifndef OPENSSL_NO_ENGINE
+               BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
+#endif
+               BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
+               BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+               BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
+               BIO_printf(bio_err,  "               the random number generator\n");
+               BIO_printf (bio_err, "cert.pem       recipient certificate(s) for encryption\n");
+               goto end;
+               }
+
+#ifndef OPENSSL_NO_ENGINE
+        e = setup_engine(bio_err, engine, 0);
+#endif
+
+       if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
+               {
+               BIO_printf(bio_err, "Error getting password\n");
+               goto end;
+               }
+
+       if (need_rand)
+               {
+               app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+               if (inrand != NULL)
+                       BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+                               app_RAND_load_files(inrand));
+               }
+
+       ret = 2;
+
+       if (!(operation & SMIME_SIGNERS))
+               flags &= ~CMS_DETACHED;
+
+       if (operation & SMIME_OP)
+               {
+               if (outformat == FORMAT_ASN1)
+                       outmode = "wb";
+               }
+       else
+               {
+               if (flags & CMS_BINARY)
+                       outmode = "wb";
+               }
+
+       if (operation & SMIME_IP)
+               {
+               if (informat == FORMAT_ASN1)
+                       inmode = "rb";
+               }
+       else
+               {
+               if (flags & CMS_BINARY)
+                       inmode = "rb";
+               }
+
+       if (operation == SMIME_ENCRYPT)
+               {
+               if (!cipher)
+                       {
+#ifndef OPENSSL_NO_DES                 
+                       cipher = EVP_des_ede3_cbc();
+#else
+                       BIO_printf(bio_err, "No cipher selected\n");
+                       goto end;
+#endif
+                       }
+
+               if (secret_key && !secret_keyid)
+                       {
+                       BIO_printf(bio_err, "No sectre key id\n");
+                       goto end;
+                       }
+
+               if (*args)
+                       encerts = sk_X509_new_null();
+               while (*args)
+                       {
+                       if (!(cert = load_cert(bio_err,*args,FORMAT_PEM,
+                               NULL, e, "recipient certificate file")))
+                               goto end;
+                       sk_X509_push(encerts, cert);
+                       cert = NULL;
+                       args++;
+                       }
+               }
+
+       if (certfile)
+               {
+               if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
+                       e, "certificate file")))
+                       {
+                       ERR_print_errors(bio_err);
+                       goto end;
+                       }
+               }
+
+       if (recipfile && (operation == SMIME_DECRYPT))
+               {
+               if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
+                       e, "recipient certificate file")))
+                       {
+                       ERR_print_errors(bio_err);
+                       goto end;
+                       }
+               }
+
+       if (operation == SMIME_SIGN_RECEIPT)
+               {
+               if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM,NULL,
+                       e, "receipt signer certificate file")))
+                       {
+                       ERR_print_errors(bio_err);
+                       goto end;
+                       }
+               }
+
+       if (operation == SMIME_DECRYPT)
+               {
+               if (!keyfile)
+                       keyfile = recipfile;
+               }
+       else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT))
+               {
+               if (!keyfile)
+                       keyfile = signerfile;
+               }
+       else keyfile = NULL;
+
+       if (keyfile)
+               {
+               key = load_key(bio_err, keyfile, keyform, 0, passin, e,
+                              "signing key file");
+               if (!key)
+                       goto end;
+               }
+
+       if (infile)
+               {
+               if (!(in = BIO_new_file(infile, inmode)))
+                       {
+                       BIO_printf (bio_err,
+                                "Can't open input file %s\n", infile);
+                       goto end;
+                       }
+               }
+       else
+               in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+       if (operation & SMIME_IP)
+               {
+               if (informat == FORMAT_SMIME) 
+                       cms = SMIME_read_CMS(in, &indata);
+               else if (informat == FORMAT_PEM) 
+                       cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
+               else if (informat == FORMAT_ASN1) 
+                       cms = d2i_CMS_bio(in, NULL);
+               else
+                       {
+                       BIO_printf(bio_err, "Bad input format for CMS file\n");
+                       goto end;
+                       }
+
+               if (!cms)
+                       {
+                       BIO_printf(bio_err, "Error reading S/MIME message\n");
+                       goto end;
+                       }
+               if (contfile)
+                       {
+                       BIO_free(indata);
+                       if (!(indata = BIO_new_file(contfile, "rb")))
+                               {
+                               BIO_printf(bio_err, "Can't read content file %s\n", contfile);
+                               goto end;
+                               }
+                       }
+               if (certsoutfile)
+                       {
+                       STACK_OF(X509) *allcerts;
+                       allcerts = CMS_get1_certs(cms);
+                       if (!save_certs(certsoutfile, allcerts))
+                               {
+                               BIO_printf(bio_err,
+                                               "Error writing certs to %s\n",
+                                                               certsoutfile);
+                               ret = 5;
+                               goto end;
+                               }
+                       sk_X509_pop_free(allcerts, X509_free);
+                       }
+               }
+
+       if (rctfile)
+               {
+               char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
+               if (!(rctin = BIO_new_file(rctfile, rctmode)))
+                       {
+                       BIO_printf (bio_err,
+                                "Can't open receipt file %s\n", rctfile);
+                       goto end;
+                       }
+               
+               if (rctformat == FORMAT_SMIME) 
+                       rcms = SMIME_read_CMS(rctin, NULL);
+               else if (rctformat == FORMAT_PEM) 
+                       rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
+               else if (rctformat == FORMAT_ASN1) 
+                       rcms = d2i_CMS_bio(rctin, NULL);
+               else
+                       {
+                       BIO_printf(bio_err, "Bad input format for receipt\n");
+                       goto end;
+                       }
+
+               if (!rcms)
+                       {
+                       BIO_printf(bio_err, "Error reading receipt\n");
+                       goto end;
+                       }
+               }
+
+       if (outfile)
+               {
+               if (!(out = BIO_new_file(outfile, outmode)))
+                       {
+                       BIO_printf (bio_err,
+                                "Can't open output file %s\n", outfile);
+                       goto end;
+                       }
+               }
+       else
+               {
+               out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+               {
+                   BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                   out = BIO_push(tmpbio, out);
+               }
+#endif
+               }
+
+       if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT))
+               {
+               if (!(store = setup_verify(bio_err, CAfile, CApath)))
+                       goto end;
+               X509_STORE_set_verify_cb_func(store, cms_cb);
+               if (vpm)
+                       X509_STORE_set1_param(store, vpm);
+               }
+
+
+       ret = 3;
+
+       if (operation == SMIME_DATA_CREATE)
+               {
+               cms = CMS_data_create(in, flags);
+               }
+       else if (operation == SMIME_DIGEST_CREATE)
+               {
+               cms = CMS_digest_create(in, sign_md, flags);
+               }
+       else if (operation == SMIME_COMPRESS)
+               {
+               cms = CMS_compress(in, -1, flags);
+               }
+       else if (operation == SMIME_ENCRYPT)
+               {
+               flags |= CMS_PARTIAL;
+               cms = CMS_encrypt(encerts, in, cipher, flags);
+               if (!cms)
+                       goto end;
+               if (secret_key)
+                       {
+                       if (!CMS_add0_recipient_key(cms, NID_undef, 
+                                               secret_key, secret_keylen,
+                                               secret_keyid, secret_keyidlen,
+                                               NULL, NULL, NULL))
+                               goto end;
+                       /* NULL these because call absorbs them */
+                       secret_key = NULL;
+                       secret_keyid = NULL;
+                       }
+               if (!(flags & CMS_STREAM))
+                       {
+                       if (!CMS_final(cms, in, NULL, flags))
+                               goto end;
+                       }
+               }
+       else if (operation == SMIME_ENCRYPTED_ENCRYPT)
+               {
+               cms = CMS_EncryptedData_encrypt(in, cipher,
+                                               secret_key, secret_keylen,
+                                               flags);
+
+               }
+       else if (operation == SMIME_SIGN_RECEIPT)
+               {
+               CMS_ContentInfo *srcms = NULL;
+               STACK_OF(CMS_SignerInfo) *sis;
+               CMS_SignerInfo *si;
+               sis = CMS_get0_SignerInfos(cms);
+               if (!sis)
+                       goto end;
+               si = sk_CMS_SignerInfo_value(sis, 0);
+               srcms = CMS_sign_receipt(si, signer, key, other, flags);
+               if (!srcms)
+                       goto end;
+               CMS_ContentInfo_free(cms);
+               cms = srcms;
+               }
+       else if (operation & SMIME_SIGNERS)
+               {
+               int i;
+               /* If detached data content we enable streaming if
+                * S/MIME output format.
+                */
+               if (operation == SMIME_SIGN)
+                       {
+                               
+                       if (flags & CMS_DETACHED)
+                               {
+                               if (outformat == FORMAT_SMIME)
+                                       flags |= CMS_STREAM;
+                               }
+                       flags |= CMS_PARTIAL;
+                       cms = CMS_sign(NULL, NULL, other, in, flags);
+                       if (!cms)
+                               goto end;
+                       if (econtent_type)
+                               CMS_set1_eContentType(cms, econtent_type);
+
+                       if (rr_to)
+                               {
+                               rr = make_receipt_request(rr_to, rr_allorfirst,
+                                                               rr_from);
+                               if (!rr)
+                                       {
+                                       BIO_puts(bio_err,
+                               "Signed Receipt Request Creation Error\n");
+                                       goto end;
+                                       }
+                               }
+                       }
+               else
+                       flags |= CMS_REUSE_DIGEST;
+               for (i = 0; i < sk_num(sksigners); i++)
+                       {
+                       CMS_SignerInfo *si;
+                       signerfile = sk_value(sksigners, i);
+                       keyfile = sk_value(skkeys, i);
+                       signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
+                                       e, "signer certificate");
+                       if (!signer)
+                               goto end;
+                       key = load_key(bio_err, keyfile, keyform, 0, passin, e,
+                              "signing key file");
+                       if (!key)
+                               goto end;
+                       si = CMS_add1_signer(cms, signer, key, sign_md, flags);
+                       if (!si)
+                               goto end;
+                       if (rr && !CMS_add1_ReceiptRequest(si, rr))
+                               goto end;
+                       X509_free(signer);
+                       signer = NULL;
+                       EVP_PKEY_free(key);
+                       key = NULL;
+                       }
+               /* If not streaming or resigning finalize structure */
+               if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM))
+                       {
+                       if (!CMS_final(cms, in, NULL, flags))
+                               goto end;
+                       }
+               }
+
+       if (!cms)
+               {
+               BIO_printf(bio_err, "Error creating CMS structure\n");
+               goto end;
+               }
+
+       ret = 4;
+       if (operation == SMIME_DECRYPT)
+               {
+
+               if (secret_key)
+                       {
+                       if (!CMS_decrypt_set1_key(cms,
+                                               secret_key, secret_keylen,
+                                               secret_keyid, secret_keyidlen))
+                               {
+                               BIO_puts(bio_err,
+                                       "Error decrypting CMS using secret key\n");
+                               goto end;
+                               }
+                       }
+
+               if (key)
+                       {
+                       if (!CMS_decrypt_set1_pkey(cms, key, recip))
+                               {
+                               BIO_puts(bio_err,
+                                       "Error decrypting CMS using private key\n");
+                               goto end;
+                               }
+                       }
+
+               if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags))
+                       {
+                       BIO_printf(bio_err, "Error decrypting CMS structure\n");
+                       goto end;
+                       }
+               }
+       else if (operation == SMIME_DATAOUT)
+               {
+               if (!CMS_data(cms, out, flags))
+                       goto end;
+               }
+       else if (operation == SMIME_UNCOMPRESS)
+               {
+               if (!CMS_uncompress(cms, indata, out, flags))
+                       goto end;
+               }
+       else if (operation == SMIME_DIGEST_VERIFY)
+               {
+               if (CMS_digest_verify(cms, indata, out, flags) > 0)
+                       BIO_printf(bio_err, "Verification successful\n");
+               else
+                       {
+                       BIO_printf(bio_err, "Verification failure\n");
+                       goto end;
+                       }
+               }
+       else if (operation == SMIME_ENCRYPTED_DECRYPT)
+               {
+               if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen,
+                                               indata, out, flags))
+                       goto end;
+               }
+       else if (operation == SMIME_VERIFY)
+               {
+               if (CMS_verify(cms, other, store, indata, out, flags) > 0)
+                       BIO_printf(bio_err, "Verification successful\n");
+               else
+                       {
+                       BIO_printf(bio_err, "Verification failure\n");
+                       goto end;
+                       }
+               if (signerfile)
+                       {
+                       STACK_OF(X509) *signers;
+                       signers = CMS_get0_signers(cms);
+                       if (!save_certs(signerfile, signers))
+                               {
+                               BIO_printf(bio_err,
+                                               "Error writing signers to %s\n",
+                                                               signerfile);
+                               ret = 5;
+                               goto end;
+                               }
+                       sk_X509_free(signers);
+                       }
+               if (rr_print)
+                       receipt_request_print(bio_err, cms);
+                                       
+               }
+       else if (operation == SMIME_VERIFY_RECEIPT)
+               {
+               if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0)
+                       BIO_printf(bio_err, "Verification successful\n");
+               else
+                       {
+                       BIO_printf(bio_err, "Verification failure\n");
+                       goto end;
+                       }
+               }
+       else
+               {
+               if (outformat == FORMAT_SMIME)
+                       {
+                       if (to)
+                               BIO_printf(out, "To: %s\n", to);
+                       if (from)
+                               BIO_printf(out, "From: %s\n", from);
+                       if (subject)
+                               BIO_printf(out, "Subject: %s\n", subject);
+                       if (operation == SMIME_RESIGN)
+                               ret = SMIME_write_CMS(out, cms, indata, flags);
+                       else
+                               ret = SMIME_write_CMS(out, cms, in, flags);
+                       }
+               else if (outformat == FORMAT_PEM) 
+                       ret = PEM_write_bio_CMS(out, cms);
+               else if (outformat == FORMAT_ASN1) 
+                       ret = i2d_CMS_bio(out,cms);
+               else
+                       {
+                       BIO_printf(bio_err, "Bad output format for CMS file\n");
+                       goto end;
+                       }
+               if (ret <= 0)
+                       {
+                       ret = 6;
+                       goto end;
+                       }
+               }
+       ret = 0;
+end:
+       if (ret)
+               ERR_print_errors(bio_err);
+       if (need_rand)
+               app_RAND_write_file(NULL, bio_err);
+       sk_X509_pop_free(encerts, X509_free);
+       sk_X509_pop_free(other, X509_free);
+       if (vpm)
+               X509_VERIFY_PARAM_free(vpm);
+       if (sksigners)
+               sk_free(sksigners);
+       if (skkeys)
+               sk_free(skkeys);
+       if (secret_key)
+               OPENSSL_free(secret_key);
+       if (secret_keyid)
+               OPENSSL_free(secret_keyid);
+       if (econtent_type)
+               ASN1_OBJECT_free(econtent_type);
+       if (rr)
+               CMS_ReceiptRequest_free(rr);
+       if (rr_to)
+               sk_free(rr_to);
+       if (rr_from)
+               sk_free(rr_from);
+       X509_STORE_free(store);
+       X509_free(cert);
+       X509_free(recip);
+       X509_free(signer);
+       EVP_PKEY_free(key);
+       CMS_ContentInfo_free(cms);
+       CMS_ContentInfo_free(rcms);
+       BIO_free(rctin);
+       BIO_free(in);
+       BIO_free(indata);
+       BIO_free_all(out);
+       if (passin) OPENSSL_free(passin);
+       return (ret);
+}
+
+static int save_certs(char *signerfile, STACK_OF(X509) *signers)
+       {
+       int i;
+       BIO *tmp;
+       if (!signerfile)
+               return 1;
+       tmp = BIO_new_file(signerfile, "w");
+       if (!tmp) return 0;
+       for(i = 0; i < sk_X509_num(signers); i++)
+               PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
+       BIO_free(tmp);
+       return 1;
+       }
+       
+
+/* Minimal callback just to output policy info (if any) */
+
+static int cms_cb(int ok, X509_STORE_CTX *ctx)
+       {
+       int error;
+
+       error = X509_STORE_CTX_get_error(ctx);
+
+       if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
+               && ((error != X509_V_OK) || (ok != 2)))
+               return ok;
+
+       policies_print(NULL, ctx);
+
+       return ok;
+
+       }
+
+static void gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns)
+       {
+       STACK_OF(GENERAL_NAME) *gens;
+       GENERAL_NAME *gen;
+       int i, j;
+       for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++)
+               {
+               gens = sk_GENERAL_NAMES_value(gns, i);
+               for (j = 0; j < sk_GENERAL_NAME_num(gens); j++)
+                       {
+                       gen = sk_GENERAL_NAME_value(gens, j);
+                       BIO_puts(out, "    ");
+                       GENERAL_NAME_print(out, gen);
+                       BIO_puts(out, "\n");
+                       }
+               }
+       return;
+       }
+
+static void receipt_request_print(BIO *out, CMS_ContentInfo *cms)
+       {
+       STACK_OF(CMS_SignerInfo) *sis;
+       CMS_SignerInfo *si;
+       CMS_ReceiptRequest *rr;
+       int allorfirst;
+       STACK_OF(GENERAL_NAMES) *rto, *rlist;
+       ASN1_STRING *scid;
+       int i, rv;
+       sis = CMS_get0_SignerInfos(cms);
+       for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++)
+               {
+               si = sk_CMS_SignerInfo_value(sis, i);
+               rv = CMS_get1_ReceiptRequest(si, &rr);
+               BIO_printf(bio_err, "Signer %d:\n", i + 1);
+               if (rv == 0)
+                       BIO_puts(bio_err, "  No Receipt Request\n");
+               else if (rv < 0)
+                       {
+                       BIO_puts(bio_err, "  Receipt Request Parse Error\n");
+                       ERR_print_errors(bio_err);
+                       }
+               else
+                       {
+                       char *id;
+                       int idlen;
+                       CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
+                                                       &rlist, &rto);
+                       BIO_puts(out, "  Signed Content ID:\n");
+                       idlen = ASN1_STRING_length(scid);
+                       id = (char *)ASN1_STRING_data(scid);
+                       BIO_dump_indent(out, id, idlen, 4);
+                       BIO_puts(out, "  Receipts From");
+                       if (rlist)
+                               {
+                               BIO_puts(out, " List:\n");
+                               gnames_stack_print(out, rlist);
+                               }
+                       else if (allorfirst == 1)
+                               BIO_puts(out, ": First Tier\n");
+                       else if (allorfirst == 0)
+                               BIO_puts(out, ": All\n");
+                       else
+                               BIO_printf(out, " Unknown (%d)\n", allorfirst);
+                       BIO_puts(out, "  Receipts To:\n");
+                       gnames_stack_print(out, rto);
+                       }
+               if (rr)
+                       CMS_ReceiptRequest_free(rr);
+               }
+       }
+
+static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK *ns)
+       {
+       int i;
+       STACK_OF(GENERAL_NAMES) *ret;
+       GENERAL_NAMES *gens = NULL;
+       GENERAL_NAME *gen = NULL;
+       ret = sk_GENERAL_NAMES_new_null();
+       if (!ret)
+               goto err;
+       for (i = 0; i < sk_num(ns); i++)
+               {
+               CONF_VALUE cnf;
+               cnf.name = "email";
+               cnf.value = sk_value(ns, i);
+               gen = v2i_GENERAL_NAME(NULL, NULL, &cnf);
+               if (!gen)
+                       goto err;
+               gens = GENERAL_NAMES_new();
+               if (!gens)
+                       goto err;
+               if (!sk_GENERAL_NAME_push(gens, gen))
+                       goto err;
+               gen = NULL;
+               if (!sk_GENERAL_NAMES_push(ret, gens))
+                       goto err;
+               gens = NULL;
+               }
+
+       return ret;
+
+       err:
+       if (ret)
+               sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free);
+       if (gens)
+               GENERAL_NAMES_free(gens);
+       if (gen)
+               GENERAL_NAME_free(gen);
+       return NULL;
+       }
+
+
+static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst,
+                                                               STACK *rr_from)
+       {
+       STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;
+       CMS_ReceiptRequest *rr;
+       rct_to = make_names_stack(rr_to);
+       if (!rct_to)
+               goto err;
+       if (rr_from)
+               {
+               rct_from = make_names_stack(rr_from);
+               if (!rct_from)
+                       goto err;
+               }
+       else
+               rct_from = NULL;
+       rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
+                                               rct_to);
+       return rr;
+       err:
+       return NULL;
+       }
+
+#endif
index 9e103037dd71380ba81964a2db99b52142ad6796..7518a2fe964a6ce25709bf66808aa4af396e62b3 100644 (file)
@@ -240,37 +240,27 @@ bad:
                goto end;
        }
 
-       in=BIO_new(BIO_s_file());
        out=BIO_new(BIO_s_file());
-       if ((in == NULL) || (out == NULL))
+       if (out == NULL)
                {
                ERR_print_errors(bio_err);
                goto end;
                }
 
-       if (infile == NULL)
-               BIO_set_fp(in,stdin,BIO_NOCLOSE);
-       else
-               {
-               if (BIO_read_filename(in,infile) <= 0)
-                       {
-                       perror(infile);
-                       goto end;
-                       }
-               }
-
        BIO_printf(bio_err,"read DSA key\n");
-       if      (informat == FORMAT_ASN1) {
-               if(pubin) dsa=d2i_DSA_PUBKEY_bio(in,NULL);
-               else dsa=d2i_DSAPrivateKey_bio(in,NULL);
-       } else if (informat == FORMAT_PEM) {
-               if(pubin) dsa=PEM_read_bio_DSA_PUBKEY(in,NULL, NULL, NULL);
-               else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,passin);
-       } else
-               {
-               BIO_printf(bio_err,"bad input format specified for key\n");
-               goto end;
-               }
+       {
+               EVP_PKEY        *pkey;
+               if (pubin)
+                       pkey = load_pubkey(bio_err, infile, informat, 1,
+                               passin, e, "Public Key");
+               else
+                       pkey = load_key(bio_err, infile, informat, 1,
+                               passin, e, "Private Key");
+
+               if (pkey != NULL)
+               dsa = pkey == NULL ? NULL : EVP_PKEY_get1_DSA(pkey);
+               EVP_PKEY_free(pkey);
+       }
        if (dsa == NULL)
                {
                BIO_printf(bio_err,"unable to load Key\n");
index b95424b69bfd02dde1fbb4198fbd37caf641d289..1001f3b25ded61706fe4fea6055f412a5678b259 100644 (file)
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include "apps.h" /* needs to be included before the openssl headers! */
 #include <openssl/e_os2.h>
-#include <openssl/bio.h>
-#include <openssl/ocsp.h>
-#include <openssl/txt_db.h>
 #include <openssl/ssl.h>
-#include "apps.h"
+#include <openssl/err.h>
 
 /* Maximum leeway in validity period: default 5 minutes */
 #define MAX_VALIDITY_PERIOD    (5 * 60)
index 89e1e059bdf15950834c01bef515fcde3802c270..aafd800bdfb46a43e34fef900422f35971b4717d 100644 (file)
@@ -28,6 +28,7 @@ extern int speed_main(int argc,char *argv[]);
 extern int s_time_main(int argc,char *argv[]);
 extern int version_main(int argc,char *argv[]);
 extern int pkcs7_main(int argc,char *argv[]);
+extern int cms_main(int argc,char *argv[]);
 extern int crl2pkcs7_main(int argc,char *argv[]);
 extern int sess_id_main(int argc,char *argv[]);
 extern int ciphers_main(int argc,char *argv[]);
@@ -109,6 +110,9 @@ FUNCTION functions[] = {
 #endif
        {FUNC_TYPE_GENERAL,"version",version_main},
        {FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},
+#ifndef OPENSSL_NO_CMS
+       {FUNC_TYPE_GENERAL,"cms",cms_main},
+#endif
        {FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
        {FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
 #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
index d74cfdc0f18010b84b0f96dbc17012323e702235..645432cfcc23394be403f45874fecf2a7dd650c0 100644 (file)
@@ -43,6 +43,8 @@ foreach (@ARGV)
                { print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
        elsif ( ($_ =~ /^pkcs12$/))
                { print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; }
+       elsif ( ($_ =~ /^cms$/))
+               { print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; }
        else
                { print $str; }
        }
index f58e65ec852f9d87177d48685be32fa8b3146c0f..5ed08960c1dcf9fb128375fe083b49eba93bae3a 100644 (file)
@@ -719,8 +719,7 @@ bad:
                           message */
                        goto end;
                        }
-               if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA || 
-                       EVP_PKEY_type(pkey->type) == EVP_PKEY_EC)
+               else
                        {
                        char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
                        if (randfile == NULL)
index 463890950e1f3df8fd053e19324b900ba1e60893..f3c458ed2751dfdd552911b927cdfa8341fac8a0 100644 (file)
@@ -119,24 +119,36 @@ int MAIN(int argc, char **argv)
        while(argc >= 1)
        {
                if (!strcmp(*argv,"-in")) {
-                       if (--argc < 1) badarg = 1;
-                        infile= *(++argv);
+                       if (--argc < 1)
+                               badarg = 1;
+                       else
+                               infile= *(++argv);
                } else if (!strcmp(*argv,"-out")) {
-                       if (--argc < 1) badarg = 1;
-                       outfile= *(++argv);
+                       if (--argc < 1)
+                               badarg = 1;
+                       else
+                               outfile= *(++argv);
                } else if(!strcmp(*argv, "-inkey")) {
-                       if (--argc < 1) badarg = 1;
-                       keyfile = *(++argv);
+                       if (--argc < 1)
+                               badarg = 1;
+                       else
+                               keyfile = *(++argv);
                } else if (!strcmp(*argv,"-passin")) {
-                       if (--argc < 1) badarg = 1;
-                       passargin= *(++argv);
+                       if (--argc < 1)
+                               badarg = 1;
+                       else
+                               passargin= *(++argv);
                } else if (strcmp(*argv,"-keyform") == 0) {
-                       if (--argc < 1) badarg = 1;
-                       keyform=str2fmt(*(++argv));
+                       if (--argc < 1)
+                               badarg = 1;
+                       else
+                               keyform=str2fmt(*(++argv));
 #ifndef OPENSSL_NO_ENGINE
                } else if(!strcmp(*argv, "-engine")) {
-                       if (--argc < 1) badarg = 1;
-                       engine = *(++argv);
+                       if (--argc < 1)
+                               badarg = 1;
+                       else
+                               engine = *(++argv);
 #endif
                } else if(!strcmp(*argv, "-pubin")) {
                        key_type = KEY_PUBKEY;
index a4983c178fcfc43151e70b23ce0c37c8bb366033..60a8d13df1987333c463ca74e79080d00c4930d8 100644 (file)
@@ -317,7 +317,8 @@ int MAIN(int argc, char **argv)
        int mbuf_len=0;
 #ifndef OPENSSL_NO_ENGINE
        char *engine_id=NULL;
-       ENGINE *e=NULL;
+       char *ssl_client_engine_id=NULL;
+       ENGINE *e=NULL, *ssl_client_engine=NULL;
 #endif
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
        struct timeval tv;
@@ -555,6 +556,11 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        engine_id = *(++argv);
                        }
+               else if (strcmp(*argv,"-ssl_client_engine") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       ssl_client_engine_id = *(++argv);
+                       }
 #endif
                else if (strcmp(*argv,"-rand") == 0)
                        {
@@ -590,6 +596,16 @@ bad:
 
 #ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine_id, 1);
+       if (ssl_client_engine_id)
+               {
+               ssl_client_engine = ENGINE_by_id(ssl_client_engine_id);
+               if (!ssl_client_engine)
+                       {
+                       BIO_printf(bio_err,
+                                       "Error getting client auth engine\n");
+                       goto end;
+                       }
+               }
 #endif
        if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
                {
@@ -657,6 +673,20 @@ bad:
                goto end;
                }
 
+#ifndef OPENSSL_NO_ENGINE
+       if (ssl_client_engine)
+               {
+               if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine))
+                       {
+                       BIO_puts(bio_err, "Error setting client auth engine\n");
+                       ERR_print_errors(bio_err);
+                       ENGINE_free(ssl_client_engine);
+                       goto end;
+                       }
+               ENGINE_free(ssl_client_engine);
+               }
+#endif
+
        if (bugs)
                SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
        else
index 2b4e256c1a46d890886e5ffb3e7c3d7f3f646894..7919c437c6456a049bad3d3072d25d3e76a18642 100644 (file)
@@ -333,6 +333,11 @@ static void sv_usage(void)
        BIO_printf(bio_err," -Verify arg   - turn on peer certificate verification, must have a cert.\n");
        BIO_printf(bio_err," -cert arg     - certificate file to use\n");
        BIO_printf(bio_err,"                 (default is %s)\n",TEST_CERT);
+       BIO_printf(bio_err," -crl_check    - check the peer certificate has not been revoked by its CA.\n" \
+                          "                 The CRL(s) are appended to the certificate file\n");
+       BIO_printf(bio_err," -crl_check_all - check the peer certificate has not been revoked by its CA\n" \
+                          "                 or any other CRL in the CA chain. CRL(s) are appened to the\n" \
+                          "                 the certificate file.\n");
        BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
        BIO_printf(bio_err," -key arg      - Private Key file to use, in cert file if\n");
        BIO_printf(bio_err,"                 not specified (default is %s)\n",TEST_CERT);
@@ -909,7 +914,7 @@ int MAIN(int argc, char *argv[])
                        {
                        vflags |= X509_V_FLAG_CRL_CHECK;
                        }
-               else if (strcmp(*argv,"-crl_check") == 0)
+               else if (strcmp(*argv,"-crl_check_all") == 0)
                        {
                        vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
                        }
index 475c8fcf1d4bc03036366342585d469d535e1348..0c6bc5cdd3e152f90270d77f526f8ec61062848c 100644 (file)
@@ -24,8 +24,8 @@ APPS=
 
 LIB=$(TOP)/libcrypto.a
 LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c \
-       aes_ctr.c aes_ige.c
-LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o aes_ige.o \
+       aes_ctr.c aes_ige.c aes_wrap.c
+LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o aes_ige.o aes_wrap.o \
        $(AES_ASM_OBJ)
 
 SRC= $(LIBSRC)
index d33656f2050d3b0cfc3c0ff0d5962f013fd32700..450f2b4051b22b33fdbc9feaa5628535852628f4 100644 (file)
@@ -134,6 +134,12 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
                        const AES_KEY *key2, const unsigned char *ivec,
                        const int enc);
 
+int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+               unsigned char *out,
+               const unsigned char *in, unsigned int inlen);
+int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+               unsigned char *out,
+               const unsigned char *in, unsigned int inlen);
 
 #ifdef  __cplusplus
 }
index f9f7cf9f438c44182a61676b33cb42d4342680c9..cffdd4daec4daa5e474d68cb13b320c549006e64 100644 (file)
 
 #include <stdlib.h>
 #include <openssl/aes.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 #include "aes_locl.h"
 
 /*
diff --git a/crypto/aes/aes_wrap.c b/crypto/aes/aes_wrap.c
new file mode 100644 (file)
index 0000000..9feacd6
--- /dev/null
@@ -0,0 +1,259 @@
+/* crypto/aes/aes_wrap.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/aes.h>
+#include <openssl/bio.h>
+
+static const unsigned char default_iv[] = {
+  0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
+};
+
+int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+               unsigned char *out,
+               const unsigned char *in, unsigned int inlen)
+       {
+       unsigned char *A, B[16], *R;
+       unsigned int i, j, t;
+       if ((inlen & 0x7) || (inlen < 8))
+               return -1;
+       A = B;
+       t = 1;
+       memcpy(out + 8, in, inlen);
+       if (!iv)
+               iv = default_iv;
+
+       memcpy(A, iv, 8);
+
+       for (j = 0; j < 6; j++)
+               {
+               R = out + 8;
+               for (i = 0; i < inlen; i += 8, t++, R += 8)
+                       {
+                       memcpy(B + 8, R, 8);
+                       AES_encrypt(B, B, key);
+                       A[7] ^= (unsigned char)(t & 0xff);
+                       if (t > 0xff)   
+                               {
+                               A[6] ^= (unsigned char)((t & 0xff) >> 8);
+                               A[5] ^= (unsigned char)((t & 0xff) >> 16);
+                               A[4] ^= (unsigned char)((t & 0xff) >> 24);
+                               }
+                       memcpy(R, B + 8, 8);
+                       }
+               }
+       memcpy(out, A, 8);
+       return inlen + 8;
+       }
+
+int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+               unsigned char *out,
+               const unsigned char *in, unsigned int inlen)
+       {
+       unsigned char *A, B[16], *R;
+       unsigned int i, j, t;
+       inlen -= 8;
+       if (inlen & 0x7)
+               return -1;
+       if (inlen < 8)
+               return -1;
+       A = B;
+       t =  6 * (inlen >> 3);
+       memcpy(A, in, 8);
+       memcpy(out, in + 8, inlen);
+       for (j = 0; j < 6; j++)
+               {
+               R = out + inlen - 8;
+               for (i = 0; i < inlen; i += 8, t--, R -= 8)
+                       {
+                       A[7] ^= (unsigned char)(t & 0xff);
+                       if (t > 0xff)   
+                               {
+                               A[6] ^= (unsigned char)((t & 0xff) >> 8);
+                               A[5] ^= (unsigned char)((t & 0xff) >> 16);
+                               A[4] ^= (unsigned char)((t & 0xff) >> 24);
+                               }
+                       memcpy(B + 8, R, 8);
+                       AES_decrypt(B, B, key);
+                       memcpy(R, B + 8, 8);
+                       }
+               }
+       if (!iv)
+               iv = default_iv;
+       if (memcmp(A, iv, 8))
+               {
+               OPENSSL_cleanse(out, inlen);
+               return 0;
+               }
+       return inlen;
+       }
+
+#ifdef AES_WRAP_TEST
+
+int AES_wrap_unwrap_test(const unsigned char *kek, int keybits,
+                        const unsigned char *iv,
+                        const unsigned char *eout,
+                        const unsigned char *key, int keylen)
+       {
+       unsigned char *otmp = NULL, *ptmp = NULL;
+       int r, ret = 0;
+       AES_KEY wctx;
+       otmp = OPENSSL_malloc(keylen + 8);
+       ptmp = OPENSSL_malloc(keylen);
+       if (!otmp || !ptmp)
+               return 0;
+       if (AES_set_encrypt_key(kek, keybits, &wctx))
+               goto err;
+       r = AES_wrap_key(&wctx, iv, otmp, key, keylen);
+       if (r <= 0)
+               goto err;
+
+       if (eout && memcmp(eout, otmp, keylen))
+               goto err;
+               
+       if (AES_set_decrypt_key(kek, keybits, &wctx))
+               goto err;
+       r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r);
+
+       if (memcmp(key, ptmp, keylen))
+               goto err;
+
+       ret = 1;
+
+       err:
+       if (otmp)
+               OPENSSL_free(otmp);
+       if (ptmp)
+               OPENSSL_free(ptmp);
+
+       return ret;
+
+       }
+
+
+
+int main(int argc, char **argv)
+{
+
+static const unsigned char kek[] = {
+  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+  0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+};
+
+static const unsigned char key[] = {
+  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+  0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+};
+
+static const unsigned char e1[] = {
+  0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47,
+  0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82,
+  0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5
+};
+
+static const unsigned char e2[] = {
+  0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35,
+  0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2,
+  0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d
+};
+
+static const unsigned char e3[] = {
+  0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2,
+  0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a,
+  0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7
+};
+
+static const unsigned char e4[] = {
+  0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32,
+  0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc,
+  0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93,
+  0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2
+};
+
+static const unsigned char e5[] = {
+  0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f,
+  0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4,
+  0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95,
+  0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1
+};
+
+static const unsigned char e6[] = {
+  0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4,
+  0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26,
+  0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26,
+  0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b,
+  0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21
+};
+
+       AES_KEY wctx, xctx;
+       int ret;
+       ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16);
+       fprintf(stderr, "Key test result %d\n", ret);
+       ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16);
+       fprintf(stderr, "Key test result %d\n", ret);
+       ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16);
+       fprintf(stderr, "Key test result %d\n", ret);
+       ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24);
+       fprintf(stderr, "Key test result %d\n", ret);
+       ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24);
+       fprintf(stderr, "Key test result %d\n", ret);
+       ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32);
+       fprintf(stderr, "Key test result %d\n", ret);
+}
+       
+       
+#endif
index b09bf02316f6eb6832443b3337fff6a11e617ad3..89fa2617944b5658a967f2557667929c508eafef 100755 (executable)
@@ -2,12 +2,11 @@
 #
 # ====================================================================
 # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
 # ====================================================================
 #
-# Version 4.3.
+# Version 3.6.
 #
 # You might fail to appreciate this module performance from the first
 # try. If compared to "vanilla" linux-ia32-icc target, i.e. considered
 # AMD K8       20                      19
 # PIII         25                      23
 # Pentium      81                      78
-#
-# Version 3.7 reimplements outer rounds as "compact." Meaning that
-# first and last rounds reference compact 256 bytes S-box. This means
-# that first round consumes a lot more CPU cycles and that encrypt
-# and decrypt performance becomes asymmetric. Encrypt performance
-# drops by 10-12%, while decrypt - by 20-25%:-( 256 bytes S-box is
-# aggressively pre-fetched.
-#
-# Version 4.0 effectively rolls back to 3.6 and instead implements
-# additional set of functions, _[x86|sse]_AES_[en|de]crypt_compact,
-# which use exclusively 256 byte S-box. These functions are to be
-# called in modes not concealing plain text, such as ECB, or when
-# we're asked to process smaller amount of data [or unconditionally
-# on hyper-threading CPU]. Currently it's called unconditionally from
-# AES_[en|de]crypt, which affects all modes, but CBC. CBC routine
-# still needs to be modified to switch between slower and faster
-# mode when appropriate... But in either case benchmark landscape
-# changes dramatically and below numbers are CPU cycles per processed
-# byte for 128-bit key.
-#
-#              ECB encrypt     ECB decrypt     CBC large chunk
-# P4           56[60]          84[100]         23
-# AMD K8       48[44]          70[79]          18
-# PIII         41[50]          61[91]          24
-# Core 2       32[38]          45[70]          18.5
-# Pentium      120             160             77
-#
-# Version 4.1 switches to compact S-box even in key schedule setup.
-#
-# Version 4.2 prefetches compact S-box in every SSE round or in other
-# words every cache-line is *guaranteed* to be accessed within ~50
-# cycles window. Why just SSE? Because it's needed on hyper-threading
-# CPU! Which is also why it's prefetched with 64 byte stride. Best
-# part is that it has no negative effect on performance:-)  
-#
-# Version 4.3 implements switch between compact and non-compact block
-# functions in AES_cbc_encrypt depending on how much data was asked
-# to be processed in one stroke.
-#
-######################################################################
-# Timing attacks are classified in two classes: synchronous when
-# attacker consciously initiates cryptographic operation and collects
-# timing data of various character afterwards, and asynchronous when
-# malicious code is executed on same CPU simultaneously with AES,
-# instruments itself and performs statistical analysis of this data.
-#
-# As far as synchronous attacks go the root to the AES timing
-# vulnerability is twofold. Firstly, of 256 S-box elements at most 160
-# are referred to in single 128-bit block operation. Well, in C
-# implementation with 4 distinct tables it's actually as little as 40
-# references per 256 elements table, but anyway... Secondly, even
-# though S-box elements are clustered into smaller amount of cache-
-# lines, smaller than 160 and even 40, it turned out that for certain
-# plain-text pattern[s] or simply put chosen plain-text and given key
-# few cache-lines remain unaccessed during block operation. Now, if
-# attacker can figure out this access pattern, he can deduct the key
-# [or at least part of it]. The natural way to mitigate this kind of
-# attacks is to minimize the amount of cache-lines in S-box and/or
-# prefetch them to ensure that every one is accessed for more uniform
-# timing. But note that *if* plain-text was concealed in such way that
-# input to block function is distributed *uniformly*, then attack
-# wouldn't apply. Now note that some encryption modes, most notably
-# CBC, do mask the plain-text in this exact way [secure cipher output
-# is distributed uniformly]. Yes, one still might find input that
-# would reveal the information about given key, but if amount of
-# candidate inputs to be tried is larger than amount of possible key
-# combinations then attack becomes infeasible. This is why revised
-# AES_cbc_encrypt "dares" to switch to larger S-box when larger chunk
-# of data is to be processed in one stroke. The current size limit of
-# 512 bytes is chosen to provide same [diminishigly low] probability
-# for cache-line to remain untouched in large chunk operation with
-# large S-box as for single block operation with compact S-box and
-# surely needs more careful consideration...
-#
-# As for asynchronous attacks. There are two flavours: attacker code
-# being interleaved with AES on hyper-threading CPU at *instruction*
-# level, and two processes time sharing single core. As for latter.
-# Two vectors. 1. Given that attacker process has higher priority,
-# yield execution to process performing AES just before timer fires
-# off the scheduler, immediately regain control of CPU and analyze the
-# cache state. For this attack to be efficient attacker would have to
-# effectively slow down the operation by several *orders* of magnitute,
-# by ratio of time slice to duration of handful of AES rounds, which
-# unlikely to remain unnoticed. Not to mention that this also means
-# that he would spend correspondigly more time to collect enough
-# statistical data to mount the attack. It's probably appropriate to
-# say that if adeversary reckons that this attack is beneficial and
-# risks to be noticed, you probably have larger problems having him
-# mere opportunity. In other words suggested code design expects you
-# to preclude/mitigate this attack by overall system security design.
-# 2. Attacker manages to make his code interrupt driven. In order for
-# this kind of attack to be feasible, interrupt rate has to be high
-# enough, again comparable to duration of handful of AES rounds. But
-# is there interrupt source of such rate? Hardly, not even 1Gbps NIC
-# generates interrupts at such raging rate...
-#
-# And now back to the former, hyper-threading CPU or more specifically
-# Intel P4. Recall that asynchronous attack implies that malicious
-# code instruments itself. And naturally instrumentation granularity
-# has be noticeably lower than duration of codepath accessing S-box.
-# Given that all cache-lines are accessed during that time that is.
-# Current implementation accesses *all* cache-lines within ~50 cycles
-# window, which is actually *less* than RDTSC latency on Intel P4!
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC,"${dir}","${dir}../../perlasm");
+
+push(@INC,"perlasm","../../perlasm");
 require "x86asm.pl";
 
-&asm_init($ARGV[0],"aes-586.pl",$x86only = $ARGV[$#ARGV] eq "386");
+&asm_init($ARGV[0],"aes-586.pl",$ARGV[$#ARGV] eq "386");
 
 $s0="eax";
 $s1="ebx";
@@ -198,36 +93,21 @@ $s2="ecx";
 $s3="edx";
 $key="edi";
 $acc="esi";
-$tbl="ebp";
-
-# stack frame layout in _[x86|sse]_AES_* routines, frame is allocated
-# by caller
-$__ra=&DWP(0,"esp");   # return address
-$__s0=&DWP(4,"esp");   # s0 backing store
-$__s1=&DWP(8,"esp");   # s1 backing store
-$__s2=&DWP(12,"esp");  # s2 backing store
-$__s3=&DWP(16,"esp");  # s3 backing store
-$__key=&DWP(20,"esp"); # pointer to key schedule
-$__end=&DWP(24,"esp"); # pointer to end of key schedule
-$__tbl=&DWP(28,"esp"); # %ebp backing store
-
-# stack frame layout in AES_[en|crypt] routines, which differs from
-# above by 4 and overlaps by %ebp backing store
-$_tbl=&DWP(24,"esp");
-$_esp=&DWP(28,"esp");
-
-sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
 
-$speed_limit=512;      # chunks smaller than $speed_limit are
-                       # processed with compact routine in CBC mode
+$compromise=0;         # $compromise=128 abstains from copying key
+                       # schedule to stack when encrypting inputs
+                       # shorter than 128 bytes at the cost of
+                       # risksing aliasing with S-boxes. In return
+                       # you get way better, up to +70%, small block
+                       # performance.
 $small_footprint=1;    # $small_footprint=1 code is ~5% slower [on
                        # recent Âµ-archs], but ~5 times smaller!
                        # I favor compact code to minimize cache
                        # contention and in hope to "collect" 5% back
                        # in real-life applications...
-
 $vertical_spin=0;      # shift "verticaly" defaults to 0, because of
                        # its proof-of-concept status...
+
 # Note that there is no decvert(), as well as last encryption round is
 # performed with "horizontal" shifts. This is because this "vertical"
 # implementation [one which groups shifts on a given $s[i] to form a
@@ -290,486 +170,17 @@ sub encvert()
        &movz   ($v0,&HB($v1));
        &and    ($v1,0xFF);
        &xor    ($s[3],&DWP(2,$te,$v1,8));              # s1>>16
-        &mov   ($key,$__key);                          # reincarnate v1 as key
+        &mov   ($key,&DWP(12,"esp"));                  # reincarnate v1 as key
        &xor    ($s[2],&DWP(1,$te,$v0,8));              # s1>>24
 }
 
-# Another experimental routine, which features "horizontal spin," but
-# eliminates one reference to stack. Strangely enough runs slower...
-sub enchoriz()
-{ my $v0 = $key, $v1 = $acc;
-
-       &movz   ($v0,&LB($s0));                 #  3, 2, 1, 0*
-       &rotr   ($s2,8);                        #  8,11,10, 9
-       &mov    ($v1,&DWP(0,$te,$v0,8));        #  0
-       &movz   ($v0,&HB($s1));                 #  7, 6, 5*, 4
-       &rotr   ($s3,16);                       # 13,12,15,14
-       &xor    ($v1,&DWP(3,$te,$v0,8));        #  5
-       &movz   ($v0,&HB($s2));                 #  8,11,10*, 9
-       &rotr   ($s0,16);                       #  1, 0, 3, 2
-       &xor    ($v1,&DWP(2,$te,$v0,8));        # 10
-       &movz   ($v0,&HB($s3));                 # 13,12,15*,14
-       &xor    ($v1,&DWP(1,$te,$v0,8));        # 15, t[0] collected
-       &mov    ($__s0,$v1);                    # t[0] saved
-
-       &movz   ($v0,&LB($s1));                 #  7, 6, 5, 4*
-       &shr    ($s1,16);                       #  -, -, 7, 6
-       &mov    ($v1,&DWP(0,$te,$v0,8));        #  4
-       &movz   ($v0,&LB($s3));                 # 13,12,15,14*
-       &xor    ($v1,&DWP(2,$te,$v0,8));        # 14
-       &movz   ($v0,&HB($s0));                 #  1, 0, 3*, 2
-       &and    ($s3,0xffff0000);               # 13,12, -, -
-       &xor    ($v1,&DWP(1,$te,$v0,8));        #  3
-       &movz   ($v0,&LB($s2));                 #  8,11,10, 9*
-       &or     ($s3,$s1);                      # 13,12, 7, 6
-       &xor    ($v1,&DWP(3,$te,$v0,8));        #  9, t[1] collected
-       &mov    ($s1,$v1);                      #  s[1]=t[1]
-
-       &movz   ($v0,&LB($s0));                 #  1, 0, 3, 2*
-       &shr    ($s2,16);                       #  -, -, 8,11
-       &mov    ($v1,&DWP(2,$te,$v0,8));        #  2
-       &movz   ($v0,&HB($s3));                 # 13,12, 7*, 6
-       &xor    ($v1,&DWP(1,$te,$v0,8));        #  7
-       &movz   ($v0,&HB($s2));                 #  -, -, 8*,11
-       &xor    ($v1,&DWP(0,$te,$v0,8));        #  8
-       &mov    ($v0,$s3);
-       &shr    ($v0,24);                       # 13
-       &xor    ($v1,&DWP(3,$te,$v0,8));        # 13, t[2] collected
-
-       &movz   ($v0,&LB($s2));                 #  -, -, 8,11*
-       &shr    ($s0,24);                       #  1*
-       &mov    ($s2,&DWP(1,$te,$v0,8));        # 11
-       &xor    ($s2,&DWP(3,$te,$s0,8));        #  1
-       &mov    ($s0,$__s0);                    # s[0]=t[0]
-       &movz   ($v0,&LB($s3));                 # 13,12, 7, 6*
-       &shr    ($s3,16);                       #   ,  ,13,12
-       &xor    ($s2,&DWP(2,$te,$v0,8));        #  6
-       &mov    ($key,$__key);                  # reincarnate v0 as key
-       &and    ($s3,0xff);                     #   ,  ,13,12*
-       &mov    ($s3,&DWP(0,$te,$s3,8));        # 12
-       &xor    ($s3,$s2);                      # s[2]=t[3] collected
-       &mov    ($s2,$v1);                      # s[2]=t[2]
-}
-
-# More experimental code... SSE one... Even though this one eliminates
-# *all* references to stack, it's not faster...
-sub sse_encbody()
-{
-       &movz   ($acc,&LB("eax"));              #  0
-       &mov    ("ecx",&DWP(0,$tbl,$acc,8));    #  0
-       &pshufw ("mm2","mm0",0x0d);             #  7, 6, 3, 2
-       &movz   ("edx",&HB("eax"));             #  1
-       &mov    ("edx",&DWP(3,$tbl,"edx",8));   #  1
-       &shr    ("eax",16);                     #  5, 4
-
-       &movz   ($acc,&LB("ebx"));              # 10
-       &xor    ("ecx",&DWP(2,$tbl,$acc,8));    # 10
-       &pshufw ("mm6","mm4",0x08);             # 13,12, 9, 8
-       &movz   ($acc,&HB("ebx"));              # 11
-       &xor    ("edx",&DWP(1,$tbl,$acc,8));    # 11
-       &shr    ("ebx",16);                     # 15,14
-
-       &movz   ($acc,&HB("eax"));              #  5
-       &xor    ("ecx",&DWP(3,$tbl,$acc,8));    #  5
-       &movq   ("mm3",QWP(16,$key));
-       &movz   ($acc,&HB("ebx"));              # 15
-       &xor    ("ecx",&DWP(1,$tbl,$acc,8));    # 15
-       &movd   ("mm0","ecx");                  # t[0] collected
-
-       &movz   ($acc,&LB("eax"));              #  4
-       &mov    ("ecx",&DWP(0,$tbl,$acc,8));    #  4
-       &movd   ("eax","mm2");                  #  7, 6, 3, 2
-       &movz   ($acc,&LB("ebx"));              # 14
-       &xor    ("ecx",&DWP(2,$tbl,$acc,8));    # 14
-       &movd   ("ebx","mm6");                  # 13,12, 9, 8
-
-       &movz   ($acc,&HB("eax"));              #  3
-       &xor    ("ecx",&DWP(1,$tbl,$acc,8));    #  3
-       &movz   ($acc,&HB("ebx"));              #  9
-       &xor    ("ecx",&DWP(3,$tbl,$acc,8));    #  9
-       &movd   ("mm1","ecx");                  # t[1] collected
-
-       &movz   ($acc,&LB("eax"));              #  2
-       &mov    ("ecx",&DWP(2,$tbl,$acc,8));    #  2
-       &shr    ("eax",16);                     #  7, 6
-       &punpckldq      ("mm0","mm1");          # t[0,1] collected
-       &movz   ($acc,&LB("ebx"));              #  8
-       &xor    ("ecx",&DWP(0,$tbl,$acc,8));    #  8
-       &shr    ("ebx",16);                     # 13,12
-
-       &movz   ($acc,&HB("eax"));              #  7
-       &xor    ("ecx",&DWP(1,$tbl,$acc,8));    #  7
-       &pxor   ("mm0","mm3");
-       &movz   ("eax",&LB("eax"));             #  6
-       &xor    ("edx",&DWP(2,$tbl,"eax",8));   #  6
-       &pshufw ("mm1","mm0",0x08);             #  5, 4, 1, 0
-       &movz   ($acc,&HB("ebx"));              # 13
-       &xor    ("ecx",&DWP(3,$tbl,$acc,8));    # 13
-       &xor    ("ecx",&DWP(24,$key));          # t[2]
-       &movd   ("mm4","ecx");                  # t[2] collected
-       &movz   ("ebx",&LB("ebx"));             # 12
-       &xor    ("edx",&DWP(0,$tbl,"ebx",8));   # 12
-       &shr    ("ecx",16);
-       &movd   ("eax","mm1");                  #  5, 4, 1, 0
-       &mov    ("ebx",&DWP(28,$key));          # t[3]
-       &xor    ("ebx","edx");
-       &movd   ("mm5","ebx");                  # t[3] collected
-       &and    ("ebx",0xffff0000);
-       &or     ("ebx","ecx");
-
-       &punpckldq      ("mm4","mm5");          # t[2,3] collected
-}
-
-######################################################################
-# "Compact" block function
-######################################################################
-
-sub enccompact()
-{ my $Fn = mov;
-  while ($#_>5) { pop(@_); $Fn=sub{}; }
-  my ($i,$te,@s)=@_;
-  my $tmp = $key;
-  my $out = $i==3?$s[0]:$acc;
-
-       # $Fn is used in first compact round and its purpose is to
-       # void restoration of some values from stack, so that after
-       # 4xenccompact with extra argument $key value is left there...
-       if ($i==3)  {   &$Fn    ($key,$__key);                  }##%edx
-       else        {   &mov    ($out,$s[0]);                   }
-                       &and    ($out,0xFF);
-       if ($i==1)  {   &shr    ($s[0],16);                     }#%ebx[1]
-       if ($i==2)  {   &shr    ($s[0],24);                     }#%ecx[2]
-                       &movz   ($out,&BP(-128,$te,$out,1));
-
-       if ($i==3)  {   $tmp=$s[1];                             }##%eax
-                       &movz   ($tmp,&HB($s[1]));
-                       &movz   ($tmp,&BP(-128,$te,$tmp,1));
-                       &shl    ($tmp,8);
-                       &xor    ($out,$tmp);
-
-       if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],$__s0);         }##%ebx
-       else        {   &mov    ($tmp,$s[2]);
-                       &shr    ($tmp,16);                      }
-       if ($i==2)  {   &and    ($s[1],0xFF);                   }#%edx[2]
-                       &and    ($tmp,0xFF);
-                       &movz   ($tmp,&BP(-128,$te,$tmp,1));
-                       &shl    ($tmp,16);
-                       &xor    ($out,$tmp);
-
-       if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],$__s1);         }##%ecx
-       elsif($i==2){   &movz   ($tmp,&HB($s[3]));              }#%ebx[2]
-       else        {   &mov    ($tmp,$s[3]);
-                       &shr    ($tmp,24);                      }
-                       &movz   ($tmp,&BP(-128,$te,$tmp,1));
-                       &shl    ($tmp,24);
-                       &xor    ($out,$tmp);
-       if ($i<2)   {   &mov    (&DWP(4+4*$i,"esp"),$out);      }
-       if ($i==3)  {   &mov    ($s[3],$acc);                   }
-       &comment();
-}
-
-sub enctransform()
-{ my @s = ($s0,$s1,$s2,$s3);
-  my $i = shift;
-  my $tmp = $tbl;
-  my $r2  = $key ;
-
-       &mov    ($acc,$s[$i]);
-       &and    ($acc,0x80808080);
-       &mov    ($tmp,$acc);
-       &shr    ($tmp,7);
-       &lea    ($r2,&DWP(0,$s[$i],$s[$i]));
-       &sub    ($acc,$tmp);
-       &and    ($r2,0xfefefefe);
-       &and    ($acc,0x1b1b1b1b);
-       &mov    ($tmp,$s[$i]);
-       &xor    ($acc,$r2);     # r2
-
-       &xor    ($s[$i],$acc);  # r0 ^ r2
-       &rotl   ($s[$i],24);
-       &xor    ($s[$i],$acc)   # ROTATE(r2^r0,24) ^ r2
-       &rotr   ($tmp,16);
-       &xor    ($s[$i],$tmp);
-       &rotr   ($tmp,8);
-       &xor    ($s[$i],$tmp);
-}
-
-&public_label("AES_Te");
-&function_begin_B("_x86_AES_encrypt_compact");
-       # note that caller is expected to allocate stack frame for me!
-       &mov    ($__key,$key);                  # save key
-
-       &xor    ($s0,&DWP(0,$key));             # xor with key
-       &xor    ($s1,&DWP(4,$key));
-       &xor    ($s2,&DWP(8,$key));
-       &xor    ($s3,&DWP(12,$key));
-
-       &mov    ($acc,&DWP(240,$key));          # load key->rounds
-       &lea    ($acc,&DWP(-2,$acc,$acc));
-       &lea    ($acc,&DWP(0,$key,$acc,8));
-       &mov    ($__end,$acc);                  # end of key schedule
-
-       # prefetch Te4
-       &mov    ($key,&DWP(0-128,$tbl));
-       &mov    ($acc,&DWP(32-128,$tbl));
-       &mov    ($key,&DWP(64-128,$tbl));
-       &mov    ($acc,&DWP(96-128,$tbl));
-       &mov    ($key,&DWP(128-128,$tbl));
-       &mov    ($acc,&DWP(160-128,$tbl));
-       &mov    ($key,&DWP(192-128,$tbl));
-       &mov    ($acc,&DWP(224-128,$tbl));
-
-       &set_label("loop",16);
-
-               &enccompact(0,$tbl,$s0,$s1,$s2,$s3,1);
-               &enccompact(1,$tbl,$s1,$s2,$s3,$s0,1);
-               &enccompact(2,$tbl,$s2,$s3,$s0,$s1,1);
-               &enccompact(3,$tbl,$s3,$s0,$s1,$s2,1);
-               &enctransform(2);
-               &enctransform(3);
-               &enctransform(0);
-               &enctransform(1);
-               &mov    ($key,$__key);
-               &mov    ($tbl,$__tbl);
-               &add    ($key,16);              # advance rd_key
-               &xor    ($s0,&DWP(0,$key));
-               &xor    ($s1,&DWP(4,$key));
-               &xor    ($s2,&DWP(8,$key));
-               &xor    ($s3,&DWP(12,$key));
-
-       &cmp    ($key,$__end);
-       &mov    ($__key,$key);
-       &jb     (&label("loop"));
-
-       &enccompact(0,$tbl,$s0,$s1,$s2,$s3);
-       &enccompact(1,$tbl,$s1,$s2,$s3,$s0);
-       &enccompact(2,$tbl,$s2,$s3,$s0,$s1);
-       &enccompact(3,$tbl,$s3,$s0,$s1,$s2);
-
-       &xor    ($s0,&DWP(16,$key));
-       &xor    ($s1,&DWP(20,$key));
-       &xor    ($s2,&DWP(24,$key));
-       &xor    ($s3,&DWP(28,$key));
-
-       &ret    ();
-&function_end_B("_x86_AES_encrypt_compact");
-
-######################################################################
-# "Compact" SSE block function.
-######################################################################
-#
-# Performance is not actually extraordinary in comparison to pure
-# x86 code. In particular encrypt performance is virtually the same.
-# Decrypt performance on the other hand is 15-20% better on newer
-# Âµ-archs [but we're thankful for *any* improvement here], and ~50%
-# better on PIII:-) And additionally on the pros side this code
-# eliminates redundant references to stack and thus relieves/
-# minimizes the pressure on the memory bus.
-#
-# MMX register layout                           lsb
-# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-# |          mm4          |          mm0          |
-# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-# |     s3    |     s2    |     s1    |     s0    |    
-# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-# |15|14|13|12|11|10| 9| 8| 7| 6| 5| 4| 3| 2| 1| 0|
-# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-#
-# Indexes translate as s[N/4]>>(8*(N%4)), e.g. 5 means s1>>8.
-# In this terms encryption and decryption "compact" permutation
-# matrices can be depicted as following:
-#
-# encryption              lsb  # decryption              lsb
-# +----++----+----+----+----+  # +----++----+----+----+----+
-# | t0 || 15 | 10 |  5 |  0 |  # | t0 ||  7 | 10 | 13 |  0 |
-# +----++----+----+----+----+  # +----++----+----+----+----+
-# | t1 ||  3 | 14 |  9 |  4 |  # | t1 || 11 | 14 |  1 |  4 |
-# +----++----+----+----+----+  # +----++----+----+----+----+
-# | t2 ||  7 |  2 | 13 |  8 |  # | t2 || 15 |  2 |  5 |  8 |
-# +----++----+----+----+----+  # +----++----+----+----+----+
-# | t3 || 11 |  6 |  1 | 12 |  # | t3 ||  3 |  6 |  9 | 12 |
-# +----++----+----+----+----+  # +----++----+----+----+----+
-#
-######################################################################
-# Why not xmm registers? Short answer. It was actually tested and
-# was not any faster, but *contrary*, most notably on Intel CPUs.
-# Longer answer. Main advantage of using mm registers is that movd
-# latency is lower, especially on Intel P4. While arithmetic
-# instructions are twice as many, they can be scheduled every cycle
-# and not every second one when they are operating on xmm register,
-# so that "arithmetic throughput" remains virtually the same. And
-# finally the code can be executed even on elder SSE-only CPUs:-)
-
-sub sse_enccompact()
-{
-       &pshufw ("mm1","mm0",0x08);             #  5, 4, 1, 0
-       &pshufw ("mm5","mm4",0x0d);             # 15,14,11,10
-       &movd   ("eax","mm1");                  #  5, 4, 1, 0
-       &movd   ("ebx","mm5");                  # 15,14,11,10
-
-       &movz   ($acc,&LB("eax"));              #  0
-       &movz   ("ecx",&BP(-128,$tbl,$acc,1));  #  0
-       &pshufw ("mm2","mm0",0x0d);             #  7, 6, 3, 2
-       &movz   ("edx",&HB("eax"));             #  1
-       &movz   ("edx",&BP(-128,$tbl,"edx",1)); #  1
-       &shl    ("edx",8);                      #  1
-       &shr    ("eax",16);                     #  5, 4
-
-       &movz   ($acc,&LB("ebx"));              # 10
-       &movz   ($acc,&BP(-128,$tbl,$acc,1));   # 10
-       &shl    ($acc,16);                      # 10
-       &or     ("ecx",$acc);                   # 10
-       &pshufw ("mm6","mm4",0x08);             # 13,12, 9, 8
-       &movz   ($acc,&HB("ebx"));              # 11
-       &movz   ($acc,&BP(-128,$tbl,$acc,1));   # 11
-       &shl    ($acc,24);                      # 11
-       &or     ("edx",$acc);                   # 11
-       &shr    ("ebx",16);                     # 15,14
-
-       &movz   ($acc,&HB("eax"));              #  5
-       &movz   ($acc,&BP(-128,$tbl,$acc,1));   #  5
-       &shl    ($acc,8);                       #  5
-       &or     ("ecx",$acc);                   #  5
-       &movz   ($acc,&HB("ebx"));              # 15
-       &movz   ($acc,&BP(-128,$tbl,$acc,1));   # 15
-       &shl    ($acc,24);                      # 15
-       &or     ("ecx",$acc);                   # 15
-       &movd   ("mm0","ecx");                  # t[0] collected
-
-       &movz   ($acc,&LB("eax"));              #  4
-       &movz   ("ecx",&BP(-128,$tbl,$acc,1));  #  4
-       &movd   ("eax","mm2");                  #  7, 6, 3, 2
-       &movz   ($acc,&LB("ebx"));              # 14
-       &movz   ($acc,&BP(-128,$tbl,$acc,1));   # 14
-       &shl    ($acc,16);                      # 14
-       &or     ("ecx",$acc);                   # 14
-
-       &movd   ("ebx","mm6");                  # 13,12, 9, 8
-       &movz   ($acc,&HB("eax"));              #  3
-       &movz   ($acc,&BP(-128,$tbl,$acc,1));   #  3
-       &shl    ($acc,24);                      #  3
-       &or     ("ecx",$acc);                   #  3
-       &movz   ($acc,&HB("ebx"));              #  9
-       &movz   ($acc,&BP(-128,$tbl,$acc,1));   #  9
-       &shl    ($acc,8);                       #  9
-       &or     ("ecx",$acc);                   #  9
-       &movd   ("mm1","ecx");                  # t[1] collected
-
-       &movz   ($acc,&LB("ebx"));              #  8
-       &movz   ("ecx",&BP(-128,$tbl,$acc,1));  #  8
-       &shr    ("ebx",16);                     # 13,12
-       &movz   ($acc,&LB("eax"));              #  2
-       &movz   ($acc,&BP(-128,$tbl,$acc,1));   #  2
-       &shl    ($acc,16);                      #  2
-       &or     ("ecx",$acc);                   #  2
-       &shr    ("eax",16);                     #  7, 6
-
-       &punpckldq      ("mm0","mm1");          # t[0,1] collected
-
-       &movz   ($acc,&HB("eax"));              #  7
-       &movz   ($acc,&BP(-128,$tbl,$acc,1));   #  7
-       &shl    ($acc,24);                      #  7
-       &or     ("ecx",$acc);                   #  7
-       &and    ("eax",0xff);                   #  6
-       &movz   ("eax",&BP(-128,$tbl,"eax",1)); #  6
-       &shl    ("eax",16);                     #  6
-       &or     ("edx","eax");                  #  6
-       &movz   ($acc,&HB("ebx"));              # 13
-       &movz   ($acc,&BP(-128,$tbl,$acc,1));   # 13
-       &shl    ($acc,8);                       # 13
-       &or     ("ecx",$acc);                   # 13
-       &movd   ("mm4","ecx");                  # t[2] collected
-       &and    ("ebx",0xff);                   # 12
-       &movz   ("ebx",&BP(-128,$tbl,"ebx",1)); # 12
-       &or     ("edx","ebx");                  # 12
-       &movd   ("mm5","edx");                  # t[3] collected
-
-       &punpckldq      ("mm4","mm5");          # t[2,3] collected
-}
-
-                                       if (!$x86only) {
-&public_label("AES_Te");
-&function_begin_B("_sse_AES_encrypt_compact");
-       &pxor   ("mm0",&QWP(0,$key));   #  7, 6, 5, 4, 3, 2, 1, 0
-       &pxor   ("mm4",&QWP(8,$key));   # 15,14,13,12,11,10, 9, 8
-
-       # note that caller is expected to allocate stack frame for me!
-       &mov    ($acc,&DWP(240,$key));          # load key->rounds
-       &lea    ($acc,&DWP(-2,$acc,$acc));
-       &lea    ($acc,&DWP(0,$key,$acc,8));
-       &mov    ($__end,$acc);                  # end of key schedule
-
-       &mov    ($s0,0x1b1b1b1b);               # magic constant
-       &mov    (&DWP(8,"esp"),$s0);
-       &mov    (&DWP(12,"esp"),$s0);
-
-       # prefetch Te4
-       &mov    ($s0,&DWP(0-128,$tbl));
-       &mov    ($s1,&DWP(32-128,$tbl));
-       &mov    ($s2,&DWP(64-128,$tbl));
-       &mov    ($s3,&DWP(96-128,$tbl));
-       &mov    ($s0,&DWP(128-128,$tbl));
-       &mov    ($s1,&DWP(160-128,$tbl));
-       &mov    ($s2,&DWP(192-128,$tbl));
-       &mov    ($s3,&DWP(224-128,$tbl));
-
-       &set_label("loop",16);
-               &sse_enccompact();
-               &add    ($key,16);
-               &cmp    ($key,$__end);
-               &ja     (&label("out"));
-
-               &movq   ("mm2",&QWP(8,"esp"));
-               &pxor   ("mm3","mm3");          &pxor   ("mm7","mm7");
-               &movq   ("mm1","mm0");          &movq   ("mm5","mm4");  # r0
-               &pcmpgtb("mm3","mm0");          &pcmpgtb("mm7","mm4");
-               &pand   ("mm3","mm2");          &pand   ("mm7","mm2");
-               &pshufw ("mm2","mm0",0xb1);     &pshufw ("mm6","mm4",0xb1);# ROTATE(r0,16)
-               &paddb  ("mm0","mm0");          &paddb  ("mm4","mm4");
-               &pxor   ("mm0","mm3");          &pxor   ("mm4","mm7");  # = r2
-               &pshufw ("mm3","mm2",0xb1);     &pshufw ("mm7","mm6",0xb1);# r0
-               &pxor   ("mm1","mm0");          &pxor   ("mm5","mm4");  # r0^r2
-               &pxor   ("mm0","mm2");          &pxor   ("mm4","mm6");  # ^= ROTATE(r0,16)
-
-               &movq   ("mm2","mm3");          &movq   ("mm6","mm7");
-               &pslld  ("mm3",8);              &pslld  ("mm7",8);
-               &psrld  ("mm2",24);             &psrld  ("mm6",24);
-               &pxor   ("mm0","mm3");          &pxor   ("mm4","mm7");  # ^= r0<<8
-               &pxor   ("mm0","mm2");          &pxor   ("mm4","mm6");  # ^= r0>>24
-
-               &movq   ("mm3","mm1");          &movq   ("mm7","mm5");
-               &movq   ("mm2",&QWP(0,$key));   &movq   ("mm6",&QWP(8,$key));
-               &psrld  ("mm1",8);              &psrld  ("mm5",8);
-               &mov    ($s0,&DWP(0-128,$tbl));
-               &pslld  ("mm3",24);             &pslld  ("mm7",24);
-               &mov    ($s1,&DWP(64-128,$tbl));
-               &pxor   ("mm0","mm1");          &pxor   ("mm4","mm5");  # ^= (r2^r0)<<8
-               &mov    ($s2,&DWP(128-128,$tbl));
-               &pxor   ("mm0","mm3");          &pxor   ("mm4","mm7");  # ^= (r2^r0)>>24
-               &mov    ($s3,&DWP(192-128,$tbl));
-
-               &pxor   ("mm0","mm2");          &pxor   ("mm4","mm6");
-       &jmp    (&label("loop"));
-
-       &set_label("out",16);
-       &pxor   ("mm0",&QWP(0,$key));
-       &pxor   ("mm4",&QWP(8,$key));
-
-       &ret    ();
-&function_end_B("_sse_AES_encrypt_compact");
-                                       }
-
-######################################################################
-# Vanilla block function.
-######################################################################
-
 sub encstep()
 { my ($i,$te,@s) = @_;
   my $tmp = $key;
   my $out = $i==3?$s[0]:$acc;
 
        # lines marked with #%e?x[i] denote "reordered" instructions...
-       if ($i==3)  {   &mov    ($key,$__key);                  }##%edx
+       if ($i==3)  {   &mov    ($key,&DWP(12,"esp"));          }##%edx
        else        {   &mov    ($out,$s[0]);
                        &and    ($out,0xFF);                    }
        if ($i==1)  {   &shr    ($s[0],16);                     }#%ebx[1]
@@ -780,14 +191,14 @@ sub encstep()
                        &movz   ($tmp,&HB($s[1]));
                        &xor    ($out,&DWP(3,$te,$tmp,8));
 
-       if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],$__s0);         }##%ebx
+       if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],&DWP(4,"esp")); }##%ebx
        else        {   &mov    ($tmp,$s[2]);
                        &shr    ($tmp,16);                      }
        if ($i==2)  {   &and    ($s[1],0xFF);                   }#%edx[2]
                        &and    ($tmp,0xFF);
                        &xor    ($out,&DWP(2,$te,$tmp,8));
 
-       if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],$__s1);         }##%ecx
+       if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }##%ecx
        elsif($i==2){   &movz   ($tmp,&HB($s[3]));              }#%ebx[2]
        else        {   &mov    ($tmp,$s[3]); 
                        &shr    ($tmp,24)                       }
@@ -802,7 +213,7 @@ sub enclast()
   my $tmp = $key;
   my $out = $i==3?$s[0]:$acc;
 
-       if ($i==3)  {   &mov    ($key,$__key);                  }##%edx
+       if ($i==3)  {   &mov    ($key,&DWP(12,"esp"));          }##%edx
        else        {   &mov    ($out,$s[0]);                   }
                        &and    ($out,0xFF);
        if ($i==1)  {   &shr    ($s[0],16);                     }#%ebx[1]
@@ -816,8 +227,8 @@ sub enclast()
                        &and    ($tmp,0x0000ff00);
                        &xor    ($out,$tmp);
 
-       if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],$__s0);         }##%ebx
-       else        {   &mov    ($tmp,$s[2]);
+       if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],&DWP(4,"esp")); }##%ebx
+       else        {   mov     ($tmp,$s[2]);
                        &shr    ($tmp,16);                      }
        if ($i==2)  {   &and    ($s[1],0xFF);                   }#%edx[2]
                        &and    ($tmp,0xFF);
@@ -825,7 +236,7 @@ sub enclast()
                        &and    ($tmp,0x00ff0000);
                        &xor    ($out,$tmp);
 
-       if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],$__s1);         }##%ecx
+       if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }##%ecx
        elsif($i==2){   &movz   ($tmp,&HB($s[3]));              }#%ebx[2]
        else        {   &mov    ($tmp,$s[3]);
                        &shr    ($tmp,24);                      }
@@ -836,6 +247,8 @@ sub enclast()
        if ($i==3)  {   &mov    ($s[3],$acc);                   }
 }
 
+sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
+
 &public_label("AES_Te");
 &function_begin_B("_x86_AES_encrypt");
        if ($vertical_spin) {
@@ -845,7 +258,7 @@ sub enclast()
        }
 
        # note that caller is expected to allocate stack frame for me!
-       &mov    ($__key,$key);                  # save key
+       &mov    (&DWP(12,"esp"),$key);          # save key
 
        &xor    ($s0,&DWP(0,$key));             # xor with key
        &xor    ($s1,&DWP(4,$key));
@@ -857,24 +270,24 @@ sub enclast()
        if ($small_footprint) {
            &lea        ($acc,&DWP(-2,$acc,$acc));
            &lea        ($acc,&DWP(0,$key,$acc,8));
-           &mov        ($__end,$acc);          # end of key schedule
-
-           &set_label("loop",16);
+           &mov        (&DWP(16,"esp"),$acc);  # end of key schedule
+           &align      (4);
+           &set_label("loop");
                if ($vertical_spin) {
-                   &encvert($tbl,$s0,$s1,$s2,$s3);
+                   &encvert("ebp",$s0,$s1,$s2,$s3);
                } else {
-                   &encstep(0,$tbl,$s0,$s1,$s2,$s3);
-                   &encstep(1,$tbl,$s1,$s2,$s3,$s0);
-                   &encstep(2,$tbl,$s2,$s3,$s0,$s1);
-                   &encstep(3,$tbl,$s3,$s0,$s1,$s2);
+                   &encstep(0,"ebp",$s0,$s1,$s2,$s3);
+                   &encstep(1,"ebp",$s1,$s2,$s3,$s0);
+                   &encstep(2,"ebp",$s2,$s3,$s0,$s1);
+                   &encstep(3,"ebp",$s3,$s0,$s1,$s2);
                }
                &add    ($key,16);              # advance rd_key
                &xor    ($s0,&DWP(0,$key));
                &xor    ($s1,&DWP(4,$key));
                &xor    ($s2,&DWP(8,$key));
                &xor    ($s3,&DWP(12,$key));
-           &cmp        ($key,$__end);
-           &mov        ($__key,$key);
+           &cmp        ($key,&DWP(16,"esp"));
+           &mov        (&DWP(12,"esp"),$key);
            &jb         (&label("loop"));
        }
        else {
@@ -883,15 +296,15 @@ sub enclast()
            &cmp        ($acc,12);
            &jle        (&label("12rounds"));
 
-       &set_label("14rounds",4);
+       &set_label("14rounds");
            for ($i=1;$i<3;$i++) {
                if ($vertical_spin) {
-                   &encvert($tbl,$s0,$s1,$s2,$s3);
+                   &encvert("ebp",$s0,$s1,$s2,$s3);
                } else {
-                   &encstep(0,$tbl,$s0,$s1,$s2,$s3);
-                   &encstep(1,$tbl,$s1,$s2,$s3,$s0);
-                   &encstep(2,$tbl,$s2,$s3,$s0,$s1);
-                   &encstep(3,$tbl,$s3,$s0,$s1,$s2);
+                   &encstep(0,"ebp",$s0,$s1,$s2,$s3);
+                   &encstep(1,"ebp",$s1,$s2,$s3,$s0);
+                   &encstep(2,"ebp",$s2,$s3,$s0,$s1);
+                   &encstep(3,"ebp",$s3,$s0,$s1,$s2);
                }
                &xor    ($s0,&DWP(16*$i+0,$key));
                &xor    ($s1,&DWP(16*$i+4,$key));
@@ -899,16 +312,16 @@ sub enclast()
                &xor    ($s3,&DWP(16*$i+12,$key));
            }
            &add        ($key,32);
-           &mov        ($__key,$key);          # advance rd_key
-       &set_label("12rounds",4);
+           &mov        (&DWP(12,"esp"),$key);  # advance rd_key
+       &set_label("12rounds");
            for ($i=1;$i<3;$i++) {
                if ($vertical_spin) {
-                   &encvert($tbl,$s0,$s1,$s2,$s3);
+                   &encvert("ebp",$s0,$s1,$s2,$s3);
                } else {
-                   &encstep(0,$tbl,$s0,$s1,$s2,$s3);
-                   &encstep(1,$tbl,$s1,$s2,$s3,$s0);
-                   &encstep(2,$tbl,$s2,$s3,$s0,$s1);
-                   &encstep(3,$tbl,$s3,$s0,$s1,$s2);
+                   &encstep(0,"ebp",$s0,$s1,$s2,$s3);
+                   &encstep(1,"ebp",$s1,$s2,$s3,$s0);
+                   &encstep(2,"ebp",$s2,$s3,$s0,$s1);
+                   &encstep(3,"ebp",$s3,$s0,$s1,$s2);
                }
                &xor    ($s0,&DWP(16*$i+0,$key));
                &xor    ($s1,&DWP(16*$i+4,$key));
@@ -916,16 +329,16 @@ sub enclast()
                &xor    ($s3,&DWP(16*$i+12,$key));
            }
            &add        ($key,32);
-           &mov        ($__key,$key);          # advance rd_key
-       &set_label("10rounds",4);
+           &mov        (&DWP(12,"esp"),$key);  # advance rd_key
+       &set_label("10rounds");
            for ($i=1;$i<10;$i++) {
                if ($vertical_spin) {
-                   &encvert($tbl,$s0,$s1,$s2,$s3);
+                   &encvert("ebp",$s0,$s1,$s2,$s3);
                } else {
-                   &encstep(0,$tbl,$s0,$s1,$s2,$s3);
-                   &encstep(1,$tbl,$s1,$s2,$s3,$s0);
-                   &encstep(2,$tbl,$s2,$s3,$s0,$s1);
-                   &encstep(3,$tbl,$s3,$s0,$s1,$s2);
+                   &encstep(0,"ebp",$s0,$s1,$s2,$s3);
+                   &encstep(1,"ebp",$s1,$s2,$s3,$s0);
+                   &encstep(2,"ebp",$s2,$s3,$s0,$s1);
+                   &encstep(3,"ebp",$s3,$s0,$s1,$s2);
                }
                &xor    ($s0,&DWP(16*$i+0,$key));
                &xor    ($s1,&DWP(16*$i+4,$key));
@@ -939,10 +352,10 @@ sub enclast()
            &mov        ($s1="ebx",$key="edi");
            &mov        ($s2="ecx",$acc="esi");
        }
-       &enclast(0,$tbl,$s0,$s1,$s2,$s3);
-       &enclast(1,$tbl,$s1,$s2,$s3,$s0);
-       &enclast(2,$tbl,$s2,$s3,$s0,$s1);
-       &enclast(3,$tbl,$s3,$s0,$s1,$s2);
+       &enclast(0,"ebp",$s0,$s1,$s2,$s3);
+       &enclast(1,"ebp",$s1,$s2,$s3,$s0);
+       &enclast(2,"ebp",$s2,$s3,$s0,$s1);
+       &enclast(3,"ebp",$s3,$s0,$s1,$s2);
 
        &add    ($key,$small_footprint?16:160);
        &xor    ($s0,&DWP(0,$key));
@@ -1017,144 +430,10 @@ sub enclast()
        &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);
        &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);
        &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);
-
-#Te4   # four copies of Te4 to choose from to avoid L1 aliasing
-       &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
-       &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
-       &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
-       &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
-       &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
-       &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
-       &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
-       &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
-       &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
-       &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
-       &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
-       &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
-       &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
-       &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
-       &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
-       &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
-       &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
-       &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
-       &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
-       &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
-       &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
-       &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
-       &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
-       &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
-       &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
-       &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
-       &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
-       &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
-       &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
-       &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
-       &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
-       &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
-
-       &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
-       &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
-       &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
-       &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
-       &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
-       &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
-       &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
-       &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
-       &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
-       &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
-       &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
-       &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
-       &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
-       &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
-       &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
-       &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
-       &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
-       &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
-       &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
-       &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
-       &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
-       &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
-       &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
-       &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
-       &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
-       &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
-       &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
-       &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
-       &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
-       &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
-       &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
-       &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
-
-       &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
-       &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
-       &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
-       &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
-       &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
-       &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
-       &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
-       &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
-       &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
-       &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
-       &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
-       &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
-       &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
-       &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
-       &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
-       &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
-       &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
-       &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
-       &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
-       &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
-       &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
-       &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
-       &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
-       &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
-       &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
-       &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
-       &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
-       &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
-       &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
-       &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
-       &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
-       &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
-
-       &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
-       &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
-       &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
-       &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
-       &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
-       &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
-       &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
-       &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
-       &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
-       &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
-       &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
-       &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
-       &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
-       &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
-       &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
-       &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
-       &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
-       &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
-       &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
-       &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
-       &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
-       &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
-       &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
-       &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
-       &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
-       &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
-       &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
-       &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
-       &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
-       &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
-       &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
-       &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
 #rcon:
        &data_word(0x00000001, 0x00000002, 0x00000004, 0x00000008);
        &data_word(0x00000010, 0x00000020, 0x00000040, 0x00000080);
-       &data_word(0x0000001b, 0x00000036, 0x00000000, 0x00000000);
-       &data_word(0x00000000, 0x00000000, 0x00000000, 0x00000000);
+       &data_word(0x0000001b, 0x00000036, 0, 0, 0, 0, 0, 0);
 &function_end_B("_x86_AES_encrypt");
 
 # void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
@@ -1164,52 +443,25 @@ sub enclast()
        &mov    ($key,&wparam(2));              # load key
 
        &mov    ($s0,"esp");
-       &sub    ("esp",36);
-       &and    ("esp",-64);                    # align to cache-line
-
-       # place stack frame just "above" the key schedule
-       &lea    ($s1,&DWP(-64-63,$key));
-       &sub    ($s1,"esp");
-       &neg    ($s1);
-       &and    ($s1,0x3C0);    # modulo 1024, but aligned to cache-line
-       &sub    ("esp",$s1);
-       &add    ("esp",4);      # 4 is reserved for caller's return address
-       &mov    ($_esp,$s0);                    # save stack pointer
+       &sub    ("esp",24);
+       &and    ("esp",-64);
+       &add    ("esp",4);
+       &mov    (&DWP(16,"esp"),$s0);
 
        &call   (&label("pic_point"));          # make it PIC!
        &set_label("pic_point");
-       &blindpop($tbl);
-       &picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if (!$x86only);
-       &lea    ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl));
-
-       # pick Te4 copy which can't "overlap" with stack frame or key schedule
-       &lea    ($s1,&DWP(768-4,"esp"));
-       &sub    ($s1,$tbl);
-       &and    ($s1,0x300);
-       &lea    ($tbl,&DWP(2048+128,$tbl,$s1));
-
-                                       if (!$x86only) {
-       &bt     (&DWP(0,$s0),25);       # check for SSE bit
-       &jnc    (&label("x86"));
-
-       &movq   ("mm0",&QWP(0,$acc));
-       &movq   ("mm4",&QWP(8,$acc));
-       &call   ("_sse_AES_encrypt_compact");
-       &mov    ("esp",$_esp);                  # restore stack pointer
-       &mov    ($acc,&wparam(1));              # load out
-       &movq   (&QWP(0,$acc),"mm0");           # write output data
-       &movq   (&QWP(8,$acc),"mm4");
-       &emms   ();
-       &function_end_A();
-                                       }
-       &set_label("x86",16);
-       &mov    ($_tbl,$tbl);
+       &blindpop("ebp");
+       &lea    ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
+
        &mov    ($s0,&DWP(0,$acc));             # load input data
        &mov    ($s1,&DWP(4,$acc));
        &mov    ($s2,&DWP(8,$acc));
        &mov    ($s3,&DWP(12,$acc));
-       &call   ("_x86_AES_encrypt_compact");
-       &mov    ("esp",$_esp);                  # restore stack pointer
+
+       &call   ("_x86_AES_encrypt");
+
+       &mov    ("esp",&DWP(16,"esp"));
+
        &mov    ($acc,&wparam(1));              # load out
        &mov    (&DWP(0,$acc),$s0);             # write output data
        &mov    (&DWP(4,$acc),$s1);
@@ -1217,372 +469,7 @@ sub enclast()
        &mov    (&DWP(12,$acc),$s3);
 &function_end("AES_encrypt");
 
-#--------------------------------------------------------------------#
-
-######################################################################
-# "Compact" block function
-######################################################################
-
-sub deccompact()
-{ my $Fn = mov;
-  while ($#_>5) { pop(@_); $Fn=sub{}; }
-  my ($i,$td,@s)=@_;
-  my $tmp = $key;
-  my $out = $i==3?$s[0]:$acc;
-
-       # $Fn is used in first compact round and its purpose is to
-       # void restoration of some values from stack, so that after
-       # 4xdeccompact with extra argument $key, $s0 and $s1 values
-       # are left there...
-       if($i==3)   {   &$Fn    ($key,$__key);                  }
-       else        {   &mov    ($out,$s[0]);                   }
-                       &and    ($out,0xFF);
-                       &movz   ($out,&BP(-128,$td,$out,1));
-
-       if ($i==3)  {   $tmp=$s[1];                             }
-                       &movz   ($tmp,&HB($s[1]));
-                       &movz   ($tmp,&BP(-128,$td,$tmp,1));
-                       &shl    ($tmp,8);
-                       &xor    ($out,$tmp);
-
-       if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],$acc);          }
-       else        {   mov     ($tmp,$s[2]);                   }
-                       &shr    ($tmp,16);
-                       &and    ($tmp,0xFF);
-                       &movz   ($tmp,&BP(-128,$td,$tmp,1));
-                       &shl    ($tmp,16);
-                       &xor    ($out,$tmp);
-
-       if ($i==3)  {   $tmp=$s[3]; &$Fn ($s[2],$__s1);         }
-       else        {   &mov    ($tmp,$s[3]);                   }
-                       &shr    ($tmp,24);
-                       &movz   ($tmp,&BP(-128,$td,$tmp,1));
-                       &shl    ($tmp,24);
-                       &xor    ($out,$tmp);
-       if ($i<2)   {   &mov    (&DWP(4+4*$i,"esp"),$out);      }
-       if ($i==3)  {   &$Fn    ($s[3],$__s0);                  }
-}
-
-# must be called with 2,3,0,1 as argument sequence!!!
-sub dectransform()
-{ my @s = ($s0,$s1,$s2,$s3);
-  my $i = shift;
-  my $tmp = $key;
-  my $tp2 = @s[($i+2)%4]; $tp2 = @s[2] if ($i==1);
-  my $tp4 = @s[($i+3)%4]; $tp4 = @s[3] if ($i==1);
-  my $tp8 = $tbl;
-
-       &mov    ($acc,$s[$i]);
-       &and    ($acc,0x80808080);
-       &mov    ($tmp,$acc);
-       &shr    ($tmp,7);
-       &lea    ($tp2,&DWP(0,$s[$i],$s[$i]));
-       &sub    ($acc,$tmp);
-       &and    ($tp2,0xfefefefe);
-       &and    ($acc,0x1b1b1b1b);
-       &xor    ($acc,$tp2);
-       &mov    ($tp2,$acc);
-
-       &and    ($acc,0x80808080);
-       &mov    ($tmp,$acc);
-       &shr    ($tmp,7);
-       &lea    ($tp4,&DWP(0,$tp2,$tp2));
-       &sub    ($acc,$tmp);
-       &and    ($tp4,0xfefefefe);
-       &and    ($acc,0x1b1b1b1b);
-        &xor   ($tp2,$s[$i]);  # tp2^tp1
-       &xor    ($acc,$tp4);
-       &mov    ($tp4,$acc);
-
-       &and    ($acc,0x80808080);
-       &mov    ($tmp,$acc);
-       &shr    ($tmp,7);
-       &lea    ($tp8,&DWP(0,$tp4,$tp4));
-       &sub    ($acc,$tmp);
-       &and    ($tp8,0xfefefefe);
-       &and    ($acc,0x1b1b1b1b);
-        &xor   ($tp4,$s[$i]);  # tp4^tp1
-        &rotl  ($s[$i],8);     # = ROTATE(tp1,8)
-       &xor    ($tp8,$acc);
-
-       &xor    ($s[$i],$tp2);
-       &xor    ($tp2,$tp8);
-       &rotl   ($tp2,24);
-       &xor    ($s[$i],$tp4);
-       &xor    ($tp4,$tp8);
-       &rotl   ($tp4,16);
-       &xor    ($s[$i],$tp8);  # ^= tp8^(tp4^tp1)^(tp2^tp1)
-       &rotl   ($tp8,8);
-       &xor    ($s[$i],$tp2);  # ^= ROTATE(tp8^tp2^tp1,24)
-       &xor    ($s[$i],$tp4);  # ^= ROTATE(tp8^tp4^tp1,16)
-        &mov   ($s[0],$__s0)                   if($i==2); #prefetch $s0
-        &mov   ($s[1],$__s1)                   if($i==3); #prefetch $s1
-        &mov   ($s[2],$__s2)                   if($i==1);
-       &xor    ($s[$i],$tp8);  # ^= ROTATE(tp8,8)
-
-       &mov    ($s[3],$__s3)                   if($i==1);
-       &mov    (&DWP(4+4*$i,"esp"),$s[$i])     if($i>=2);
-}
-
-&public_label("AES_Td");
-&function_begin_B("_x86_AES_decrypt_compact");
-       # note that caller is expected to allocate stack frame for me!
-       &mov    ($__key,$key);                  # save key
-
-       &xor    ($s0,&DWP(0,$key));             # xor with key
-       &xor    ($s1,&DWP(4,$key));
-       &xor    ($s2,&DWP(8,$key));
-       &xor    ($s3,&DWP(12,$key));
-
-       &mov    ($acc,&DWP(240,$key));          # load key->rounds
-
-       &lea    ($acc,&DWP(-2,$acc,$acc));
-       &lea    ($acc,&DWP(0,$key,$acc,8));
-       &mov    ($__end,$acc);                  # end of key schedule
-
-       # prefetch Td4
-       &mov    ($key,&DWP(0-128,$tbl));
-       &mov    ($acc,&DWP(32-128,$tbl));
-       &mov    ($key,&DWP(64-128,$tbl));
-       &mov    ($acc,&DWP(96-128,$tbl));
-       &mov    ($key,&DWP(128-128,$tbl));
-       &mov    ($acc,&DWP(160-128,$tbl));
-       &mov    ($key,&DWP(192-128,$tbl));
-       &mov    ($acc,&DWP(224-128,$tbl));
-
-       &set_label("loop",16);
-
-               &deccompact(0,$tbl,$s0,$s3,$s2,$s1,1);
-               &deccompact(1,$tbl,$s1,$s0,$s3,$s2,1);
-               &deccompact(2,$tbl,$s2,$s1,$s0,$s3,1);
-               &deccompact(3,$tbl,$s3,$s2,$s1,$s0,1);
-               &dectransform(2);
-               &dectransform(3);
-               &dectransform(0);
-               &dectransform(1);
-               &mov    ($key,$__key);
-               &mov    ($tbl,$__tbl);
-               &add    ($key,16);              # advance rd_key
-               &xor    ($s0,&DWP(0,$key));
-               &xor    ($s1,&DWP(4,$key));
-               &xor    ($s2,&DWP(8,$key));
-               &xor    ($s3,&DWP(12,$key));
-
-       &cmp    ($key,$__end);
-       &mov    ($__key,$key);
-       &jb     (&label("loop"));
-
-       &deccompact(0,$tbl,$s0,$s3,$s2,$s1);
-       &deccompact(1,$tbl,$s1,$s0,$s3,$s2);
-       &deccompact(2,$tbl,$s2,$s1,$s0,$s3);
-       &deccompact(3,$tbl,$s3,$s2,$s1,$s0);
-
-       &xor    ($s0,&DWP(16,$key));
-       &xor    ($s1,&DWP(20,$key));
-       &xor    ($s2,&DWP(24,$key));
-       &xor    ($s3,&DWP(28,$key));
-
-       &ret    ();
-&function_end_B("_x86_AES_decrypt_compact");
-
-######################################################################
-# "Compact" SSE block function.
-######################################################################
-
-sub sse_deccompact()
-{
-       &pshufw ("mm1","mm0",0x0c);             #  7, 6, 1, 0
-       &movd   ("eax","mm1");                  #  7, 6, 1, 0
-
-       &pshufw ("mm5","mm4",0x09);             # 13,12,11,10
-       &movz   ($acc,&LB("eax"));              #  0
-       &movz   ("ecx",&BP(-128,$tbl,$acc,1));  #  0
-       &movd   ("ebx","mm5");                  # 13,12,11,10
-       &movz   ("edx",&HB("eax"));             #  1
-       &movz   ("edx",&BP(-128,$tbl,"edx",1)); #  1
-       &shl    ("edx",8);                      #  1
-
-       &pshufw ("mm2","mm0",0x06);             #  3, 2, 5, 4
-       &movz   ($acc,&LB("ebx"));              # 10
-       &movz   ($acc,&BP(-128,$tbl,$acc,1));   # 10
-       &shl    ($acc,16);                      # 10
-       &or     ("ecx",$acc);                   # 10
-       &shr    ("eax",16);                     #  7, 6
-       &movz   ($acc,&HB("ebx"));              # 11
-       &movz   ($acc,&BP(-128,$tbl,$acc,1));   # 11
-       &shl    ($acc,24);                      # 11
-       &or     ("edx",$acc);                   # 11
-       &shr    ("ebx",16);                     # 13,12
-
-       &pshufw ("mm6","mm4",0x03);             # 9, 8,15,14
-       &movz   ($acc,&HB("eax"));              #  7
-       &movz   ($acc,&BP(-128,$tbl,$acc,1));   #  7
-       &shl    ($acc,24);                      #  7
-       &or     ("ecx",$acc);                   #  7
-       &movz   ($acc,&HB("ebx"));              # 13
-       &movz   ($acc,&BP(-128,$tbl,$acc,1));   # 13
-       &shl    ($acc,8);                       # 13
-       &or     ("ecx",$acc);                   # 13
-       &movd   ("mm0","ecx");                  # t[0] collected
-
-       &movz   ($acc,&LB("eax"));              #  6
-       &movd   ("eax","mm2");                  #  3, 2, 5, 4
-       &movz   ("ecx",&BP(-128,$tbl,$acc,1));  #  6
-       &shl    ("ecx",16);                     #  6
-       &movz   ($acc,&LB("ebx"));              # 12
-       &movd   ("ebx","mm6");                  #  9, 8,15,14
-       &movz   ($acc,&BP(-128,$tbl,$acc,1));   # 12
-       &or     ("ecx",$acc);                   # 12
-
-       &movz   ($acc,&LB("eax"));              #  4
-       &movz   ($acc,&BP(-128,$tbl,$acc,1));   #  4
-       &or     ("edx",$acc);                   #  4
-       &movz   ($acc,&LB("ebx"));              # 14
-       &movz   ($acc,&BP(-128,$tbl,$acc,1));   # 14
-       &shl    ($acc,16);                      # 14
-       &or     ("edx",$acc);                   # 14
-       &movd   ("mm1","edx");                  # t[1] collected
-
-       &movz   ($acc,&HB("eax"));              #  5
-       &movz   ("edx",&BP(-128,$tbl,$acc,1));  #  5
-       &shl    ("edx",8);                      #  5
-       &movz   ($acc,&HB("ebx"));              # 15
-       &shr    ("eax",16);                     #  3, 2
-       &movz   ($acc,&BP(-128,$tbl,$acc,1));   # 15
-       &shl    ($acc,24);                      # 15
-       &or     ("edx",$acc);                   # 15
-       &shr    ("ebx",16);                     #  9, 8
-
-       &punpckldq      ("mm0","mm1");          # t[0,1] collected
-
-       &movz   ($acc,&HB("ebx"));              #  9
-       &movz   ($acc,&BP(-128,$tbl,$acc,1));   #  9
-       &shl    ($acc,8);                       #  9
-       &or     ("ecx",$acc);                   #  9
-       &and    ("ebx",0xff);                   #  8
-       &movz   ("ebx",&BP(-128,$tbl,"ebx",1)); #  8
-       &or     ("edx","ebx");                  #  8
-       &movz   ($acc,&LB("eax"));              #  2
-       &movz   ($acc,&BP(-128,$tbl,$acc,1));   #  2
-       &shl    ($acc,16);                      #  2
-       &or     ("edx",$acc);                   #  2
-       &movd   ("mm4","edx");                  # t[2] collected
-       &movz   ("eax",&HB("eax"));             #  3
-       &movz   ("eax",&BP(-128,$tbl,"eax",1)); #  3
-       &shl    ("eax",24);                     #  3
-       &or     ("ecx","eax");                  #  3
-       &movd   ("mm5","ecx");                  # t[3] collected
-
-       &punpckldq      ("mm4","mm5");          # t[2,3] collected
-}
-
-                                       if (!$x86only) {
-&public_label("AES_Td");
-&function_begin_B("_sse_AES_decrypt_compact");
-       &pxor   ("mm0",&QWP(0,$key));   #  7, 6, 5, 4, 3, 2, 1, 0
-       &pxor   ("mm4",&QWP(8,$key));   # 15,14,13,12,11,10, 9, 8
-
-       # note that caller is expected to allocate stack frame for me!
-       &mov    ($acc,&DWP(240,$key));          # load key->rounds
-       &lea    ($acc,&DWP(-2,$acc,$acc));
-       &lea    ($acc,&DWP(0,$key,$acc,8));
-       &mov    ($__end,$acc);                  # end of key schedule
-
-       &mov    ($s0,0x1b1b1b1b);               # magic constant
-       &mov    (&DWP(8,"esp"),$s0);
-       &mov    (&DWP(12,"esp"),$s0);
-
-       # prefetch Td4
-       &mov    ($s0,&DWP(0-128,$tbl));
-       &mov    ($s1,&DWP(32-128,$tbl));
-       &mov    ($s2,&DWP(64-128,$tbl));
-       &mov    ($s3,&DWP(96-128,$tbl));
-       &mov    ($s0,&DWP(128-128,$tbl));
-       &mov    ($s1,&DWP(160-128,$tbl));
-       &mov    ($s2,&DWP(192-128,$tbl));
-       &mov    ($s3,&DWP(224-128,$tbl));
-
-       &set_label("loop",16);
-               &sse_deccompact();
-               &add    ($key,16);
-               &cmp    ($key,$__end);
-               &ja     (&label("out"));
-
-               # ROTATE(x^y,N) == ROTATE(x,N)^ROTATE(y,N)
-               &movq   ("mm3","mm0");          &movq   ("mm7","mm4");
-               &movq   ("mm2","mm0",1);        &movq   ("mm6","mm4",1);
-               &movq   ("mm1","mm0");          &movq   ("mm5","mm4");
-               &pshufw ("mm0","mm0",0xb1);     &pshufw ("mm4","mm4",0xb1);# = ROTATE(tp0,16)
-               &pslld  ("mm2",8);              &pslld  ("mm6",8);
-               &psrld  ("mm3",8);              &psrld  ("mm7",8);
-               &pxor   ("mm0","mm2");          &pxor   ("mm4","mm6");  # ^= tp0<<8
-               &pxor   ("mm0","mm3");          &pxor   ("mm4","mm7");  # ^= tp0>>8
-               &pslld  ("mm2",16);             &pslld  ("mm6",16);
-               &psrld  ("mm3",16);             &psrld  ("mm7",16);
-               &pxor   ("mm0","mm2");          &pxor   ("mm4","mm6");  # ^= tp0<<24
-               &pxor   ("mm0","mm3");          &pxor   ("mm4","mm7");  # ^= tp0>>24
-
-               &movq   ("mm3",&QWP(8,"esp"));
-               &pxor   ("mm2","mm2");          &pxor   ("mm6","mm6");
-               &pcmpgtb("mm2","mm1");          &pcmpgtb("mm6","mm5");
-               &pand   ("mm2","mm3");          &pand   ("mm6","mm3");
-               &paddb  ("mm1","mm1");          &paddb  ("mm5","mm5");
-               &pxor   ("mm1","mm2");          &pxor   ("mm5","mm6");  # tp2
-               &movq   ("mm3","mm1");          &movq   ("mm7","mm5");
-               &movq   ("mm2","mm1");          &movq   ("mm6","mm5");
-               &pxor   ("mm0","mm1");          &pxor   ("mm4","mm5");  # ^= tp2
-               &pslld  ("mm3",24);             &pslld  ("mm7",24);
-               &psrld  ("mm2",8);              &psrld  ("mm6",8);
-               &pxor   ("mm0","mm3");          &pxor   ("mm4","mm7");  # ^= tp2<<24
-               &pxor   ("mm0","mm2");          &pxor   ("mm4","mm6");  # ^= tp2>>8
-
-               &movq   ("mm2",&QWP(8,"esp"));
-               &pxor   ("mm3","mm3");          &pxor   ("mm7","mm7");
-               &pcmpgtb("mm3","mm1");          &pcmpgtb("mm7","mm5");
-               &pand   ("mm3","mm2");          &pand   ("mm7","mm2");
-               &paddb  ("mm1","mm1");          &paddb  ("mm5","mm5");
-               &pxor   ("mm1","mm3");          &pxor   ("mm5","mm7");  # tp4
-               &pshufw ("mm3","mm1",0xb1);     &pshufw ("mm7","mm5",0xb1);
-               &pxor   ("mm0","mm1");          &pxor   ("mm4","mm5");  # ^= tp4
-               &pxor   ("mm0","mm3");          &pxor   ("mm4","mm7");  # ^= ROTATE(tp4,16)     
-
-               &pxor   ("mm3","mm3");          &pxor   ("mm7","mm7");
-               &pcmpgtb("mm3","mm1");          &pcmpgtb("mm7","mm5");
-               &pand   ("mm3","mm2");          &pand   ("mm7","mm2");
-               &paddb  ("mm1","mm1");          &paddb  ("mm5","mm5");
-               &pxor   ("mm1","mm3");          &pxor   ("mm5","mm7");  # tp8
-               &pxor   ("mm0","mm1");          &pxor   ("mm4","mm5");  # ^= tp8
-               &movq   ("mm3","mm1");          &movq   ("mm7","mm5");
-               &pshufw ("mm2","mm1",0xb1);     &pshufw ("mm6","mm5",0xb1);
-               &pxor   ("mm0","mm2");          &pxor   ("mm4","mm6");  # ^= ROTATE(tp8,16)
-               &pslld  ("mm1",8);              &pslld  ("mm5",8);
-               &psrld  ("mm3",8);              &psrld  ("mm7",8);
-               &movq   ("mm2",&QWP(0,$key));   &movq   ("mm6",&QWP(8,$key));
-               &pxor   ("mm0","mm1");          &pxor   ("mm4","mm5");  # ^= tp8<<8
-               &pxor   ("mm0","mm3");          &pxor   ("mm4","mm7");  # ^= tp8>>8
-               &mov    ($s0,&DWP(0-128,$tbl));
-               &pslld  ("mm1",16);             &pslld  ("mm5",16);
-               &mov    ($s1,&DWP(64-128,$tbl));
-               &psrld  ("mm3",16);             &psrld  ("mm7",16);
-               &mov    ($s2,&DWP(128-128,$tbl));
-               &pxor   ("mm0","mm1");          &pxor   ("mm4","mm5");  # ^= tp8<<24
-               &mov    ($s3,&DWP(192-128,$tbl));
-               &pxor   ("mm0","mm3");          &pxor   ("mm4","mm7");  # ^= tp8>>24
-
-               &pxor   ("mm0","mm2");          &pxor   ("mm4","mm6");
-       &jmp    (&label("loop"));
-
-       &set_label("out",16);
-       &pxor   ("mm0",&QWP(0,$key));
-       &pxor   ("mm4",&QWP(8,$key));
-
-       &ret    ();
-&function_end_B("_sse_AES_decrypt_compact");
-                                       }
-
-######################################################################
-# Vanilla block function.
-######################################################################
+#------------------------------------------------------------------#
 
 sub decstep()
 { my ($i,$td,@s) = @_;
@@ -1593,7 +480,7 @@ sub decstep()
        # optimal... or rather that all attempts to reorder didn't
        # result in better performance [which by the way is not a
        # bit lower than ecryption].
-       if($i==3)   {   &mov    ($key,$__key);                  }
+       if($i==3)   {   &mov    ($key,&DWP(12,"esp"));          }
        else        {   &mov    ($out,$s[0]);                   }
                        &and    ($out,0xFF);
                        &mov    ($out,&DWP(0,$td,$out,8));
@@ -1608,12 +495,12 @@ sub decstep()
                        &and    ($tmp,0xFF);
                        &xor    ($out,&DWP(2,$td,$tmp,8));
 
-       if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],$__s1);         }
+       if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }
        else        {   &mov    ($tmp,$s[3]);                   }
                        &shr    ($tmp,24);
                        &xor    ($out,&DWP(1,$td,$tmp,8));
        if ($i<2)   {   &mov    (&DWP(4+4*$i,"esp"),$out);      }
-       if ($i==3)  {   &mov    ($s[3],$__s0);                  }
+       if ($i==3)  {   &mov    ($s[3],&DWP(4,"esp"));          }
                        &comment();
 }
 
@@ -1622,24 +509,14 @@ sub declast()
   my $tmp = $key;
   my $out = $i==3?$s[0]:$acc;
 
-       if($i==0)   {   &lea    ($td,&DWP(2048+128,$td));
-                       &mov    ($tmp,&DWP(0-128,$td));
-                       &mov    ($acc,&DWP(32-128,$td));
-                       &mov    ($tmp,&DWP(64-128,$td));
-                       &mov    ($acc,&DWP(96-128,$td));
-                       &mov    ($tmp,&DWP(128-128,$td));
-                       &mov    ($acc,&DWP(160-128,$td));
-                       &mov    ($tmp,&DWP(192-128,$td));
-                       &mov    ($acc,&DWP(224-128,$td));
-                       &lea    ($td,&DWP(-128,$td));           }
-       if($i==3)   {   &mov    ($key,$__key);                  }
+       if($i==3)   {   &mov    ($key,&DWP(12,"esp"));          }
        else        {   &mov    ($out,$s[0]);                   }
                        &and    ($out,0xFF);
-                       &movz   ($out,&BP(0,$td,$out,1));
+                       &movz   ($out,&BP(2048,$td,$out,1));
 
        if ($i==3)  {   $tmp=$s[1];                             }
                        &movz   ($tmp,&HB($s[1]));
-                       &movz   ($tmp,&BP(0,$td,$tmp,1));
+                       &movz   ($tmp,&BP(2048,$td,$tmp,1));
                        &shl    ($tmp,8);
                        &xor    ($out,$tmp);
 
@@ -1647,25 +524,24 @@ sub declast()
        else        {   mov     ($tmp,$s[2]);                   }
                        &shr    ($tmp,16);
                        &and    ($tmp,0xFF);
-                       &movz   ($tmp,&BP(0,$td,$tmp,1));
+                       &movz   ($tmp,&BP(2048,$td,$tmp,1));
                        &shl    ($tmp,16);
                        &xor    ($out,$tmp);
 
-       if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],$__s1);         }
+       if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }
        else        {   &mov    ($tmp,$s[3]);                   }
                        &shr    ($tmp,24);
-                       &movz   ($tmp,&BP(0,$td,$tmp,1));
+                       &movz   ($tmp,&BP(2048,$td,$tmp,1));
                        &shl    ($tmp,24);
                        &xor    ($out,$tmp);
        if ($i<2)   {   &mov    (&DWP(4+4*$i,"esp"),$out);      }
-       if ($i==3)  {   &mov    ($s[3],$__s0);
-                       &lea    ($td,&DWP(-2048,$td));          }
+       if ($i==3)  {   &mov    ($s[3],&DWP(4,"esp"));          }
 }
 
 &public_label("AES_Td");
 &function_begin_B("_x86_AES_decrypt");
        # note that caller is expected to allocate stack frame for me!
-       &mov    ($__key,$key);                  # save key
+       &mov    (&DWP(12,"esp"),$key);          # save key
 
        &xor    ($s0,&DWP(0,$key));             # xor with key
        &xor    ($s1,&DWP(4,$key));
@@ -1677,19 +553,20 @@ sub declast()
        if ($small_footprint) {
            &lea        ($acc,&DWP(-2,$acc,$acc));
            &lea        ($acc,&DWP(0,$key,$acc,8));
-           &mov        ($__end,$acc);          # end of key schedule
-           &set_label("loop",16);
-               &decstep(0,$tbl,$s0,$s3,$s2,$s1);
-               &decstep(1,$tbl,$s1,$s0,$s3,$s2);
-               &decstep(2,$tbl,$s2,$s1,$s0,$s3);
-               &decstep(3,$tbl,$s3,$s2,$s1,$s0);
+           &mov        (&DWP(16,"esp"),$acc);  # end of key schedule
+           &align      (4);
+           &set_label("loop");
+               &decstep(0,"ebp",$s0,$s3,$s2,$s1);
+               &decstep(1,"ebp",$s1,$s0,$s3,$s2);
+               &decstep(2,"ebp",$s2,$s1,$s0,$s3);
+               &decstep(3,"ebp",$s3,$s2,$s1,$s0);
                &add    ($key,16);              # advance rd_key
                &xor    ($s0,&DWP(0,$key));
                &xor    ($s1,&DWP(4,$key));
                &xor    ($s2,&DWP(8,$key));
                &xor    ($s3,&DWP(12,$key));
-           &cmp        ($key,$__end);
-           &mov        ($__key,$key);
+           &cmp        ($key,&DWP(16,"esp"));
+           &mov        (&DWP(12,"esp"),$key);
            &jb         (&label("loop"));
        }
        else {
@@ -1698,38 +575,38 @@ sub declast()
            &cmp        ($acc,12);
            &jle        (&label("12rounds"));
 
-       &set_label("14rounds",4);
+       &set_label("14rounds");
            for ($i=1;$i<3;$i++) {
-               &decstep(0,$tbl,$s0,$s3,$s2,$s1);
-               &decstep(1,$tbl,$s1,$s0,$s3,$s2);
-               &decstep(2,$tbl,$s2,$s1,$s0,$s3);
-               &decstep(3,$tbl,$s3,$s2,$s1,$s0);
+               &decstep(0,"ebp",$s0,$s3,$s2,$s1);
+               &decstep(1,"ebp",$s1,$s0,$s3,$s2);
+               &decstep(2,"ebp",$s2,$s1,$s0,$s3);
+               &decstep(3,"ebp",$s3,$s2,$s1,$s0);
                &xor    ($s0,&DWP(16*$i+0,$key));
                &xor    ($s1,&DWP(16*$i+4,$key));
                &xor    ($s2,&DWP(16*$i+8,$key));
                &xor    ($s3,&DWP(16*$i+12,$key));
            }
            &add        ($key,32);
-           &mov        ($__key,$key);          # advance rd_key
-       &set_label("12rounds",4);
+           &mov        (&DWP(12,"esp"),$key);  # advance rd_key
+       &set_label("12rounds");
            for ($i=1;$i<3;$i++) {
-               &decstep(0,$tbl,$s0,$s3,$s2,$s1);
-               &decstep(1,$tbl,$s1,$s0,$s3,$s2);
-               &decstep(2,$tbl,$s2,$s1,$s0,$s3);
-               &decstep(3,$tbl,$s3,$s2,$s1,$s0);
+               &decstep(0,"ebp",$s0,$s3,$s2,$s1);
+               &decstep(1,"ebp",$s1,$s0,$s3,$s2);
+               &decstep(2,"ebp",$s2,$s1,$s0,$s3);
+               &decstep(3,"ebp",$s3,$s2,$s1,$s0);
                &xor    ($s0,&DWP(16*$i+0,$key));
                &xor    ($s1,&DWP(16*$i+4,$key));
                &xor    ($s2,&DWP(16*$i+8,$key));
                &xor    ($s3,&DWP(16*$i+12,$key));
            }
            &add        ($key,32);
-           &mov        ($__key,$key);          # advance rd_key
-       &set_label("10rounds",4);
+           &mov        (&DWP(12,"esp"),$key);  # advance rd_key
+       &set_label("10rounds");
            for ($i=1;$i<10;$i++) {
-               &decstep(0,$tbl,$s0,$s3,$s2,$s1);
-               &decstep(1,$tbl,$s1,$s0,$s3,$s2);
-               &decstep(2,$tbl,$s2,$s1,$s0,$s3);
-               &decstep(3,$tbl,$s3,$s2,$s1,$s0);
+               &decstep(0,"ebp",$s0,$s3,$s2,$s1);
+               &decstep(1,"ebp",$s1,$s0,$s3,$s2);
+               &decstep(2,"ebp",$s2,$s1,$s0,$s3);
+               &decstep(3,"ebp",$s3,$s2,$s1,$s0);
                &xor    ($s0,&DWP(16*$i+0,$key));
                &xor    ($s1,&DWP(16*$i+4,$key));
                &xor    ($s2,&DWP(16*$i+8,$key));
@@ -1737,10 +614,10 @@ sub declast()
            }
        }
 
-       &declast(0,$tbl,$s0,$s3,$s2,$s1);
-       &declast(1,$tbl,$s1,$s0,$s3,$s2);
-       &declast(2,$tbl,$s2,$s1,$s0,$s3);
-       &declast(3,$tbl,$s3,$s2,$s1,$s0);
+       &declast(0,"ebp",$s0,$s3,$s2,$s1);
+       &declast(1,"ebp",$s1,$s0,$s3,$s2);
+       &declast(2,"ebp",$s2,$s1,$s0,$s3);
+       &declast(3,"ebp",$s3,$s2,$s1,$s0);
 
        &add    ($key,$small_footprint?16:160);
        &xor    ($s0,&DWP(0,$key));
@@ -1815,8 +692,7 @@ sub declast()
        &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);
        &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
        &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
-
-#Td4:  # four copies of Td4 to choose from to avoid L1 aliasing
+#Td4:
        &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
        &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
        &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
@@ -1849,160 +725,46 @@ sub declast()
        &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
        &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
        &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+&function_end_B("_x86_AES_decrypt");
 
-       &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
-       &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
-       &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
-       &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
-       &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
-       &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
-       &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
-       &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
-       &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
-       &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
-       &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
-       &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
-       &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
-       &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
-       &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
-       &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
-       &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
-       &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
-       &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
-       &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
-       &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
-       &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
-       &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
-       &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
-       &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
-       &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
-       &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
-       &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
-       &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
-       &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
-       &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
-       &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
+&public_label("AES_Td");
+&function_begin("AES_decrypt");
+       &mov    ($acc,&wparam(0));              # load inp
+       &mov    ($key,&wparam(2));              # load key
 
-       &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
-       &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
-       &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
-       &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
-       &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
-       &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
-       &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
-       &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
-       &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
-       &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
-       &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
-       &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
-       &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
-       &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
-       &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
-       &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
-       &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
-       &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
-       &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
-       &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
-       &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
-       &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
-       &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
-       &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
-       &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
-       &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
-       &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
-       &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
-       &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
-       &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
-       &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
-       &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
-
-       &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
-       &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
-       &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
-       &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
-       &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
-       &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
-       &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
-       &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
-       &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
-       &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
-       &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
-       &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
-       &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
-       &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
-       &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
-       &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
-       &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
-       &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
-       &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
-       &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
-       &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
-       &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
-       &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
-       &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
-       &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
-       &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
-       &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
-       &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
-       &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
-       &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
-       &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
-       &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
-&function_end_B("_x86_AES_decrypt");
-
-# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
-&public_label("AES_Td");
-&function_begin("AES_decrypt");
-       &mov    ($acc,&wparam(0));              # load inp
-       &mov    ($key,&wparam(2));              # load key
-
-       &mov    ($s0,"esp");
-       &sub    ("esp",36);
-       &and    ("esp",-64);                    # align to cache-line
-
-       # place stack frame just "above" the key schedule
-       &lea    ($s1,&DWP(-64-63,$key));
-       &sub    ($s1,"esp");
-       &neg    ($s1);
-       &and    ($s1,0x3C0);    # modulo 1024, but aligned to cache-line
-       &sub    ("esp",$s1);
-       &add    ("esp",4);      # 4 is reserved for caller's return address
-       &mov    ($_esp,$s0);    # save stack pointer
+       &mov    ($s0,"esp");
+       &sub    ("esp",24);
+       &and    ("esp",-64);
+       &add    ("esp",4);
+       &mov    (&DWP(16,"esp"),$s0);
 
        &call   (&label("pic_point"));          # make it PIC!
        &set_label("pic_point");
-       &blindpop($tbl);
-       &picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if(!$x86only);
-       &lea    ($tbl,&DWP(&label("AES_Td")."-".&label("pic_point"),$tbl));
-
-       # pick Td4 copy which can't "overlap" with stack frame or key schedule
-       &lea    ($s1,&DWP(768-4,"esp"));
-       &sub    ($s1,$tbl);
-       &and    ($s1,0x300);
-       &lea    ($tbl,&DWP(2048+128,$tbl,$s1));
-
-                                       if (!$x86only) {
-       &bt     (&DWP(0,$s0),25);       # check for SSE bit
-       &jnc    (&label("x86"));
-
-       &movq   ("mm0",&QWP(0,$acc));
-       &movq   ("mm4",&QWP(8,$acc));
-       &call   ("_sse_AES_decrypt_compact");
-       &mov    ("esp",$_esp);                  # restore stack pointer
-       &mov    ($acc,&wparam(1));              # load out
-       &movq   (&QWP(0,$acc),"mm0");           # write output data
-       &movq   (&QWP(8,$acc),"mm4");
-       &emms   ();
-       &function_end_A();
-                                       }
-       &set_label("x86",16);
-       &mov    ($_tbl,$tbl);
+       &blindpop("ebp");
+       &lea    ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
+
+       # prefetch Td4
+       &lea    ("ebp",&DWP(2048+128,"ebp"));
+       &mov    ($s0,&DWP(0-128,"ebp"));
+       &mov    ($s1,&DWP(32-128,"ebp"));
+       &mov    ($s2,&DWP(64-128,"ebp"));
+       &mov    ($s3,&DWP(96-128,"ebp"));
+       &mov    ($s0,&DWP(128-128,"ebp"));
+       &mov    ($s1,&DWP(160-128,"ebp"));
+       &mov    ($s2,&DWP(192-128,"ebp"));
+       &mov    ($s3,&DWP(224-128,"ebp"));
+       &lea    ("ebp",&DWP(-2048-128,"ebp"));
+
        &mov    ($s0,&DWP(0,$acc));             # load input data
        &mov    ($s1,&DWP(4,$acc));
        &mov    ($s2,&DWP(8,$acc));
        &mov    ($s3,&DWP(12,$acc));
-       &call   ("_x86_AES_decrypt_compact");
-       &mov    ("esp",$_esp);                  # restore stack pointer
+
+       &call   ("_x86_AES_decrypt");
+
+       &mov    ("esp",&DWP(16,"esp"));
+
        &mov    ($acc,&wparam(1));              # load out
        &mov    (&DWP(0,$acc),$s0);             # write output data
        &mov    (&DWP(4,$acc),$s1);
@@ -2015,138 +777,126 @@ sub declast()
 #                      unsigned char *ivp,const int enc);
 {
 # stack frame layout
-#             -4(%esp)         # return address         0(%esp)
-#              0(%esp)         # s0 backing store       4(%esp)        
-#              4(%esp)         # s1 backing store       8(%esp)
-#              8(%esp)         # s2 backing store      12(%esp)
-#             12(%esp)         # s3 backing store      16(%esp)
-#             16(%esp)         # key backup            20(%esp)
-#             20(%esp)         # end of key schedule   24(%esp)
-#             24(%esp)         # %ebp backup           28(%esp)
-#             28(%esp)         # %esp backup
-my $_inp=&DWP(32,"esp");       # copy of wparam(0)
-my $_out=&DWP(36,"esp");       # copy of wparam(1)
-my $_len=&DWP(40,"esp");       # copy of wparam(2)
-my $_key=&DWP(44,"esp");       # copy of wparam(3)
-my $_ivp=&DWP(48,"esp");       # copy of wparam(4)
-my $_tmp=&DWP(52,"esp");       # volatile variable
-#
-my $ivec=&DWP(60,"esp");       # ivec[16]
-my $aes_key=&DWP(76,"esp");    # copy of aes_key
-my $mark=&DWP(76+240,"esp");   # copy of aes_key->rounds
+# -4(%esp)     0(%esp)         return address
+# 0(%esp)      4(%esp)         tmp1
+# 4(%esp)      8(%esp)         tmp2
+# 8(%esp)      12(%esp)        key
+# 12(%esp)     16(%esp)        end of key schedule
+my $_esp=&DWP(16,"esp");       #saved %esp
+my $_inp=&DWP(20,"esp");       #copy of wparam(0)
+my $_out=&DWP(24,"esp");       #copy of wparam(1)
+my $_len=&DWP(28,"esp");       #copy of wparam(2)
+my $_key=&DWP(32,"esp");       #copy of wparam(3)
+my $_ivp=&DWP(36,"esp");       #copy of wparam(4)
+my $_tmp=&DWP(40,"esp");       #volatile variable
+my $ivec=&DWP(44,"esp");       #ivec[16]
+my $aes_key=&DWP(60,"esp");    #copy of aes_key
+my $mark=&DWP(60+240,"esp");   #copy of aes_key->rounds
 
 &public_label("AES_Te");
 &public_label("AES_Td");
 &function_begin("AES_cbc_encrypt");
        &mov    ($s2 eq "ecx"? $s2 : "",&wparam(2));    # load len
        &cmp    ($s2,0);
-       &je     (&label("drop_out"));
+       &je     (&label("enc_out"));
 
        &call   (&label("pic_point"));          # make it PIC!
        &set_label("pic_point");
-       &blindpop($tbl);
-       &picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if(!$x86only);
-
-       &cmp    (&wparam(5),0);
-       &lea    ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl));
-       &jne    (&label("picked_te"));
-       &lea    ($tbl,&DWP(&label("AES_Td")."-".&label("AES_Te"),$tbl));
-       &set_label("picked_te");
+       &blindpop("ebp");
 
-       # one can argue if this is required
        &pushf  ();
        &cld    ();
 
-       &cmp    ($s2,$speed_limit);
-       &jb     (&label("slow_way"));
-       &test   ($s2,15);
-       &jnz    (&label("slow_way"));
-                                       if (!$x86only) {
-       &bt     (&DWP(0,$s0),28);       # check for hyper-threading bit
-       &jc     (&label("slow_way"));
-                                       }
-       # pre-allocate aligned stack frame...
-       &lea    ($acc,&DWP(-80-244,"esp"));
-       &and    ($acc,-64);
-
-       # ... and make sure it doesn't alias with $tbl modulo 4096
-       &mov    ($s0,$tbl);
-       &lea    ($s1,&DWP(2048+256,$tbl));
-       &mov    ($s3,$acc);
+       &cmp    (&wparam(5),0);
+       &je     (&label("DECRYPT"));
+
+       &lea    ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
+
+       # allocate aligned stack frame...
+       &lea    ($key,&DWP(-64-244,"esp"));
+       &and    ($key,-64);
+
+       # ... and make sure it doesn't alias with AES_Te modulo 4096
+       &mov    ($s0,"ebp");
+       &lea    ($s1,&DWP(2048,"ebp"));
+       &mov    ($s3,$key);
        &and    ($s0,0xfff);            # s = %ebp&0xfff
-       &and    ($s1,0xfff);            # e = (%ebp+2048+256)&0xfff
+       &and    ($s1,0xfff);            # e = (%ebp+2048)&0xfff
        &and    ($s3,0xfff);            # p = %esp&0xfff
 
        &cmp    ($s3,$s1);              # if (p>=e) %esp =- (p-e);
-       &jb     (&label("tbl_break_out"));
+       &jb     (&label("te_break_out"));
        &sub    ($s3,$s1);
-       &sub    ($acc,$s3);
-       &jmp    (&label("tbl_ok"));
-       &set_label("tbl_break_out",4);  # else %esp -= (p-s)&0xfff + framesz;
+       &sub    ($key,$s3);
+       &jmp    (&label("te_ok"));
+       &set_label("te_break_out");     # else %esp -= (p-s)&0xfff + framesz;
        &sub    ($s3,$s0);
        &and    ($s3,0xfff);
-       &add    ($s3,384);
-       &sub    ($acc,$s3);
-       &set_label("tbl_ok",4);
+       &add    ($s3,64+256);
+       &sub    ($key,$s3);
+       &align  (4);
+       &set_label("te_ok");
 
-       &lea    ($s3,&wparam(0));       # obtain pointer to parameter block
-       &exch   ("esp",$acc);           # allocate stack frame
-       &add    ("esp",4);              # reserve for return address!
-       &mov    ($_tbl,$tbl);           # save %ebp
-       &mov    ($_esp,$acc);           # save %esp
+       &mov    ($s0,&wparam(0));       # load inp
+       &mov    ($s1,&wparam(1));       # load out
+       &mov    ($s3,&wparam(3));       # load key
+       &mov    ($acc,&wparam(4));      # load ivp
 
-       &mov    ($s0,&DWP(0,$s3));      # load inp
-       &mov    ($s1,&DWP(4,$s3));      # load out
-       #&mov   ($s2,&DWP(8,$s3));      # load len
-       &mov    ($key,&DWP(12,$s3));    # load key
-       &mov    ($acc,&DWP(16,$s3));    # load ivp
-       &mov    ($s3,&DWP(20,$s3));     # load enc flag
+       &exch   ("esp",$key);
+       &add    ("esp",4);              # reserve for return address!
+       &mov    ($_esp,$key);           # save %esp
 
        &mov    ($_inp,$s0);            # save copy of inp
        &mov    ($_out,$s1);            # save copy of out
        &mov    ($_len,$s2);            # save copy of len
-       &mov    ($_key,$key);           # save copy of key
+       &mov    ($_key,$s3);            # save copy of key
        &mov    ($_ivp,$acc);           # save copy of ivp
 
        &mov    ($mark,0);              # copy of aes_key->rounds = 0;
+       if ($compromise) {
+               &cmp    ($s2,$compromise);
+               &jb     (&label("skip_ecopy"));
+       }
        # do we copy key schedule to stack?
-       &mov    ($s1 eq "ebx" ? $s1 : "",$key);
+       &mov    ($s1 eq "ebx" ? $s1 : "",$s3);
        &mov    ($s2 eq "ecx" ? $s2 : "",244/4);
-       &sub    ($s1,$tbl);
-       &mov    ("esi",$key);
+       &sub    ($s1,"ebp");
+       &mov    ("esi",$s3);
        &and    ($s1,0xfff);
        &lea    ("edi",$aes_key);
-       &cmp    ($s1,2048+256);
-       &jb     (&label("do_copy"));
+       &cmp    ($s1,2048);
+       &jb     (&label("do_ecopy"));
        &cmp    ($s1,4096-244);
-       &jb     (&label("skip_copy"));
-       &set_label("do_copy",4);
+       &jb     (&label("skip_ecopy"));
+       &align  (4);
+       &set_label("do_ecopy");
                &mov    ($_key,"edi");
                &data_word(0xA5F3F689); # rep movsd
-       &set_label("skip_copy");
+       &set_label("skip_ecopy");
 
+       &mov    ($acc,$s0);
        &mov    ($key,16);
-       &set_label("prefetch_tbl",4);
-               &mov    ($s0,&DWP(0,$tbl));
-               &mov    ($s1,&DWP(32,$tbl));
-               &mov    ($s2,&DWP(64,$tbl));
-               &mov    ($acc,&DWP(96,$tbl));
-               &lea    ($tbl,&DWP(128,$tbl));
-               &sub    ($key,1);
-       &jnz    (&label("prefetch_tbl"));
-       &sub    ($tbl,2048);
-
-       &mov    ($acc,$_inp);
+       &align  (4);
+       &set_label("prefetch_te");
+               &mov    ($s0,&DWP(0,"ebp"));
+               &mov    ($s1,&DWP(32,"ebp"));
+               &mov    ($s2,&DWP(64,"ebp"));
+               &mov    ($s3,&DWP(96,"ebp"));
+               &lea    ("ebp",&DWP(128,"ebp"));
+               &dec    ($key);
+       &jnz    (&label("prefetch_te"));
+       &sub    ("ebp",2048);
+
+       &mov    ($s2,$_len);
        &mov    ($key,$_ivp);
+       &test   ($s2,0xFFFFFFF0);
+       &jz     (&label("enc_tail"));           # short input...
 
-       &cmp    ($s3,0);
-       &je     (&label("fast_decrypt"));
-
-#----------------------------- ENCRYPT -----------------------------#
        &mov    ($s0,&DWP(0,$key));             # load iv
        &mov    ($s1,&DWP(4,$key));
 
-       &set_label("fast_enc_loop",16);
+       &align  (4);
+       &set_label("enc_loop");
                &mov    ($s2,&DWP(8,$key));
                &mov    ($s3,&DWP(12,$key));
 
@@ -2166,16 +916,22 @@ my $mark=&DWP(76+240,"esp");     # copy of aes_key->rounds
                &mov    (&DWP(8,$key),$s2);
                &mov    (&DWP(12,$key),$s3);
 
-               &lea    ($acc,&DWP(16,$acc));   # advance inp
                &mov    ($s2,$_len);            # load len
+
+               &lea    ($acc,&DWP(16,$acc));
                &mov    ($_inp,$acc);           # save inp
-               &lea    ($s3,&DWP(16,$key));    # advance out
+
+               &lea    ($s3,&DWP(16,$key));
                &mov    ($_out,$s3);            # save out
-               &sub    ($s2,16);               # decrease len
+
+               &sub    ($s2,16);
+               &test   ($s2,0xFFFFFFF0);
                &mov    ($_len,$s2);            # save len
-       &jnz    (&label("fast_enc_loop"));
+       &jnz    (&label("enc_loop"));
+       &test   ($s2,15);
+       &jnz    (&label("enc_tail"));
        &mov    ($acc,$_ivp);           # load ivp
-       &mov    ($s2,&DWP(8,$key));     # restore last dwords
+       &mov    ($s2,&DWP(8,$key));     # restore last dwords
        &mov    ($s3,&DWP(12,$key));
        &mov    (&DWP(0,$acc),$s0);     # save ivec
        &mov    (&DWP(4,$acc),$s1);
@@ -2193,20 +949,124 @@ my $mark=&DWP(76+240,"esp");    # copy of aes_key->rounds
        &set_label("skip_ezero")
        &mov    ("esp",$_esp);
        &popf   ();
-    &set_label("drop_out");
+    &set_label("enc_out");
        &function_end_A();
        &pushf  ();                     # kludge, never executed
 
+    &align     (4);
+    &set_label("enc_tail");
+       &push   ($key eq "edi" ? $key : "");    # push ivp
+       &mov    ($key,$_out);                   # load out
+       &mov    ($s1,16);
+       &sub    ($s1,$s2);
+       &cmp    ($key,$acc);                    # compare with inp
+       &je     (&label("enc_in_place"));
+       &align  (4);
+       &data_word(0xA4F3F689); # rep movsb     # copy input
+       &jmp    (&label("enc_skip_in_place"));
+    &set_label("enc_in_place");
+       &lea    ($key,&DWP(0,$key,$s2));
+    &set_label("enc_skip_in_place");
+       &mov    ($s2,$s1);
+       &xor    ($s0,$s0);
+       &align  (4);
+       &data_word(0xAAF3F689); # rep stosb     # zero tail
+       &pop    ($key);                         # pop ivp
+
+       &mov    ($acc,$_out);                   # output as input
+       &mov    ($s0,&DWP(0,$key));
+       &mov    ($s1,&DWP(4,$key));
+       &mov    ($_len,16);                     # len=16
+       &jmp    (&label("enc_loop"));           # one more spin...
+
 #----------------------------- DECRYPT -----------------------------#
-&set_label("fast_decrypt",16);
+&align (4);
+&set_label("DECRYPT");
+       &lea    ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
+
+       # allocate aligned stack frame...
+       &lea    ($key,&DWP(-64-244,"esp"));
+       &and    ($key,-64);
+
+       # ... and make sure it doesn't alias with AES_Td modulo 4096
+       &mov    ($s0,"ebp");
+       &lea    ($s1,&DWP(2048+256,"ebp"));
+       &mov    ($s3,$key);
+       &and    ($s0,0xfff);            # s = %ebp&0xfff
+       &and    ($s1,0xfff);            # e = (%ebp+2048+256)&0xfff
+       &and    ($s3,0xfff);            # p = %esp&0xfff
+
+       &cmp    ($s3,$s1);              # if (p>=e) %esp =- (p-e);
+       &jb     (&label("td_break_out"));
+       &sub    ($s3,$s1);
+       &sub    ($key,$s3);
+       &jmp    (&label("td_ok"));
+       &set_label("td_break_out");     # else %esp -= (p-s)&0xfff + framesz;
+       &sub    ($s3,$s0);
+       &and    ($s3,0xfff);
+       &add    ($s3,64+256);
+       &sub    ($key,$s3);
+       &align  (4);
+       &set_label("td_ok");
+
+       &mov    ($s0,&wparam(0));       # load inp
+       &mov    ($s1,&wparam(1));       # load out
+       &mov    ($s3,&wparam(3));       # load key
+       &mov    ($acc,&wparam(4));      # load ivp
+
+       &exch   ("esp",$key);
+       &add    ("esp",4);              # reserve for return address!
+       &mov    ($_esp,$key);           # save %esp
+
+       &mov    ($_inp,$s0);            # save copy of inp
+       &mov    ($_out,$s1);            # save copy of out
+       &mov    ($_len,$s2);            # save copy of len
+       &mov    ($_key,$s3);            # save copy of key
+       &mov    ($_ivp,$acc);           # save copy of ivp
+
+       &mov    ($mark,0);              # copy of aes_key->rounds = 0;
+       if ($compromise) {
+               &cmp    ($s2,$compromise);
+               &jb     (&label("skip_dcopy"));
+       }
+       # do we copy key schedule to stack?
+       &mov    ($s1 eq "ebx" ? $s1 : "",$s3);
+       &mov    ($s2 eq "ecx" ? $s2 : "",244/4);
+       &sub    ($s1,"ebp");
+       &mov    ("esi",$s3);
+       &and    ($s1,0xfff);
+       &lea    ("edi",$aes_key);
+       &cmp    ($s1,2048+256);
+       &jb     (&label("do_dcopy"));
+       &cmp    ($s1,4096-244);
+       &jb     (&label("skip_dcopy"));
+       &align  (4);
+       &set_label("do_dcopy");
+               &mov    ($_key,"edi");
+               &data_word(0xA5F3F689); # rep movsd
+       &set_label("skip_dcopy");
+
+       &mov    ($acc,$s0);
+       &mov    ($key,18);
+       &align  (4);
+       &set_label("prefetch_td");
+               &mov    ($s0,&DWP(0,"ebp"));
+               &mov    ($s1,&DWP(32,"ebp"));
+               &mov    ($s2,&DWP(64,"ebp"));
+               &mov    ($s3,&DWP(96,"ebp"));
+               &lea    ("ebp",&DWP(128,"ebp"));
+               &dec    ($key);
+       &jnz    (&label("prefetch_td"));
+       &sub    ("ebp",2048+256);
 
        &cmp    ($acc,$_out);
-       &je     (&label("fast_dec_in_place"));  # in-place processing...
+       &je     (&label("dec_in_place"));       # in-place processing...
 
+       &mov    ($key,$_ivp);           # load ivp
        &mov    ($_tmp,$key);
 
        &align  (4);
-       &set_label("fast_dec_loop",16);
+       &set_label("dec_loop");
                &mov    ($s0,&DWP(0,$acc));     # read input
                &mov    ($s1,&DWP(4,$acc));
                &mov    ($s2,&DWP(8,$acc));
@@ -2222,24 +1082,27 @@ my $mark=&DWP(76+240,"esp");    # copy of aes_key->rounds
                &xor    ($s2,&DWP(8,$key));
                &xor    ($s3,&DWP(12,$key));
 
-               &mov    ($key,$_out);           # load out
+               &sub    ($acc,16);
+               &jc     (&label("dec_partial"));
+               &mov    ($_len,$acc);           # save len
                &mov    ($acc,$_inp);           # load inp
+               &mov    ($key,$_out);           # load out
 
                &mov    (&DWP(0,$key),$s0);     # write output
                &mov    (&DWP(4,$key),$s1);
                &mov    (&DWP(8,$key),$s2);
                &mov    (&DWP(12,$key),$s3);
 
-               &mov    ($s2,$_len);            # load len
                &mov    ($_tmp,$acc);           # save ivp
-               &lea    ($acc,&DWP(16,$acc));   # advance inp
+               &lea    ($acc,&DWP(16,$acc));
                &mov    ($_inp,$acc);           # save inp
-               &lea    ($key,&DWP(16,$key));   # advance out
+
+               &lea    ($key,&DWP(16,$key));
                &mov    ($_out,$key);           # save out
-               &sub    ($s2,16);               # decrease len
-               &mov    ($_len,$s2);            # save len
-       &jnz    (&label("fast_dec_loop"));
+
+       &jnz    (&label("dec_loop"));
        &mov    ($key,$_tmp);           # load temp ivp
+    &set_label("dec_end");
        &mov    ($acc,$_ivp);           # load user ivp
        &mov    ($s0,&DWP(0,$key));     # load iv
        &mov    ($s1,&DWP(4,$key));
@@ -2249,16 +1112,31 @@ my $mark=&DWP(76+240,"esp");    # copy of aes_key->rounds
        &mov    (&DWP(4,$acc),$s1);
        &mov    (&DWP(8,$acc),$s2);
        &mov    (&DWP(12,$acc),$s3);
-       &jmp    (&label("fast_dec_out"));
+       &jmp    (&label("dec_out"));
 
-    &set_label("fast_dec_in_place",16);
-       &set_label("fast_dec_in_place_loop");
+    &align     (4);
+    &set_label("dec_partial");
+       &lea    ($key,$ivec);
+       &mov    (&DWP(0,$key),$s0);     # dump output to stack
+       &mov    (&DWP(4,$key),$s1);
+       &mov    (&DWP(8,$key),$s2);
+       &mov    (&DWP(12,$key),$s3);
+       &lea    ($s2 eq "ecx" ? $s2 : "",&DWP(16,$acc));
+       &mov    ($acc eq "esi" ? $acc : "",$key);
+       &mov    ($key eq "edi" ? $key : "",$_out);      # load out
+       &data_word(0xA4F3F689); # rep movsb             # copy output
+       &mov    ($key,$_inp);                           # use inp as temp ivp
+       &jmp    (&label("dec_end"));
+
+    &align     (4);
+    &set_label("dec_in_place");
+       &set_label("dec_in_place_loop");
+               &lea    ($key,$ivec);
                &mov    ($s0,&DWP(0,$acc));     # read input
                &mov    ($s1,&DWP(4,$acc));
                &mov    ($s2,&DWP(8,$acc));
                &mov    ($s3,&DWP(12,$acc));
 
-               &lea    ($key,$ivec);
                &mov    (&DWP(0,$key),$s0);     # copy to temp
                &mov    (&DWP(4,$key),$s1);
                &mov    (&DWP(8,$key),$s2);
@@ -2279,7 +1157,7 @@ my $mark=&DWP(76+240,"esp");      # copy of aes_key->rounds
                &mov    (&DWP(8,$acc),$s2);
                &mov    (&DWP(12,$acc),$s3);
 
-               &lea    ($acc,&DWP(16,$acc));   # advance out
+               &lea    ($acc,&DWP(16,$acc));
                &mov    ($_out,$acc);           # save out
 
                &lea    ($acc,$ivec);
@@ -2294,339 +1172,40 @@ my $mark=&DWP(76+240,"esp");   # copy of aes_key->rounds
                &mov    (&DWP(12,$key),$s3);
 
                &mov    ($acc,$_inp);           # load inp
-               &mov    ($s2,$_len);            # load len
-               &lea    ($acc,&DWP(16,$acc));   # advance inp
-               &mov    ($_inp,$acc);           # save inp
-               &sub    ($s2,16);               # decrease len
-               &mov    ($_len,$s2);            # save len
-       &jnz    (&label("fast_dec_in_place_loop"));
-
-    &set_label("fast_dec_out",4);
-       &cmp    ($mark,0);              # was the key schedule copied?
-       &mov    ("edi",$_key);
-       &je     (&label("skip_dzero"));
-       # zero copy of key schedule
-       &mov    ("ecx",240/4);
-       &xor    ("eax","eax");
-       &align  (4);
-       &data_word(0xABF3F689); # rep stosd
-       &set_label("skip_dzero")
-       &mov    ("esp",$_esp);
-       &popf   ();
-       &function_end_A();
-       &pushf  ();                     # kludge, never executed
-
-#--------------------------- SLOW ROUTINE ---------------------------#
-&set_label("slow_way",16);
-
-       &mov    ($s0,&DWP(0,$s0)) if (!$x86only);# load OPENSSL_ia32cap
-       &mov    ($key,&wparam(3));      # load key
-
-       # pre-allocate aligned stack frame...
-       &lea    ($acc,&DWP(-80,"esp"));
-       &and    ($acc,-64);
-
-       # ... and make sure it doesn't alias with $key modulo 1024
-       &lea    ($s1,&DWP(-80-63,$key));
-       &sub    ($s1,$acc);
-       &neg    ($s1);
-       &and    ($s1,0x3C0);    # modulo 1024, but aligned to cache-line
-       &sub    ($acc,$s1);
-
-       # pick S-box copy which can't overlap with stack frame or $key
-       &lea    ($s1,&DWP(768,$acc));
-       &sub    ($s1,$tbl);
-       &and    ($s1,0x300);
-       &lea    ($tbl,&DWP(2048+128,$tbl,$s1));
-
-       &lea    ($s3,&wparam(0));       # pointer to parameter block
-
-       &exch   ("esp",$acc);
-       &add    ("esp",4);              # reserve for return address!
-       &mov    ($_tbl,$tbl);           # save %ebp
-       &mov    ($_esp,$acc);           # save %esp
-       &mov    ($_tmp,$s0);            # save OPENSSL_ia32cap
-
-       &mov    ($s0,&DWP(0,$s3));      # load inp
-       &mov    ($s1,&DWP(4,$s3));      # load out
-       #&mov   ($s2,&DWP(8,$s3));      # load len
-       #&mov   ($key,&DWP(12,$s3));    # load key
-       &mov    ($acc,&DWP(16,$s3));    # load ivp
-       &mov    ($s3,&DWP(20,$s3));     # load enc flag
-
-       &mov    ($_inp,$s0);            # save copy of inp
-       &mov    ($_out,$s1);            # save copy of out
-       &mov    ($_len,$s2);            # save copy of len
-       &mov    ($_key,$key);           # save copy of key
-       &mov    ($_ivp,$acc);           # save copy of ivp
-
-       &mov    ($key,$acc);
-       &mov    ($acc,$s0);
-
-       &cmp    ($s3,0);
-       &je     (&label("slow_decrypt"));
-
-#--------------------------- SLOW ENCRYPT ---------------------------#
-       &cmp    ($s2,16);
-       &jb     (&label("slow_enc_tail"));
-
-                                       if (!$x86only) {
-       &bt     ($_tmp,25);             # check for SSE bit
-       &jnc    (&label("slow_enc_x86"));
-
-       &movq   ("mm0",&QWP(0,$key));   # load iv
-       &movq   ("mm4",&QWP(8,$key));
-
-       &set_label("slow_enc_loop_sse",16);
-               &pxor   ("mm0",&QWP(0,$acc));   # xor input data
-               &pxor   ("mm4",&QWP(8,$acc));
-
-               &mov    ($key,$_key);
-               &call   ("_sse_AES_encrypt_compact");
-
-               &mov    ($acc,$_inp);           # load inp
-               &mov    ($key,$_out);           # load out
-               &mov    ($s2,$_len);            # load len
-
-               &movq   (&QWP(0,$key),"mm0");   # save output data
-               &movq   (&QWP(8,$key),"mm4");
 
-               &lea    ($acc,&DWP(16,$acc));   # advance inp
+               &lea    ($acc,&DWP(16,$acc));
                &mov    ($_inp,$acc);           # save inp
-               &lea    ($s3,&DWP(16,$key));    # advance out
-               &mov    ($_out,$s3);            # save out
-               &sub    ($s2,16);               # decrease len
-               &cmp    ($s2,16);
-               &mov    ($_len,$s2);            # save len
-       &jae    (&label("slow_enc_loop_sse"));
-       &test   ($s2,15);
-       &jnz    (&label("slow_enc_tail"));
-       &mov    ($acc,$_ivp);           # load ivp
-       &movq   (&QWP(0,$acc),"mm0");   # save ivec
-       &movq   (&QWP(8,$acc),"mm4");
-       &emms   ();
-       &mov    ("esp",$_esp);
-       &popf   ();
-       &function_end_A();
-       &pushf  ();                     # kludge, never executed
-                                       }
-    &set_label("slow_enc_x86",16);
-       &mov    ($s0,&DWP(0,$key));     # load iv
-       &mov    ($s1,&DWP(4,$key));
-
-       &set_label("slow_enc_loop_x86",4);
-               &mov    ($s2,&DWP(8,$key));
-               &mov    ($s3,&DWP(12,$key));
-
-               &xor    ($s0,&DWP(0,$acc));     # xor input data
-               &xor    ($s1,&DWP(4,$acc));
-               &xor    ($s2,&DWP(8,$acc));
-               &xor    ($s3,&DWP(12,$acc));
-
-               &mov    ($key,$_key);           # load key
-               &call   ("_x86_AES_encrypt_compact");
-
-               &mov    ($acc,$_inp);           # load inp
-               &mov    ($key,$_out);           # load out
-
-               &mov    (&DWP(0,$key),$s0);     # save output data
-               &mov    (&DWP(4,$key),$s1);
-               &mov    (&DWP(8,$key),$s2);
-               &mov    (&DWP(12,$key),$s3);
 
                &mov    ($s2,$_len);            # load len
-               &lea    ($acc,&DWP(16,$acc));   # advance inp
-               &mov    ($_inp,$acc);           # save inp
-               &lea    ($s3,&DWP(16,$key));    # advance out
-               &mov    ($_out,$s3);            # save out
-               &sub    ($s2,16);               # decrease len
-               &cmp    ($s2,16);
+               &sub    ($s2,16);
+               &jc     (&label("dec_in_place_partial"));
                &mov    ($_len,$s2);            # save len
-       &jae    (&label("slow_enc_loop_x86"));
-       &test   ($s2,15);
-       &jnz    (&label("slow_enc_tail"));
-       &mov    ($acc,$_ivp);           # load ivp
-       &mov    ($s2,&DWP(8,$key));     # restore last dwords
-       &mov    ($s3,&DWP(12,$key));
-       &mov    (&DWP(0,$acc),$s0);     # save ivec
-       &mov    (&DWP(4,$acc),$s1);
-       &mov    (&DWP(8,$acc),$s2);
-       &mov    (&DWP(12,$acc),$s3);
-
-       &mov    ("esp",$_esp);
-       &popf   ();
-       &function_end_A();
-       &pushf  ();                     # kludge, never executed
-
-    &set_label("slow_enc_tail",16);
-       &emms   ()      if (!$x86only);
-       &mov    ($key eq "edi"? $key:"",$s3);   # load out to edi
-       &mov    ($s1,16);
-       &sub    ($s1,$s2);
-       &cmp    ($key,$acc eq "esi"? $acc:"");  # compare with inp
-       &je     (&label("enc_in_place"));
-       &align  (4);
-       &data_word(0xA4F3F689); # rep movsb     # copy input
-       &jmp    (&label("enc_skip_in_place"));
-    &set_label("enc_in_place");
+       &jnz    (&label("dec_in_place_loop"));
+       &jmp    (&label("dec_out"));
+
+    &align     (4);
+    &set_label("dec_in_place_partial");
+       # one can argue if this is actually required...
+       &mov    ($key eq "edi" ? $key : "",$_out);
+       &lea    ($acc eq "esi" ? $acc : "",$ivec);
        &lea    ($key,&DWP(0,$key,$s2));
-    &set_label("enc_skip_in_place");
-       &mov    ($s2,$s1);
-       &xor    ($s0,$s0);
-       &align  (4);
-       &data_word(0xAAF3F689); # rep stosb     # zero tail
-
-       &lea    ($key,&DWP(-16,$s3));           # restore ivp
-       &mov    ($acc,$s3);                     # output as input
-       &mov    ($s0,&DWP(0,$key));
-       &mov    ($s1,&DWP(4,$key));
-       &mov    ($_len,16);                     # len=16
-       &jmp    (&label("slow_enc_loop_x86"));  # one more spin...
-
-#--------------------------- SLOW DECRYPT ---------------------------#
-&set_label("slow_decrypt",16);
-                                       if (!$x86only) {
-       &bt     ($_tmp,25);             # check for SSE bit
-       &jnc    (&label("slow_dec_loop_x86"));
-
-       &set_label("slow_dec_loop_sse",4);
-               &movq   ("mm0",&QWP(0,$acc));   # read input
-               &movq   ("mm4",&QWP(8,$acc));
-
-               &mov    ($key,$_key);
-               &call   ("_sse_AES_decrypt_compact");
-
-               &mov    ($acc,$_inp);           # load inp
-               &lea    ($s0,$ivec);
-               &mov    ($s1,$_out);            # load out
-               &mov    ($s2,$_len);            # load len
-               &mov    ($key,$_ivp);           # load ivp
-
-               &movq   ("mm1",&QWP(0,$acc));   # re-read input
-               &movq   ("mm5",&QWP(8,$acc));
-
-               &pxor   ("mm0",&QWP(0,$key));   # xor iv
-               &pxor   ("mm4",&QWP(8,$key));
-
-               &movq   (&QWP(0,$key),"mm1");   # copy input to iv
-               &movq   (&QWP(8,$key),"mm5");
-
-               &sub    ($s2,16);               # decrease len
-               &jc     (&label("slow_dec_partial_sse"));
-
-               &movq   (&QWP(0,$s1),"mm0");    # write output
-               &movq   (&QWP(8,$s1),"mm4");
-
-               &lea    ($s1,&DWP(16,$s1));     # advance out
-               &mov    ($_out,$s1);            # save out
-               &lea    ($acc,&DWP(16,$acc));   # advance inp
-               &mov    ($_inp,$acc);           # save inp
-               &mov    ($_len,$s2);            # save len
-       &jnz    (&label("slow_dec_loop_sse"));
-       &emms   ();
-       &mov    ("esp",$_esp);
-       &popf   ();
-       &function_end_A();
-       &pushf  ();                     # kludge, never executed
-
-    &set_label("slow_dec_partial_sse",16);
-       &movq   (&QWP(0,$s0),"mm0");    # save output to temp
-       &movq   (&QWP(8,$s0),"mm4");
-       &emms   ();
-
-       &add    ($s2 eq "ecx" ? "ecx":"",16);
-       &mov    ("edi",$s1);            # out
-       &mov    ("esi",$s0);            # temp
-       &align  (4);
-       &data_word(0xA4F3F689);         # rep movsb # copy partial output
-
-       &mov    ("esp",$_esp);
-       &popf   ();
-       &function_end_A();
-       &pushf  ();                     # kludge, never executed
-                                       }
-       &set_label("slow_dec_loop_x86",16);
-               &mov    ($s0,&DWP(0,$acc));     # read input
-               &mov    ($s1,&DWP(4,$acc));
-               &mov    ($s2,&DWP(8,$acc));
-               &mov    ($s3,&DWP(12,$acc));
-
-               &lea    ($key,$ivec);
-               &mov    (&DWP(0,$key),$s0);     # copy to temp
-               &mov    (&DWP(4,$key),$s1);
-               &mov    (&DWP(8,$key),$s2);
-               &mov    (&DWP(12,$key),$s3);
-
-               &mov    ($key,$_key);           # load key
-               &call   ("_x86_AES_decrypt_compact");
-
-               &mov    ($key,$_ivp);           # load ivp
-               &mov    ($acc,$_len);           # load len
-               &xor    ($s0,&DWP(0,$key));     # xor iv
-               &xor    ($s1,&DWP(4,$key));
-               &xor    ($s2,&DWP(8,$key));
-               &xor    ($s3,&DWP(12,$key));
-
-               &sub    ($acc,16);
-               &jc     (&label("slow_dec_partial_x86"));
-
-               &mov    ($_len,$acc);           # save len
-               &mov    ($acc,$_out);           # load out
-
-               &mov    (&DWP(0,$acc),$s0);     # write output
-               &mov    (&DWP(4,$acc),$s1);
-               &mov    (&DWP(8,$acc),$s2);
-               &mov    (&DWP(12,$acc),$s3);
-
-               &lea    ($acc,&DWP(16,$acc));   # advance out
-               &mov    ($_out,$acc);           # save out
-
-               &lea    ($acc,$ivec);
-               &mov    ($s0,&DWP(0,$acc));     # read temp
-               &mov    ($s1,&DWP(4,$acc));
-               &mov    ($s2,&DWP(8,$acc));
-               &mov    ($s3,&DWP(12,$acc));
-
-               &mov    (&DWP(0,$key),$s0);     # copy it to iv
-               &mov    (&DWP(4,$key),$s1);
-               &mov    (&DWP(8,$key),$s2);
-               &mov    (&DWP(12,$key),$s3);
-
-               &mov    ($acc,$_inp);           # load inp
-               &lea    ($acc,&DWP(16,$acc));   # advance inp
-               &mov    ($_inp,$acc);           # save inp
-       &jnz    (&label("slow_dec_loop_x86"));
-       &mov    ("esp",$_esp);
-       &popf   ();
-       &function_end_A();
-       &pushf  ();                     # kludge, never executed
-
-    &set_label("slow_dec_partial_x86",16);
-       &lea    ($acc,$ivec);
-       &mov    (&DWP(0,$acc),$s0);     # save output to temp
-       &mov    (&DWP(4,$acc),$s1);
-       &mov    (&DWP(8,$acc),$s2);
-       &mov    (&DWP(12,$acc),$s3);
-
-       &mov    ($acc,$_inp);
-       &mov    ($s0,&DWP(0,$acc));     # re-read input
-       &mov    ($s1,&DWP(4,$acc));
-       &mov    ($s2,&DWP(8,$acc));
-       &mov    ($s3,&DWP(12,$acc));
-
-       &mov    (&DWP(0,$key),$s0);     # copy it to iv
-       &mov    (&DWP(4,$key),$s1);
-       &mov    (&DWP(8,$key),$s2);
-       &mov    (&DWP(12,$key),$s3);
-
-       &mov    ("ecx",$_len);
-       &mov    ("edi",$_out);
-       &lea    ("esi",$ivec);
-       &align  (4);
-       &data_word(0xA4F3F689);         # rep movsb # copy partial output
-
-       &mov    ("esp",$_esp);
-       &popf   ();
+       &lea    ($acc,&DWP(16,$acc,$s2));
+       &neg    ($s2 eq "ecx" ? $s2 : "");
+       &data_word(0xA4F3F689); # rep movsb     # restore tail
+
+    &align     (4);
+    &set_label("dec_out");
+    &cmp       ($mark,0);              # was the key schedule copied?
+    &mov       ("edi",$_key);
+    &je                (&label("skip_dzero"));
+    # zero copy of key schedule
+    &mov       ("ecx",240/4);
+    &xor       ("eax","eax");
+    &align     (4);
+    &data_word(0xABF3F689);    # rep stosd
+    &set_label("skip_dzero")
+    &mov       ("esp",$_esp);
+    &popf      ();
 &function_end("AES_cbc_encrypt");
 }
 
@@ -2635,26 +1214,27 @@ my $mark=&DWP(76+240,"esp");    # copy of aes_key->rounds
 sub enckey()
 {
        &movz   ("esi",&LB("edx"));             # rk[i]>>0
-       &movz   ("ebx",&BP(-128,$tbl,"esi",1));
+       &mov    ("ebx",&DWP(2,"ebp","esi",8));
        &movz   ("esi",&HB("edx"));             # rk[i]>>8
-       &shl    ("ebx",24);
+       &and    ("ebx",0xFF000000);
        &xor    ("eax","ebx");
 
-       &movz   ("ebx",&BP(-128,$tbl,"esi",1));
+       &mov    ("ebx",&DWP(2,"ebp","esi",8));
        &shr    ("edx",16);
+       &and    ("ebx",0x000000FF);
        &movz   ("esi",&LB("edx"));             # rk[i]>>16
        &xor    ("eax","ebx");
 
-       &movz   ("ebx",&BP(-128,$tbl,"esi",1));
+       &mov    ("ebx",&DWP(0,"ebp","esi",8));
        &movz   ("esi",&HB("edx"));             # rk[i]>>24
-       &shl    ("ebx",8);
+       &and    ("ebx",0x0000FF00);
        &xor    ("eax","ebx");
 
-       &movz   ("ebx",&BP(-128,$tbl,"esi",1));
-       &shl    ("ebx",16);
+       &mov    ("ebx",&DWP(0,"ebp","esi",8));
+       &and    ("ebx",0x00FF0000);
        &xor    ("eax","ebx");
 
-       &xor    ("eax",&DWP(1024-128,$tbl,"ecx",4));    # rcon
+       &xor    ("eax",&DWP(2048,"ebp","ecx",4));       # rcon
 }
 
 # int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
@@ -2671,19 +1251,8 @@ sub enckey()
 
        &call   (&label("pic_point"));
        &set_label("pic_point");
-       &blindpop($tbl);
-       &lea    ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl));
-       &lea    ($tbl,&DWP(2048+128,$tbl));
-
-       # prefetch Te4
-       &mov    ("eax",&DWP(0-128,$tbl));
-       &mov    ("ebx",&DWP(32-128,$tbl));
-       &mov    ("ecx",&DWP(64-128,$tbl));
-       &mov    ("edx",&DWP(96-128,$tbl));
-       &mov    ("eax",&DWP(128-128,$tbl));
-       &mov    ("ebx",&DWP(160-128,$tbl));
-       &mov    ("ecx",&DWP(192-128,$tbl));
-       &mov    ("edx",&DWP(224-128,$tbl));
+       &blindpop("ebp");
+       &lea    ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
 
        &mov    ("ecx",&wparam(1));             # number of bits in key
        &cmp    ("ecx",128);
@@ -2824,23 +1393,24 @@ sub enckey()
                &mov    ("edx","eax");
                &mov    ("eax",&DWP(16,"edi"));         # rk[4]
                &movz   ("esi",&LB("edx"));             # rk[11]>>0
-               &movz   ("ebx",&BP(-128,$tbl,"esi",1));
+               &mov    ("ebx",&DWP(2,"ebp","esi",8));
                &movz   ("esi",&HB("edx"));             # rk[11]>>8
+               &and    ("ebx",0x000000FF);
                &xor    ("eax","ebx");
 
-               &movz   ("ebx",&BP(-128,$tbl,"esi",1));
+               &mov    ("ebx",&DWP(0,"ebp","esi",8));
                &shr    ("edx",16);
-               &shl    ("ebx",8);
+               &and    ("ebx",0x0000FF00);
                &movz   ("esi",&LB("edx"));             # rk[11]>>16
                &xor    ("eax","ebx");
 
-               &movz   ("ebx",&BP(-128,$tbl,"esi",1));
+               &mov    ("ebx",&DWP(0,"ebp","esi",8));
                &movz   ("esi",&HB("edx"));             # rk[11]>>24
-               &shl    ("ebx",16);
+               &and    ("ebx",0x00FF0000);
                &xor    ("eax","ebx");
 
-               &movz   ("ebx",&BP(-128,$tbl,"esi",1));
-               &shl    ("ebx",24);
+               &mov    ("ebx",&DWP(2,"ebp","esi",8));
+               &and    ("ebx",0xFF000000);
                &xor    ("eax","ebx");
 
                &mov    (&DWP(48,"edi"),"eax");         # rk[12]
@@ -2865,58 +1435,24 @@ sub enckey()
 &function_end("AES_set_encrypt_key");
 
 sub deckey()
-{ my ($i,$key,$tp1,$tp2,$tp4,$tp8) = @_;
-  my $tmp = $tbl;
-
-       &mov    ($acc,$tp1);
-       &and    ($acc,0x80808080);
-       &mov    ($tmp,$acc);
-       &shr    ($tmp,7);
-       &lea    ($tp2,&DWP(0,$tp1,$tp1));
-       &sub    ($acc,$tmp);
-       &and    ($tp2,0xfefefefe);
-       &and    ($acc,0x1b1b1b1b);
-       &xor    ($acc,$tp2);
-       &mov    ($tp2,$acc);
-
-       &and    ($acc,0x80808080);
-       &mov    ($tmp,$acc);
-       &shr    ($tmp,7);
-       &lea    ($tp4,&DWP(0,$tp2,$tp2));
-       &sub    ($acc,$tmp);
-       &and    ($tp4,0xfefefefe);
-       &and    ($acc,0x1b1b1b1b);
-        &xor   ($tp2,$tp1);    # tp2^tp1
-       &xor    ($acc,$tp4);
-       &mov    ($tp4,$acc);
-
-       &and    ($acc,0x80808080);
-       &mov    ($tmp,$acc);
-       &shr    ($tmp,7);
-       &lea    ($tp8,&DWP(0,$tp4,$tp4));
-        &xor   ($tp4,$tp1);    # tp4^tp1
-       &sub    ($acc,$tmp);
-       &and    ($tp8,0xfefefefe);
-       &and    ($acc,0x1b1b1b1b);
-        &rotl  ($tp1,8);       # = ROTATE(tp1,8)
-       &xor    ($tp8,$acc);
-
-       &mov    ($tmp,&DWP(4*($i+1),$key));     # modulo-scheduled load
-
-       &xor    ($tp1,$tp2);
-       &xor    ($tp2,$tp8);
-       &xor    ($tp1,$tp4);
-       &rotl   ($tp2,24);
-       &xor    ($tp4,$tp8);
-       &xor    ($tp1,$tp8);    # ^= tp8^(tp4^tp1)^(tp2^tp1)
-       &rotl   ($tp4,16);
-       &xor    ($tp1,$tp2);    # ^= ROTATE(tp8^tp2^tp1,24)
-       &rotl   ($tp8,8);
-       &xor    ($tp1,$tp4);    # ^= ROTATE(tp8^tp4^tp1,16)
-       &mov    ($tp2,$tmp);
-       &xor    ($tp1,$tp8);    # ^= ROTATE(tp8,8)
-
-       &mov    (&DWP(4*$i,$key),$tp1);
+{ my ($i,$ptr,$te,$td) = @_;
+
+       &mov    ("eax",&DWP($i,$ptr));
+       &mov    ("edx","eax");
+       &movz   ("ebx",&HB("eax"));
+       &shr    ("edx",16);
+       &and    ("eax",0xFF);
+       &movz   ("eax",&BP(2,$te,"eax",8));
+       &movz   ("ebx",&BP(2,$te,"ebx",8));
+       &mov    ("eax",&DWP(0,$td,"eax",8));
+       &xor    ("eax",&DWP(3,$td,"ebx",8));
+       &movz   ("ebx",&HB("edx"));
+       &and    ("edx",0xFF);
+       &movz   ("edx",&BP(2,$te,"edx",8));
+       &movz   ("ebx",&BP(2,$te,"ebx",8));
+       &xor    ("eax",&DWP(2,$td,"edx",8));
+       &xor    ("eax",&DWP(1,$td,"ebx",8));
+       &mov    (&DWP($i,$ptr),"eax");
 }
 
 # int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
@@ -2948,7 +1484,8 @@ sub deckey()
        &lea    ("ecx",&DWP(0,"","ecx",4));
        &lea    ("edi",&DWP(0,"esi","ecx",4));  # pointer to last chunk
 
-       &set_label("invert",4);                 # invert order of chunks
+       &align  (4);
+       &set_label("invert");                   # invert order of chunks
                &mov    ("eax",&DWP(0,"esi"));
                &mov    ("ebx",&DWP(4,"esi"));
                &mov    ("ecx",&DWP(0,"edi"));
@@ -2970,24 +1507,26 @@ sub deckey()
                &cmp    ("esi","edi");
        &jne    (&label("invert"));
 
-       &mov    ($key,&wparam(2));
-       &mov    ($acc,&DWP(240,$key));          # pull number of rounds
-       &lea    ($acc,&DWP(-2,$acc,$acc));
-       &lea    ($acc,&DWP(0,$key,$acc,8));
-       &mov    (&wparam(2),$acc);
-
-       &mov    ($s0,&DWP(16,$key));            # modulo-scheduled load
-       &set_label("permute",4);                # permute the key schedule
-               &add    ($key,16);
-               &deckey (0,$key,$s0,$s1,$s2,$s3);
-               &deckey (1,$key,$s1,$s2,$s3,$s0);
-               &deckey (2,$key,$s2,$s3,$s0,$s1);
-               &deckey (3,$key,$s3,$s0,$s1,$s2);
-               &cmp    ($key,&wparam(2));
-       &jb     (&label("permute"));
+       &call   (&label("pic_point"));
+       &set_label("pic_point");
+       blindpop("ebp");
+       &lea    ("edi",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
+       &lea    ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
+
+       &mov    ("esi",&wparam(2));
+       &mov    ("ecx",&DWP(240,"esi"));        # pull number of rounds
+       &dec    ("ecx");
+       &align  (4);
+       &set_label("permute");                  # permute the key schedule
+               &add    ("esi",16);
+               &deckey (0,"esi","ebp","edi");
+               &deckey (4,"esi","ebp","edi");
+               &deckey (8,"esi","ebp","edi");
+               &deckey (12,"esi","ebp","edi");
+               &dec    ("ecx");
+       &jnz    (&label("permute"));
 
        &xor    ("eax","eax");                  # return success
 &function_end("AES_set_decrypt_key");
-&asciz("AES for x86, CRYPTOGAMS by <appro\@openssl.org>");
 
 &asm_finish();
index da425388911a774ff7d80c4088f9e41cc22c1200..44e0bf8cae3aec92919878879fee112fafc9e8d8 100755 (executable)
@@ -2,12 +2,11 @@
 #
 # ====================================================================
 # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
 # ====================================================================
 #
-# Version 2.1.
+# Version 1.2.
 #
 # aes-*-cbc benchmarks are improved by >70% [compared to gcc 3.3.2 on
 # Opteron 240 CPU] plus all the bells-n-whistles from 32-bit version
 #
 # Performance in number of cycles per processed byte for 128-bit key:
 #
-#              ECB encrypt     ECB decrypt     CBC large chunk
-# AMD64                33              41              13.0
-# EM64T                38              59              18.6(*)
-# Core 2       30              43              14.5(*)
+#              ECB             CBC encrypt
+# AMD64                13.7            13.0(*)
+# EM64T                20.2            18.6(*)
 #
-# (*) with hyper-threading off
+# (*)  CBC benchmarks are better than ECB thanks to custom ABI used
+#      by the private block encryption function.
 
 $verticalspin=1;       # unlike 32-bit version $verticalspin performs
                        # ~15% better on both AMD and Intel cores
-$speed_limit=512;      # see aes-586.pl for details
 $output=shift;
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
-die "can't locate x86_64-xlate.pl";
-
-open STDOUT,"| $^X $xlate $output";
+open STDOUT,"| $^X ../perlasm/x86_64-xlate.pl $output";
 
 $code=".text\n";
 
@@ -43,9 +35,9 @@ $s0="%eax";
 $s1="%ebx";
 $s2="%ecx";
 $s3="%edx";
-$acc0="%esi";  $mask80="%rsi";
-$acc1="%edi";  $maskfe="%rdi";
-$acc2="%ebp";  $mask1b="%rbp";
+$acc0="%esi";
+$acc1="%edi";
+$acc2="%ebp";
 $inp="%r8";
 $out="%r9";
 $t0="%r10d";
@@ -59,8 +51,6 @@ sub hi() { my $r=shift;       $r =~ s/%[er]([a-d])x/%\1h/;    $r; }
 sub lo() { my $r=shift;        $r =~ s/%[er]([a-d])x/%\1l/;
                        $r =~ s/%[er]([sd]i)/%\1l/;
                        $r =~ s/%(r[0-9]+)[d]?/%\1b/;   $r; }
-sub LO() { my $r=shift; $r =~ s/%r([a-z]+)/%e\1/;
-                       $r =~ s/%r([0-9]+)/%r\1d/;      $r; }
 sub _data_word()
 { my $i;
     while(defined($i=shift)) { $code.=sprintf".long\t0x%08x,0x%08x\n",$i,$i; }
@@ -148,17 +138,22 @@ $code.=<<___;
        movzb   `&lo("$s0")`,$acc0
        movzb   `&lo("$s1")`,$acc1
        movzb   `&lo("$s2")`,$acc2
-       movzb   2($sbox,$acc0,8),$t0
-       movzb   2($sbox,$acc1,8),$t1
-       movzb   2($sbox,$acc2,8),$t2
+       mov     2($sbox,$acc0,8),$t0
+       mov     2($sbox,$acc1,8),$t1
+       mov     2($sbox,$acc2,8),$t2
+
+       and     \$0x000000ff,$t0
+       and     \$0x000000ff,$t1
+       and     \$0x000000ff,$t2
 
        movzb   `&lo("$s3")`,$acc0
        movzb   `&hi("$s1")`,$acc1
        movzb   `&hi("$s2")`,$acc2
-       movzb   2($sbox,$acc0,8),$t3
+       mov     2($sbox,$acc0,8),$t3
        mov     0($sbox,$acc1,8),$acc1  #$t0
        mov     0($sbox,$acc2,8),$acc2  #$t1
 
+       and     \$0x000000ff,$t3
        and     \$0x0000ff00,$acc1
        and     \$0x0000ff00,$acc2
 
@@ -350,234 +345,6 @@ $code.=<<___;
 .size  _x86_64_AES_encrypt,.-_x86_64_AES_encrypt
 ___
 
-# it's possible to implement this by shifting tN by 8, filling least
-# significant byte with byte load and finally bswap-ing at the end,
-# but such partial register load kills Core 2...
-sub enccompactvert()
-{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d");
-
-$code.=<<___;
-       movzb   `&lo("$s0")`,$t0
-       movzb   `&lo("$s1")`,$t1
-       movzb   `&lo("$s2")`,$t2
-       movzb   ($sbox,$t0,1),$t0
-       movzb   ($sbox,$t1,1),$t1
-       movzb   ($sbox,$t2,1),$t2
-
-       movzb   `&lo("$s3")`,$t3
-       movzb   `&hi("$s1")`,$acc0
-       movzb   `&hi("$s2")`,$acc1
-       movzb   ($sbox,$t3,1),$t3
-       movzb   ($sbox,$acc0,1),$t4     #$t0
-       movzb   ($sbox,$acc1,1),$t5     #$t1
-
-       movzb   `&hi("$s3")`,$acc2
-       movzb   `&hi("$s0")`,$acc0
-       shr     \$16,$s2
-       movzb   ($sbox,$acc2,1),$acc2   #$t2
-       movzb   ($sbox,$acc0,1),$acc0   #$t3
-       shr     \$16,$s3
-
-       movzb   `&lo("$s2")`,$acc1
-       shl     \$8,$t4
-       shl     \$8,$t5
-       movzb   ($sbox,$acc1,1),$acc1   #$t0
-       xor     $t4,$t0
-       xor     $t5,$t1
-
-       movzb   `&lo("$s3")`,$t4
-       shr     \$16,$s0
-       shr     \$16,$s1
-       movzb   `&lo("$s0")`,$t5
-       shl     \$8,$acc2
-       shl     \$8,$acc0
-       movzb   ($sbox,$t4,1),$t4       #$t1
-       movzb   ($sbox,$t5,1),$t5       #$t2
-       xor     $acc2,$t2
-       xor     $acc0,$t3
-
-       movzb   `&lo("$s1")`,$acc2
-       movzb   `&hi("$s3")`,$acc0
-       shl     \$16,$acc1
-       movzb   ($sbox,$acc2,1),$acc2   #$t3
-       movzb   ($sbox,$acc0,1),$acc0   #$t0
-       xor     $acc1,$t0
-
-       movzb   `&hi("$s0")`,$acc1
-       shr     \$8,$s2
-       shr     \$8,$s1
-       movzb   ($sbox,$acc1,1),$acc1   #$t1
-       movzb   ($sbox,$s2,1),$s3       #$t3
-       movzb   ($sbox,$s1,1),$s2       #$t2
-       shl     \$16,$t4
-       shl     \$16,$t5
-       shl     \$16,$acc2
-       xor     $t4,$t1
-       xor     $t5,$t2
-       xor     $acc2,$t3
-
-       shl     \$24,$acc0
-       shl     \$24,$acc1
-       shl     \$24,$s3
-       xor     $acc0,$t0
-       shl     \$24,$s2
-       xor     $acc1,$t1
-       mov     $t0,$s0
-       mov     $t1,$s1
-       xor     $t2,$s2
-       xor     $t3,$s3
-___
-}
-
-sub enctransform_ref()
-{ my $sn = shift;
-  my ($acc,$r2,$tmp)=("%r8d","%r9d","%r13d");
-
-$code.=<<___;
-       mov     $sn,$acc
-       and     \$0x80808080,$acc
-       mov     $acc,$tmp
-       shr     \$7,$tmp
-       lea     ($sn,$sn),$r2
-       sub     $tmp,$acc
-       and     \$0xfefefefe,$r2
-       and     \$0x1b1b1b1b,$acc
-       mov     $sn,$tmp
-       xor     $acc,$r2
-
-       xor     $r2,$sn
-       rol     \$24,$sn
-       xor     $r2,$sn
-       ror     \$16,$tmp
-       xor     $tmp,$sn
-       ror     \$8,$tmp
-       xor     $tmp,$sn
-___
-}
-
-# unlike decrypt case it does not pay off to parallelize enctransform
-sub enctransform()
-{ my ($t3,$r20,$r21)=($acc2,"%r8d","%r9d");
-
-$code.=<<___;
-       mov     $s0,$acc0
-       mov     $s1,$acc1
-       and     \$0x80808080,$acc0
-       and     \$0x80808080,$acc1
-       mov     $acc0,$t0
-       mov     $acc1,$t1
-       shr     \$7,$t0
-       lea     ($s0,$s0),$r20
-       shr     \$7,$t1
-       lea     ($s1,$s1),$r21
-       sub     $t0,$acc0
-       sub     $t1,$acc1
-       and     \$0xfefefefe,$r20
-       and     \$0xfefefefe,$r21
-       and     \$0x1b1b1b1b,$acc0
-       and     \$0x1b1b1b1b,$acc1
-       mov     $s0,$t0
-       mov     $s1,$t1
-       xor     $acc0,$r20
-       xor     $acc1,$r21
-
-       xor     $r20,$s0
-       xor     $r21,$s1
-        mov    $s2,$acc0
-        mov    $s3,$acc1
-       rol     \$24,$s0
-       rol     \$24,$s1
-        and    \$0x80808080,$acc0
-        and    \$0x80808080,$acc1
-       xor     $r20,$s0
-       xor     $r21,$s1
-        mov    $acc0,$t2
-        mov    $acc1,$t3
-       ror     \$16,$t0
-       ror     \$16,$t1
-        shr    \$7,$t2
-        lea    ($s2,$s2),$r20
-       xor     $t0,$s0
-       xor     $t1,$s1
-        shr    \$7,$t3
-        lea    ($s3,$s3),$r21
-       ror     \$8,$t0
-       ror     \$8,$t1
-        sub    $t2,$acc0
-        sub    $t3,$acc1
-       xor     $t0,$s0
-       xor     $t1,$s1
-
-       and     \$0xfefefefe,$r20
-       and     \$0xfefefefe,$r21
-       and     \$0x1b1b1b1b,$acc0
-       and     \$0x1b1b1b1b,$acc1
-       mov     $s2,$t2
-       mov     $s3,$t3
-       xor     $acc0,$r20
-       xor     $acc1,$r21
-
-       xor     $r20,$s2
-       xor     $r21,$s3
-       rol     \$24,$s2
-       rol     \$24,$s3
-       xor     $r20,$s2
-       xor     $r21,$s3
-       mov     0($sbox),$acc0                  # prefetch Te4
-       ror     \$16,$t2
-       ror     \$16,$t3
-       mov     64($sbox),$acc1
-       xor     $t2,$s2
-       xor     $t3,$s3
-       mov     128($sbox),$r20
-       ror     \$8,$t2
-       ror     \$8,$t3
-       mov     192($sbox),$r21
-       xor     $t2,$s2
-       xor     $t3,$s3
-___
-}
-
-$code.=<<___;
-.type  _x86_64_AES_encrypt_compact,\@abi-omnipotent
-.align 16
-_x86_64_AES_encrypt_compact:
-       lea     128($sbox),$inp                 # size optimization
-       mov     0-128($inp),$acc1               # prefetch Te4
-       mov     32-128($inp),$acc2
-       mov     64-128($inp),$t0
-       mov     96-128($inp),$t1
-       mov     128-128($inp),$acc1
-       mov     160-128($inp),$acc2
-       mov     192-128($inp),$t0
-       mov     224-128($inp),$t1
-       jmp     .Lenc_loop_compact
-.align 16
-.Lenc_loop_compact:
-               xor     0($key),$s0             # xor with key
-               xor     4($key),$s1
-               xor     8($key),$s2
-               xor     12($key),$s3
-               lea     16($key),$key
-___
-               &enccompactvert();
-$code.=<<___;
-               cmp     16(%rsp),$key
-               je      .Lenc_compact_done
-___
-               &enctransform();
-$code.=<<___;
-       jmp     .Lenc_loop_compact
-.align 16
-.Lenc_compact_done:
-       xor     0($key),$s0
-       xor     4($key),$s1
-       xor     8($key),$s2
-       xor     12($key),$s3
-       .byte   0xf3,0xc3                       # rep ret
-.size  _x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact
-___
-
 # void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
 $code.=<<___;
 .globl AES_encrypt
@@ -591,44 +358,21 @@ AES_encrypt:
        push    %r14
        push    %r15
 
-       # allocate frame "above" key schedule
-       mov     %rsp,%rax
        mov     %rdx,$key
-       lea     -63(%rdx),%rcx
-       and     \$-64,%rsp
-       sub     %rsp,%rcx
-       neg     %rcx
-       and     \$0x3c0,%rcx
-       sub     %rcx,%rsp
-
-       push    %rax            # save real stack pointer
-       push    %rsi            # save out
-
-       mov     240($key),$rnds # load rounds
-
-       mov     0(%rdi),$s0     # load input vector
-       mov     4(%rdi),$s1
-       mov     8(%rdi),$s2
-       mov     12(%rdi),$s3
-
-       shl     \$4,$rnds
-       lea     ($key,$rnds),%rbp
-       push    %rbp
-       push    $key
+       mov     %rdi,$inp
+       mov     %rsi,$out
 
-       # pick Te4 copy which can't "overlap" with stack frame or key schedule
        .picmeup        $sbox
-       lea     AES_Te+2048-.($sbox),$sbox
-       lea     768(%rsp),%rbp
-       sub     $sbox,%rbp
-       and     \$0x300,%rbp
-       lea     ($sbox,%rbp),$sbox
+       lea     AES_Te-.($sbox),$sbox
+
+       mov     0($inp),$s0
+       mov     4($inp),$s1
+       mov     8($inp),$s2
+       mov     12($inp),$s3
 
-       call    _x86_64_AES_encrypt_compact
+       call    _x86_64_AES_encrypt
 
-       mov     16(%rsp),$out   # restore out
-       mov     24(%rsp),%rsp
-       mov     $s0,0($out)     # write output vector
+       mov     $s0,0($out)
        mov     $s1,4($out)
        mov     $s2,8($out)
        mov     $s3,12($out)
@@ -709,20 +453,19 @@ sub declastvert()
 { my $t3="%r8d";       # zaps $inp!
 
 $code.=<<___;
-       lea     2048($sbox),$sbox       # size optimization
        movzb   `&lo("$s0")`,$acc0
        movzb   `&lo("$s1")`,$acc1
        movzb   `&lo("$s2")`,$acc2
-       movzb   ($sbox,$acc0,1),$t0
-       movzb   ($sbox,$acc1,1),$t1
-       movzb   ($sbox,$acc2,1),$t2
+       movzb   2048($sbox,$acc0,1),$t0
+       movzb   2048($sbox,$acc1,1),$t1
+       movzb   2048($sbox,$acc2,1),$t2
 
        movzb   `&lo("$s3")`,$acc0
        movzb   `&hi("$s3")`,$acc1
        movzb   `&hi("$s0")`,$acc2
-       movzb   ($sbox,$acc0,1),$t3
-       movzb   ($sbox,$acc1,1),$acc1   #$t0
-       movzb   ($sbox,$acc2,1),$acc2   #$t1
+       movzb   2048($sbox,$acc0,1),$t3
+       movzb   2048($sbox,$acc1,1),$acc1       #$t0
+       movzb   2048($sbox,$acc2,1),$acc2       #$t1
 
        shl     \$8,$acc1
        shl     \$8,$acc2
@@ -734,8 +477,8 @@ $code.=<<___;
        movzb   `&hi("$s1")`,$acc0
        movzb   `&hi("$s2")`,$acc1
        shr     \$16,$s0
-       movzb   ($sbox,$acc0,1),$acc0   #$t2
-       movzb   ($sbox,$acc1,1),$acc1   #$t3
+       movzb   2048($sbox,$acc0,1),$acc0       #$t2
+       movzb   2048($sbox,$acc1,1),$acc1       #$t3
 
        shl     \$8,$acc0
        shl     \$8,$acc1
@@ -747,9 +490,9 @@ $code.=<<___;
        movzb   `&lo("$s2")`,$acc0
        movzb   `&lo("$s3")`,$acc1
        movzb   `&lo("$s0")`,$acc2
-       movzb   ($sbox,$acc0,1),$acc0   #$t0
-       movzb   ($sbox,$acc1,1),$acc1   #$t1
-       movzb   ($sbox,$acc2,1),$acc2   #$t2
+       movzb   2048($sbox,$acc0,1),$acc0       #$t0
+       movzb   2048($sbox,$acc1,1),$acc1       #$t1
+       movzb   2048($sbox,$acc2,1),$acc2       #$t2
 
        shl     \$16,$acc0
        shl     \$16,$acc1
@@ -762,9 +505,9 @@ $code.=<<___;
        movzb   `&lo("$s1")`,$acc0
        movzb   `&hi("$s1")`,$acc1
        movzb   `&hi("$s2")`,$acc2
-       movzb   ($sbox,$acc0,1),$acc0   #$t3
-       movzb   ($sbox,$acc1,1),$acc1   #$t0
-       movzb   ($sbox,$acc2,1),$acc2   #$t1
+       movzb   2048($sbox,$acc0,1),$acc0       #$t3
+       movzb   2048($sbox,$acc1,1),$acc1       #$t0
+       movzb   2048($sbox,$acc2,1),$acc2       #$t1
 
        shl     \$16,$acc0
        shl     \$24,$acc1
@@ -777,8 +520,8 @@ $code.=<<___;
        movzb   `&hi("$s3")`,$acc0
        movzb   `&hi("$s0")`,$acc1
        mov     16+12($key),$s3
-       movzb   ($sbox,$acc0,1),$acc0   #$t2
-       movzb   ($sbox,$acc1,1),$acc1   #$t3
+       movzb   2048($sbox,$acc0,1),$acc0       #$t2
+       movzb   2048($sbox,$acc1,1),$acc1       #$t3
        mov     16+0($key),$s0
 
        shl     \$24,$acc0
@@ -789,7 +532,6 @@ $code.=<<___;
 
        mov     16+4($key),$s1
        mov     16+8($key),$s2
-       lea     -2048($sbox),$sbox
        xor     $t0,$s0
        xor     $t1,$s1
        xor     $t2,$s2
@@ -917,260 +659,6 @@ $code.=<<___;
 .size  _x86_64_AES_decrypt,.-_x86_64_AES_decrypt
 ___
 
-sub deccompactvert()
-{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d");
-
-$code.=<<___;
-       movzb   `&lo("$s0")`,$t0
-       movzb   `&lo("$s1")`,$t1
-       movzb   `&lo("$s2")`,$t2
-       movzb   ($sbox,$t0,1),$t0
-       movzb   ($sbox,$t1,1),$t1
-       movzb   ($sbox,$t2,1),$t2
-
-       movzb   `&lo("$s3")`,$t3
-       movzb   `&hi("$s3")`,$acc0
-       movzb   `&hi("$s0")`,$acc1
-       movzb   ($sbox,$t3,1),$t3
-       movzb   ($sbox,$acc0,1),$t4     #$t0
-       movzb   ($sbox,$acc1,1),$t5     #$t1
-
-       movzb   `&hi("$s1")`,$acc2
-       movzb   `&hi("$s2")`,$acc0
-       shr     \$16,$s2
-       movzb   ($sbox,$acc2,1),$acc2   #$t2
-       movzb   ($sbox,$acc0,1),$acc0   #$t3
-       shr     \$16,$s3
-
-       movzb   `&lo("$s2")`,$acc1
-       shl     \$8,$t4
-       shl     \$8,$t5
-       movzb   ($sbox,$acc1,1),$acc1   #$t0
-       xor     $t4,$t0
-       xor     $t5,$t1
-
-       movzb   `&lo("$s3")`,$t4
-       shr     \$16,$s0
-       shr     \$16,$s1
-       movzb   `&lo("$s0")`,$t5
-       shl     \$8,$acc2
-       shl     \$8,$acc0
-       movzb   ($sbox,$t4,1),$t4       #$t1
-       movzb   ($sbox,$t5,1),$t5       #$t2
-       xor     $acc2,$t2
-       xor     $acc0,$t3
-
-       movzb   `&lo("$s1")`,$acc2
-       movzb   `&hi("$s1")`,$acc0
-       shl     \$16,$acc1
-       movzb   ($sbox,$acc2,1),$acc2   #$t3
-       movzb   ($sbox,$acc0,1),$acc0   #$t0
-       xor     $acc1,$t0
-
-       movzb   `&hi("$s2")`,$acc1
-       shl     \$16,$t4
-       shl     \$16,$t5
-       movzb   ($sbox,$acc1,1),$s1     #$t1
-       xor     $t4,$t1
-       xor     $t5,$t2
-
-       movzb   `&hi("$s3")`,$acc1
-       shr     \$8,$s0
-       shl     \$16,$acc2
-       movzb   ($sbox,$acc1,1),$s2     #$t2
-       movzb   ($sbox,$s0,1),$s3       #$t3
-       xor     $acc2,$t3
-
-       shl     \$24,$acc0
-       shl     \$24,$s1
-       shl     \$24,$s2
-       xor     $acc0,$t0
-       shl     \$24,$s3
-       xor     $t1,$s1
-       mov     $t0,$s0
-       xor     $t2,$s2
-       xor     $t3,$s3
-___
-}
-
-# parallelized version! input is pair of 64-bit values: %rax=s1.s0
-# and %rcx=s3.s2, output is four 32-bit values in %eax=s0, %ebx=s1,
-# %ecx=s2 and %edx=s3.
-sub dectransform()
-{ my ($tp10,$tp20,$tp40,$tp80,$acc0)=("%rax","%r8", "%r9", "%r10","%rbx");
-  my ($tp18,$tp28,$tp48,$tp88,$acc8)=("%rcx","%r11","%r12","%r13","%rdx");
-  my $prefetch = shift;
-
-$code.=<<___;
-       mov     $tp10,$acc0
-       mov     $tp18,$acc8
-       and     $mask80,$acc0
-       and     $mask80,$acc8
-       mov     $acc0,$tp40
-       mov     $acc8,$tp48
-       shr     \$7,$tp40
-       lea     ($tp10,$tp10),$tp20
-       shr     \$7,$tp48
-       lea     ($tp18,$tp18),$tp28
-       sub     $tp40,$acc0
-       sub     $tp48,$acc8
-       and     $maskfe,$tp20
-       and     $maskfe,$tp28
-       and     $mask1b,$acc0
-       and     $mask1b,$acc8
-       xor     $tp20,$acc0
-       xor     $tp28,$acc8
-       mov     $acc0,$tp20
-       mov     $acc8,$tp28
-
-       and     $mask80,$acc0
-       and     $mask80,$acc8
-       mov     $acc0,$tp80
-       mov     $acc8,$tp88
-       shr     \$7,$tp80
-       lea     ($tp20,$tp20),$tp40
-       shr     \$7,$tp88
-       lea     ($tp28,$tp28),$tp48
-       sub     $tp80,$acc0
-       sub     $tp88,$acc8
-       and     $maskfe,$tp40
-       and     $maskfe,$tp48
-       and     $mask1b,$acc0
-       and     $mask1b,$acc8
-       xor     $tp40,$acc0
-       xor     $tp48,$acc8
-       mov     $acc0,$tp40
-       mov     $acc8,$tp48
-
-       and     $mask80,$acc0
-       and     $mask80,$acc8
-       mov     $acc0,$tp80
-       mov     $acc8,$tp88
-       shr     \$7,$tp80
-        xor    $tp10,$tp20             # tp2^=tp1
-       shr     \$7,$tp88
-        xor    $tp18,$tp28             # tp2^=tp1
-       sub     $tp80,$acc0
-       sub     $tp88,$acc8
-       lea     ($tp40,$tp40),$tp80
-       lea     ($tp48,$tp48),$tp88
-        xor    $tp10,$tp40             # tp4^=tp1
-        xor    $tp18,$tp48             # tp4^=tp1
-       and     $maskfe,$tp80
-       and     $maskfe,$tp88
-       and     $mask1b,$acc0
-       and     $mask1b,$acc8
-       xor     $acc0,$tp80
-       xor     $acc8,$tp88
-
-       xor     $tp80,$tp10             # tp1^=tp8
-       xor     $tp88,$tp18             # tp1^=tp8
-       xor     $tp80,$tp20             # tp2^tp1^=tp8
-       xor     $tp88,$tp28             # tp2^tp1^=tp8
-       mov     $tp10,$acc0
-       mov     $tp18,$acc8
-       xor     $tp80,$tp40             # tp4^tp1^=tp8
-       xor     $tp88,$tp48             # tp4^tp1^=tp8
-       shr     \$32,$acc0
-       shr     \$32,$acc8
-       xor     $tp20,$tp80             # tp8^=tp8^tp2^tp1=tp2^tp1
-       xor     $tp28,$tp88             # tp8^=tp8^tp2^tp1=tp2^tp1
-       rol     \$8,`&LO("$tp10")`      # ROTATE(tp1^tp8,8)
-       rol     \$8,`&LO("$tp18")`      # ROTATE(tp1^tp8,8)
-       xor     $tp40,$tp80             # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2
-       xor     $tp48,$tp88             # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2
-
-       rol     \$8,`&LO("$acc0")`      # ROTATE(tp1^tp8,8)
-       rol     \$8,`&LO("$acc8")`      # ROTATE(tp1^tp8,8)
-       xor     `&LO("$tp80")`,`&LO("$tp10")`
-       xor     `&LO("$tp88")`,`&LO("$tp18")`
-       shr     \$32,$tp80
-       shr     \$32,$tp88
-       xor     `&LO("$tp80")`,`&LO("$acc0")`
-       xor     `&LO("$tp88")`,`&LO("$acc8")`
-
-       mov     $tp20,$tp80
-       mov     $tp28,$tp88
-       shr     \$32,$tp80
-       shr     \$32,$tp88
-       rol     \$24,`&LO("$tp20")`     # ROTATE(tp2^tp1^tp8,24)
-       rol     \$24,`&LO("$tp28")`     # ROTATE(tp2^tp1^tp8,24)
-       rol     \$24,`&LO("$tp80")`     # ROTATE(tp2^tp1^tp8,24)
-       rol     \$24,`&LO("$tp88")`     # ROTATE(tp2^tp1^tp8,24)
-       xor     `&LO("$tp20")`,`&LO("$tp10")`
-       xor     `&LO("$tp28")`,`&LO("$tp18")`
-       mov     $tp40,$tp20
-       mov     $tp48,$tp28
-       xor     `&LO("$tp80")`,`&LO("$acc0")`
-       xor     `&LO("$tp88")`,`&LO("$acc8")`
-
-       `"mov   0($sbox),$mask80"       if ($prefetch)`
-       shr     \$32,$tp20
-       shr     \$32,$tp28
-       `"mov   64($sbox),$maskfe"      if ($prefetch)`
-       rol     \$16,`&LO("$tp40")`     # ROTATE(tp4^tp1^tp8,16)
-       rol     \$16,`&LO("$tp48")`     # ROTATE(tp4^tp1^tp8,16)
-       `"mov   128($sbox),$mask1b"     if ($prefetch)`
-       rol     \$16,`&LO("$tp20")`     # ROTATE(tp4^tp1^tp8,16)
-       rol     \$16,`&LO("$tp28")`     # ROTATE(tp4^tp1^tp8,16)
-       `"mov   192($sbox),$tp80"       if ($prefetch)`
-       xor     `&LO("$tp40")`,`&LO("$tp10")`
-       xor     `&LO("$tp48")`,`&LO("$tp18")`
-       `"mov   256($sbox),$tp88"       if ($prefetch)`
-       xor     `&LO("$tp20")`,`&LO("$acc0")`
-       xor     `&LO("$tp28")`,`&LO("$acc8")`
-___
-}
-
-$code.=<<___;
-.type  _x86_64_AES_decrypt_compact,\@abi-omnipotent
-.align 16
-_x86_64_AES_decrypt_compact:
-       lea     128($sbox),$inp                 # size optimization
-       mov     0-128($inp),$acc1               # prefetch Td4
-       mov     32-128($inp),$acc2
-       mov     64-128($inp),$t0
-       mov     96-128($inp),$t1
-       mov     128-128($inp),$acc1
-       mov     160-128($inp),$acc2
-       mov     192-128($inp),$t0
-       mov     224-128($inp),$t1
-       jmp     .Ldec_loop_compact
-
-.align 16
-.Ldec_loop_compact:
-               xor     0($key),$s0             # xor with key
-               xor     4($key),$s1
-               xor     8($key),$s2
-               xor     12($key),$s3
-               lea     16($key),$key
-___
-               &deccompactvert();
-$code.=<<___;
-               cmp     16(%rsp),$key
-               je      .Ldec_compact_done
-
-               mov     256+0($sbox),$mask80
-               shl     \$32,%rbx
-               shl     \$32,%rdx
-               mov     256+8($sbox),$maskfe
-               or      %rbx,%rax
-               or      %rdx,%rcx
-               mov     256+16($sbox),$mask1b
-___
-               &dectransform(1);
-$code.=<<___;
-       jmp     .Ldec_loop_compact
-.align 16
-.Ldec_compact_done:
-       xor     0($key),$s0
-       xor     4($key),$s1
-       xor     8($key),$s2
-       xor     12($key),$s3
-       .byte   0xf3,0xc3                       # rep ret
-.size  _x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact
-___
-
 # void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
 $code.=<<___;
 .globl AES_decrypt
@@ -1184,46 +672,33 @@ AES_decrypt:
        push    %r14
        push    %r15
 
-       # allocate frame "above" key schedule
-       mov     %rsp,%rax
        mov     %rdx,$key
-       lea     -63(%rdx),%rcx
-       and     \$-64,%rsp
-       sub     %rsp,%rcx
-       neg     %rcx
-       and     \$0x3c0,%rcx
-       sub     %rcx,%rsp
-
-       push    %rax            # save real stack pointer
-       push    %rsi            # save out
-
-       mov     240($key),$rnds # load rounds
-
-       mov     0(%rdi),$s0     # load input vector
-       mov     4(%rdi),$s1
-       mov     8(%rdi),$s2
-       mov     12(%rdi),$s3
-
-       shl     \$4,$rnds
-       lea     ($key,$rnds),%rbp
-       push    %rbp
-       push    $key
+       mov     %rdi,$inp
+       mov     %rsi,$out
 
-       # pick Td4 copy which can't "overlap" with stack frame or key schedule
        .picmeup        $sbox
-       lea     AES_Td+2048-.($sbox),$sbox
-       lea     768(%rsp),%rbp
-       sub     $sbox,%rbp
-       and     \$0x300,%rbp
-       lea     ($sbox,%rbp),$sbox
-       shr     \$3,%rbp        # recall "magic" constants!
-       add     %rbp,$sbox
-
-       call    _x86_64_AES_decrypt_compact
-
-       mov     16(%rsp),$out   # restore out
-       mov     24(%rsp),%rsp
-       mov     $s0,0($out)     # write output vector
+       lea     AES_Td-.($sbox),$sbox
+
+       # prefetch Td4
+       lea     2048+128($sbox),$sbox;
+       mov     0-128($sbox),$s0
+       mov     32-128($sbox),$s1
+       mov     64-128($sbox),$s2
+       mov     96-128($sbox),$s3
+       mov     128-128($sbox),$s0
+       mov     160-128($sbox),$s1
+       mov     192-128($sbox),$s2
+       mov     224-128($sbox),$s3
+       lea     -2048-128($sbox),$sbox;
+
+       mov     0($inp),$s0
+       mov     4($inp),$s1
+       mov     8($inp),$s2
+       mov     12($inp),$s3
+
+       call    _x86_64_AES_decrypt
+
+       mov     $s0,0($out)
        mov     $s1,4($out)
        mov     $s2,8($out)
        mov     $s3,12($out)
@@ -1243,26 +718,27 @@ sub enckey()
 {
 $code.=<<___;
        movz    %dl,%esi                # rk[i]>>0
-       movzb   -128(%rbp,%rsi),%ebx
+       mov     2(%rbp,%rsi,8),%ebx
        movz    %dh,%esi                # rk[i]>>8
-       shl     \$24,%ebx
+       and     \$0xFF000000,%ebx
        xor     %ebx,%eax
 
-       movzb   -128(%rbp,%rsi),%ebx
+       mov     2(%rbp,%rsi,8),%ebx
        shr     \$16,%edx
+       and     \$0x000000FF,%ebx
        movz    %dl,%esi                # rk[i]>>16
        xor     %ebx,%eax
 
-       movzb   -128(%rbp,%rsi),%ebx
+       mov     0(%rbp,%rsi,8),%ebx
        movz    %dh,%esi                # rk[i]>>24
-       shl     \$8,%ebx
+       and     \$0x0000FF00,%ebx
        xor     %ebx,%eax
 
-       movzb   -128(%rbp,%rsi),%ebx
-       shl     \$16,%ebx
+       mov     0(%rbp,%rsi,8),%ebx
+       and     \$0x00FF0000,%ebx
        xor     %ebx,%eax
 
-       xor     1024-128(%rbp,%rcx,4),%eax              # rcon
+       xor     2048(%rbp,%rcx,4),%eax          # rcon
 ___
 }
 
@@ -1273,13 +749,6 @@ $code.=<<___;
 .type  AES_set_encrypt_key,\@function,3
 .align 16
 AES_set_encrypt_key:
-       call    _x86_64_AES_set_encrypt_key
-       ret
-.size  AES_set_encrypt_key,.-AES_set_encrypt_key
-
-.type  _x86_64_AES_set_encrypt_key,\@abi-omnipotent
-.align 16
-_x86_64_AES_set_encrypt_key:
        push    %rbx
        push    %rbp
 
@@ -1294,17 +763,6 @@ _x86_64_AES_set_encrypt_key:
 
        .picmeup %rbp
        lea     AES_Te-.(%rbp),%rbp
-       lea     2048+128(%rbp),%rbp
-
-       # prefetch Te4
-       mov     0-128(%rbp),%eax
-       mov     32-128(%rbp),%ebx
-       mov     64-128(%rbp),%r8d
-       mov     96-128(%rbp),%edx
-       mov     128-128(%rbp),%eax
-       mov     160-128(%rbp),%ebx
-       mov     192-128(%rbp),%r8d
-       mov     224-128(%rbp),%edx
 
        cmp     \$128,%ecx
        je      .L10rounds
@@ -1316,12 +774,15 @@ _x86_64_AES_set_encrypt_key:
        jmp     .Lexit
 
 .L10rounds:
-       mov     0(%rsi),%rax                    # copy first 4 dwords
-       mov     8(%rsi),%rdx
-       mov     %rax,0(%rdi)
-       mov     %rdx,8(%rdi)
+       mov     0(%rsi),%eax                    # copy first 4 dwords
+       mov     4(%rsi),%ebx
+       mov     8(%rsi),%ecx
+       mov     12(%rsi),%edx
+       mov     %eax,0(%rdi)
+       mov     %ebx,4(%rdi)
+       mov     %ecx,8(%rdi)
+       mov     %edx,12(%rdi)
 
-       shr     \$32,%rdx
        xor     %ecx,%ecx
        jmp     .L10shortcut
 .align 4
@@ -1349,14 +810,19 @@ $code.=<<___;
        jmp     .Lexit
 
 .L12rounds:
-       mov     0(%rsi),%rax                    # copy first 6 dwords
-       mov     8(%rsi),%rbx
-       mov     16(%rsi),%rdx
-       mov     %rax,0(%rdi)
-       mov     %rbx,8(%rdi)
-       mov     %rdx,16(%rdi)
-
-       shr     \$32,%rdx
+       mov     0(%rsi),%eax                    # copy first 6 dwords
+       mov     4(%rsi),%ebx
+       mov     8(%rsi),%ecx
+       mov     12(%rsi),%edx
+       mov     %eax,0(%rdi)
+       mov     %ebx,4(%rdi)
+       mov     %ecx,8(%rdi)
+       mov     %edx,12(%rdi)
+       mov     16(%rsi),%ecx
+       mov     20(%rsi),%edx
+       mov     %ecx,16(%rdi)
+       mov     %edx,20(%rdi)
+
        xor     %ecx,%ecx
        jmp     .L12shortcut
 .align 4
@@ -1392,23 +858,30 @@ $code.=<<___;
        jmp     .Lexit
 
 .L14rounds:            
-       mov     0(%rsi),%rax                    # copy first 8 dwords
-       mov     8(%rsi),%rbx
-       mov     16(%rsi),%rcx
-       mov     24(%rsi),%rdx
-       mov     %rax,0(%rdi)
-       mov     %rbx,8(%rdi)
-       mov     %rcx,16(%rdi)
-       mov     %rdx,24(%rdi)
-
-       shr     \$32,%rdx
+       mov     0(%rsi),%eax                    # copy first 8 dwords
+       mov     4(%rsi),%ebx
+       mov     8(%rsi),%ecx
+       mov     12(%rsi),%edx
+       mov     %eax,0(%rdi)
+       mov     %ebx,4(%rdi)
+       mov     %ecx,8(%rdi)
+       mov     %edx,12(%rdi)
+       mov     16(%rsi),%eax
+       mov     20(%rsi),%ebx
+       mov     24(%rsi),%ecx
+       mov     28(%rsi),%edx
+       mov     %eax,16(%rdi)
+       mov     %ebx,20(%rdi)
+       mov     %ecx,24(%rdi)
+       mov     %edx,28(%rdi)
+
        xor     %ecx,%ecx
        jmp     .L14shortcut
 .align 4
 .L14loop:
-               mov     0(%rdi),%eax                    # rk[0]
                mov     28(%rdi),%edx                   # rk[4]
 .L14shortcut:
+               mov     0(%rdi),%eax                    # rk[0]
 ___
                &enckey ();
 $code.=<<___;
@@ -1427,23 +900,24 @@ $code.=<<___;
                mov     %eax,%edx
                mov     16(%rdi),%eax                   # rk[4]
                movz    %dl,%esi                        # rk[11]>>0
-               movzb   -128(%rbp,%rsi),%ebx
+               mov     2(%rbp,%rsi,8),%ebx
                movz    %dh,%esi                        # rk[11]>>8
+               and     \$0x000000FF,%ebx
                xor     %ebx,%eax
 
-               movzb   -128(%rbp,%rsi),%ebx
+               mov     0(%rbp,%rsi,8),%ebx
                shr     \$16,%edx
-               shl     \$8,%ebx
+               and     \$0x0000FF00,%ebx
                movz    %dl,%esi                        # rk[11]>>16
                xor     %ebx,%eax
 
-               movzb   -128(%rbp,%rsi),%ebx
+               mov     0(%rbp,%rsi,8),%ebx
                movz    %dh,%esi                        # rk[11]>>24
-               shl     \$16,%ebx
+               and     \$0x00FF0000,%ebx
                xor     %ebx,%eax
 
-               movzb   -128(%rbp,%rsi),%ebx
-               shl     \$24,%ebx
+               mov     2(%rbp,%rsi,8),%ebx
+               and     \$0xFF000000,%ebx
                xor     %ebx,%eax
 
                mov     %eax,48(%rdi)                   # rk[12]
@@ -1466,61 +940,29 @@ $code.=<<___;
 .Lexit:
        pop     %rbp
        pop     %rbx
-       .byte   0xf3,0xc3                       # rep ret
-.size  _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
+       ret
+.size  AES_set_encrypt_key,.-AES_set_encrypt_key
 ___
 
-sub deckey_ref()
+sub deckey()
 { my ($i,$ptr,$te,$td) = @_;
-  my ($tp1,$tp2,$tp4,$tp8,$acc)=("%eax","%ebx","%edi","%edx","%r8d");
 $code.=<<___;
-       mov     $i($ptr),$tp1
-       mov     $tp1,$acc
-       and     \$0x80808080,$acc
-       mov     $acc,$tp4
-       shr     \$7,$tp4
-       lea     0($tp1,$tp1),$tp2
-       sub     $tp4,$acc
-       and     \$0xfefefefe,$tp2
-       and     \$0x1b1b1b1b,$acc
-       xor     $tp2,$acc
-       mov     $acc,$tp2
-
-       and     \$0x80808080,$acc
-       mov     $acc,$tp8
-       shr     \$7,$tp8
-       lea     0($tp2,$tp2),$tp4
-       sub     $tp8,$acc
-       and     \$0xfefefefe,$tp4
-       and     \$0x1b1b1b1b,$acc
-        xor    $tp1,$tp2               # tp2^tp1
-       xor     $tp4,$acc
-       mov     $acc,$tp4
-
-       and     \$0x80808080,$acc
-       mov     $acc,$tp8
-       shr     \$7,$tp8
-       sub     $tp8,$acc
-       lea     0($tp4,$tp4),$tp8
-        xor    $tp1,$tp4               # tp4^tp1
-       and     \$0xfefefefe,$tp8
-       and     \$0x1b1b1b1b,$acc
-       xor     $acc,$tp8
-
-       xor     $tp8,$tp1               # tp1^tp8
-       rol     \$8,$tp1                # ROTATE(tp1^tp8,8)
-       xor     $tp8,$tp2               # tp2^tp1^tp8
-       xor     $tp8,$tp4               # tp4^tp1^tp8
-       xor     $tp2,$tp8
-       xor     $tp4,$tp8               # tp8^(tp8^tp4^tp1)^(tp8^tp2^tp1)=tp8^tp4^tp2
-
-       xor     $tp8,$tp1
-       rol     \$24,$tp2               # ROTATE(tp2^tp1^tp8,24)
-       xor     $tp2,$tp1
-       rol     \$16,$tp4               # ROTATE(tp4^tp1^tp8,16)
-       xor     $tp4,$tp1
-
-       mov     $tp1,$i($ptr)
+       mov     $i($ptr),%eax
+       mov     %eax,%edx
+       movz    %ah,%ebx
+       shr     \$16,%edx
+       and     \$0xFF,%eax
+       movzb   2($te,%rax,8),%rax
+       movzb   2($te,%rbx,8),%rbx
+       mov     0($td,%rax,8),%eax
+       xor     3($td,%rbx,8),%eax
+       movzb   %dh,%ebx
+       and     \$0xFF,%edx
+       movzb   2($te,%rdx,8),%rdx
+       movzb   2($te,%rbx,8),%rbx
+       xor     2($td,%rdx,8),%eax
+       xor     1($td,%rbx,8),%eax
+       mov     %eax,$i($ptr)
 ___
 }
 
@@ -1531,22 +973,19 @@ $code.=<<___;
 .type  AES_set_decrypt_key,\@function,3
 .align 16
 AES_set_decrypt_key:
-       push    %rdx                    # save key schedule
-       call    _x86_64_AES_set_encrypt_key
+       push    %rdx
+       call    AES_set_encrypt_key
        cmp     \$0,%eax
-       pop     %r8                     # restore key schedule
-       jne     .Labort
-
-       push    %rbx
-       push    %rbp
-       push    %r12
-       push    %r13
-       push    %r14
-       push    %r15
+       je      .Lproceed
+       lea     24(%rsp),%rsp
+       ret
+.Lproceed:
+       mov     (%rsp),%r8              # restore key schedule
+       mov     %rbx,(%rsp)
 
-       mov     240(%r8),%r14d          # pull number of rounds
+       mov     240(%r8),%ecx           # pull number of rounds
        xor     %rdi,%rdi
-       lea     (%rdi,%r14d,4),%rcx
+       lea     (%rdi,%rcx,4),%rcx
        mov     %r8,%rsi
        lea     (%r8,%rcx,4),%rdi       # pointer to last chunk
 .align 4
@@ -1564,38 +1003,27 @@ AES_set_decrypt_key:
                cmp     %rsi,%rdi
        jne     .Linvert
 
-       .picmeup %rax
-       lea     AES_Te+2048+1024-.(%rax),%rax   # rcon
+       .picmeup %r9
+       lea     AES_Td-.(%r9),%rdi
+       lea     AES_Te-AES_Td(%rdi),%r9
 
-       mov     40(%rax),$mask80
-       mov     48(%rax),$maskfe
-       mov     56(%rax),$mask1b
-
-       mov     %r8,$key
-       sub     \$1,%r14d
+       mov     %r8,%rsi
+       mov     240(%r8),%ecx           # pull number of rounds
+       sub     \$1,%ecx
 .align 4
 .Lpermute:
-               lea     16($key),$key
-               mov     0($key),%rax
-               mov     8($key),%rcx
+               lea     16(%rsi),%rsi
 ___
-               &dectransform ();
+               &deckey (0,"%rsi","%r9","%rdi");
+               &deckey (4,"%rsi","%r9","%rdi");
+               &deckey (8,"%rsi","%r9","%rdi");
+               &deckey (12,"%rsi","%r9","%rdi");
 $code.=<<___;
-               mov     %eax,0($key)
-               mov     %ebx,4($key)
-               mov     %ecx,8($key)
-               mov     %edx,12($key)
-               sub     \$1,%r14d
+               sub     \$1,%ecx
        jnz     .Lpermute
 
        xor     %rax,%rax
-       pop     %r15
-       pop     %r14
-       pop     %r13
-       pop     %r12
-       pop     %rbp
        pop     %rbx
-.Labort:
        ret
 .size  AES_set_decrypt_key,.-AES_set_decrypt_key
 ___
@@ -1606,23 +1034,19 @@ ___
 {
 # stack frame layout
 # -8(%rsp)             return address
-my $keyp="0(%rsp)";            # one to pass as $key
-my $keyend="8(%rsp)";          # &(keyp->rd_key[4*keyp->rounds])
-my $_rsp="16(%rsp)";           # saved %rsp
-my $_inp="24(%rsp)";           # copy of 1st parameter, inp
-my $_out="32(%rsp)";           # copy of 2nd parameter, out
-my $_len="40(%rsp)";           # copy of 3rd parameter, length
-my $_key="48(%rsp)";           # copy of 4th parameter, key
-my $_ivp="56(%rsp)";           # copy of 5th parameter, ivp
-my $ivec="64(%rsp)";           # ivec[16]
-my $aes_key="80(%rsp)";                # copy of aes_key
-my $mark="80+240(%rsp)";       # copy of aes_key->rounds
+my $_rsp="0(%rsp)";            # saved %rsp
+my $_len="8(%rsp)";            # copy of 3rd parameter, length
+my $_key="16(%rsp)";           # copy of 4th parameter, key
+my $_ivp="24(%rsp)";           # copy of 5th parameter, ivp
+my $keyp="32(%rsp)";           # one to pass as $key
+my $ivec="40(%rsp)";           # ivec[16]
+my $aes_key="56(%rsp)";                # copy of aes_key
+my $mark="56+240(%rsp)";       # copy of aes_key->rounds
 
 $code.=<<___;
 .globl AES_cbc_encrypt
 .type  AES_cbc_encrypt,\@function,6
 .align 16
-.extern        OPENSSL_ia32cap_P
 AES_cbc_encrypt:
        cmp     \$0,%rdx        # check length
        je      .Lcbc_just_ret
@@ -1637,27 +1061,20 @@ AES_cbc_encrypt:
        mov     %r9d,%r9d       # clear upper half of enc
 
        .picmeup $sbox
-       lea     AES_Te-.($sbox),$sbox
+.Lcbc_pic_point:
+
        cmp     \$0,%r9
-       jne     .Lcbc_picked_te
-       lea     AES_Td-AES_Te($sbox),$sbox
-.Lcbc_picked_te:
-
-       mov     OPENSSL_ia32cap_P(%rip),%eax
-       cmp     \$$speed_limit,%rdx
-       jb      .Lcbc_slow_way
-       test    \$15,%rdx
-       jnz     .Lcbc_slow_way
-       bt      \$28,%eax
-       jc      .Lcbc_slow_way
+       je      .LDECRYPT
+
+       lea     AES_Te-.Lcbc_pic_point($sbox),$sbox
 
        # allocate aligned stack frame...
-       lea     -88-248(%rsp),$key
+       lea     -64-248(%rsp),$key
        and     \$-64,$key
 
-       # ... and make sure it doesn't alias with AES_T[ed] modulo 4096
+       # ... and make it doesn't alias with AES_Te modulo 4096
        mov     $sbox,%r10
-       lea     2304($sbox),%r11
+       lea     2048($sbox),%r11
        mov     $key,%r12
        and     \$0xFFF,%r10    # s = $sbox&0xfff
        and     \$0xFFF,%r11    # e = ($sbox+2048)&0xfff
@@ -1679,24 +1096,20 @@ AES_cbc_encrypt:
        xchg    %rsp,$key
        add     \$8,%rsp        # reserve for return address!
        mov     $key,$_rsp      # save %rsp
-       mov     %rdi,$_inp      # save copy of inp
-       mov     %rsi,$_out      # save copy of out
        mov     %rdx,$_len      # save copy of len
        mov     %rcx,$_key      # save copy of key
        mov     %r8,$_ivp       # save copy of ivp
        movl    \$0,$mark       # copy of aes_key->rounds = 0;
        mov     %r8,%rbp        # rearrange input arguments
-       mov     %r9,%rbx
        mov     %rsi,$out
        mov     %rdi,$inp
        mov     %rcx,$key
 
-       mov     240($key),%eax          # key->rounds
        # do we copy key schedule to stack?
        mov     $key,%r10
        sub     $sbox,%r10
        and     \$0xfff,%r10
-       cmp     \$2304,%r10
+       cmp     \$2048,%r10
        jb      .Lcbc_do_ecopy
        cmp     \$4096-248,%r10
        jb      .Lcbc_skip_ecopy
@@ -1707,11 +1120,12 @@ AES_cbc_encrypt:
                lea     $aes_key,$key
                mov     \$240/8,%ecx
                .long   0x90A548F3      # rep movsq
-               mov     %eax,(%rdi)     # copy aes_key->rounds
+               mov     (%rsi),%eax     # copy aes_key->rounds
+               mov     %eax,(%rdi)
 .Lcbc_skip_ecopy:
        mov     $key,$keyp      # save key pointer
 
-       mov     \$18,%ecx
+       mov     \$16,%ecx
 .align 4
 .Lcbc_prefetch_te:
                mov     0($sbox),%r10
@@ -1721,41 +1135,42 @@ AES_cbc_encrypt:
                lea     128($sbox),$sbox
                sub     \$1,%ecx
        jnz     .Lcbc_prefetch_te
-       lea     -2304($sbox),$sbox
-
-       cmp     \$0,%rbx
-       je      .LFAST_DECRYPT
+       sub     \$2048,$sbox
 
-#----------------------------- ENCRYPT -----------------------------#
+       test    \$-16,%rdx              # check upon length
+       mov     %rdx,%r10
        mov     0(%rbp),$s0             # load iv
        mov     4(%rbp),$s1
        mov     8(%rbp),$s2
        mov     12(%rbp),$s3
+       jz      .Lcbc_enc_tail          # short input...
 
 .align 4
-.Lcbc_fast_enc_loop:
+.Lcbc_enc_loop:
                xor     0($inp),$s0
                xor     4($inp),$s1
                xor     8($inp),$s2
                xor     12($inp),$s3
-               mov     $keyp,$key      # restore key
-               mov     $inp,$_inp      # if ($verticalspin) save inp
+               mov     $inp,$ivec      # if ($verticalspin) save inp
 
+               mov     $keyp,$key      # restore key
                call    _x86_64_AES_encrypt
 
-               mov     $_inp,$inp      # if ($verticalspin) restore inp
-               mov     $_len,%r10
+               mov     $ivec,$inp      # if ($verticalspin) restore inp
                mov     $s0,0($out)
                mov     $s1,4($out)
                mov     $s2,8($out)
                mov     $s3,12($out)
 
+               mov     $_len,%r10
                lea     16($inp),$inp
                lea     16($out),$out
                sub     \$16,%r10
                test    \$-16,%r10
                mov     %r10,$_len
-       jnz     .Lcbc_fast_enc_loop
+       jnz     .Lcbc_enc_loop
+       test    \$15,%r10
+       jnz     .Lcbc_enc_tail
        mov     $_ivp,%rbp      # restore ivp
        mov     $s0,0(%rbp)     # save ivec
        mov     $s1,4(%rbp)
@@ -1766,12 +1181,12 @@ AES_cbc_encrypt:
 .Lcbc_cleanup:
        cmpl    \$0,$mark       # was the key schedule copied?
        lea     $aes_key,%rdi
+       mov     $_rsp,%rsp
        je      .Lcbc_exit
                mov     \$240/8,%ecx
                xor     %rax,%rax
                .long   0x90AB48F3      # rep stosq
 .Lcbc_exit:
-       mov     $_rsp,%rsp
        popfq
        pop     %r15
        pop     %r14
@@ -1781,35 +1196,122 @@ AES_cbc_encrypt:
        pop     %rbx
 .Lcbc_just_ret:
        ret
-
+.align 4
+.Lcbc_enc_tail:
+       cmp     $inp,$out
+       je      .Lcbc_enc_in_place
+       mov     %r10,%rcx
+       mov     $inp,%rsi
+       mov     $out,%rdi
+       .long   0xF689A4F3              # rep movsb
+.Lcbc_enc_in_place:
+       mov     \$16,%rcx               # zero tail
+       sub     %r10,%rcx
+       xor     %rax,%rax
+       .long   0xF689AAF3              # rep stosb
+       mov     $out,$inp               # this is not a mistake!
+       movq    \$16,$_len              # len=16
+       jmp     .Lcbc_enc_loop          # one more spin...
 #----------------------------- DECRYPT -----------------------------#
 .align 16
-.LFAST_DECRYPT:
+.LDECRYPT:
+       lea     AES_Td-.Lcbc_pic_point($sbox),$sbox
+
+       # allocate aligned stack frame...
+       lea     -64-248(%rsp),$key
+       and     \$-64,$key
+
+       # ... and make it doesn't alias with AES_Td modulo 4096
+       mov     $sbox,%r10
+       lea     2304($sbox),%r11
+       mov     $key,%r12
+       and     \$0xFFF,%r10    # s = $sbox&0xfff
+       and     \$0xFFF,%r11    # e = ($sbox+2048+256)&0xfff
+       and     \$0xFFF,%r12    # p = %rsp&0xfff
+
+       cmp     %r11,%r12       # if (p=>e) %rsp =- (p-e);
+       jb      .Lcbc_td_break_out
+       sub     %r11,%r12
+       sub     %r12,$key
+       jmp     .Lcbc_td_ok
+.Lcbc_td_break_out:            # else %rsp -= (p-s)&0xfff + framesz
+       sub     %r10,%r12
+       and     \$0xFFF,%r12
+       add     \$320,%r12
+       sub     %r12,$key
+.align 4
+.Lcbc_td_ok:
+
+       xchg    %rsp,$key
+       add     \$8,%rsp        # reserve for return address!
+       mov     $key,$_rsp      # save %rsp
+       mov     %rdx,$_len      # save copy of len
+       mov     %rcx,$_key      # save copy of key
+       mov     %r8,$_ivp       # save copy of ivp
+       movl    \$0,$mark       # copy of aes_key->rounds = 0;
+       mov     %r8,%rbp        # rearrange input arguments
+       mov     %rsi,$out
+       mov     %rdi,$inp
+       mov     %rcx,$key
+
+       # do we copy key schedule to stack?
+       mov     $key,%r10
+       sub     $sbox,%r10
+       and     \$0xfff,%r10
+       cmp     \$2304,%r10
+       jb      .Lcbc_do_dcopy
+       cmp     \$4096-248,%r10
+       jb      .Lcbc_skip_dcopy
+.align 4
+.Lcbc_do_dcopy:
+               mov     $key,%rsi
+               lea     $aes_key,%rdi
+               lea     $aes_key,$key
+               mov     \$240/8,%ecx
+               .long   0x90A548F3      # rep movsq
+               mov     (%rsi),%eax     # copy aes_key->rounds
+               mov     %eax,(%rdi)
+.Lcbc_skip_dcopy:
+       mov     $key,$keyp      # save key pointer
+
+       mov     \$18,%ecx
+.align 4
+.Lcbc_prefetch_td:
+               mov     0($sbox),%r10
+               mov     32($sbox),%r11
+               mov     64($sbox),%r12
+               mov     96($sbox),%r13
+               lea     128($sbox),$sbox
+               sub     \$1,%ecx
+       jnz     .Lcbc_prefetch_td
+       sub     \$2304,$sbox
+
        cmp     $inp,$out
-       je      .Lcbc_fast_dec_in_place
+       je      .Lcbc_dec_in_place
 
        mov     %rbp,$ivec
 .align 4
-.Lcbc_fast_dec_loop:
-               mov     0($inp),$s0     # read input
+.Lcbc_dec_loop:
+               mov     0($inp),$s0             # read input
                mov     4($inp),$s1
                mov     8($inp),$s2
                mov     12($inp),$s3
-               mov     $keyp,$key      # restore key
-               mov     $inp,$_inp      # if ($verticalspin) save inp
+               mov     $inp,8+$ivec    # if ($verticalspin) save inp
 
+               mov     $keyp,$key      # restore key
                call    _x86_64_AES_decrypt
 
                mov     $ivec,%rbp      # load ivp
-               mov     $_inp,$inp      # if ($verticalspin) restore inp
-               mov     $_len,%r10      # load len
+               mov     8+$ivec,$inp    # if ($verticalspin) restore inp
                xor     0(%rbp),$s0     # xor iv
                xor     4(%rbp),$s1
                xor     8(%rbp),$s2
                xor     12(%rbp),$s3
                mov     $inp,%rbp       # current input, next iv
 
+               mov     $_len,%r10      # load len
                sub     \$16,%r10
+               jc      .Lcbc_dec_partial
                mov     %r10,$_len      # update len
                mov     %rbp,$ivec      # update ivp
 
@@ -1820,7 +1322,8 @@ AES_cbc_encrypt:
 
                lea     16($inp),$inp
                lea     16($out),$out
-       jnz     .Lcbc_fast_dec_loop
+       jnz     .Lcbc_dec_loop
+.Lcbc_dec_end:
        mov     $_ivp,%r12              # load user ivp
        mov     0(%rbp),%r10            # load iv
        mov     8(%rbp),%r11
@@ -1828,239 +1331,64 @@ AES_cbc_encrypt:
        mov     %r11,8(%r12)
        jmp     .Lcbc_cleanup
 
-.align 16
-.Lcbc_fast_dec_in_place:
-       mov     0(%rbp),%r10            # copy iv to stack
-       mov     8(%rbp),%r11
-       mov     %r10,0+$ivec
-       mov     %r11,8+$ivec
 .align 4
-.Lcbc_fast_dec_in_place_loop:
+.Lcbc_dec_partial:
+       mov     $s0,0+$ivec             # dump output to stack
+       mov     $s1,4+$ivec
+       mov     $s2,8+$ivec
+       mov     $s3,12+$ivec
+       mov     $out,%rdi
+       lea     $ivec,%rsi
+       mov     \$16,%rcx
+       add     %r10,%rcx               # number of bytes to copy
+       .long   0xF689A4F3              # rep movsb
+       jmp     .Lcbc_dec_end
+
+.align 16
+.Lcbc_dec_in_place:
                mov     0($inp),$s0     # load input
                mov     4($inp),$s1
                mov     8($inp),$s2
                mov     12($inp),$s3
-               mov     $keyp,$key      # restore key
-               mov     $inp,$_inp      # if ($verticalspin) save inp
 
+               mov     $inp,$ivec      # if ($verticalspin) save inp
+               mov     $keyp,$key
                call    _x86_64_AES_decrypt
 
-               mov     $_inp,$inp      # if ($verticalspin) restore inp
-               mov     $_len,%r10
-               xor     0+$ivec,$s0
-               xor     4+$ivec,$s1
-               xor     8+$ivec,$s2
-               xor     12+$ivec,$s3
-
-               mov     0($inp),%r11    # load input
-               mov     8($inp),%r12
-               sub     \$16,%r10
-               jz      .Lcbc_fast_dec_in_place_done
+               mov     $ivec,$inp      # if ($verticalspin) restore inp
+               mov     $_ivp,%rbp
+               xor     0(%rbp),$s0
+               xor     4(%rbp),$s1
+               xor     8(%rbp),$s2
+               xor     12(%rbp),$s3
 
-               mov     %r11,0+$ivec    # copy input to iv
-               mov     %r12,8+$ivec
+               mov     0($inp),%r10    # copy input to iv
+               mov     8($inp),%r11
+               mov     %r10,0(%rbp)
+               mov     %r11,8(%rbp)
 
                mov     $s0,0($out)     # save output [zaps input]
                mov     $s1,4($out)
                mov     $s2,8($out)
                mov     $s3,12($out)
 
+               mov     $_len,%rcx
                lea     16($inp),$inp
                lea     16($out),$out
-               mov     %r10,$_len
-       jmp     .Lcbc_fast_dec_in_place_loop
-.Lcbc_fast_dec_in_place_done:
-       mov     $_ivp,%rdi
-       mov     %r11,0(%rdi)    # copy iv back to user
-       mov     %r12,8(%rdi)
-
-       mov     $s0,0($out)     # save output [zaps input]
-       mov     $s1,4($out)
-       mov     $s2,8($out)
-       mov     $s3,12($out)
-
+               sub     \$16,%rcx
+               jc      .Lcbc_dec_in_place_partial
+               mov     %rcx,$_len
+       jnz     .Lcbc_dec_in_place
        jmp     .Lcbc_cleanup
 
-#--------------------------- SLOW ROUTINE ---------------------------#
-.align 16
-.Lcbc_slow_way:
-       # allocate aligned stack frame...
-       lea     -88(%rsp),%rbp
-       and     \$-64,%rbp
-       # ... just "above" key schedule
-       lea     -88-63(%rcx),%rax
-       sub     %rbp,%rax
-       neg     %rax
-       and     \$0x3c0,%rax
-       sub     %rax,%rbp
-
-       xchg    %rsp,%rbp
-       add     \$8,%rsp        # reserve for return address!
-       mov     %rbp,$_rsp      # save %rsp
-       #mov    %rdi,$_inp      # save copy of inp
-       #mov    %rsi,$_out      # save copy of out
-       #mov    %rdx,$_len      # save copy of len
-       #mov    %rcx,$_key      # save copy of key
-       mov     %r8,$_ivp       # save copy of ivp
-       mov     %r8,%rbp        # rearrange input arguments
-       mov     %r9,%rbx
-       mov     %rsi,$out
-       mov     %rdi,$inp
-       mov     %rcx,$key
-       mov     %rdx,%r10
-
-       mov     240($key),%eax
-       mov     $key,$keyp      # save key pointer
-       shl     \$4,%eax
-       lea     ($key,%rax),%rax
-       mov     %rax,$keyend
-
-       # pick Te4 copy which can't "overlap" with stack frame or key scdedule
-       lea     2048($sbox),$sbox
-       lea     768-8(%rsp),%rax
-       sub     $sbox,%rax
-       and     \$0x300,%rax
-       lea     ($sbox,%rax),$sbox
-
-       cmp     \$0,%rbx
-       je      .LSLOW_DECRYPT
-
-#--------------------------- SLOW ENCRYPT ---------------------------#
-       test    \$-16,%r10              # check upon length
-       mov     0(%rbp),$s0             # load iv
-       mov     4(%rbp),$s1
-       mov     8(%rbp),$s2
-       mov     12(%rbp),$s3
-       jz      .Lcbc_slow_enc_tail     # short input...
-
-.align 4
-.Lcbc_slow_enc_loop:
-               xor     0($inp),$s0
-               xor     4($inp),$s1
-               xor     8($inp),$s2
-               xor     12($inp),$s3
-               mov     $keyp,$key      # restore key
-               mov     $inp,$_inp      # save inp
-               mov     $out,$_out      # save out
-               mov     %r10,$_len      # save len
-
-               call    _x86_64_AES_encrypt_compact
-
-               mov     $_inp,$inp      # restore inp
-               mov     $_out,$out      # restore out
-               mov     $_len,%r10      # restore len
-               mov     $s0,0($out)
-               mov     $s1,4($out)
-               mov     $s2,8($out)
-               mov     $s3,12($out)
-
-               lea     16($inp),$inp
-               lea     16($out),$out
-               sub     \$16,%r10
-               test    \$-16,%r10
-       jnz     .Lcbc_slow_enc_loop
-       test    \$15,%r10
-       jnz     .Lcbc_slow_enc_tail
-       mov     $_ivp,%rbp      # restore ivp
-       mov     $s0,0(%rbp)     # save ivec
-       mov     $s1,4(%rbp)
-       mov     $s2,8(%rbp)
-       mov     $s3,12(%rbp)
-
-       jmp     .Lcbc_exit
-.align 4
-.Lcbc_slow_enc_tail:
-       cmp     $inp,$out
-       je      .Lcbc_slow_enc_in_place
-       mov     %r10,%rcx
-       mov     $inp,%rsi
-       mov     $out,%rdi
-       .long   0x9066A4F3              # rep movsb
-.Lcbc_slow_enc_in_place:
-       mov     \$16,%rcx               # zero tail
-       sub     %r10,%rcx
-       xor     %rax,%rax
-       .long   0x9066AAF3              # rep stosb
-       mov     $out,$inp               # this is not a mistake!
-       movq    \$16,$_len              # len=16
-       jmp     .Lcbc_slow_enc_loop     # one more spin...
-#--------------------------- SLOW DECRYPT ---------------------------#
-.align 16
-.LSLOW_DECRYPT:
-       shr     \$3,%rax
-       add     %rax,$sbox              # recall "magic" constants!
-
-       mov     0(%rbp),%r11            # copy iv to stack
-       mov     8(%rbp),%r12
-       mov     %r11,0+$ivec
-       mov     %r12,8+$ivec
-
 .align 4
-.Lcbc_slow_dec_loop:
-               mov     0($inp),$s0     # load input
-               mov     4($inp),$s1
-               mov     8($inp),$s2
-               mov     12($inp),$s3
-               mov     $keyp,$key      # restore key
-               mov     $inp,$_inp      # save inp
-               mov     $out,$_out      # save out
-               mov     %r10,$_len      # save len
-
-               call    _x86_64_AES_decrypt_compact
-
-               mov     $_inp,$inp      # restore inp
-               mov     $_out,$out      # restore out
-               mov     $_len,%r10
-               xor     0+$ivec,$s0
-               xor     4+$ivec,$s1
-               xor     8+$ivec,$s2
-               xor     12+$ivec,$s3
-
-               mov     0($inp),%r11    # load input
-               mov     8($inp),%r12
-               sub     \$16,%r10
-               jc      .Lcbc_slow_dec_partial
-               jz      .Lcbc_slow_dec_done
-
-               mov     %r11,0+$ivec    # copy input to iv
-               mov     %r12,8+$ivec
-
-               mov     $s0,0($out)     # save output [can zap input]
-               mov     $s1,4($out)
-               mov     $s2,8($out)
-               mov     $s3,12($out)
-
-               lea     16($inp),$inp
-               lea     16($out),$out
-       jmp     .Lcbc_slow_dec_loop
-.Lcbc_slow_dec_done:
-       mov     $_ivp,%rdi
-       mov     %r11,0(%rdi)            # copy iv back to user
-       mov     %r12,8(%rdi)
-
-       mov     $s0,0($out)             # save output [can zap input]
-       mov     $s1,4($out)
-       mov     $s2,8($out)
-       mov     $s3,12($out)
-
-       jmp     .Lcbc_exit
-
-.align 4
-.Lcbc_slow_dec_partial:
-       mov     $_ivp,%rdi
-       mov     %r11,0(%rdi)            # copy iv back to user
-       mov     %r12,8(%rdi)
-
-       mov     $s0,0+$ivec             # save output to stack
-       mov     $s1,4+$ivec
-       mov     $s2,8+$ivec
-       mov     $s3,12+$ivec
-
-       mov     $out,%rdi
-       lea     $ivec,%rsi
-       lea     16(%r10),%rcx
-       .long   0x9066A4F3      # rep movsb
-       jmp     .Lcbc_exit
+.Lcbc_dec_in_place_partial:
+       # one can argue if this is actually required
+       lea     ($out,%rcx),%rdi
+       lea     (%rbp,%rcx),%rsi
+       neg     %rcx
+       .long   0xF689A4F3      # rep movsb     # restore tail
+       jmp     .Lcbc_cleanup
 .size  AES_cbc_encrypt,.-AES_cbc_encrypt
 ___
 }
@@ -2134,145 +1462,11 @@ ___
        &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);
        &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);
        &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);
-
-#Te4   # four copies of Te4 to choose from to avoid L1 aliasing
-       &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
-       &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
-       &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
-       &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
-       &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
-       &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
-       &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
-       &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
-       &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
-       &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
-       &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
-       &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
-       &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
-       &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
-       &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
-       &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
-       &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
-       &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
-       &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
-       &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
-       &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
-       &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
-       &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
-       &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
-       &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
-       &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
-       &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
-       &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
-       &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
-       &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
-       &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
-       &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
-
-       &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
-       &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
-       &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
-       &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
-       &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
-       &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
-       &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
-       &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
-       &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
-       &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
-       &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
-       &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
-       &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
-       &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
-       &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
-       &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
-       &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
-       &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
-       &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
-       &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
-       &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
-       &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
-       &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
-       &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
-       &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
-       &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
-       &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
-       &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
-       &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
-       &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
-       &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
-       &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
-
-       &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
-       &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
-       &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
-       &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
-       &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
-       &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
-       &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
-       &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
-       &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
-       &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
-       &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
-       &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
-       &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
-       &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
-       &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
-       &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
-       &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
-       &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
-       &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
-       &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
-       &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
-       &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
-       &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
-       &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
-       &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
-       &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
-       &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
-       &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
-       &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
-       &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
-       &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
-       &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
-
-       &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
-       &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
-       &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
-       &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
-       &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
-       &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
-       &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
-       &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
-       &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
-       &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
-       &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
-       &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
-       &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
-       &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
-       &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
-       &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
-       &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
-       &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
-       &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
-       &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
-       &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
-       &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
-       &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
-       &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
-       &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
-       &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
-       &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
-       &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
-       &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
-       &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
-       &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
-       &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
 #rcon:
 $code.=<<___;
        .long   0x00000001, 0x00000002, 0x00000004, 0x00000008
        .long   0x00000010, 0x00000020, 0x00000040, 0x00000080
-       .long   0x0000001b, 0x00000036, 0x80808080, 0x80808080
-       .long   0xfefefefe, 0xfefefefe, 0x1b1b1b1b, 0x1b1b1b1b
+       .long   0x0000001b, 0x00000036, 0, 0, 0, 0, 0, 0
 ___
 $code.=<<___;
 .globl AES_Td
@@ -2343,44 +1537,7 @@ ___
        &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);
        &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
        &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
-
-#Td4:  # four copies of Td4 to choose from to avoid L1 aliasing
-       &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
-       &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
-       &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
-       &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
-       &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
-       &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
-       &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
-       &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
-       &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
-       &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
-       &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
-       &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
-       &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
-       &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
-       &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
-       &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
-       &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
-       &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
-       &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
-       &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
-       &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
-       &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
-       &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
-       &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
-       &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
-       &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
-       &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
-       &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
-       &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
-       &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
-       &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
-       &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
-$code.=<<___;
-       .long   0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
-       .long   0x1b1b1b1b, 0x1b1b1b1b, 0, 0
-___
+#Td4:
        &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
        &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
        &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
@@ -2413,84 +1570,6 @@ ___
        &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
        &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
        &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
-$code.=<<___;
-       .long   0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
-       .long   0x1b1b1b1b, 0x1b1b1b1b, 0, 0
-___
-       &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
-       &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
-       &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
-       &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
-       &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
-       &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
-       &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
-       &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
-       &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
-       &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
-       &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
-       &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
-       &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
-       &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
-       &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
-       &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
-       &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
-       &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
-       &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
-       &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
-       &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
-       &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
-       &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
-       &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
-       &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
-       &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
-       &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
-       &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
-       &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
-       &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
-       &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
-       &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
-$code.=<<___;
-       .long   0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
-       .long   0x1b1b1b1b, 0x1b1b1b1b, 0, 0
-___
-       &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
-       &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
-       &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
-       &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
-       &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
-       &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
-       &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
-       &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
-       &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
-       &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
-       &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
-       &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
-       &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
-       &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
-       &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
-       &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
-       &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
-       &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
-       &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
-       &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
-       &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
-       &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
-       &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
-       &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
-       &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
-       &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
-       &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
-       &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
-       &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
-       &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
-       &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
-       &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
-$code.=<<___;
-       .long   0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
-       .long   0x1b1b1b1b, 0x1b1b1b1b, 0, 0
-.asciz  "AES for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
-.align 64
-___
 
 $code =~ s/\`([^\`]*)\`/eval($1)/gem;
 
index 06cb5210a780e8ab5c8d22b6529f1df0f4c09b0d..6ca1457cd9c7d82fb7d1d84b37194e2f39a2cbf3 100644 (file)
@@ -26,7 +26,7 @@ LIBSRC=       a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
        t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
        tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
        f_int.c f_string.c n_pkey.c \
-       f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \
+       f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn_mime.c \
        asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \
        evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
 LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
@@ -38,7 +38,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
        t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
        tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
        f_int.o f_string.o n_pkey.o \
-       f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \
+       f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o asn_mime.o \
        asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \
        evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o
 
index a36356e34474e2b99b27683f124a57064a81f65b..dc980421d098bb2d641ca15b8cf55dfafb6dbc4d 100644 (file)
@@ -62,6 +62,7 @@
 #include <openssl/buffer.h>
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
+#include <openssl/bn.h>
 
 int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
        {
index a6acef16f3b3f27a5a51182ef289ced8796b562e..36beceacdb07e83ace8c91531822d8975edce57f 100644 (file)
@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1t.h>
+#include <openssl/objects.h>
 
 int ASN1_TYPE_get(ASN1_TYPE *a)
        {
@@ -79,6 +80,31 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
        a->value.ptr=value;
        }
 
+int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
+       {
+       if (!value || (type == V_ASN1_BOOLEAN))
+               {
+               void *p = (void *)value;
+               ASN1_TYPE_set(a, type, p);
+               }
+       else if (type == V_ASN1_OBJECT)
+               {
+               ASN1_OBJECT *odup;
+               odup = OBJ_dup(value);
+               if (!odup)
+                       return 0;
+               ASN1_TYPE_set(a, type, odup);
+               }
+       else
+               {
+               ASN1_STRING *sdup;
+               sdup = ASN1_STRING_dup((ASN1_STRING *)value);
+               if (!sdup)
+                       return 0;
+               ASN1_TYPE_set(a, type, sdup);
+               }
+       return 1;
+       }
 
 IMPLEMENT_STACK_OF(ASN1_TYPE)
 IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
index 9780d33594859be135d12c0c50a42be97471a14b..424cd348bb5e1b394447b2a86e3d0f24e4e71680 100644 (file)
@@ -158,7 +158,12 @@ extern "C" {
 #define MBSTRING_BMP           (MBSTRING_FLAG|2)
 #define MBSTRING_UNIV          (MBSTRING_FLAG|4)
 
+#define SMIME_OLDMIME          0x400
+#define SMIME_CRLFEOL          0x800
+#define SMIME_STREAM           0x1000
+
 struct X509_algor_st;
+DECLARE_STACK_OF(X509_ALGOR)
 
 #define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */
 #define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */
@@ -218,6 +223,13 @@ typedef struct asn1_object_st
  * be inserted in the memory buffer 
  */
 #define ASN1_STRING_FLAG_NDEF 0x010 
+
+/* This flag is used by the CMS code to indicate that a string is not
+ * complete and is a place holder for content when it had all been 
+ * accessed. The flag will be reset when content has been written to it.
+ */
+#define ASN1_STRING_FLAG_CONT 0x020 
+
 /* This is the base type that holds just about everything :-) */
 typedef struct asn1_string_st
        {
@@ -311,8 +323,8 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;
        int i2d_##name##_NDEF(name *a, unsigned char **out);
 
 #define DECLARE_ASN1_FUNCTIONS_const(name) \
-       name *name##_new(void); \
-       void name##_free(name *a);
+       DECLARE_ASN1_ALLOC_FUNCTIONS(name) \
+       DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name)
 
 #define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
        type *name##_new(void); \
@@ -753,6 +765,7 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
 
 int ASN1_TYPE_get(ASN1_TYPE *a);
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
+int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
 
 ASN1_OBJECT *  ASN1_OBJECT_new(void );
 void           ASN1_OBJECT_free(ASN1_OBJECT *a);
@@ -775,6 +788,7 @@ int                 ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
   /* Since this is used to store all sorts of things, via macros, for now, make
      its data void * */
 int            ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
+void           ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
 int ASN1_STRING_length(ASN1_STRING *x);
 void ASN1_STRING_length_set(ASN1_STRING *x, int n);
 int ASN1_STRING_type(ASN1_STRING *x);
@@ -927,6 +941,12 @@ void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x);
 
 void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
 
+/* ASN1 alloc/free macros for when a type is only used internally */
+
+#define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type))
+#define M_ASN1_free_of(x, type) \
+               ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type))
+
 #ifndef OPENSSL_NO_FP_API
 void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x);
 
@@ -1055,7 +1075,17 @@ void ASN1_add_oid_module(void);
 
 ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
 ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
-       
+
+typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+                                       const ASN1_ITEM *it);
+
+int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+                               int ctype_nid, int econt_nid,
+                               STACK_OF(X509_ALGOR) *mdalgs,
+                               asn1_output_data_fn *data_fn,
+                               const ASN1_ITEM *it);
+ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -1105,6 +1135,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_ITEM_VERIFY                                 197
 #define ASN1_F_ASN1_MBSTRING_NCOPY                      122
 #define ASN1_F_ASN1_OBJECT_NEW                          123
+#define ASN1_F_ASN1_OUTPUT_DATA                                 207
 #define ASN1_F_ASN1_PACK_STRING                                 124
 #define ASN1_F_ASN1_PCTX_NEW                            205
 #define ASN1_F_ASN1_PKCS5_PBE_SET                       125
@@ -1124,6 +1155,8 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_UNPACK_STRING                       136
 #define ASN1_F_ASN1_UTCTIME_SET                                 187
 #define ASN1_F_ASN1_VERIFY                              137
+#define ASN1_F_B64_READ_ASN1                            208
+#define ASN1_F_B64_WRITE_ASN1                           209
 #define ASN1_F_BITSTR_CB                                180
 #define ASN1_F_BN_TO_ASN1_ENUMERATED                    138
 #define ASN1_F_BN_TO_ASN1_INTEGER                       139
@@ -1164,6 +1197,8 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_PARSE_TAGGING                            182
 #define ASN1_F_PKCS5_PBE2_SET                           167
 #define ASN1_F_PKCS5_PBE_SET                            202
+#define ASN1_F_SMIME_READ_ASN1                          210
+#define ASN1_F_SMIME_TEXT                               211
 #define ASN1_F_X509_CINF_NEW                            168
 #define ASN1_F_X509_CRL_ADD0_REVOKED                    169
 #define ASN1_F_X509_INFO_NEW                            170
@@ -1175,6 +1210,8 @@ void ERR_load_ASN1_strings(void);
 
 /* Reason codes. */
 #define ASN1_R_ADDING_OBJECT                            171
+#define ASN1_R_ASN1_PARSE_ERROR                                 198
+#define ASN1_R_ASN1_SIG_PARSE_ERROR                     199
 #define ASN1_R_AUX_ERROR                                100
 #define ASN1_R_BAD_CLASS                                101
 #define ASN1_R_BAD_OBJECT_HEADER                        102
@@ -1221,6 +1258,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG               128
 #define ASN1_R_INVALID_BMPSTRING_LENGTH                         129
 #define ASN1_R_INVALID_DIGIT                            130
+#define ASN1_R_INVALID_MIME_TYPE                        200
 #define ASN1_R_INVALID_MODIFIER                                 186
 #define ASN1_R_INVALID_NUMBER                           187
 #define ASN1_R_INVALID_SEPARATOR                        131
@@ -1230,6 +1268,9 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_IV_TOO_LARGE                             135
 #define ASN1_R_LENGTH_ERROR                             136
 #define ASN1_R_LIST_ERROR                               188
+#define ASN1_R_MIME_NO_CONTENT_TYPE                     201
+#define ASN1_R_MIME_PARSE_ERROR                                 202
+#define ASN1_R_MIME_SIG_PARSE_ERROR                     203
 #define ASN1_R_MISSING_EOC                              137
 #define ASN1_R_MISSING_SECOND_NUMBER                    138
 #define ASN1_R_MISSING_VALUE                            189
@@ -1239,7 +1280,11 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_NON_HEX_CHARACTERS                       141
 #define ASN1_R_NOT_ASCII_FORMAT                                 190
 #define ASN1_R_NOT_ENOUGH_DATA                          142
+#define ASN1_R_NO_CONTENT_TYPE                          204
 #define ASN1_R_NO_MATCHING_CHOICE_TYPE                  143
+#define ASN1_R_NO_MULTIPART_BODY_FAILURE                205
+#define ASN1_R_NO_MULTIPART_BOUNDARY                    206
+#define ASN1_R_NO_SIG_CONTENT_TYPE                      207
 #define ASN1_R_NULL_IS_WRONG_LENGTH                     144
 #define ASN1_R_OBJECT_NOT_ASCII_FORMAT                  191
 #define ASN1_R_ODD_NUMBER_OF_CHARS                      145
@@ -1249,6 +1294,8 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_SEQUENCE_NOT_CONSTRUCTED                         149
 #define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG             192
 #define ASN1_R_SHORT_LINE                               150
+#define ASN1_R_SIG_INVALID_MIME_TYPE                    208
+#define ASN1_R_STREAMING_NOT_SUPPORTED                  209
 #define ASN1_R_STRING_TOO_LONG                          151
 #define ASN1_R_STRING_TOO_SHORT                                 152
 #define ASN1_R_TAG_VALUE_TOO_HIGH                       153
index f6b5c3f3dd7702086c99017a73d40bd794a9024f..f8a3e2e6cd015ebd2b56b215cbcb5d7d6a181313 100644 (file)
@@ -1,6 +1,6 @@
 /* crypto/asn1/asn1_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -110,6 +110,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY),    "ASN1_item_verify"},
 {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"},
 {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW),     "ASN1_OBJECT_new"},
+{ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA),    "ASN1_OUTPUT_DATA"},
 {ERR_FUNC(ASN1_F_ASN1_PACK_STRING),    "ASN1_pack_string"},
 {ERR_FUNC(ASN1_F_ASN1_PCTX_NEW),       "ASN1_PCTX_NEW"},
 {ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET),  "ASN1_PKCS5_PBE_SET"},
@@ -129,6 +130,8 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING),  "ASN1_unpack_string"},
 {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET),    "ASN1_UTCTIME_set"},
 {ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"},
+{ERR_FUNC(ASN1_F_B64_READ_ASN1),       "B64_READ_ASN1"},
+{ERR_FUNC(ASN1_F_B64_WRITE_ASN1),      "B64_WRITE_ASN1"},
 {ERR_FUNC(ASN1_F_BITSTR_CB),   "BITSTR_CB"},
 {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED),       "BN_to_ASN1_ENUMERATED"},
 {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER),  "BN_to_ASN1_INTEGER"},
@@ -169,6 +172,8 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_PARSE_TAGGING),       "PARSE_TAGGING"},
 {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET),      "PKCS5_pbe2_set"},
 {ERR_FUNC(ASN1_F_PKCS5_PBE_SET),       "PKCS5_pbe_set"},
+{ERR_FUNC(ASN1_F_SMIME_READ_ASN1),     "SMIME_read_ASN1"},
+{ERR_FUNC(ASN1_F_SMIME_TEXT),  "SMIME_text"},
 {ERR_FUNC(ASN1_F_X509_CINF_NEW),       "X509_CINF_NEW"},
 {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED),       "X509_CRL_add0_revoked"},
 {ERR_FUNC(ASN1_F_X509_INFO_NEW),       "X509_INFO_new"},
@@ -183,6 +188,8 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 static ERR_STRING_DATA ASN1_str_reasons[]=
        {
 {ERR_REASON(ASN1_R_ADDING_OBJECT)        ,"adding object"},
+{ERR_REASON(ASN1_R_ASN1_PARSE_ERROR)     ,"asn1 parse error"},
+{ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR) ,"asn1 sig parse error"},
 {ERR_REASON(ASN1_R_AUX_ERROR)            ,"aux error"},
 {ERR_REASON(ASN1_R_BAD_CLASS)            ,"bad class"},
 {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER)    ,"bad object header"},
@@ -229,6 +236,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
 {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
 {ERR_REASON(ASN1_R_INVALID_DIGIT)        ,"invalid digit"},
+{ERR_REASON(ASN1_R_INVALID_MIME_TYPE)    ,"invalid mime type"},
 {ERR_REASON(ASN1_R_INVALID_MODIFIER)     ,"invalid modifier"},
 {ERR_REASON(ASN1_R_INVALID_NUMBER)       ,"invalid number"},
 {ERR_REASON(ASN1_R_INVALID_SEPARATOR)    ,"invalid separator"},
@@ -238,6 +246,9 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_IV_TOO_LARGE)         ,"iv too large"},
 {ERR_REASON(ASN1_R_LENGTH_ERROR)         ,"length error"},
 {ERR_REASON(ASN1_R_LIST_ERROR)           ,"list error"},
+{ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE) ,"mime no content type"},
+{ERR_REASON(ASN1_R_MIME_PARSE_ERROR)     ,"mime parse error"},
+{ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR) ,"mime sig parse error"},
 {ERR_REASON(ASN1_R_MISSING_EOC)          ,"missing eoc"},
 {ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"},
 {ERR_REASON(ASN1_R_MISSING_VALUE)        ,"missing value"},
@@ -247,7 +258,11 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS)   ,"non hex characters"},
 {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT)     ,"not ascii format"},
 {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA)      ,"not enough data"},
+{ERR_REASON(ASN1_R_NO_CONTENT_TYPE)      ,"no content type"},
 {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"},
+{ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
+{ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
+{ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE)  ,"no sig content type"},
 {ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"},
 {ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT),"object not ascii format"},
 {ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS)  ,"odd number of chars"},
@@ -257,6 +272,8 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"},
 {ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),"sequence or set needs config"},
 {ERR_REASON(ASN1_R_SHORT_LINE)           ,"short line"},
+{ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"},
+{ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED),"streaming not supported"},
 {ERR_REASON(ASN1_R_STRING_TOO_LONG)      ,"string too long"},
 {ERR_REASON(ASN1_R_STRING_TOO_SHORT)     ,"string too short"},
 {ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH)   ,"tag value too high"},
index d5ae5b2258a4d156d4d7a9d93b6aea0a10523978..5af559ef8da70c5b24da7e620c28f17e6d9a05b9 100644 (file)
@@ -393,6 +393,14 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
        return(1);
        }
 
+void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len)
+       {
+       if (str->data)
+               OPENSSL_free(str->data);
+       str->data = data;
+       str->length = len;
+       }
+
 ASN1_STRING *ASN1_STRING_new(void)
        {
        return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
index adbc2a63dd0f3c0da0b7242b4bb73754a04009d8..bf315e65ed38b890223837fee7d4557d9f46c41a 100644 (file)
@@ -169,6 +169,9 @@ extern "C" {
 #define ASN1_NDEF_SEQUENCE(tname) \
        ASN1_SEQUENCE(tname)
 
+#define ASN1_NDEF_SEQUENCE_cb(tname, cb) \
+       ASN1_SEQUENCE_cb(tname, cb)
+
 #define ASN1_SEQUENCE_cb(tname, cb) \
        static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
        ASN1_SEQUENCE(tname)
@@ -368,6 +371,10 @@ extern "C" {
 #define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
 
+/* EXPLICIT using indefinite length constructed form */
+#define ASN1_NDEF_EXP(stname, field, type, tag) \
+                       ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF)
+
 /* EXPLICIT OPTIONAL using indefinite length constructed form */
 #define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \
                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF)
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
new file mode 100644 (file)
index 0000000..fe7c4ec
--- /dev/null
@@ -0,0 +1,874 @@
+/* asn_mime.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+/* Generalised MIME like utilities for streaming ASN1. Although many
+ * have a PKCS7/CMS like flavour others are more general purpose.
+ */
+
+/* MIME format structures
+ * Note that all are translated to lower case apart from
+ * parameter values. Quotes are stripped off
+ */
+
+typedef struct {
+char *param_name;                      /* Param name e.g. "micalg" */
+char *param_value;                     /* Param value e.g. "sha1" */
+} MIME_PARAM;
+
+DECLARE_STACK_OF(MIME_PARAM)
+IMPLEMENT_STACK_OF(MIME_PARAM)
+
+typedef struct {
+char *name;                            /* Name of line e.g. "content-type" */
+char *value;                           /* Value of line e.g. "text/plain" */
+STACK_OF(MIME_PARAM) *params;          /* Zero or more parameters */
+} MIME_HEADER;
+
+DECLARE_STACK_OF(MIME_HEADER)
+IMPLEMENT_STACK_OF(MIME_HEADER)
+
+static char * strip_ends(char *name);
+static char * strip_start(char *name);
+static char * strip_end(char *name);
+static MIME_HEADER *mime_hdr_new(char *name, char *value);
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
+static int mime_hdr_cmp(const MIME_HEADER * const *a,
+                       const MIME_HEADER * const *b);
+static int mime_param_cmp(const MIME_PARAM * const *a,
+                       const MIME_PARAM * const *b);
+static void mime_param_free(MIME_PARAM *param);
+static int mime_bound_check(char *line, int linelen, char *bound, int blen);
+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
+static int strip_eol(char *linebuf, int *plen);
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
+static void mime_hdr_free(MIME_HEADER *hdr);
+
+#define MAX_SMLEN 1024
+#define mime_debug(x) /* x */
+
+/* Base 64 read and write of ASN1 structure */
+
+static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                               const ASN1_ITEM *it)
+       {
+       BIO *b64;
+       int r;
+       b64 = BIO_new(BIO_f_base64());
+       if(!b64)
+               {
+               ASN1err(ASN1_F_B64_WRITE_ASN1,ERR_R_MALLOC_FAILURE);
+               return 0;
+               }
+       /* prepend the b64 BIO so all data is base64 encoded.
+        */
+       out = BIO_push(b64, out);
+       r = ASN1_item_i2d_bio(it, out, val);
+       (void)BIO_flush(out);
+       BIO_pop(out);
+       BIO_free(b64);
+       return r;
+       }
+
+static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
+{
+       BIO *b64;
+       ASN1_VALUE *val;
+       if(!(b64 = BIO_new(BIO_f_base64()))) {
+               ASN1err(ASN1_F_B64_READ_ASN1,ERR_R_MALLOC_FAILURE);
+               return 0;
+       }
+       bio = BIO_push(b64, bio);
+       val = ASN1_item_d2i_bio(it, bio, NULL);
+       if(!val)
+               ASN1err(ASN1_F_B64_READ_ASN1,ASN1_R_DECODE_ERROR);
+       (void)BIO_flush(bio);
+       bio = BIO_pop(bio);
+       BIO_free(b64);
+       return val;
+}
+
+/* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */
+
+static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
+       {
+       const EVP_MD *md;
+       int i, have_unknown = 0, write_comma, md_nid;
+       have_unknown = 0;
+       write_comma = 0;
+       for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++)
+               {
+               if (write_comma)
+                       BIO_write(out, ",", 1);
+               write_comma = 1;
+               md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
+               md = EVP_get_digestbynid(md_nid);
+               switch(md_nid)
+                       {
+                       case NID_sha1:
+                       BIO_puts(out, "sha1");
+                       break;
+
+                       case NID_md5:
+                       BIO_puts(out, "md5");
+                       break;
+
+                       case NID_sha256:
+                       BIO_puts(out, "sha-256");
+                       break;
+
+                       case NID_sha384:
+                       BIO_puts(out, "sha-384");
+                       break;
+
+                       case NID_sha512:
+                       BIO_puts(out, "sha-512");
+                       break;
+
+                       default:
+                       if (have_unknown)
+                               write_comma = 0;
+                       else
+                               {
+                               BIO_puts(out, "unknown");
+                               have_unknown = 1;
+                               }
+                       break;
+
+                       }
+               }
+
+       return 1;
+
+       }
+
+/* SMIME sender */
+
+int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+                               int ctype_nid, int econt_nid,
+                               STACK_OF(X509_ALGOR) *mdalgs,
+                               asn1_output_data_fn *data_fn,
+                               const ASN1_ITEM *it)
+{
+       char bound[33], c;
+       int i;
+       const char *mime_prefix, *mime_eol, *cname = "smime.p7m";
+       const char *msg_type=NULL;
+       if (flags & SMIME_OLDMIME)
+               mime_prefix = "application/x-pkcs7-";
+       else
+               mime_prefix = "application/pkcs7-";
+
+       if (flags & SMIME_CRLFEOL)
+               mime_eol = "\r\n";
+       else
+               mime_eol = "\n";
+       if((flags & SMIME_DETACHED) && data) {
+       /* We want multipart/signed */
+               /* Generate a random boundary */
+               RAND_pseudo_bytes((unsigned char *)bound, 32);
+               for(i = 0; i < 32; i++) {
+                       c = bound[i] & 0xf;
+                       if(c < 10) c += '0';
+                       else c += 'A' - 10;
+                       bound[i] = c;
+               }
+               bound[32] = 0;
+               BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+               BIO_printf(bio, "Content-Type: multipart/signed;");
+               BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
+               BIO_puts(bio, " micalg=\"");
+               asn1_write_micalg(bio, mdalgs);
+               BIO_printf(bio, "\"; boundary=\"----%s\"%s%s",
+                                               bound, mime_eol, mime_eol);
+               BIO_printf(bio, "This is an S/MIME signed message%s%s",
+                                               mime_eol, mime_eol);
+               /* Now write out the first part */
+               BIO_printf(bio, "------%s%s", bound, mime_eol);
+               if (!data_fn(bio, data, val, flags, it))
+                       return 0;
+               BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
+
+               /* Headers for signature */
+
+               BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); 
+               BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
+               BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
+                                                               mime_eol);
+               BIO_printf(bio, "Content-Disposition: attachment;");
+               BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
+                                                       mime_eol, mime_eol);
+               B64_write_ASN1(bio, val, NULL, 0, it);
+               BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
+                                                       mime_eol, mime_eol);
+               return 1;
+       }
+
+       /* Determine smime-type header */
+
+       if (ctype_nid == NID_pkcs7_enveloped)
+               msg_type = "enveloped-data";
+       else if (ctype_nid == NID_pkcs7_signed)
+               {
+               if (econt_nid == NID_id_smime_ct_receipt)
+                       msg_type = "signed-receipt";
+               else if (sk_X509_ALGOR_num(mdalgs) >= 0)
+                       msg_type = "signed-data";
+               else
+                       msg_type = "certs-only";
+               }
+       else if (ctype_nid == NID_id_smime_ct_compressedData)
+               {
+               msg_type = "compressed-data";
+               cname = "smime.p7z";
+               }
+       /* MIME headers */
+       BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+       BIO_printf(bio, "Content-Disposition: attachment;");
+       BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol);
+       BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
+       if (msg_type)
+               BIO_printf(bio, " smime-type=%s;", msg_type);
+       BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol);
+       BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
+                                               mime_eol, mime_eol);
+       if (!B64_write_ASN1(bio, val, data, flags, it))
+               return 0;
+       BIO_printf(bio, "%s", mime_eol);
+       return 1;
+}
+
+#if 0
+
+/* Handle output of ASN1 data */
+
+
+static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+                                       const ASN1_ITEM *it)
+       {
+       BIO *tmpbio;
+       const ASN1_AUX *aux = it->funcs;
+       ASN1_STREAM_ARG sarg;
+
+       if (!(flags & SMIME_DETACHED))
+               {
+               SMIME_crlf_copy(data, out, flags);
+               return 1;
+               }
+
+       if (!aux || !aux->asn1_cb)
+               {
+               ASN1err(ASN1_F_ASN1_OUTPUT_DATA,
+                                       ASN1_R_STREAMING_NOT_SUPPORTED);
+               return 0;
+               }
+
+       sarg.out = out;
+       sarg.ndef_bio = NULL;
+       sarg.boundary = NULL;
+
+       /* Let ASN1 code prepend any needed BIOs */
+
+       if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0)
+               return 0;
+
+       /* Copy data across, passing through filter BIOs for processing */
+       SMIME_crlf_copy(data, sarg.ndef_bio, flags);
+
+       /* Finalize structure */
+       if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
+               return 0;
+
+       /* Now remove any digests prepended to the BIO */
+
+       while (sarg.ndef_bio != out)
+               {
+               tmpbio = BIO_pop(sarg.ndef_bio);
+               BIO_free(sarg.ndef_bio);
+               sarg.ndef_bio = tmpbio;
+               }
+
+       return 1;
+
+       }
+
+#endif
+
+/* SMIME reader: handle multipart/signed and opaque signing.
+ * in multipart case the content is placed in a memory BIO
+ * pointed to by "bcont". In opaque this is set to NULL
+ */
+
+ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
+{
+       BIO *asnin;
+       STACK_OF(MIME_HEADER) *headers = NULL;
+       STACK_OF(BIO) *parts = NULL;
+       MIME_HEADER *hdr;
+       MIME_PARAM *prm;
+       ASN1_VALUE *val;
+       int ret;
+
+       if(bcont) *bcont = NULL;
+
+       if (!(headers = mime_parse_hdr(bio))) {
+               ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_PARSE_ERROR);
+               return NULL;
+       }
+
+       if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+               sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+               ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE);
+               return NULL;
+       }
+
+       /* Handle multipart/signed */
+
+       if(!strcmp(hdr->value, "multipart/signed")) {
+               /* Split into two parts */
+               prm = mime_param_find(hdr, "boundary");
+               if(!prm || !prm->param_value) {
+                       sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                       ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY);
+                       return NULL;
+               }
+               ret = multi_split(bio, prm->param_value, &parts);
+               sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+               if(!ret || (sk_BIO_num(parts) != 2) ) {
+                       ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE);
+                       sk_BIO_pop_free(parts, BIO_vfree);
+                       return NULL;
+               }
+
+               /* Parse the signature piece */
+               asnin = sk_BIO_value(parts, 1);
+
+               if (!(headers = mime_parse_hdr(asnin))) {
+                       ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_SIG_PARSE_ERROR);
+                       sk_BIO_pop_free(parts, BIO_vfree);
+                       return NULL;
+               }
+
+               /* Get content type */
+
+               if(!(hdr = mime_hdr_find(headers, "content-type")) ||
+                                                                !hdr->value) {
+                       sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                       ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
+                       return NULL;
+               }
+
+               if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
+                       strcmp(hdr->value, "application/pkcs7-signature")) {
+                       sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                       ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE);
+                       ERR_add_error_data(2, "type: ", hdr->value);
+                       sk_BIO_pop_free(parts, BIO_vfree);
+                       return NULL;
+               }
+               sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+               /* Read in ASN1 */
+               if(!(val = b64_read_asn1(asnin, it))) {
+                       ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_ASN1_SIG_PARSE_ERROR);
+                       sk_BIO_pop_free(parts, BIO_vfree);
+                       return NULL;
+               }
+
+               if(bcont) {
+                       *bcont = sk_BIO_value(parts, 0);
+                       BIO_free(asnin);
+                       sk_BIO_free(parts);
+               } else sk_BIO_pop_free(parts, BIO_vfree);
+               return val;
+       }
+               
+       /* OK, if not multipart/signed try opaque signature */
+
+       if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
+           strcmp (hdr->value, "application/pkcs7-mime")) {
+               ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_INVALID_MIME_TYPE);
+               ERR_add_error_data(2, "type: ", hdr->value);
+               sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+               return NULL;
+       }
+
+       sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+       
+       if(!(val = b64_read_asn1(bio, it))) {
+               ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR);
+               return NULL;
+       }
+       return val;
+
+}
+
+/* Copy text from one BIO to another making the output CRLF at EOL */
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
+{
+       BIO *bf;
+       char eol;
+       int len;
+       char linebuf[MAX_SMLEN];
+       /* Buffer output so we don't write one line at a time. This is
+        * useful when streaming as we don't end up with one OCTET STRING
+        * per line.
+        */
+       bf = BIO_new(BIO_f_buffer());
+       if (!bf)
+               return 0;
+       out = BIO_push(bf, out);
+       if(flags & SMIME_BINARY)
+               {
+               while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
+                                               BIO_write(out, linebuf, len);
+               }
+       else
+               {
+               if(flags & SMIME_TEXT)
+                       BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
+               while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0)
+                       {
+                       eol = strip_eol(linebuf, &len);
+                       if (len)
+                               BIO_write(out, linebuf, len);
+                       if(eol) BIO_write(out, "\r\n", 2);
+                       }
+               }
+       (void)BIO_flush(out);
+       BIO_pop(out);
+       BIO_free(bf);
+       return 1;
+}
+
+/* Strip off headers if they are text/plain */
+int SMIME_text(BIO *in, BIO *out)
+{
+       char iobuf[4096];
+       int len;
+       STACK_OF(MIME_HEADER) *headers;
+       MIME_HEADER *hdr;
+
+       if (!(headers = mime_parse_hdr(in))) {
+               ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_PARSE_ERROR);
+               return 0;
+       }
+       if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+               ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_NO_CONTENT_TYPE);
+               sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+               return 0;
+       }
+       if (strcmp (hdr->value, "text/plain")) {
+               ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_INVALID_MIME_TYPE);
+               ERR_add_error_data(2, "type: ", hdr->value);
+               sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+               return 0;
+       }
+       sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+       while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
+                                               BIO_write(out, iobuf, len);
+       return 1;
+}
+
+/* Split a multipart/XXX message body into component parts: result is
+ * canonical parts in a STACK of bios
+ */
+
+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
+{
+       char linebuf[MAX_SMLEN];
+       int len, blen;
+       int eol = 0, next_eol = 0;
+       BIO *bpart = NULL;
+       STACK_OF(BIO) *parts;
+       char state, part, first;
+
+       blen = strlen(bound);
+       part = 0;
+       state = 0;
+       first = 1;
+       parts = sk_BIO_new_null();
+       *ret = parts;
+       while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+               state = mime_bound_check(linebuf, len, bound, blen);
+               if(state == 1) {
+                       first = 1;
+                       part++;
+               } else if(state == 2) {
+                       sk_BIO_push(parts, bpart);
+                       return 1;
+               } else if(part) {
+                       /* Strip CR+LF from linebuf */
+                       next_eol = strip_eol(linebuf, &len);
+                       if(first) {
+                               first = 0;
+                               if(bpart) sk_BIO_push(parts, bpart);
+                               bpart = BIO_new(BIO_s_mem());
+                               BIO_set_mem_eof_return(bpart, 0);
+                       } else if (eol)
+                               BIO_write(bpart, "\r\n", 2);
+                       eol = next_eol;
+                       if (len)
+                               BIO_write(bpart, linebuf, len);
+               }
+       }
+       return 0;
+}
+
+/* This is the big one: parse MIME header lines up to message body */
+
+#define MIME_INVALID   0
+#define MIME_START     1
+#define MIME_TYPE      2
+#define MIME_NAME      3
+#define MIME_VALUE     4
+#define MIME_QUOTE     5
+#define MIME_COMMENT   6
+
+
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
+{
+       char *p, *q, c;
+       char *ntmp;
+       char linebuf[MAX_SMLEN];
+       MIME_HEADER *mhdr = NULL;
+       STACK_OF(MIME_HEADER) *headers;
+       int len, state, save_state = 0;
+
+       headers = sk_MIME_HEADER_new(mime_hdr_cmp);
+       while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+       /* If whitespace at line start then continuation line */
+       if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
+       else state = MIME_START;
+       ntmp = NULL;
+       /* Go through all characters */
+       for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
+
+       /* State machine to handle MIME headers
+        * if this looks horrible that's because it *is*
+         */
+
+               switch(state) {
+                       case MIME_START:
+                       if(c == ':') {
+                               state = MIME_TYPE;
+                               *p = 0;
+                               ntmp = strip_ends(q);
+                               q = p + 1;
+                       }
+                       break;
+
+                       case MIME_TYPE:
+                       if(c == ';') {
+                               mime_debug("Found End Value\n");
+                               *p = 0;
+                               mhdr = mime_hdr_new(ntmp, strip_ends(q));
+                               sk_MIME_HEADER_push(headers, mhdr);
+                               ntmp = NULL;
+                               q = p + 1;
+                               state = MIME_NAME;
+                       } else if(c == '(') {
+                               save_state = state;
+                               state = MIME_COMMENT;
+                       }
+                       break;
+
+                       case MIME_COMMENT:
+                       if(c == ')') {
+                               state = save_state;
+                       }
+                       break;
+
+                       case MIME_NAME:
+                       if(c == '=') {
+                               state = MIME_VALUE;
+                               *p = 0;
+                               ntmp = strip_ends(q);
+                               q = p + 1;
+                       }
+                       break ;
+
+                       case MIME_VALUE:
+                       if(c == ';') {
+                               state = MIME_NAME;
+                               *p = 0;
+                               mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+                               ntmp = NULL;
+                               q = p + 1;
+                       } else if (c == '"') {
+                               mime_debug("Found Quote\n");
+                               state = MIME_QUOTE;
+                       } else if(c == '(') {
+                               save_state = state;
+                               state = MIME_COMMENT;
+                       }
+                       break;
+
+                       case MIME_QUOTE:
+                       if(c == '"') {
+                               mime_debug("Found Match Quote\n");
+                               state = MIME_VALUE;
+                       }
+                       break;
+               }
+       }
+
+       if(state == MIME_TYPE) {
+               mhdr = mime_hdr_new(ntmp, strip_ends(q));
+               sk_MIME_HEADER_push(headers, mhdr);
+       } else if(state == MIME_VALUE)
+                        mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+       if(p == linebuf) break; /* Blank line means end of headers */
+}
+
+return headers;
+
+}
+
+static char *strip_ends(char *name)
+{
+       return strip_end(strip_start(name));
+}
+
+/* Strip a parameter of whitespace from start of param */
+static char *strip_start(char *name)
+{
+       char *p, c;
+       /* Look for first non white space or quote */
+       for(p = name; (c = *p) ;p++) {
+               if(c == '"') {
+                       /* Next char is start of string if non null */
+                       if(p[1]) return p + 1;
+                       /* Else null string */
+                       return NULL;
+               }
+               if(!isspace((unsigned char)c)) return p;
+       }
+       return NULL;
+}
+
+/* As above but strip from end of string : maybe should handle brackets? */
+static char *strip_end(char *name)
+{
+       char *p, c;
+       if(!name) return NULL;
+       /* Look for first non white space or quote */
+       for(p = name + strlen(name) - 1; p >= name ;p--) {
+               c = *p;
+               if(c == '"') {
+                       if(p - 1 == name) return NULL;
+                       *p = 0;
+                       return name;
+               }
+               if(isspace((unsigned char)c)) *p = 0;   
+               else return name;
+       }
+       return NULL;
+}
+
+static MIME_HEADER *mime_hdr_new(char *name, char *value)
+{
+       MIME_HEADER *mhdr;
+       char *tmpname, *tmpval, *p;
+       int c;
+       if(name) {
+               if(!(tmpname = BUF_strdup(name))) return NULL;
+               for(p = tmpname ; *p; p++) {
+                       c = *p;
+                       if(isupper(c)) {
+                               c = tolower(c);
+                               *p = c;
+                       }
+               }
+       } else tmpname = NULL;
+       if(value) {
+               if(!(tmpval = BUF_strdup(value))) return NULL;
+               for(p = tmpval ; *p; p++) {
+                       c = *p;
+                       if(isupper(c)) {
+                               c = tolower(c);
+                               *p = c;
+                       }
+               }
+       } else tmpval = NULL;
+       mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER));
+       if(!mhdr) return NULL;
+       mhdr->name = tmpname;
+       mhdr->value = tmpval;
+       if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL;
+       return mhdr;
+}
+               
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
+{
+       char *tmpname, *tmpval, *p;
+       int c;
+       MIME_PARAM *mparam;
+       if(name) {
+               tmpname = BUF_strdup(name);
+               if(!tmpname) return 0;
+               for(p = tmpname ; *p; p++) {
+                       c = *p;
+                       if(isupper(c)) {
+                               c = tolower(c);
+                               *p = c;
+                       }
+               }
+       } else tmpname = NULL;
+       if(value) {
+               tmpval = BUF_strdup(value);
+               if(!tmpval) return 0;
+       } else tmpval = NULL;
+       /* Parameter values are case sensitive so leave as is */
+       mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM));
+       if(!mparam) return 0;
+       mparam->param_name = tmpname;
+       mparam->param_value = tmpval;
+       sk_MIME_PARAM_push(mhdr->params, mparam);
+       return 1;
+}
+
+static int mime_hdr_cmp(const MIME_HEADER * const *a,
+                       const MIME_HEADER * const *b)
+{
+       return(strcmp((*a)->name, (*b)->name));
+}
+
+static int mime_param_cmp(const MIME_PARAM * const *a,
+                       const MIME_PARAM * const *b)
+{
+       return(strcmp((*a)->param_name, (*b)->param_name));
+}
+
+/* Find a header with a given name (if possible) */
+
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
+{
+       MIME_HEADER htmp;
+       int idx;
+       htmp.name = name;
+       idx = sk_MIME_HEADER_find(hdrs, &htmp);
+       if(idx < 0) return NULL;
+       return sk_MIME_HEADER_value(hdrs, idx);
+}
+
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
+{
+       MIME_PARAM param;
+       int idx;
+       param.param_name = name;
+       idx = sk_MIME_PARAM_find(hdr->params, &param);
+       if(idx < 0) return NULL;
+       return sk_MIME_PARAM_value(hdr->params, idx);
+}
+
+static void mime_hdr_free(MIME_HEADER *hdr)
+{
+       if(hdr->name) OPENSSL_free(hdr->name);
+       if(hdr->value) OPENSSL_free(hdr->value);
+       if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
+       OPENSSL_free(hdr);
+}
+
+static void mime_param_free(MIME_PARAM *param)
+{
+       if(param->param_name) OPENSSL_free(param->param_name);
+       if(param->param_value) OPENSSL_free(param->param_value);
+       OPENSSL_free(param);
+}
+
+/* Check for a multipart boundary. Returns:
+ * 0 : no boundary
+ * 1 : part boundary
+ * 2 : final boundary
+ */
+static int mime_bound_check(char *line, int linelen, char *bound, int blen)
+{
+       if(linelen == -1) linelen = strlen(line);
+       if(blen == -1) blen = strlen(bound);
+       /* Quickly eliminate if line length too short */
+       if(blen + 2 > linelen) return 0;
+       /* Check for part boundary */
+       if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
+               if(!strncmp(line + blen + 2, "--", 2)) return 2;
+               else return 1;
+       }
+       return 0;
+}
+
+static int strip_eol(char *linebuf, int *plen)
+       {
+       int len = *plen;
+       char *p, c;
+       int is_eol = 0;
+       p = linebuf + len - 1;
+       for (p = linebuf + len - 1; len > 0; len--, p--)
+               {
+               c = *p;
+               if (c == '\n')
+                       is_eol = 1;
+               else if (c != '\r')
+                       break;
+               }
+       *plen = len;
+       return is_eol;
+       }
index c8d4553ebd5251257b08cc3925374710ac4588ef..bb7c1e2af4894e3d02c7d51f6304dc93af3a44db 100644 (file)
@@ -115,8 +115,6 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c
                                return;
                        }
                i = asn1_get_choice_selector(pval, it);
-               if (asn1_cb)
-                       asn1_cb(ASN1_OP_FREE_PRE, pval, it);
                if ((i >= 0) && (i < it->tcount))
                        {
                        ASN1_VALUE **pchval;
index 00b9ea54a15fa4f8f02f0bf9195d63b3f57ae7f1..33533aba862bb8ae4e569c6af432bc78813d8a31 100644 (file)
@@ -66,8 +66,65 @@ ASN1_SEQUENCE(X509_ALGOR) = {
        ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
 } ASN1_SEQUENCE_END(X509_ALGOR)
 
+ASN1_ITEM_TEMPLATE(X509_ALGORS) = 
+       ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR)
+ASN1_ITEM_TEMPLATE_END(X509_ALGORS)
+
 IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_ALGORS, X509_ALGORS, X509_ALGORS)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
 
 IMPLEMENT_STACK_OF(X509_ALGOR)
 IMPLEMENT_ASN1_SET_OF(X509_ALGOR)
+
+int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
+       {
+       if (!alg)
+               return 0;
+       if (ptype != V_ASN1_UNDEF)
+               {
+               if (alg->parameter == NULL)
+                       alg->parameter = ASN1_TYPE_new();
+               if (alg->parameter == NULL)
+                       return 0;
+               }
+       if (alg)
+               {
+               if (alg->algorithm)
+                       ASN1_OBJECT_free(alg->algorithm);
+               alg->algorithm = aobj;
+               }
+       if (ptype == 0)
+               return 1;       
+       if (ptype == V_ASN1_UNDEF)
+               {
+               if (alg->parameter)
+                       {
+                       ASN1_TYPE_free(alg->parameter);
+                       alg->parameter = NULL;
+                       }
+               }
+       else
+               ASN1_TYPE_set(alg->parameter, ptype, pval);
+       return 1;
+       }
+
+void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
+                                               X509_ALGOR *algor)
+       {
+       if (paobj)
+               *paobj = algor->algorithm;
+       if (pptype)
+               {
+               if (algor->parameter == NULL)
+                       {
+                       *pptype = V_ASN1_UNDEF;
+                       return;
+                       }
+               else
+                       *pptype = algor->parameter->type;
+               if (ppval)
+                       *ppval = algor->parameter->value.ptr;
+               }
+       }
+
index e07cce595549840d6856ea7c9b1bf191994f20df..6ac2aeb2795944bee324f6ac4344237384ecbcca 100644 (file)
 #include <string.h>
 #include <openssl/blowfish.h>
 #include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 #include "bf_locl.h"
 #include "bf_pi.h"
 
index cd78de1e875fb591153537c09c2ff757e7a7d992..ead477d8a29e0d7d83f26ee2ac5b1cc0be3358d9 100644 (file)
 #include "cryptlib.h"
 #include <openssl/bio.h>
 #if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK)
-#include "netdb.h"
+#include <netdb.h>
+#if defined(NETWARE_CLIB)
+#include <sys/ioctl.h>
+NETDB_DEFINE_CONTEXT
+#endif
 #endif
 
 #ifndef OPENSSL_NO_SOCK
@@ -178,11 +182,11 @@ int BIO_get_port(const char *str, unsigned short *port_ptr)
                /* Note: under VMS with SOCKETSHR, it seems like the first
                 * parameter is 'char *', instead of 'const char *'
                 */
-               s=getservbyname(
 #ifndef CONST_STRICT
-                   (char *)
+               s=getservbyname((char *)str,"tcp");
+#else
+               s=getservbyname(str,"tcp");
 #endif
-                   str,"tcp");
                if(s != NULL)
                        *port_ptr=ntohs((unsigned short)s->s_port);
                CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME);
@@ -360,7 +364,11 @@ struct hostent *BIO_gethostbyname(const char *name)
 #if 1
        /* Caching gethostbyname() results forever is wrong,
         * so we have to let the true gethostbyname() worry about this */
+#if (defined(NETWARE_BSDSOCK) && !defined(__NOVELL_LIBC__))
+       return gethostbyname((char*)name);
+#else
        return gethostbyname(name);
+#endif
 #else
        struct hostent *ret;
        int i,lowi=0,j;
@@ -400,11 +408,11 @@ struct hostent *BIO_gethostbyname(const char *name)
                /* Note: under VMS with SOCKETSHR, it seems like the first
                 * parameter is 'char *', instead of 'const char *'
                 */
-               ret=gethostbyname(
 #  ifndef CONST_STRICT
-                   (char *)
+               ret=gethostbyname((char *)name);
+#  else
+               ret=gethostbyname(name);
 #  endif
-                   name);
 
                if (ret == NULL)
                        goto end;
index 0362bb90caf4b14a774cb4546adcbefc0668d26f..cecb6a720771f56d94230f0e683027527d67ead8 100644 (file)
@@ -95,6 +95,7 @@ extern "C" {
 #define BIO_TYPE_BIO           (19|0x0400)             /* (half a) BIO pair */
 #define BIO_TYPE_LINEBUFFER    (20|0x0200)             /* filter */
 #define BIO_TYPE_DGRAM         (21|0x0400|0x0100)
+#define BIO_TYPE_COMP          (23|0x0200)             /* filter */
 
 #define BIO_TYPE_DESCRIPTOR    0x0100  /* socket, fd, connect or accept */
 #define BIO_TYPE_FILTER                0x0200
index a0cb29b3dcee8e74546ca9437d2ea481ff08454e..ea2c3fff63cb84e46ded6fea2ec08374cc636c4e 100644 (file)
@@ -208,9 +208,13 @@ static int dgram_write(BIO *b, const char *in, int inl)
        clear_socket_error();
 
     if ( data->connected )
-        ret=send(b->num,in,inl,0);
+        ret=writesocket(b->num,in,inl);
     else
+#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
+        ret=sendto(b->num, (char *)in, inl, 0, &data->peer, sizeof(data->peer));
+#else
         ret=sendto(b->num, in, inl, 0, &data->peer, sizeof(data->peer));
+#endif
 
        BIO_clear_retry_flags(b);
        if (ret <= 0)
index b277367da3a4e0b6fd9453997daf5142eebb20ea..4df9927c437e0112ad0abac99113b2639fd97a2f 100644 (file)
 #include "bio_lcl.h"
 #include <openssl/err.h>
 
+#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
+#include <nwfileio.h>
+#endif
+
 #if !defined(OPENSSL_NO_STDIO)
 
 static int MS_CALLBACK file_write(BIO *h, const char *buf, int num);
@@ -285,9 +289,9 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
          /* Under CLib there are differences in file modes
          */
                if (num & BIO_FP_TEXT)
-                       _setmode(fd,O_TEXT);
+                       setmode(fd,O_TEXT);
                else
-                       _setmode(fd,O_BINARY);
+                       setmode(fd,O_BINARY);
 #elif defined(OPENSSL_SYS_MSDOS)
                int fd = fileno((FILE*)ptr);
                /* Set correct text/binary mode */
index 5cd3cd2ed50a968fa2ab60bcd361b185dce923ac..0982293094d9838f92f0bd2380bc5a76cf184c7d 100755 (executable)
@@ -1,5 +1,18 @@
 #!/usr/bin/env perl
 
+# This is crypto/bn/asm/x86-mont.pl (with asciz from crypto/perlasm/x86asm.pl)
+# from OpenSSL 0.9.9-dev 
+
+sub ::asciz
+{ my @str=unpack("C*",shift);
+    push @str,0;
+    while ($#str>15) {
+       &data_byte(@str[0..15]);
+       foreach (0..15) { shift @str; }
+    }
+    &data_byte(@str) if (@str);
+}
+
 # ====================================================================
 # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
@@ -26,8 +39,7 @@
 # Integer-only code [being equipped with dedicated squaring procedure]
 # gives ~40% on rsa512 sign benchmark...
 
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC,"${dir}","${dir}../../perlasm");
+push(@INC,"perlasm","../../perlasm");
 require "x86asm.pl";
 
 &asm_init($ARGV[0],$0);
index d74e8e0d36d785788985aa402733cbdf611201a6..68e690a60c2b29f11588962475d684fa7d4ef6d5 100644 (file)
 
 #include <openssl/cast.h>
 #include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 #include "cast_lcl.h"
 #include "cast_s.h"
 
diff --git a/crypto/cms/Makefile b/crypto/cms/Makefile
new file mode 100644 (file)
index 0000000..e39c310
--- /dev/null
@@ -0,0 +1,183 @@
+#
+# OpenSSL/crypto/cms/Makefile
+#
+
+DIR=   cms
+TOP=   ../..
+CC=    cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=      Makefile
+AR=            ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \
+       cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c
+LIBOBJ= cms_lib.o cms_asn1.o cms_att.o cms_io.o cms_smime.o cms_err.o \
+       cms_sd.o cms_dd.o cms_cd.o cms_env.o cms_enc.o cms_ess.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=  cms.h
+HEADER=        cms_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+       (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:
+
+all:   lib
+
+lib:   $(LIBOBJ)
+       $(AR) $(LIB) $(LIBOBJ)
+       $(RANLIB) $(LIB) || echo Never mind.
+       @touch lib
+
+files:
+       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+       @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+       @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+       @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+       @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+       @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+       do  \
+       (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+       chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+       done;
+
+tags:
+       ctags $(SRC)
+
+tests:
+
+lint:
+       lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+       @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+       $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+       $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+       mv -f Makefile.new $(MAKEFILE)
+
+clean:
+       rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+cms_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_asn1.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_asn1.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_asn1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_asn1.o: ../../include/openssl/opensslconf.h
+cms_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_asn1.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+cms_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_asn1.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_asn1.o: cms.h cms_asn1.c cms_lcl.h
+cms_att.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+cms_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+cms_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_att.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+cms_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_att.o: cms.h cms_att.c cms_lcl.h
+cms_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+cms_err.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+cms_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cms_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+cms_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+cms_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cms_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+cms_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+cms_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cms_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+cms_err.o: cms_err.c
+cms_io.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_io.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_io.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cms_io.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+cms_io.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+cms_io.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_io.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_io.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cms_io.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+cms_io.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+cms_io.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+cms_io.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cms_io.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h cms.h
+cms_io.o: cms_io.c cms_lcl.h
+cms_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cms_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+cms_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+cms_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cms_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+cms_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+cms_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+cms_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cms_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h cms.h
+cms_lib.o: cms_lcl.h cms_lib.c
+cms_sd.o: ../../e_os.h ../../include/openssl/asn1.h
+cms_sd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+cms_sd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+cms_sd.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_sd.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_sd.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_sd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+cms_sd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_sd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+cms_sd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_sd.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+cms_sd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_sd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_sd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_sd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_sd.o: ../cryptlib.h cms_lcl.h cms_sd.c
+cms_smime.o: ../../e_os.h ../../include/openssl/asn1.h
+cms_smime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+cms_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+cms_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+cms_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_smime.o: ../../include/openssl/objects.h
+cms_smime.o: ../../include/openssl/opensslconf.h
+cms_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_smime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_smime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_smime.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_smime.o: ../cryptlib.h cms_lcl.h cms_smime.c
diff --git a/crypto/cms/cms.h b/crypto/cms/cms.h
new file mode 100644 (file)
index 0000000..25f8874
--- /dev/null
@@ -0,0 +1,473 @@
+/* crypto/cms/cms.h */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+
+#ifndef HEADER_CMS_H
+#define HEADER_CMS_H
+
+#include <openssl/x509.h>
+
+#ifdef OPENSSL_NO_CMS
+#error CMS is disabled.
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+typedef struct CMS_ContentInfo_st CMS_ContentInfo;
+typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_CertificateChoices CMS_CertificateChoices;
+typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
+typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
+typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
+typedef struct CMS_Receipt_st CMS_Receipt;
+
+DECLARE_STACK_OF(CMS_SignerInfo)
+DECLARE_STACK_OF(GENERAL_NAMES)
+DECLARE_ASN1_FUNCTIONS_const(CMS_ContentInfo)
+DECLARE_ASN1_FUNCTIONS_const(CMS_ReceiptRequest)
+
+#define CMS_SIGNERINFO_ISSUER_SERIAL   0
+#define CMS_SIGNERINFO_KEYIDENTIFIER   1
+
+#define CMS_RECIPINFO_TRANS            0
+#define CMS_RECIPINFO_AGREE            1
+#define CMS_RECIPINFO_KEK              2
+#define CMS_RECIPINFO_PASS             3
+#define CMS_RECIPINFO_OTHER            4
+
+/* S/MIME related flags */
+
+#define CMS_TEXT                       0x1
+#define CMS_NOCERTS                    0x2
+#define CMS_NO_CONTENT_VERIFY          0x4
+#define CMS_NO_ATTR_VERIFY             0x8
+#define CMS_NOSIGS                     \
+                       (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
+#define CMS_NOINTERN                   0x10
+#define CMS_NO_SIGNER_CERT_VERIFY      0x20
+#define CMS_NOVERIFY                   0x20
+#define CMS_DETACHED                   0x40
+#define CMS_BINARY                     0x80
+#define CMS_NOATTR                     0x100
+#define        CMS_NOSMIMECAP                  0x200
+#define CMS_NOOLDMIMETYPE              0x400
+#define CMS_CRLFEOL                    0x800
+#define CMS_STREAM                     0x1000
+#define CMS_NOCRL                      0x2000
+#define CMS_PARTIAL                    0x4000
+#define CMS_REUSE_DIGEST               0x8000
+#define CMS_USE_KEYID                  0x10000
+
+const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
+
+BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
+int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
+
+ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
+int CMS_is_detached(CMS_ContentInfo *cms);
+int CMS_set_detached(CMS_ContentInfo *cms, int detached);
+
+#ifdef HEADER_PEM_H
+DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
+#endif
+
+CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
+int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
+
+CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
+int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
+
+int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags);
+
+CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                                               BIO *data, unsigned int flags);
+
+CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
+                                       X509 *signcert, EVP_PKEY *pkey,
+                                       STACK_OF(X509) *certs,
+                                       unsigned int flags);
+
+int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
+CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
+
+int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+                                                       unsigned int flags);
+CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
+                                                       unsigned int flags);
+
+int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
+                               const unsigned char *key, size_t keylen,
+                               BIO *dcont, BIO *out, unsigned int flags);
+
+CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
+                                       const unsigned char *key, size_t keylen,
+                                       unsigned int flags);
+
+int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
+                               const unsigned char *key, size_t keylen);
+
+int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+                X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
+
+int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
+                       STACK_OF(X509) *certs,
+                       X509_STORE *store, unsigned int flags);
+
+STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
+
+CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
+                               const EVP_CIPHER *cipher, unsigned int flags);
+
+int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
+                               BIO *dcont, BIO *out,
+                               unsigned int flags);
+       
+int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
+int CMS_decrypt_set1_key(CMS_ContentInfo *cms, 
+                               unsigned char *key, size_t keylen,
+                               unsigned char *id, size_t idlen);
+
+STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
+int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
+CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
+CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
+                                       X509 *recip, unsigned int flags);
+int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
+int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
+int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
+                                       EVP_PKEY **pk, X509 **recip,
+                                       X509_ALGOR **palg);
+int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
+                                       ASN1_OCTET_STRING **keyid,
+                                       X509_NAME **issuer, ASN1_INTEGER **sno);
+
+CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
+                                       unsigned char *key, size_t keylen,
+                                       unsigned char *id, size_t idlen,
+                                       ASN1_GENERALIZEDTIME *date,
+                                       ASN1_OBJECT *otherTypeId,
+                                       ASN1_TYPE *otherType);
+
+int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
+                                       X509_ALGOR **palg,
+                                       ASN1_OCTET_STRING **pid,
+                                       ASN1_GENERALIZEDTIME **pdate,
+                                       ASN1_OBJECT **potherid,
+                                       ASN1_TYPE **pothertype);
+
+int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, 
+                               unsigned char *key, size_t keylen);
+
+int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, 
+                                       const unsigned char *id, size_t idlen);
+
+int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
+       
+int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+                                                       unsigned int flags);
+CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
+
+int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
+const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
+
+CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
+int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
+int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
+STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
+
+CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
+int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
+
+int CMS_SignedData_init(CMS_ContentInfo *cms);
+CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
+                       X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
+                       unsigned int flags);
+STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
+
+void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
+int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
+                                       ASN1_OCTET_STRING **keyid,
+                                       X509_NAME **issuer, ASN1_INTEGER **sno);
+int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
+int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+                                       unsigned int flags);
+void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
+                                       X509_ALGOR **pdig, X509_ALGOR **psig);
+int CMS_SignerInfo_sign(CMS_SignerInfo *si);
+int CMS_SignerInfo_verify(CMS_SignerInfo *si);
+int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+
+int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
+int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
+                               int algnid, int keysize);
+int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
+
+int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
+int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+                         int lastpos);
+int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
+                         int lastpos);
+X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
+X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
+int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
+int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
+                       const ASN1_OBJECT *obj, int type,
+                       const void *bytes, int len);
+int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
+                       int nid, int type,
+                       const void *bytes, int len);
+int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
+                       const char *attrname, int type,
+                       const void *bytes, int len);
+void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+                                       int lastpos, int type);
+
+int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
+int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+                         int lastpos);
+int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
+                         int lastpos);
+X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
+X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
+int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
+int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
+                       const ASN1_OBJECT *obj, int type,
+                       const void *bytes, int len);
+int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
+                       int nid, int type,
+                       const void *bytes, int len);
+int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
+                       const char *attrname, int type,
+                       const void *bytes, int len);
+void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+                                       int lastpos, int type);
+
+#ifdef HEADER_X509V3_H
+
+int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
+CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
+                               int allorfirst,
+                               STACK_OF(GENERAL_NAMES) *receiptList,
+                               STACK_OF(GENERAL_NAMES) *receiptsTo);
+int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
+void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
+                                       ASN1_STRING **pcid,
+                                       int *pallorfirst,
+                                       STACK_OF(GENERAL_NAMES) **plist,
+                                       STACK_OF(GENERAL_NAMES) **prto);
+
+#endif
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_CMS_strings(void);
+
+/* Error codes for the CMS functions. */
+
+/* Function codes. */
+#define CMS_F_CHECK_CONTENT                             99
+#define CMS_F_CMS_ADD0_CERT                             164
+#define CMS_F_CMS_ADD0_RECIPIENT_KEY                    100
+#define CMS_F_CMS_ADD1_RECEIPTREQUEST                   158
+#define CMS_F_CMS_ADD1_RECIPIENT_CERT                   101
+#define CMS_F_CMS_ADD1_SIGNER                           102
+#define CMS_F_CMS_ADD1_SIGNINGTIME                      103
+#define CMS_F_CMS_COMPRESS                              104
+#define CMS_F_CMS_COMPRESSEDDATA_CREATE                         105
+#define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO               106
+#define CMS_F_CMS_COPY_CONTENT                          107
+#define CMS_F_CMS_COPY_MESSAGEDIGEST                    108
+#define CMS_F_CMS_DATA                                  109
+#define CMS_F_CMS_DATAFINAL                             110
+#define CMS_F_CMS_DATAINIT                              111
+#define CMS_F_CMS_DECRYPT                               112
+#define CMS_F_CMS_DECRYPT_SET1_KEY                      113
+#define CMS_F_CMS_DECRYPT_SET1_PKEY                     114
+#define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX              115
+#define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO              116
+#define CMS_F_CMS_DIGESTEDDATA_DO_FINAL                         117
+#define CMS_F_CMS_DIGEST_VERIFY                                 118
+#define CMS_F_CMS_ENCODE_RECEIPT                        161
+#define CMS_F_CMS_ENCRYPT                               119
+#define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO             120
+#define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT                         121
+#define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT                         122
+#define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY                123
+#define CMS_F_CMS_ENVELOPEDDATA_CREATE                  124
+#define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO                125
+#define CMS_F_CMS_ENVELOPED_DATA_INIT                   126
+#define CMS_F_CMS_FINAL                                         127
+#define CMS_F_CMS_GET0_CERTIFICATE_CHOICES              128
+#define CMS_F_CMS_GET0_CONTENT                          129
+#define CMS_F_CMS_GET0_ECONTENT_TYPE                    130
+#define CMS_F_CMS_GET0_ENVELOPED                        131
+#define CMS_F_CMS_GET0_REVOCATION_CHOICES               132
+#define CMS_F_CMS_GET0_SIGNED                           133
+#define CMS_F_CMS_MSGSIGDIGEST_ADD1                     162
+#define CMS_F_CMS_RECEIPTREQUEST_CREATE0                159
+#define CMS_F_CMS_RECEIPT_VERIFY                        160
+#define CMS_F_CMS_RECIPIENTINFO_DECRYPT                         134
+#define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT           135
+#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT           136
+#define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID           137
+#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP            138
+#define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP           139
+#define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT            140
+#define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT            141
+#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS          142
+#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID     143
+#define CMS_F_CMS_RECIPIENTINFO_SET0_KEY                144
+#define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY               145
+#define CMS_F_CMS_SET1_SIGNERIDENTIFIER                         146
+#define CMS_F_CMS_SET_DETACHED                          147
+#define CMS_F_CMS_SIGN                                  148
+#define CMS_F_CMS_SIGNED_DATA_INIT                      149
+#define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN               150
+#define CMS_F_CMS_SIGNERINFO_SIGN                       151
+#define CMS_F_CMS_SIGNERINFO_VERIFY                     152
+#define CMS_F_CMS_SIGNERINFO_VERIFY_CERT                153
+#define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT             154
+#define CMS_F_CMS_SIGN_RECEIPT                          163
+#define CMS_F_CMS_STREAM                                155
+#define CMS_F_CMS_UNCOMPRESS                            156
+#define CMS_F_CMS_VERIFY                                157
+
+/* Reason codes. */
+#define CMS_R_ADD_SIGNER_ERROR                          99
+#define CMS_R_CERTIFICATE_ALREADY_PRESENT               175
+#define CMS_R_CERTIFICATE_HAS_NO_KEYID                  160
+#define CMS_R_CERTIFICATE_VERIFY_ERROR                  100
+#define CMS_R_CIPHER_INITIALISATION_ERROR               101
+#define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR     102
+#define CMS_R_CMS_DATAFINAL_ERROR                       103
+#define CMS_R_CMS_LIB                                   104
+#define CMS_R_CONTENTIDENTIFIER_MISMATCH                170
+#define CMS_R_CONTENT_NOT_FOUND                                 105
+#define CMS_R_CONTENT_TYPE_MISMATCH                     171
+#define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA          106
+#define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA           107
+#define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA              108
+#define CMS_R_CONTENT_VERIFY_ERROR                      109
+#define CMS_R_CTRL_ERROR                                110
+#define CMS_R_CTRL_FAILURE                              111
+#define CMS_R_DECRYPT_ERROR                             112
+#define CMS_R_DIGEST_ERROR                              161
+#define CMS_R_ERROR_GETTING_PUBLIC_KEY                  113
+#define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE     114
+#define CMS_R_ERROR_SETTING_KEY                                 115
+#define CMS_R_ERROR_SETTING_RECIPIENTINFO               116
+#define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH              117
+#define CMS_R_INVALID_KEY_LENGTH                        118
+#define CMS_R_MD_BIO_INIT_ERROR                                 119
+#define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH      120
+#define CMS_R_MESSAGEDIGEST_WRONG_LENGTH                121
+#define CMS_R_MSGSIGDIGEST_ERROR                        172
+#define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE                 162
+#define CMS_R_MSGSIGDIGEST_WRONG_LENGTH                         163
+#define CMS_R_NEED_ONE_SIGNER                           164
+#define CMS_R_NOT_A_SIGNED_RECEIPT                      165
+#define CMS_R_NOT_ENCRYPTED_DATA                        122
+#define CMS_R_NOT_KEK                                   123
+#define CMS_R_NOT_KEY_TRANSPORT                                 124
+#define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE           125
+#define CMS_R_NO_CIPHER                                         126
+#define CMS_R_NO_CONTENT                                127
+#define CMS_R_NO_CONTENT_TYPE                           173
+#define CMS_R_NO_DEFAULT_DIGEST                                 128
+#define CMS_R_NO_DIGEST_SET                             129
+#define CMS_R_NO_KEY                                    130
+#define CMS_R_NO_KEY_OR_CERT                            174
+#define CMS_R_NO_MATCHING_DIGEST                        131
+#define CMS_R_NO_MATCHING_RECIPIENT                     132
+#define CMS_R_NO_MATCHING_SIGNATURE                     166
+#define CMS_R_NO_MSGSIGDIGEST                           167
+#define CMS_R_NO_PRIVATE_KEY                            133
+#define CMS_R_NO_PUBLIC_KEY                             134
+#define CMS_R_NO_RECEIPT_REQUEST                        168
+#define CMS_R_NO_SIGNERS                                135
+#define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE    136
+#define CMS_R_RECEIPT_DECODE_ERROR                      169
+#define CMS_R_RECIPIENT_ERROR                           137
+#define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND              138
+#define CMS_R_SIGNFINAL_ERROR                           139
+#define CMS_R_SMIME_TEXT_ERROR                          140
+#define CMS_R_STORE_INIT_ERROR                          141
+#define CMS_R_TYPE_NOT_COMPRESSED_DATA                  142
+#define CMS_R_TYPE_NOT_DATA                             143
+#define CMS_R_TYPE_NOT_DIGESTED_DATA                    144
+#define CMS_R_TYPE_NOT_ENCRYPTED_DATA                   145
+#define CMS_R_TYPE_NOT_ENVELOPED_DATA                   146
+#define CMS_R_UNABLE_TO_FINALIZE_CONTEXT                147
+#define CMS_R_UNKNOWN_CIPHER                            148
+#define CMS_R_UNKNOWN_DIGEST_ALGORIHM                   149
+#define CMS_R_UNKNOWN_ID                                150
+#define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM                 151
+#define CMS_R_UNSUPPORTED_CONTENT_TYPE                  152
+#define CMS_R_UNSUPPORTED_KEK_ALGORITHM                         153
+#define CMS_R_UNSUPPORTED_RECIPIENT_TYPE                154
+#define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE             155
+#define CMS_R_UNSUPPORTED_TYPE                          156
+#define CMS_R_UNWRAP_ERROR                              157
+#define CMS_R_VERIFICATION_FAILURE                      158
+#define CMS_R_WRAP_ERROR                                159
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c
new file mode 100644 (file)
index 0000000..7664921
--- /dev/null
@@ -0,0 +1,346 @@
+/* crypto/cms/cms_asn1.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include "cms.h"
+#include "cms_lcl.h"
+
+
+ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {
+       ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME),
+       ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(CMS_IssuerAndSerialNumber)
+
+ASN1_SEQUENCE(CMS_OtherCertificateFormat) = {
+       ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT),
+       ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
+} ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
+
+ASN1_CHOICE(CMS_CertificateChoices) = {
+       ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509),
+       ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0),
+       ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1),
+       ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2),
+       ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3)
+} ASN1_CHOICE_END(CMS_CertificateChoices)
+
+ASN1_CHOICE(CMS_SignerIdentifier) = {
+       ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+       ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
+} ASN1_CHOICE_END(CMS_SignerIdentifier)
+
+ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
+       ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT),
+       ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0)
+} ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
+
+/* Minor tweak to operation: free up signer key, cert */
+static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+       {
+       if(operation == ASN1_OP_FREE_POST)
+               {
+               CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
+               if (si->pkey)
+                       EVP_PKEY_free(si->pkey);
+               if (si->signer)
+                       X509_free(si->signer);
+               }
+       return 1;
+       }
+
+ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
+       ASN1_SIMPLE(CMS_SignerInfo, version, LONG),
+       ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier),
+       ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR),
+       ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0),
+       ASN1_SIMPLE(CMS_SignerInfo, signatureAlgorithm, X509_ALGOR),
+       ASN1_SIMPLE(CMS_SignerInfo, signature, ASN1_OCTET_STRING),
+       ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, unsignedAttrs, X509_ATTRIBUTE, 1)
+} ASN1_SEQUENCE_END_cb(CMS_SignerInfo, CMS_SignerInfo)
+
+ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = {
+       ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT),
+       ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
+} ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
+
+ASN1_CHOICE(CMS_RevocationInfoChoice) = {
+       ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL),
+       ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1)
+} ASN1_CHOICE_END(CMS_RevocationInfoChoice)
+
+ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
+       ASN1_SIMPLE(CMS_SignedData, version, LONG),
+       ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR),
+       ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+       ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
+       ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1),
+       ASN1_SET_OF(CMS_SignedData, signerInfos, CMS_SignerInfo)
+} ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
+
+ASN1_SEQUENCE(CMS_OriginatorInfo) = {
+       ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
+       ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1)
+} ASN1_SEQUENCE_END(CMS_OriginatorInfo)
+
+ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
+       ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT),
+       ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR),
+       ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0)
+} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
+
+ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = {
+       ASN1_SIMPLE(CMS_KeyTransRecipientInfo, version, LONG),
+       ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier),
+       ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+       ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_KeyTransRecipientInfo)
+
+ASN1_SEQUENCE(CMS_OtherKeyAttribute) = {
+       ASN1_SIMPLE(CMS_OtherKeyAttribute, keyAttrId, ASN1_OBJECT),
+       ASN1_OPT(CMS_OtherKeyAttribute, keyAttr, ASN1_ANY)
+} ASN1_SEQUENCE_END(CMS_OtherKeyAttribute)
+
+ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = {
+       ASN1_SIMPLE(CMS_RecipientKeyIdentifier, subjectKeyIdentifier, ASN1_OCTET_STRING),
+       ASN1_OPT(CMS_RecipientKeyIdentifier, date, ASN1_GENERALIZEDTIME),
+       ASN1_OPT(CMS_RecipientKeyIdentifier, other, CMS_OtherKeyAttribute)
+} ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier)
+
+ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
+  ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+  ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
+} ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
+
+ASN1_SEQUENCE(CMS_RecipientEncryptedKey) = {
+       ASN1_SIMPLE(CMS_RecipientEncryptedKey, rid, CMS_KeyAgreeRecipientIdentifier),
+       ASN1_SIMPLE(CMS_RecipientEncryptedKey, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_RecipientEncryptedKey)
+
+ASN1_SEQUENCE(CMS_OriginatorPublicKey) = {
+  ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR),
+  ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(CMS_OriginatorPublicKey)
+
+ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
+  ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+  ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0),
+  ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
+} ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
+
+ASN1_SEQUENCE(CMS_KeyAgreeRecipientInfo) = {
+       ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, version, LONG),
+       ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0),
+       ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1),
+       ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+       ASN1_SEQUENCE_OF(CMS_KeyAgreeRecipientInfo, recipientEncryptedKeys, CMS_RecipientEncryptedKey)
+} ASN1_SEQUENCE_END(CMS_KeyAgreeRecipientInfo)
+
+ASN1_SEQUENCE(CMS_KEKIdentifier) = {
+       ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING),
+       ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME),
+       ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
+} ASN1_SEQUENCE_END(CMS_KEKIdentifier)
+
+ASN1_SEQUENCE(CMS_KEKRecipientInfo) = {
+       ASN1_SIMPLE(CMS_KEKRecipientInfo, version, LONG),
+       ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier),
+       ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+       ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
+
+ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
+       ASN1_SIMPLE(CMS_PasswordRecipientInfo, version, LONG),
+       ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0),
+       ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+       ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo)
+
+ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
+  ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT),
+  ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
+} ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
+
+/* Free up RecipientInfo additional data */
+static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+       {
+       if(operation == ASN1_OP_FREE_PRE)
+               {
+               CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
+               if (ri->type == CMS_RECIPINFO_TRANS)
+                       {
+                       CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
+                       if (ktri->pkey)
+                               EVP_PKEY_free(ktri->pkey);
+                       if (ktri->recip)
+                               X509_free(ktri->recip);
+                       }
+               else if (ri->type == CMS_RECIPINFO_KEK)
+                       {
+                       CMS_KEKRecipientInfo *kekri = ri->d.kekri;
+                       if (kekri->key)
+                               {
+                               OPENSSL_cleanse(kekri->key, kekri->keylen);
+                               OPENSSL_free(kekri->key);
+                               }
+                       }
+               }
+       return 1;
+       }
+
+ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = {
+       ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo),
+       ASN1_IMP(CMS_RecipientInfo, d.kari, CMS_KeyAgreeRecipientInfo, 1),
+       ASN1_IMP(CMS_RecipientInfo, d.kekri, CMS_KEKRecipientInfo, 2),
+       ASN1_IMP(CMS_RecipientInfo, d.pwri, CMS_PasswordRecipientInfo, 3),
+       ASN1_IMP(CMS_RecipientInfo, d.ori, CMS_OtherRecipientInfo, 4)
+} ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type)
+
+ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
+       ASN1_SIMPLE(CMS_EnvelopedData, version, LONG),
+       ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0),
+       ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo),
+       ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo),
+       ASN1_IMP_SET_OF_OPT(CMS_EnvelopedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
+} ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData)
+
+ASN1_NDEF_SEQUENCE(CMS_DigestedData) = {
+       ASN1_SIMPLE(CMS_DigestedData, version, LONG),
+       ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR),
+       ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+       ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING)
+} ASN1_NDEF_SEQUENCE_END(CMS_DigestedData)
+
+ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = {
+       ASN1_SIMPLE(CMS_EncryptedData, version, LONG),
+       ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo),
+       ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
+} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData)
+
+ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
+       ASN1_SIMPLE(CMS_AuthenticatedData, version, LONG),
+       ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0),
+       ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo),
+       ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR),
+       ASN1_IMP(CMS_AuthenticatedData, digestAlgorithm, X509_ALGOR, 1),
+       ASN1_SIMPLE(CMS_AuthenticatedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+       ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2),
+       ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING),
+       ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
+} ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
+
+ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
+       ASN1_SIMPLE(CMS_CompressedData, version, LONG),
+       ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
+       ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
+
+/* This is the ANY DEFINED BY table for the top level ContentInfo structure */
+
+ASN1_ADB_TEMPLATE(cms_default) = ASN1_EXP(CMS_ContentInfo, d.other, ASN1_ANY, 0);
+
+ASN1_ADB(CMS_ContentInfo) = {
+       ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP(CMS_ContentInfo, d.data, ASN1_OCTET_STRING_NDEF, 0)),
+       ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP(CMS_ContentInfo, d.signedData, CMS_SignedData, 0)),
+       ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP(CMS_ContentInfo, d.envelopedData, CMS_EnvelopedData, 0)),
+       ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP(CMS_ContentInfo, d.digestedData, CMS_DigestedData, 0)),
+       ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP(CMS_ContentInfo, d.encryptedData, CMS_EncryptedData, 0)),
+       ADB_ENTRY(NID_id_smime_ct_authData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authenticatedData, CMS_AuthenticatedData, 0)),
+       ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)),
+} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL);
+
+ASN1_NDEF_SEQUENCE(CMS_ContentInfo) = {
+       ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT),
+       ASN1_ADB_OBJECT(CMS_ContentInfo)
+} ASN1_NDEF_SEQUENCE_END(CMS_ContentInfo)
+
+/* Specials for signed attributes */
+
+/* When signing attributes we want to reorder them to match the sorted
+ * encoding.
+ */
+
+ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) = 
+       ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign)
+
+/* When verifying attributes we need to use the received order. So 
+ * we use SEQUENCE OF and tag it to SET OF
+ */
+
+ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) = 
+       ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
+                               V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify)
+
+
+
+ASN1_CHOICE(CMS_ReceiptsFrom) = {
+  ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0),
+  ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
+} ASN1_CHOICE_END(CMS_ReceiptsFrom)
+
+ASN1_SEQUENCE(CMS_ReceiptRequest) = {
+  ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING),
+  ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom),
+  ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES)
+} ASN1_SEQUENCE_END(CMS_ReceiptRequest)
+
+ASN1_SEQUENCE(CMS_Receipt) = {
+  ASN1_SIMPLE(CMS_Receipt, version, LONG),
+  ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT),
+  ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING),
+  ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_Receipt)
+
diff --git a/crypto/cms/cms_att.c b/crypto/cms/cms_att.c
new file mode 100644 (file)
index 0000000..5b71722
--- /dev/null
@@ -0,0 +1,195 @@
+/* crypto/cms/cms_att.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include "cms.h"
+#include "cms_lcl.h"
+
+/* CMS SignedData Attribute utilities */
+
+int CMS_signed_get_attr_count(const CMS_SignerInfo *si)
+{
+       return X509at_get_attr_count(si->signedAttrs);
+}
+
+int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+                         int lastpos)
+{
+       return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos);
+}
+
+int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
+                         int lastpos)
+{
+       return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos);
+}
+
+X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc)
+{
+       return X509at_get_attr(si->signedAttrs, loc);
+}
+
+X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc)
+{
+       return X509at_delete_attr(si->signedAttrs, loc);
+}
+
+int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
+{
+       if(X509at_add1_attr(&si->signedAttrs, attr)) return 1;
+       return 0;
+}
+
+int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
+                       const ASN1_OBJECT *obj, int type,
+                       const void *bytes, int len)
+{
+       if(X509at_add1_attr_by_OBJ(&si->signedAttrs, obj,
+                               type, bytes, len)) return 1;
+       return 0;
+}
+
+int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
+                       int nid, int type,
+                       const void *bytes, int len)
+{
+       if(X509at_add1_attr_by_NID(&si->signedAttrs, nid,
+                               type, bytes, len)) return 1;
+       return 0;
+}
+
+int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
+                       const char *attrname, int type,
+                       const void *bytes, int len)
+{
+       if(X509at_add1_attr_by_txt(&si->signedAttrs, attrname,
+                               type, bytes, len)) return 1;
+       return 0;
+}
+
+void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+                                       int lastpos, int type)
+{
+       return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type);
+}
+
+int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si)
+{
+       return X509at_get_attr_count(si->unsignedAttrs);
+}
+
+int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+                         int lastpos)
+{
+       return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos);
+}
+
+int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
+                         int lastpos)
+{
+       return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos);
+}
+
+X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc)
+{
+       return X509at_get_attr(si->unsignedAttrs, loc);
+}
+
+X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc)
+{
+       return X509at_delete_attr(si->unsignedAttrs, loc);
+}
+
+int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
+{
+       if(X509at_add1_attr(&si->unsignedAttrs, attr)) return 1;
+       return 0;
+}
+
+int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
+                       const ASN1_OBJECT *obj, int type,
+                       const void *bytes, int len)
+{
+       if(X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj,
+                               type, bytes, len)) return 1;
+       return 0;
+}
+
+int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
+                       int nid, int type,
+                       const void *bytes, int len)
+{
+       if(X509at_add1_attr_by_NID(&si->unsignedAttrs, nid,
+                               type, bytes, len)) return 1;
+       return 0;
+}
+
+int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
+                       const char *attrname, int type,
+                       const void *bytes, int len)
+{
+       if(X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname,
+                               type, bytes, len)) return 1;
+       return 0;
+}
+
+void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+                                       int lastpos, int type)
+{
+       return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type);
+}
+
+/* Specific attribute cases */
diff --git a/crypto/cms/cms_cd.c b/crypto/cms/cms_cd.c
new file mode 100644 (file)
index 0000000..a5fc2c4
--- /dev/null
@@ -0,0 +1,134 @@
+/* crypto/cms/cms_cd.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/bio.h>
+#include <openssl/comp.h>
+#include "cms_lcl.h"
+
+DECLARE_ASN1_ITEM(CMS_CompressedData)
+
+#ifdef ZLIB
+
+/* CMS CompressedData Utilities */
+
+CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
+       {
+       CMS_ContentInfo *cms;
+       CMS_CompressedData *cd;
+       /* Will need something cleverer if there is ever more than one
+        * compression algorithm or parameters have some meaning...
+        */
+       if (comp_nid != NID_zlib_compression)
+               {
+               CMSerr(CMS_F_CMS_COMPRESSEDDATA_CREATE,
+                               CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+               return NULL;
+               }
+       cms = CMS_ContentInfo_new();
+       if (!cms)
+               return NULL;
+
+       cd = M_ASN1_new_of(CMS_CompressedData);
+
+       if (!cd)
+               goto err;
+
+       cms->contentType = OBJ_nid2obj(NID_id_smime_ct_compressedData);
+       cms->d.compressedData = cd;
+
+       cd->version = 0;
+
+       X509_ALGOR_set0(cd->compressionAlgorithm,
+                       OBJ_nid2obj(NID_zlib_compression),
+                       V_ASN1_UNDEF, NULL);
+
+       cd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
+
+       return cms;
+
+       err:
+
+       if (cms)
+               CMS_ContentInfo_free(cms);
+
+       return NULL;
+       }
+
+BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms)
+       {
+       CMS_CompressedData *cd;
+       ASN1_OBJECT *compoid;
+       if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData)
+               {
+               CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
+                               CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA);
+               return NULL;
+               }
+       cd = cms->d.compressedData;
+       X509_ALGOR_get0(&compoid, NULL, NULL, cd->compressionAlgorithm);
+       if (OBJ_obj2nid(compoid) != NID_zlib_compression)
+               {
+               CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
+                               CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+               return NULL;
+               }
+       return BIO_new(BIO_f_zlib());
+       }
+
+#endif
diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c
new file mode 100644 (file)
index 0000000..8919c15
--- /dev/null
@@ -0,0 +1,148 @@
+/* crypto/cms/cms_dd.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+DECLARE_ASN1_ITEM(CMS_DigestedData)
+
+/* CMS DigestedData Utilities */
+
+CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
+       {
+       CMS_ContentInfo *cms;
+       CMS_DigestedData *dd;
+       cms = CMS_ContentInfo_new();
+       if (!cms)
+               return NULL;
+
+       dd = M_ASN1_new_of(CMS_DigestedData);
+
+       if (!dd)
+               goto err;
+
+       cms->contentType = OBJ_nid2obj(NID_pkcs7_digest);
+       cms->d.digestedData = dd;
+
+       dd->version = 0;
+       dd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
+
+       cms_DigestAlgorithm_set(dd->digestAlgorithm, md);
+
+       return cms;
+
+       err:
+
+       if (cms)
+               CMS_ContentInfo_free(cms);
+
+       return NULL;
+       }
+
+BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms)
+       {
+       CMS_DigestedData *dd;
+       dd = cms->d.digestedData;
+       return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm);
+       }
+
+int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
+       {
+       EVP_MD_CTX mctx;
+       unsigned char md[EVP_MAX_MD_SIZE];
+       unsigned int mdlen;
+       int r = 0;
+       CMS_DigestedData *dd;
+       EVP_MD_CTX_init(&mctx);
+
+       dd = cms->d.digestedData;
+
+       if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, dd->digestAlgorithm))
+               goto err;
+
+       if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0)
+               goto err;
+
+       if (verify)
+               {
+               if (mdlen != (unsigned int)dd->digest->length)
+                       {
+                       CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
+                               CMS_R_MESSAGEDIGEST_WRONG_LENGTH);
+                       goto err;
+                       }
+
+               if (memcmp(md, dd->digest->data, mdlen))
+                       CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
+                               CMS_R_VERIFICATION_FAILURE);
+               else
+                       r = 1;
+               }
+       else
+               {
+               if (!ASN1_STRING_set(dd->digest, md, mdlen))
+                       goto err;
+               r = 1;
+               }
+
+       err:
+       EVP_MD_CTX_cleanup(&mctx);
+
+       return r;
+
+       }
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
new file mode 100644 (file)
index 0000000..bab2623
--- /dev/null
@@ -0,0 +1,262 @@
+/* crypto/cms/cms_enc.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/rand.h>
+#include "cms_lcl.h"
+
+/* CMS EncryptedData Utilities */
+
+DECLARE_ASN1_ITEM(CMS_EncryptedData)
+
+/* Return BIO based on EncryptedContentInfo and key */
+
+BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
+       {
+       BIO *b;
+       EVP_CIPHER_CTX *ctx;
+       const EVP_CIPHER *ciph;
+       X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
+       unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
+
+       int ok = 0;
+
+       int enc, keep_key = 0;
+
+       enc = ec->cipher ? 1 : 0;
+
+       b = BIO_new(BIO_f_cipher());
+       if (!b)
+               {
+               CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                                                       ERR_R_MALLOC_FAILURE);
+               return NULL;
+               }
+
+       BIO_get_cipher_ctx(b, &ctx);
+
+       if (enc)
+               {
+               ciph = ec->cipher;
+               /* If not keeping key set cipher to NULL so subsequent calls
+                * decrypt.
+                */
+               if (ec->key)
+                       ec->cipher = NULL;
+               }
+       else
+               {
+               ciph = EVP_get_cipherbyobj(calg->algorithm);
+
+               if (!ciph)
+                       {
+                       CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                                                       CMS_R_UNKNOWN_CIPHER);
+                       goto err;
+                       }
+               }
+
+       if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0)
+               {
+               CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                               CMS_R_CIPHER_INITIALISATION_ERROR);
+               goto err;
+               }
+
+       if (enc)
+               {
+               int ivlen;
+               calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
+               /* Generate a random IV if we need one */
+               ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+               if (ivlen > 0)
+                       {
+                       if (RAND_pseudo_bytes(iv, ivlen) <= 0)
+                               goto err;
+                       piv = iv;
+                       }
+               }
+       else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0)
+               {
+               CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                               CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+               goto err;
+               }
+
+
+       if (enc && !ec->key)
+               {
+               /* Generate random key */
+               if (!ec->keylen)
+                       ec->keylen = EVP_CIPHER_CTX_key_length(ctx);
+               ec->key = OPENSSL_malloc(ec->keylen);
+               if (!ec->key)
+                       {
+                       CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                                                       ERR_R_MALLOC_FAILURE);
+                       goto err;
+                       }
+               if (EVP_CIPHER_CTX_rand_key(ctx, ec->key) <= 0)
+                       goto err;
+               keep_key = 1;
+               }
+       else if (ec->keylen != (unsigned int)EVP_CIPHER_CTX_key_length(ctx))
+               {
+               /* If necessary set key length */
+               if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)
+                       {
+                       CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                               CMS_R_INVALID_KEY_LENGTH);
+                       goto err;
+                       }
+               }
+
+       if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0)
+               {
+               CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                               CMS_R_CIPHER_INITIALISATION_ERROR);
+               goto err;
+               }
+
+       if (piv)
+               {
+               calg->parameter = ASN1_TYPE_new();
+               if (!calg->parameter)
+                       {
+                       CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                                                       ERR_R_MALLOC_FAILURE);
+                       goto err;
+                       }
+               if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0)
+                       {
+                       CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                               CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+                       goto err;
+                       }
+               }
+       ok = 1;
+
+       err:
+       if (ec->key && !keep_key)
+               {
+               OPENSSL_cleanse(ec->key, ec->keylen);
+               OPENSSL_free(ec->key);
+               ec->key = NULL;
+               }
+       if (ok)
+               return b;
+       BIO_free(b);
+       return NULL;
+       }
+
+int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, 
+                               const EVP_CIPHER *cipher,
+                               const unsigned char *key, size_t keylen)
+       {
+       ec->cipher = cipher;
+       if (key)
+               {
+               ec->key = OPENSSL_malloc(keylen);
+               if (!ec->key)
+                       return 0;
+               memcpy(ec->key, key, keylen);
+               }
+       ec->keylen = keylen;
+       if (cipher)
+               ec->contentType = OBJ_nid2obj(NID_pkcs7_data);
+       return 1;
+       }
+
+int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
+                               const unsigned char *key, size_t keylen)
+       {
+       CMS_EncryptedContentInfo *ec;
+       if (!key || !keylen)
+               {
+               CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY);
+               return 0;
+               }
+       if (ciph)
+               {
+               cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData);
+               if (!cms->d.encryptedData)
+                       {
+                       CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY,
+                               ERR_R_MALLOC_FAILURE);
+                       return 0;
+                       }
+               cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted);
+               cms->d.encryptedData->version = 0;
+               }
+       else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted)
+               {
+               CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY,
+                                               CMS_R_NOT_ENCRYPTED_DATA);
+               return 0;
+               }
+       ec = cms->d.encryptedData->encryptedContentInfo;
+       return cms_EncryptedContent_init(ec, ciph, key, keylen);
+       }
+
+BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms)
+       {
+       CMS_EncryptedData *enc = cms->d.encryptedData;
+       if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs)
+               enc->version = 2;
+       return cms_EncryptedContent_init_bio(enc->encryptedContentInfo);
+       }
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
new file mode 100644 (file)
index 0000000..d499ae8
--- /dev/null
@@ -0,0 +1,825 @@
+/* crypto/cms/cms_env.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/rand.h>
+#include <openssl/aes.h>
+#include "cms_lcl.h"
+
+/* CMS EnvelopedData Utilities */
+
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ITEM(CMS_RecipientInfo)
+DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
+
+DECLARE_STACK_OF(CMS_RecipientInfo)
+
+static CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
+       {
+       if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped)
+               {
+               CMSerr(CMS_F_CMS_GET0_ENVELOPED,
+                               CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
+               return NULL;
+               }
+       return cms->d.envelopedData;
+       }
+
+static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
+       {
+       if (cms->d.other == NULL)
+               {
+               cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
+               if (!cms->d.envelopedData)
+                       {
+                       CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT,
+                                                       ERR_R_MALLOC_FAILURE);
+                       return NULL;
+                       }
+               cms->d.envelopedData->version = 0;
+               cms->d.envelopedData->encryptedContentInfo->contentType =
+                                               OBJ_nid2obj(NID_pkcs7_data);
+               ASN1_OBJECT_free(cms->contentType);
+               cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
+               return cms->d.envelopedData;
+               }
+       return cms_get0_enveloped(cms);
+       }
+
+STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
+       {
+       CMS_EnvelopedData *env;
+       env = cms_get0_enveloped(cms);
+       if (!env)
+               return NULL;
+       return env->recipientInfos;
+       }
+
+int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
+       {
+       return ri->type;
+       }
+
+CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
+       {
+       CMS_ContentInfo *cms;
+       CMS_EnvelopedData *env;
+       cms = CMS_ContentInfo_new();
+       if (!cms)
+               goto merr;
+       env = cms_enveloped_data_init(cms);
+       if (!env)
+               goto merr;
+       if (!cms_EncryptedContent_init(env->encryptedContentInfo,
+                                       cipher, NULL, 0))
+               goto merr;
+       return cms;
+       merr:
+       if (cms)
+               CMS_ContentInfo_free(cms);
+       CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
+       return NULL;
+       }
+
+/* Key Transport Recipient Info (KTRI) routines */
+
+/* Add a recipient certificate. For now only handle key transport.
+ * If we ever handle key agreement will need updating.
+ */
+
+CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
+                                       X509 *recip, unsigned int flags)
+       {
+       CMS_RecipientInfo *ri = NULL;
+       CMS_KeyTransRecipientInfo *ktri;
+       CMS_EnvelopedData *env;
+       EVP_PKEY *pk = NULL;
+       int type;
+       env = cms_get0_enveloped(cms);
+       if (!env)
+               goto err;
+
+       /* Initialize recipient info */
+       ri = M_ASN1_new_of(CMS_RecipientInfo);
+       if (!ri)
+               goto merr;
+
+       /* Initialize and add key transport recipient info */
+
+       ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
+       if (!ri->d.ktri)
+               goto merr;
+       ri->type = CMS_RECIPINFO_TRANS;
+
+       ktri = ri->d.ktri;
+
+       X509_check_purpose(recip, -1, -1);
+       pk = X509_get_pubkey(recip);
+       if (!pk)
+               {
+               CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
+                               CMS_R_ERROR_GETTING_PUBLIC_KEY);
+               goto err;
+               }
+       CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
+       ktri->pkey = pk;
+       ktri->recip = recip;
+
+       if (flags & CMS_USE_KEYID)
+               {
+               ktri->version = 2;
+               type = CMS_RECIPINFO_KEYIDENTIFIER;
+               }
+       else
+               {
+               ktri->version = 0;
+               type = CMS_RECIPINFO_ISSUER_SERIAL;
+               }
+
+       /* Not a typo: RecipientIdentifier and SignerIdentifier are the
+        * same structure.
+        */
+
+       if (!cms_set1_SignerIdentifier(ktri->rid, recip, type))
+               goto err;
+
+       /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8,
+        * hard code algorithm parameters.
+        */
+
+       if (pk->type == EVP_PKEY_RSA)
+               {
+               X509_ALGOR_set0(ktri->keyEncryptionAlgorithm,
+                                       OBJ_nid2obj(NID_rsaEncryption), 
+                                       V_ASN1_NULL, 0);
+               }
+       else
+               {
+               CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
+                               CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+               goto err;
+               }
+
+       if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
+               goto merr;
+
+       return ri;
+
+       merr:
+       CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
+       err:
+       if (ri)
+               M_ASN1_free_of(ri, CMS_RecipientInfo);
+       return NULL;
+
+       }
+
+int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
+                                       EVP_PKEY **pk, X509 **recip,
+                                       X509_ALGOR **palg)
+       {
+       CMS_KeyTransRecipientInfo *ktri;
+       if (ri->type != CMS_RECIPINFO_TRANS)
+               {
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
+                       CMS_R_NOT_KEY_TRANSPORT);
+               return 0;
+               }
+
+       ktri = ri->d.ktri;
+
+       if (pk)
+               *pk = ktri->pkey;
+       if (recip)
+               *recip = ktri->recip;
+       if (palg)
+               *palg = ktri->keyEncryptionAlgorithm;
+       return 1;
+       }
+
+int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
+                                       ASN1_OCTET_STRING **keyid,
+                                       X509_NAME **issuer, ASN1_INTEGER **sno)
+       {
+       CMS_KeyTransRecipientInfo *ktri;
+       if (ri->type != CMS_RECIPINFO_TRANS)
+               {
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
+                       CMS_R_NOT_KEY_TRANSPORT);
+               return 0;
+               }
+       ktri = ri->d.ktri;
+
+       return cms_SignerIdentifier_get0_signer_id(ktri->rid,
+                                                       keyid, issuer, sno);
+       }
+
+int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
+       {
+       if (ri->type != CMS_RECIPINFO_TRANS)
+               {
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
+                       CMS_R_NOT_KEY_TRANSPORT);
+               return -2;
+               }
+       return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
+       }
+
+int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
+       {
+       if (ri->type != CMS_RECIPINFO_TRANS)
+               {
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY,
+                       CMS_R_NOT_KEY_TRANSPORT);
+               return 0;
+               }
+       ri->d.ktri->pkey = pkey;
+       return 1;
+       }
+
+/* Encrypt content key in key transport recipient info */
+
+static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
+                                       CMS_RecipientInfo *ri)
+       {
+       CMS_KeyTransRecipientInfo *ktri;
+       CMS_EncryptedContentInfo *ec;
+       unsigned char *ek = NULL;
+       int eklen;
+
+       int ret = 0;
+
+       if (ri->type != CMS_RECIPINFO_TRANS)
+               {
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
+                       CMS_R_NOT_KEY_TRANSPORT);
+               return 0;
+               }
+       ktri = ri->d.ktri;
+       ec = cms->d.envelopedData->encryptedContentInfo;
+
+       eklen = EVP_PKEY_size(ktri->pkey);
+
+       ek = OPENSSL_malloc(eklen);
+
+       if (ek == NULL)
+               {
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
+                                                       ERR_R_MALLOC_FAILURE);
+               goto err;
+               }
+
+       eklen = EVP_PKEY_encrypt(ek, ec->key, ec->keylen, ktri->pkey);
+
+       if (eklen <= 0)
+               goto err;
+
+       ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
+       ek = NULL;
+
+       ret = 1;
+
+       err:
+       if (ek)
+               OPENSSL_free(ek);
+       return ret;
+
+       }
+
+/* Decrypt content key from KTRI */
+
+static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
+                                                       CMS_RecipientInfo *ri)
+       {
+       CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
+       unsigned char *ek = NULL;
+       int eklen;
+       int ret = 0;
+
+       if (ktri->pkey == NULL)
+               {
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
+                       CMS_R_NO_PRIVATE_KEY);
+               return 0;
+               }
+
+       eklen = EVP_PKEY_size(ktri->pkey);
+
+       ek = OPENSSL_malloc(eklen);
+
+       if (ek == NULL)
+               {
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
+                                                       ERR_R_MALLOC_FAILURE);
+               goto err;
+               }
+
+       eklen = EVP_PKEY_decrypt(ek, 
+                               ktri->encryptedKey->data,
+                               ktri->encryptedKey->length, ktri->pkey);
+       if (eklen <= 0)
+               {
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
+               goto err;
+               }
+
+       ret = 1;
+
+       cms->d.envelopedData->encryptedContentInfo->key = ek;
+       cms->d.envelopedData->encryptedContentInfo->keylen = eklen;
+
+       err:
+       if (!ret && ek)
+               OPENSSL_free(ek);
+
+       return ret;
+       }
+
+/* Key Encrypted Key (KEK) RecipientInfo routines */
+
+int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, 
+                                       const unsigned char *id, size_t idlen)
+       {
+       ASN1_OCTET_STRING tmp_os;
+       CMS_KEKRecipientInfo *kekri;
+       if (ri->type != CMS_RECIPINFO_KEK)
+               {
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK);
+               return -2;
+               }
+       kekri = ri->d.kekri;
+       tmp_os.type = V_ASN1_OCTET_STRING;
+       tmp_os.flags = 0;
+       tmp_os.data = (unsigned char *)id;
+       tmp_os.length = (int)idlen;
+       return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
+       }
+
+/* For now hard code AES key wrap info */
+
+static size_t aes_wrap_keylen(int nid)
+       {
+       switch (nid)
+               {
+               case NID_id_aes128_wrap:
+               return 16;
+
+               case NID_id_aes192_wrap:
+               return  24;
+
+               case NID_id_aes256_wrap:
+               return  32;
+
+               default:
+               return 0;
+               }
+       }
+
+CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
+                                       unsigned char *key, size_t keylen,
+                                       unsigned char *id, size_t idlen,
+                                       ASN1_GENERALIZEDTIME *date,
+                                       ASN1_OBJECT *otherTypeId,
+                                       ASN1_TYPE *otherType)
+       {
+       CMS_RecipientInfo *ri = NULL;
+       CMS_EnvelopedData *env;
+       CMS_KEKRecipientInfo *kekri;
+       env = cms_get0_enveloped(cms);
+       if (!env)
+               goto err;
+
+       if (nid == NID_undef)
+               {
+               switch (keylen)
+                       {
+                       case 16:
+                       nid = NID_id_aes128_wrap;
+                       break;
+
+                       case  24:
+                       nid = NID_id_aes192_wrap;
+                       break;
+
+                       case  32:
+                       nid = NID_id_aes256_wrap;
+                       break;
+
+                       default:
+                       CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
+                                               CMS_R_INVALID_KEY_LENGTH);
+                       goto err;
+                       }
+
+               }
+       else
+               {
+
+               size_t exp_keylen = aes_wrap_keylen(nid);
+
+               if (!exp_keylen)
+                       {
+                       CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
+                                       CMS_R_UNSUPPORTED_KEK_ALGORITHM);
+                       goto err;
+                       }
+
+               if (keylen != exp_keylen)
+                       {
+                       CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
+                                       CMS_R_INVALID_KEY_LENGTH);
+                       goto err;
+                       }
+
+               }
+
+       /* Initialize recipient info */
+       ri = M_ASN1_new_of(CMS_RecipientInfo);
+       if (!ri)
+               goto merr;
+
+       ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
+       if (!ri->d.kekri)
+               goto merr;
+       ri->type = CMS_RECIPINFO_KEK;
+
+       kekri = ri->d.kekri;
+
+       if (otherTypeId)
+               {
+               kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
+               if (kekri->kekid->other == NULL)
+                       goto merr;
+               }
+
+       if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
+               goto merr;
+
+
+       /* After this point no calls can fail */
+
+       kekri->version = 4;
+
+       kekri->key = key;
+       kekri->keylen = keylen;
+
+       ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
+
+       kekri->kekid->date = date;
+
+       if (kekri->kekid->other)
+               {
+               kekri->kekid->other->keyAttrId = otherTypeId;
+               kekri->kekid->other->keyAttr = otherType;
+               }
+
+       X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
+                               OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
+
+       return ri;
+
+       merr:
+       CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
+       err:
+       if (ri)
+               M_ASN1_free_of(ri, CMS_RecipientInfo);
+       return NULL;
+
+       }
+
+int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
+                                       X509_ALGOR **palg,
+                                       ASN1_OCTET_STRING **pid,
+                                       ASN1_GENERALIZEDTIME **pdate,
+                                       ASN1_OBJECT **potherid,
+                                       ASN1_TYPE **pothertype)
+       {
+       CMS_KEKIdentifier *rkid;
+       if (ri->type != CMS_RECIPINFO_KEK)
+               {
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK);
+               return 0;
+               }
+       rkid =  ri->d.kekri->kekid;
+       if (palg)
+               *palg = ri->d.kekri->keyEncryptionAlgorithm;
+       if (pid)
+               *pid = rkid->keyIdentifier;
+       if (pdate)
+               *pdate = rkid->date;
+       if (potherid)
+               {
+               if (rkid->other)
+                       *potherid = rkid->other->keyAttrId;
+               else
+                       *potherid = NULL;
+               }
+       if (pothertype)
+               {
+               if (rkid->other)
+                       *pothertype = rkid->other->keyAttr;
+               else
+                       *pothertype = NULL;
+               }
+       return 1;
+       }
+
+int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, 
+                               unsigned char *key, size_t keylen)
+       {
+       CMS_KEKRecipientInfo *kekri;
+       if (ri->type != CMS_RECIPINFO_KEK)
+               {
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK);
+               return 0;
+               }
+
+       kekri = ri->d.kekri;
+       kekri->key = key;
+       kekri->keylen = keylen;
+       return 1;
+       }
+
+
+/* Encrypt content key in KEK recipient info */
+
+static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
+                                       CMS_RecipientInfo *ri)
+       {
+       CMS_EncryptedContentInfo *ec;
+       CMS_KEKRecipientInfo *kekri;
+       AES_KEY actx;
+       unsigned char *wkey = NULL;
+       int wkeylen;
+       int r = 0;
+
+       ec = cms->d.envelopedData->encryptedContentInfo;
+
+       kekri = ri->d.kekri;
+
+       if (!kekri->key)
+               {
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY);
+               return 0;
+               }
+
+       if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx))
+               { 
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
+                                               CMS_R_ERROR_SETTING_KEY);
+               goto err;
+               }
+
+       wkey = OPENSSL_malloc(ec->keylen + 8);
+
+       if (!wkey)
+               { 
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
+                                               ERR_R_MALLOC_FAILURE);
+               goto err;
+               }
+
+       wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
+
+       if (wkeylen <= 0)
+               {
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
+               goto err;
+               }
+
+       ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
+
+       r = 1;
+
+       err:
+
+       if (!r && wkey)
+               OPENSSL_free(wkey);
+       OPENSSL_cleanse(&actx, sizeof(actx));
+
+       return r;
+
+       }
+
+/* Decrypt content key in KEK recipient info */
+
+static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
+                                       CMS_RecipientInfo *ri)
+       {
+       CMS_EncryptedContentInfo *ec;
+       CMS_KEKRecipientInfo *kekri;
+       AES_KEY actx;
+       unsigned char *ukey = NULL;
+       int ukeylen;
+       int r = 0, wrap_nid;
+
+       ec = cms->d.envelopedData->encryptedContentInfo;
+
+       kekri = ri->d.kekri;
+
+       if (!kekri->key)
+               {
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY);
+               return 0;
+               }
+
+       wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
+       if (aes_wrap_keylen(wrap_nid) != kekri->keylen)
+               {
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
+                       CMS_R_INVALID_KEY_LENGTH);
+               return 0;
+               }
+
+       /* If encrypted key length is invalid don't bother */
+
+       if (kekri->encryptedKey->length < 16)
+               { 
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
+                                       CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
+               goto err;
+               }
+
+       if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx))
+               { 
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
+                                               CMS_R_ERROR_SETTING_KEY);
+               goto err;
+               }
+
+       ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
+
+       if (!ukey)
+               { 
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
+                                               ERR_R_MALLOC_FAILURE);
+               goto err;
+               }
+
+       ukeylen = AES_unwrap_key(&actx, NULL, ukey,
+                                       kekri->encryptedKey->data,
+                                       kekri->encryptedKey->length);
+
+       if (ukeylen <= 0)
+               {
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
+                                                       CMS_R_UNWRAP_ERROR);
+               goto err;
+               }
+
+       ec->key = ukey;
+       ec->keylen = ukeylen;
+
+       r = 1;
+
+       err:
+
+       if (!r && ukey)
+               OPENSSL_free(ukey);
+       OPENSSL_cleanse(&actx, sizeof(actx));
+
+       return r;
+
+       }
+
+int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
+       {
+       switch(ri->type)
+               {
+               case CMS_RECIPINFO_TRANS:
+               return cms_RecipientInfo_ktri_decrypt(cms, ri);
+
+               case CMS_RECIPINFO_KEK:
+               return cms_RecipientInfo_kekri_decrypt(cms, ri);
+
+               default:
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
+                       CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
+               return 0;
+               }
+       }
+
+BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
+       {
+       CMS_EncryptedContentInfo *ec;
+       STACK_OF(CMS_RecipientInfo) *rinfos;
+       CMS_RecipientInfo *ri;
+       int i, r, ok = 0;
+       BIO *ret;
+
+       /* Get BIO first to set up key */
+
+       ec = cms->d.envelopedData->encryptedContentInfo;
+       ret = cms_EncryptedContent_init_bio(ec);
+
+       /* If error or no cipher end of processing */
+
+       if (!ret || !ec->cipher)
+               return ret;
+
+       /* Now encrypt content key according to each RecipientInfo type */
+
+       rinfos = cms->d.envelopedData->recipientInfos;
+
+       for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++)
+               {
+               ri = sk_CMS_RecipientInfo_value(rinfos, i);
+
+               switch (ri->type)
+                       {
+                       case CMS_RECIPINFO_TRANS:
+                       r = cms_RecipientInfo_ktri_encrypt(cms, ri);
+                       break;
+
+                       case CMS_RECIPINFO_KEK:
+                       r = cms_RecipientInfo_kekri_encrypt(cms, ri);
+                       break;
+
+                       default:
+                       CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
+                               CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
+                       goto err;
+                       }
+
+               if (r <= 0)
+                       {
+                       CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
+                               CMS_R_ERROR_SETTING_RECIPIENTINFO);
+                       goto err;
+                       }
+               }
+
+       ok = 1;
+
+       err:
+       ec->cipher = NULL;
+       if (ec->key)
+               {
+               OPENSSL_cleanse(ec->key, ec->keylen);
+               OPENSSL_free(ec->key);
+               ec->key = NULL;
+               ec->keylen = 0;
+               }
+       if (ok)
+               return ret;
+       BIO_free(ret);
+       return NULL;
+
+       }
diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c
new file mode 100644 (file)
index 0000000..52fa539
--- /dev/null
@@ -0,0 +1,236 @@
+/* crypto/cms/cms_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CMS,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason)
+
+static ERR_STRING_DATA CMS_str_functs[]=
+       {
+{ERR_FUNC(CMS_F_CHECK_CONTENT),        "CHECK_CONTENT"},
+{ERR_FUNC(CMS_F_CMS_ADD0_CERT),        "CMS_add0_cert"},
+{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY),       "CMS_add0_recipient_key"},
+{ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST),      "CMS_add1_ReceiptRequest"},
+{ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT),      "CMS_add1_recipient_cert"},
+{ERR_FUNC(CMS_F_CMS_ADD1_SIGNER),      "CMS_add1_signer"},
+{ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"},
+{ERR_FUNC(CMS_F_CMS_COMPRESS), "CMS_compress"},
+{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE),    "cms_CompressedData_create"},
+{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO),  "cms_CompressedData_init_bio"},
+{ERR_FUNC(CMS_F_CMS_COPY_CONTENT),     "CMS_COPY_CONTENT"},
+{ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST),       "CMS_COPY_MESSAGEDIGEST"},
+{ERR_FUNC(CMS_F_CMS_DATA),     "CMS_data"},
+{ERR_FUNC(CMS_F_CMS_DATAFINAL),        "CMS_dataFinal"},
+{ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"},
+{ERR_FUNC(CMS_F_CMS_DECRYPT),  "CMS_decrypt"},
+{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY), "CMS_decrypt_set1_key"},
+{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY),        "CMS_decrypt_set1_pkey"},
+{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX), "cms_DigestAlgorithm_find_ctx"},
+{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO), "cms_DigestAlgorithm_init_bio"},
+{ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL),    "cms_DigestedData_do_final"},
+{ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY),    "CMS_digest_verify"},
+{ERR_FUNC(CMS_F_CMS_ENCODE_RECEIPT),   "cms_encode_Receipt"},
+{ERR_FUNC(CMS_F_CMS_ENCRYPT),  "CMS_encrypt"},
+{ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO),        "cms_EncryptedContent_init_bio"},
+{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT),    "CMS_EncryptedData_decrypt"},
+{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT),    "CMS_EncryptedData_encrypt"},
+{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY),   "CMS_EncryptedData_set1_key"},
+{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE),     "CMS_EnvelopedData_create"},
+{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO),   "cms_EnvelopedData_init_bio"},
+{ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT),      "CMS_ENVELOPED_DATA_INIT"},
+{ERR_FUNC(CMS_F_CMS_FINAL),    "CMS_final"},
+{ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES), "CMS_GET0_CERTIFICATE_CHOICES"},
+{ERR_FUNC(CMS_F_CMS_GET0_CONTENT),     "CMS_get0_content"},
+{ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE),       "CMS_GET0_ECONTENT_TYPE"},
+{ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED),   "CMS_GET0_ENVELOPED"},
+{ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES),  "CMS_GET0_REVOCATION_CHOICES"},
+{ERR_FUNC(CMS_F_CMS_GET0_SIGNED),      "CMS_GET0_SIGNED"},
+{ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1),        "cms_msgSigDigest_add1"},
+{ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0),   "CMS_ReceiptRequest_create0"},
+{ERR_FUNC(CMS_F_CMS_RECEIPT_VERIFY),   "cms_Receipt_verify"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT),    "CMS_RecipientInfo_decrypt"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT),      "CMS_RECIPIENTINFO_KEKRI_DECRYPT"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT),      "CMS_RECIPIENTINFO_KEKRI_ENCRYPT"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID),      "CMS_RecipientInfo_kekri_get0_id"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP),       "CMS_RecipientInfo_kekri_id_cmp"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP),      "CMS_RecipientInfo_ktri_cert_cmp"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT),       "CMS_RECIPIENTINFO_KTRI_DECRYPT"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT),       "CMS_RECIPIENTINFO_KTRI_ENCRYPT"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS),     "CMS_RecipientInfo_ktri_get0_algs"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID),        "CMS_RecipientInfo_ktri_get0_signer_id"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY),   "CMS_RecipientInfo_set0_key"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY),  "CMS_RecipientInfo_set0_pkey"},
+{ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER),    "cms_set1_SignerIdentifier"},
+{ERR_FUNC(CMS_F_CMS_SET_DETACHED),     "CMS_set_detached"},
+{ERR_FUNC(CMS_F_CMS_SIGN),     "CMS_sign"},
+{ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "CMS_SIGNED_DATA_INIT"},
+{ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN),  "CMS_SIGNERINFO_CONTENT_SIGN"},
+{ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN),  "CMS_SignerInfo_sign"},
+{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY),        "CMS_SignerInfo_verify"},
+{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT),   "CMS_SIGNERINFO_VERIFY_CERT"},
+{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT),        "CMS_SignerInfo_verify_content"},
+{ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT),     "CMS_sign_receipt"},
+{ERR_FUNC(CMS_F_CMS_STREAM),   "CMS_STREAM"},
+{ERR_FUNC(CMS_F_CMS_UNCOMPRESS),       "CMS_uncompress"},
+{ERR_FUNC(CMS_F_CMS_VERIFY),   "CMS_verify"},
+{0,NULL}
+       };
+
+static ERR_STRING_DATA CMS_str_reasons[]=
+       {
+{ERR_REASON(CMS_R_ADD_SIGNER_ERROR)      ,"add signer error"},
+{ERR_REASON(CMS_R_CERTIFICATE_ALREADY_PRESENT),"certificate already present"},
+{ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID),"certificate has no keyid"},
+{ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
+{ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR),"cipher initialisation error"},
+{ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),"cipher parameter initialisation error"},
+{ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR)   ,"cms datafinal error"},
+{ERR_REASON(CMS_R_CMS_LIB)               ,"cms lib"},
+{ERR_REASON(CMS_R_CONTENTIDENTIFIER_MISMATCH),"contentidentifier mismatch"},
+{ERR_REASON(CMS_R_CONTENT_NOT_FOUND)     ,"content not found"},
+{ERR_REASON(CMS_R_CONTENT_TYPE_MISMATCH) ,"content type mismatch"},
+{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),"content type not compressed data"},
+{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),"content type not enveloped data"},
+{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),"content type not signed data"},
+{ERR_REASON(CMS_R_CONTENT_VERIFY_ERROR)  ,"content verify error"},
+{ERR_REASON(CMS_R_CTRL_ERROR)            ,"ctrl error"},
+{ERR_REASON(CMS_R_CTRL_FAILURE)          ,"ctrl failure"},
+{ERR_REASON(CMS_R_DECRYPT_ERROR)         ,"decrypt error"},
+{ERR_REASON(CMS_R_DIGEST_ERROR)          ,"digest error"},
+{ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY),"error getting public key"},
+{ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),"error reading messagedigest attribute"},
+{ERR_REASON(CMS_R_ERROR_SETTING_KEY)     ,"error setting key"},
+{ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO),"error setting recipientinfo"},
+{ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),"invalid encrypted key length"},
+{ERR_REASON(CMS_R_INVALID_KEY_LENGTH)    ,"invalid key length"},
+{ERR_REASON(CMS_R_MD_BIO_INIT_ERROR)     ,"md bio init error"},
+{ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),"messagedigest attribute wrong length"},
+{ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH),"messagedigest wrong length"},
+{ERR_REASON(CMS_R_MSGSIGDIGEST_ERROR)    ,"msgsigdigest error"},
+{ERR_REASON(CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),"msgsigdigest verification failure"},
+{ERR_REASON(CMS_R_MSGSIGDIGEST_WRONG_LENGTH),"msgsigdigest wrong length"},
+{ERR_REASON(CMS_R_NEED_ONE_SIGNER)       ,"need one signer"},
+{ERR_REASON(CMS_R_NOT_A_SIGNED_RECEIPT)  ,"not a signed receipt"},
+{ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA)    ,"not encrypted data"},
+{ERR_REASON(CMS_R_NOT_KEK)               ,"not kek"},
+{ERR_REASON(CMS_R_NOT_KEY_TRANSPORT)     ,"not key transport"},
+{ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"not supported for this key type"},
+{ERR_REASON(CMS_R_NO_CIPHER)             ,"no cipher"},
+{ERR_REASON(CMS_R_NO_CONTENT)            ,"no content"},
+{ERR_REASON(CMS_R_NO_CONTENT_TYPE)       ,"no content type"},
+{ERR_REASON(CMS_R_NO_DEFAULT_DIGEST)     ,"no default digest"},
+{ERR_REASON(CMS_R_NO_DIGEST_SET)         ,"no digest set"},
+{ERR_REASON(CMS_R_NO_KEY)                ,"no key"},
+{ERR_REASON(CMS_R_NO_KEY_OR_CERT)        ,"no key or cert"},
+{ERR_REASON(CMS_R_NO_MATCHING_DIGEST)    ,"no matching digest"},
+{ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT) ,"no matching recipient"},
+{ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE) ,"no matching signature"},
+{ERR_REASON(CMS_R_NO_MSGSIGDIGEST)       ,"no msgsigdigest"},
+{ERR_REASON(CMS_R_NO_PRIVATE_KEY)        ,"no private key"},
+{ERR_REASON(CMS_R_NO_PUBLIC_KEY)         ,"no public key"},
+{ERR_REASON(CMS_R_NO_RECEIPT_REQUEST)    ,"no receipt request"},
+{ERR_REASON(CMS_R_NO_SIGNERS)            ,"no signers"},
+{ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
+{ERR_REASON(CMS_R_RECEIPT_DECODE_ERROR)  ,"receipt decode error"},
+{ERR_REASON(CMS_R_RECIPIENT_ERROR)       ,"recipient error"},
+{ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
+{ERR_REASON(CMS_R_SIGNFINAL_ERROR)       ,"signfinal error"},
+{ERR_REASON(CMS_R_SMIME_TEXT_ERROR)      ,"smime text error"},
+{ERR_REASON(CMS_R_STORE_INIT_ERROR)      ,"store init error"},
+{ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA),"type not compressed data"},
+{ERR_REASON(CMS_R_TYPE_NOT_DATA)         ,"type not data"},
+{ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA),"type not digested data"},
+{ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA),"type not encrypted data"},
+{ERR_REASON(CMS_R_TYPE_NOT_ENVELOPED_DATA),"type not enveloped data"},
+{ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT),"unable to finalize context"},
+{ERR_REASON(CMS_R_UNKNOWN_CIPHER)        ,"unknown cipher"},
+{ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM),"unknown digest algorihm"},
+{ERR_REASON(CMS_R_UNKNOWN_ID)            ,"unknown id"},
+{ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
+{ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"},
+{ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM),"unsupported kek algorithm"},
+{ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE),"unsupported recipient type"},
+{ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE),"unsupported recpientinfo type"},
+{ERR_REASON(CMS_R_UNSUPPORTED_TYPE)      ,"unsupported type"},
+{ERR_REASON(CMS_R_UNWRAP_ERROR)          ,"unwrap error"},
+{ERR_REASON(CMS_R_VERIFICATION_FAILURE)  ,"verification failure"},
+{ERR_REASON(CMS_R_WRAP_ERROR)            ,"wrap error"},
+{0,NULL}
+       };
+
+#endif
+
+void ERR_load_CMS_strings(void)
+       {
+#ifndef OPENSSL_NO_ERR
+
+       if (ERR_func_error_string(CMS_str_functs[0].error) == NULL)
+               {
+               ERR_load_strings(0,CMS_str_functs);
+               ERR_load_strings(0,CMS_str_reasons);
+               }
+#endif
+       }
diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c
new file mode 100644 (file)
index 0000000..ed34ff3
--- /dev/null
@@ -0,0 +1,420 @@
+/* crypto/cms/cms_ess.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
+DECLARE_ASN1_ITEM(CMS_Receipt)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ReceiptRequest)
+
+/* ESS services: for now just Signed Receipt related */
+
+int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
+       {
+       ASN1_STRING *str;
+       CMS_ReceiptRequest *rr = NULL;
+       if (prr)
+               *prr = NULL;
+       str = CMS_signed_get0_data_by_OBJ(si,
+                               OBJ_nid2obj(NID_id_smime_aa_receiptRequest),
+                                       -3, V_ASN1_SEQUENCE);
+       if (!str)
+               return 0;
+
+       rr = ASN1_item_unpack(str, ASN1_ITEM_rptr(CMS_ReceiptRequest));
+       if (!rr)
+               return -1;
+       if (prr)
+               *prr = rr;
+       else
+               CMS_ReceiptRequest_free(rr);
+       return 1;
+       }
+
+CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
+                               int allorfirst,
+                               STACK_OF(GENERAL_NAMES) *receiptList,
+                               STACK_OF(GENERAL_NAMES) *receiptsTo)
+       {
+       CMS_ReceiptRequest *rr = NULL;
+
+       rr = CMS_ReceiptRequest_new();
+       if (!rr)
+               goto merr;
+       if (id)
+               ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen);
+       else
+               {
+               if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
+                       goto merr;
+               if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32) 
+                                       <= 0)
+                       goto err;
+               }
+
+       sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free);
+       rr->receiptsTo = receiptsTo;
+
+       if (receiptList)
+               {
+               rr->receiptsFrom->type = 1;
+               rr->receiptsFrom->d.receiptList = receiptList;
+               }
+       else
+               {
+               rr->receiptsFrom->type = 0;
+               rr->receiptsFrom->d.allOrFirstTier = allorfirst;
+               }
+
+       return rr;
+
+       merr:
+       CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE);
+
+       err:
+       if (rr)
+               CMS_ReceiptRequest_free(rr);
+
+       return NULL;
+       
+       }
+
+int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
+       {
+       unsigned char *rrder = NULL;
+       int rrderlen, r = 0;
+
+       rrderlen = i2d_CMS_ReceiptRequest(rr, &rrder);
+       if (rrderlen < 0)
+               goto merr;
+
+       if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest,
+                                       V_ASN1_SEQUENCE, rrder, rrderlen))
+               goto merr;
+
+       r = 1;
+
+       merr:
+       if (!r)
+               CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE);
+
+       if (rrder)
+               OPENSSL_free(rrder);
+
+       return r;
+       
+       }
+
+void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
+                                       ASN1_STRING **pcid,
+                                       int *pallorfirst,
+                                       STACK_OF(GENERAL_NAMES) **plist,
+                                       STACK_OF(GENERAL_NAMES) **prto)
+       {
+       if (pcid)
+               *pcid = rr->signedContentIdentifier;
+       if (rr->receiptsFrom->type == 0)
+               {
+               if (pallorfirst)
+                       *pallorfirst = (int)rr->receiptsFrom->d.allOrFirstTier;
+               if (plist)
+                       *plist = NULL;
+               }
+       else
+               {
+               if (pallorfirst)
+                       *pallorfirst = -1;
+               if (plist)
+                       *plist = rr->receiptsFrom->d.receiptList;
+               }
+       if (prto)
+               *prto = rr->receiptsTo;
+       }
+
+/* Digest a SignerInfo structure for msgSigDigest attribute processing */
+
+static int cms_msgSigDigest(CMS_SignerInfo *si,
+                               unsigned char *dig, unsigned int *diglen)
+       {
+       const EVP_MD *md;
+       md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
+       if (md == NULL)
+               return 0;
+       if (!ASN1_item_digest(ASN1_ITEM_rptr(CMS_Attributes_Verify), md,
+                                               si->signedAttrs, dig, diglen))
+               return 0;
+       return 1;
+       }
+
+/* Add a msgSigDigest attribute to a SignerInfo */
+
+int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src)
+       {
+       unsigned char dig[EVP_MAX_MD_SIZE];
+       unsigned int diglen;
+       if (!cms_msgSigDigest(src, dig, &diglen))
+               {
+               CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR);
+               return 0;
+               }
+       if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest,
+                                       V_ASN1_OCTET_STRING, dig, diglen))
+               {
+               CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, ERR_R_MALLOC_FAILURE);
+               return 0;
+               }
+       return 1;
+       }
+
+/* Verify signed receipt after it has already passed normal CMS verify */
+
+int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
+       {
+       int r = 0, i;
+       CMS_ReceiptRequest *rr = NULL;
+       CMS_Receipt *rct = NULL;
+       STACK_OF(CMS_SignerInfo) *sis, *osis;
+       CMS_SignerInfo *si, *osi = NULL;
+       ASN1_OCTET_STRING *msig, **pcont;
+       ASN1_OBJECT *octype;
+       unsigned char dig[EVP_MAX_MD_SIZE];
+       unsigned int diglen;
+
+       /* Get SignerInfos, also checks SignedData content type */
+       osis = CMS_get0_SignerInfos(req_cms);
+       sis = CMS_get0_SignerInfos(cms);
+       if (!osis || !sis)
+               goto err;
+
+       if (sk_CMS_SignerInfo_num(sis) != 1)
+               {
+               CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NEED_ONE_SIGNER);
+               goto err;
+               }
+
+       /* Check receipt content type */
+       if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt)
+               {
+               CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NOT_A_SIGNED_RECEIPT);
+               goto err;
+               }
+
+       /* Extract and decode receipt content */
+       pcont = CMS_get0_content(cms);
+       if (!pcont || !*pcont)
+               {
+               CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT);
+               goto err;
+               }
+
+       rct = ASN1_item_unpack(*pcont, ASN1_ITEM_rptr(CMS_Receipt));
+
+       if (!rct)       
+               {
+               CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_RECEIPT_DECODE_ERROR);
+               goto err;
+               }
+
+       /* Locate original request */
+
+       for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++)
+               {
+               osi = sk_CMS_SignerInfo_value(osis, i);
+               if (!ASN1_STRING_cmp(osi->signature,
+                                       rct->originatorSignatureValue))
+                       break;
+               }
+
+       if (i == sk_CMS_SignerInfo_num(osis))
+               {
+               CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MATCHING_SIGNATURE);
+               goto err;
+               }
+
+       si = sk_CMS_SignerInfo_value(sis, 0);
+
+       /* Get msgSigDigest value and compare */
+
+       msig = CMS_signed_get0_data_by_OBJ(si,
+                               OBJ_nid2obj(NID_id_smime_aa_msgSigDigest),
+                                       -3, V_ASN1_OCTET_STRING);
+
+       if (!msig)
+               {
+               CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MSGSIGDIGEST);
+               goto err;
+               }
+
+       if (!cms_msgSigDigest(osi, dig, &diglen))
+               {
+               CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_ERROR);
+               goto err;
+               }
+
+       if (diglen != (unsigned int)msig->length)
+                       {
+                       CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
+                               CMS_R_MSGSIGDIGEST_WRONG_LENGTH);
+                       goto err;
+                       }
+
+       if (memcmp(dig, msig->data, diglen))
+                       {
+                       CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
+                               CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE);
+                       goto err;
+                       }
+
+       /* Compare content types */
+
+       octype = CMS_signed_get0_data_by_OBJ(osi,
+                               OBJ_nid2obj(NID_pkcs9_contentType),
+                                       -3, V_ASN1_OBJECT);
+       if (!octype)
+               {
+               CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT_TYPE);
+               goto err;
+               }
+
+       /* Compare details in receipt request */
+
+       if (OBJ_cmp(octype, rct->contentType))
+               {
+               CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENT_TYPE_MISMATCH);
+               goto err;
+               }
+
+       /* Get original receipt request details */
+
+       if (!CMS_get1_ReceiptRequest(osi, &rr))
+               {
+               CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
+               goto err;
+               }
+
+       if (ASN1_STRING_cmp(rr->signedContentIdentifier,
+                                       rct->signedContentIdentifier))
+               {
+               CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
+                                       CMS_R_CONTENTIDENTIFIER_MISMATCH);
+               goto err;
+               }
+
+       r = 1;
+
+       err:
+       if (rr)
+               CMS_ReceiptRequest_free(rr);
+       if (rct)
+               M_ASN1_free_of(rct, CMS_Receipt);
+
+       return r;
+
+       }
+
+/* Encode a Receipt into an OCTET STRING read for including into content of
+ * a SignedData ContentInfo.
+ */
+
+ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
+       {
+       CMS_Receipt rct;
+       CMS_ReceiptRequest *rr = NULL;
+       ASN1_OBJECT *ctype;
+       ASN1_OCTET_STRING *os = NULL;
+
+       /* Get original receipt request */
+
+       /* Get original receipt request details */
+
+       if (!CMS_get1_ReceiptRequest(si, &rr))
+               {
+               CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
+               goto err;
+               }
+
+       /* Get original content type */
+
+       ctype = CMS_signed_get0_data_by_OBJ(si,
+                               OBJ_nid2obj(NID_pkcs9_contentType),
+                                       -3, V_ASN1_OBJECT);
+       if (!ctype)
+               {
+               CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_CONTENT_TYPE);
+               goto err;
+               }
+
+       rct.version = 1;
+       rct.contentType = ctype;
+       rct.signedContentIdentifier = rr->signedContentIdentifier;
+       rct.originatorSignatureValue = si->signature;
+
+       os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL);
+
+       err:
+       if (rr)
+               CMS_ReceiptRequest_free(rr);
+
+       return os;
+
+       }
+
+
diff --git a/crypto/cms/cms_io.c b/crypto/cms/cms_io.c
new file mode 100644 (file)
index 0000000..30f5ddf
--- /dev/null
@@ -0,0 +1,140 @@
+/* crypto/cms/cms_io.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include "cms.h"
+#include "cms_lcl.h"
+
+CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
+       {
+       return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
+       }
+
+int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms)
+       {
+       return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
+       }
+
+IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo)
+
+/* Callback for int_smime_write_ASN1 */
+
+static int cms_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+                                       const ASN1_ITEM *it)
+       {
+       CMS_ContentInfo *cms = (CMS_ContentInfo *)val;
+       BIO *tmpbio, *cmsbio;
+       int r = 0;
+
+       if (!(flags & SMIME_DETACHED))
+               {
+               SMIME_crlf_copy(data, out, flags);
+               return 1;
+               }
+
+       /* Let CMS code prepend any needed BIOs */
+
+       cmsbio = CMS_dataInit(cms, out);
+
+       if (!cmsbio)
+               return 0;
+
+       /* Copy data across, passing through filter BIOs for processing */
+       SMIME_crlf_copy(data, cmsbio, flags);
+
+       /* Finalize structure */
+       if (CMS_dataFinal(cms, cmsbio) <= 0)
+               goto err;
+
+       r = 1;
+
+       err:
+
+       /* Now remove any digests prepended to the BIO */
+
+       while (cmsbio != out)
+               {
+               tmpbio = BIO_pop(cmsbio);
+               BIO_free(cmsbio);
+               cmsbio = tmpbio;
+               }
+
+       return 1;
+
+       }
+
+
+int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
+       {
+       STACK_OF(X509_ALGOR) *mdalgs;
+       int ctype_nid = OBJ_obj2nid(cms->contentType);
+       int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms));
+       if (ctype_nid == NID_pkcs7_signed)
+               mdalgs = cms->d.signedData->digestAlgorithms;
+       else
+               mdalgs = NULL;
+
+       return int_smime_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags,
+                                       ctype_nid, econt_nid, mdalgs,
+                                       cms_output_data,
+                                       ASN1_ITEM_rptr(CMS_ContentInfo));       
+       }
+
+CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont)
+       {
+       return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont,
+                                       ASN1_ITEM_rptr(CMS_ContentInfo));
+       }
diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h
new file mode 100644 (file)
index 0000000..7d60fac
--- /dev/null
@@ -0,0 +1,460 @@
+/* crypto/cms/cms_lcl.h */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#ifndef HEADER_CMS_LCL_H
+#define HEADER_CMS_LCL_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <openssl/x509.h>
+
+/* Cryptographic message syntax (CMS) structures: taken
+ * from RFC3852
+ */
+
+/* Forward references */
+
+typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber;
+typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo;
+typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier;
+typedef struct CMS_SignedData_st CMS_SignedData;
+typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat;
+typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo;
+typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo;
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
+typedef struct CMS_DigestedData_st CMS_DigestedData;
+typedef struct CMS_EncryptedData_st CMS_EncryptedData;
+typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData;
+typedef struct CMS_CompressedData_st CMS_CompressedData;
+typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat;
+typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo;
+typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
+typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
+typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
+typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
+typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
+typedef struct CMS_KeyAgreeRecipientIdentifier_st CMS_KeyAgreeRecipientIdentifier;
+typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
+typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
+typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
+typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
+typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo;
+typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom;
+
+struct CMS_ContentInfo_st
+       {
+       ASN1_OBJECT *contentType;
+       union   {
+               ASN1_OCTET_STRING *data;
+               CMS_SignedData *signedData;
+               CMS_EnvelopedData *envelopedData;
+               CMS_DigestedData *digestedData;
+               CMS_EncryptedData *encryptedData;
+               CMS_AuthenticatedData *authenticatedData;
+               CMS_CompressedData *compressedData;
+               ASN1_TYPE *other;
+               /* Other types ... */
+               void *otherData;
+               } d;
+       };
+
+struct CMS_SignedData_st
+       {
+       long version;
+       STACK_OF(X509_ALGOR) *digestAlgorithms;
+       CMS_EncapsulatedContentInfo *encapContentInfo;
+       STACK_OF(CMS_CertificateChoices) *certificates;
+       STACK_OF(CMS_RevocationInfoChoice) *crls;
+       STACK_OF(CMS_SignerInfo) *signerInfos;
+       };
+struct CMS_EncapsulatedContentInfo_st
+       {
+       ASN1_OBJECT *eContentType;
+       ASN1_OCTET_STRING *eContent;
+       /* Set to 1 if incomplete structure only part set up */
+       int partial;
+       };
+
+struct CMS_SignerInfo_st
+       {
+       long version;
+       CMS_SignerIdentifier *sid;
+       X509_ALGOR *digestAlgorithm;
+       STACK_OF(X509_ATTRIBUTE) *signedAttrs;
+       X509_ALGOR *signatureAlgorithm;
+       ASN1_OCTET_STRING *signature;
+       STACK_OF(X509_ATTRIBUTE) *unsignedAttrs;
+       /* Signing certificate and key */
+       X509 *signer;
+       EVP_PKEY *pkey;
+       };
+
+struct CMS_SignerIdentifier_st
+       {
+       int type;
+       union   {
+               CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
+               ASN1_OCTET_STRING *subjectKeyIdentifier;
+               } d;
+       };
+
+struct CMS_EnvelopedData_st
+       {
+       long version;
+       CMS_OriginatorInfo *originatorInfo;
+       STACK_OF(CMS_RecipientInfo) *recipientInfos;
+       CMS_EncryptedContentInfo *encryptedContentInfo;
+       STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
+       };
+
+struct CMS_OriginatorInfo_st
+       {
+       STACK_OF(CMS_CertificateChoices) *certificates;
+       STACK_OF(CMS_RevocationInfoChoice) *crls;
+       };
+
+struct CMS_EncryptedContentInfo_st
+       {
+       ASN1_OBJECT *contentType;
+       X509_ALGOR *contentEncryptionAlgorithm;
+       ASN1_OCTET_STRING *encryptedContent;
+       /* Content encryption algorithm and key */
+       const EVP_CIPHER *cipher;
+       unsigned char *key;
+       size_t keylen;
+       };
+
+struct CMS_RecipientInfo_st
+       {
+       int type;
+       union   {
+               CMS_KeyTransRecipientInfo *ktri;
+               CMS_KeyAgreeRecipientInfo *kari;
+               CMS_KEKRecipientInfo *kekri;
+               CMS_PasswordRecipientInfo *pwri;
+               CMS_OtherRecipientInfo *ori;
+               } d;
+       };
+
+typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
+
+struct CMS_KeyTransRecipientInfo_st
+       {
+       long version;
+       CMS_RecipientIdentifier *rid;
+       X509_ALGOR *keyEncryptionAlgorithm;
+       ASN1_OCTET_STRING *encryptedKey;
+       /* Recipient Key and cert */
+       X509 *recip;
+       EVP_PKEY *pkey;
+       };
+
+struct CMS_KeyAgreeRecipientInfo_st
+       {
+       long version;
+       CMS_OriginatorIdentifierOrKey *originator;
+       ASN1_OCTET_STRING *ukm;
+       X509_ALGOR *keyEncryptionAlgorithm;
+       STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys;
+       };
+
+struct CMS_OriginatorIdentifierOrKey_st
+       {
+       int type;
+       union   {
+               CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
+               ASN1_OCTET_STRING *subjectKeyIdentifier;
+               CMS_OriginatorPublicKey *originatorKey;
+               } d;
+       };
+
+struct CMS_OriginatorPublicKey_st
+       {
+       X509_ALGOR *algorithm;
+       ASN1_BIT_STRING *publicKey;
+       };
+
+struct CMS_RecipientEncryptedKey_st
+       {
+       CMS_KeyAgreeRecipientIdentifier *rid;
+       ASN1_OCTET_STRING *encryptedKey;
+       };
+
+struct CMS_KeyAgreeRecipientIdentifier_st
+       {
+       int type;
+       union   {
+               CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
+               CMS_RecipientKeyIdentifier *rKeyId;
+               } d;
+       };
+
+struct CMS_RecipientKeyIdentifier_st
+       {
+       ASN1_OCTET_STRING *subjectKeyIdentifier;
+       ASN1_GENERALIZEDTIME *date;
+       CMS_OtherKeyAttribute *other;
+       };
+
+struct CMS_KEKRecipientInfo_st
+       {
+       long version;
+       CMS_KEKIdentifier *kekid;
+       X509_ALGOR *keyEncryptionAlgorithm;
+       ASN1_OCTET_STRING *encryptedKey;
+       /* Extra info: symmetric key to use */
+       unsigned char *key;
+       size_t keylen;
+       };
+
+struct CMS_KEKIdentifier_st
+       {
+       ASN1_OCTET_STRING *keyIdentifier;
+       ASN1_GENERALIZEDTIME *date;
+       CMS_OtherKeyAttribute *other;
+       };
+
+struct CMS_PasswordRecipientInfo_st
+       {
+       long version;
+       X509_ALGOR *keyDerivationAlgorithm;
+       X509_ALGOR *keyEncryptionAlgorithm;
+       ASN1_OCTET_STRING *encryptedKey;
+       };
+
+struct CMS_OtherRecipientInfo_st
+       {
+       ASN1_OBJECT *oriType;
+       ASN1_TYPE *oriValue;
+       };
+
+struct CMS_DigestedData_st
+       {
+       long version;
+       X509_ALGOR *digestAlgorithm;
+       CMS_EncapsulatedContentInfo *encapContentInfo;
+       ASN1_OCTET_STRING *digest;
+       };
+
+struct CMS_EncryptedData_st
+       {
+       long version;
+       CMS_EncryptedContentInfo *encryptedContentInfo;
+       STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
+       };
+
+struct CMS_AuthenticatedData_st
+       {
+       long version;
+       CMS_OriginatorInfo *originatorInfo;
+       STACK_OF(CMS_RecipientInfo) *recipientInfos;
+       X509_ALGOR *macAlgorithm;
+       X509_ALGOR *digestAlgorithm;
+       CMS_EncapsulatedContentInfo *encapContentInfo;
+       STACK_OF(X509_ATTRIBUTE) *authAttrs;
+       ASN1_OCTET_STRING *mac;
+       STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
+       };
+
+struct CMS_CompressedData_st
+       {
+       long version;
+       X509_ALGOR *compressionAlgorithm;
+       STACK_OF(CMS_RecipientInfo) *recipientInfos;
+       CMS_EncapsulatedContentInfo *encapContentInfo;
+       };
+
+struct CMS_RevocationInfoChoice_st
+       {
+       int type;
+       union   {
+               X509_CRL *crl;
+               CMS_OtherRevocationInfoFormat *other;
+               } d;
+       };
+
+#define CMS_REVCHOICE_CRL              0
+#define CMS_REVCHOICE_OTHER            1
+
+struct CMS_OtherRevocationInfoFormat_st
+       {
+       ASN1_OBJECT *otherRevInfoFormat;
+       ASN1_TYPE *otherRevInfo;
+       };
+
+struct CMS_CertificateChoices
+       {
+       int type;
+               union {
+               X509 *certificate;
+               ASN1_STRING *extendedCertificate;       /* Obsolete */
+               ASN1_STRING *v1AttrCert;        /* Left encoded for now */
+               ASN1_STRING *v2AttrCert;        /* Left encoded for now */
+               CMS_OtherCertificateFormat *other;
+               } d;
+       };
+
+#define CMS_CERTCHOICE_CERT            0
+#define CMS_CERTCHOICE_EXCERT          1
+#define CMS_CERTCHOICE_V1ACERT         2
+#define CMS_CERTCHOICE_V2ACERT         3
+#define CMS_CERTCHOICE_OTHER           4
+
+struct CMS_OtherCertificateFormat_st
+       {
+       ASN1_OBJECT *otherCertFormat;
+       ASN1_TYPE *otherCert;
+       };
+
+/* This is also defined in pkcs7.h but we duplicate it
+ * to allow the CMS code to be independent of PKCS#7
+ */
+
+struct CMS_IssuerAndSerialNumber_st
+       {
+       X509_NAME *issuer;
+       ASN1_INTEGER *serialNumber;
+       };
+
+struct CMS_OtherKeyAttribute_st
+       {
+       ASN1_OBJECT *keyAttrId;
+       ASN1_TYPE *keyAttr;
+       };
+
+/* ESS structures */
+
+#ifdef HEADER_X509V3_H
+
+struct CMS_ReceiptRequest_st
+       {
+       ASN1_OCTET_STRING *signedContentIdentifier;
+       CMS_ReceiptsFrom *receiptsFrom;
+       STACK_OF(GENERAL_NAMES) *receiptsTo;
+       };
+
+
+struct CMS_ReceiptsFrom_st
+       {
+       int type;
+       union
+               {
+               long allOrFirstTier;
+               STACK_OF(GENERAL_NAMES) *receiptList;
+               } d;
+       };
+#endif
+
+struct CMS_Receipt_st
+       {
+       long version;
+       ASN1_OBJECT *contentType;
+       ASN1_OCTET_STRING *signedContentIdentifier;
+       ASN1_OCTET_STRING *originatorSignatureValue;
+       };
+
+DECLARE_ASN1_ITEM(CMS_SignerInfo)
+DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
+DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
+DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber)
+
+#define CMS_SIGNERINFO_ISSUER_SERIAL   0
+#define CMS_SIGNERINFO_KEYIDENTIFIER   1
+
+#define CMS_RECIPINFO_ISSUER_SERIAL    0
+#define CMS_RECIPINFO_KEYIDENTIFIER    1
+
+BIO *cms_content_bio(CMS_ContentInfo *cms);
+
+CMS_ContentInfo *cms_Data_create(void);
+
+CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md);
+BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms);
+int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify);
+
+BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms);
+int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain);
+int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type);
+int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
+                                       ASN1_OCTET_STRING **keyid,
+                                       X509_NAME **issuer, ASN1_INTEGER **sno);
+int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
+
+CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
+BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms);
+
+void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md);
+BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
+int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
+                                       X509_ALGOR *mdalg);
+
+BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec);
+BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms);
+int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, 
+                               const EVP_CIPHER *cipher,
+                               const unsigned char *key, size_t keylen);
+
+int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms);
+int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src);
+ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si);
+
+BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
+       
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
new file mode 100644 (file)
index 0000000..8e6c1d2
--- /dev/null
@@ -0,0 +1,623 @@
+/* crypto/cms/cms_lib.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include "cms.h"
+#include "cms_lcl.h"
+
+IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ContentInfo)
+
+DECLARE_ASN1_ITEM(CMS_CertificateChoices)
+DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
+DECLARE_STACK_OF(CMS_CertificateChoices)
+DECLARE_STACK_OF(CMS_RevocationInfoChoice)
+
+const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms)
+       {
+       return cms->contentType;
+       }
+
+CMS_ContentInfo *cms_Data_create(void)
+       {
+       CMS_ContentInfo *cms;
+       cms = CMS_ContentInfo_new();
+       if (cms)
+               {
+               cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
+               /* Never detached */
+               CMS_set_detached(cms, 0);
+               }
+       return cms;
+       }
+
+BIO *cms_content_bio(CMS_ContentInfo *cms)
+       {
+       ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+       if (!pos)
+               return NULL;
+       /* If content detached data goes nowhere: create NULL BIO */
+       if (!*pos)
+               return BIO_new(BIO_s_null());
+       /* If content not detached and created return memory BIO
+        */
+       if (!*pos || ((*pos)->flags == ASN1_STRING_FLAG_CONT))
+               return BIO_new(BIO_s_mem());
+       /* Else content was read in: return read only BIO for it */
+       return BIO_new_mem_buf((*pos)->data, (*pos)->length);
+       }
+
+BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
+       {
+       BIO *cmsbio, *cont;
+       if (icont)
+               cont = icont;
+       else
+               cont = cms_content_bio(cms);
+       if (!cont)
+               {
+               CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT);
+               return NULL;
+               }
+       switch (OBJ_obj2nid(cms->contentType))
+               {
+
+               case NID_pkcs7_data:
+               return cont;
+
+               case NID_pkcs7_signed:
+               cmsbio = cms_SignedData_init_bio(cms);
+               break;
+
+               case NID_pkcs7_digest:
+               cmsbio = cms_DigestedData_init_bio(cms);
+               break;
+#ifdef ZLIB
+               case NID_id_smime_ct_compressedData:
+               cmsbio = cms_CompressedData_init_bio(cms);
+               break;
+#endif
+
+               case NID_pkcs7_encrypted:
+               cmsbio = cms_EncryptedData_init_bio(cms);
+               break;
+
+               case NID_pkcs7_enveloped:
+               cmsbio = cms_EnvelopedData_init_bio(cms);
+               break;
+
+               default:
+               CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
+               return NULL;
+               }
+
+       if (cmsbio)
+               return BIO_push(cmsbio, cont);
+
+       if (!icont)
+               BIO_free(cont);
+       return NULL;
+
+       }
+
+int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
+       {
+       ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+       if (!pos)
+               return 0;
+       /* If ebmedded content find memory BIO and set content */
+       if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT))
+               {
+               BIO *mbio;
+               unsigned char *cont;
+               long contlen;
+               mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM);
+               if (!mbio)
+                       {
+                       CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND);
+                       return 0;
+                       }
+               contlen = BIO_get_mem_data(mbio, &cont);
+               /* Set bio as read only so its content can't be clobbered */
+               BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY);
+               BIO_set_mem_eof_return(mbio, 0);
+               ASN1_STRING_set0(*pos, cont, contlen);
+               (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
+               }
+
+       switch (OBJ_obj2nid(cms->contentType))
+               {
+
+               case NID_pkcs7_data:
+               case NID_pkcs7_enveloped:
+               case NID_pkcs7_encrypted:
+               case NID_id_smime_ct_compressedData:
+               /* Nothing to do */
+               return 1;
+
+               case NID_pkcs7_signed:
+               return cms_SignedData_final(cms, cmsbio);
+
+               case NID_pkcs7_digest:
+               return cms_DigestedData_do_final(cms, cmsbio, 0);
+
+               default:
+               CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE);
+               return 0;
+               }
+       }
+
+/* Return an OCTET STRING pointer to content. This allows it to
+ * be accessed or set later.
+ */
+
+ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
+       {
+       switch (OBJ_obj2nid(cms->contentType))
+               {
+
+               case NID_pkcs7_data:
+               return &cms->d.data;
+
+               case NID_pkcs7_signed:
+               return &cms->d.signedData->encapContentInfo->eContent;
+
+               case NID_pkcs7_enveloped:
+               return &cms->d.envelopedData->encryptedContentInfo->encryptedContent;
+
+               case NID_pkcs7_digest:
+               return &cms->d.digestedData->encapContentInfo->eContent;
+
+               case NID_pkcs7_encrypted:
+               return &cms->d.encryptedData->encryptedContentInfo->encryptedContent;
+
+               case NID_id_smime_ct_authData:
+               return &cms->d.authenticatedData->encapContentInfo->eContent;
+
+               case NID_id_smime_ct_compressedData:
+               return &cms->d.compressedData->encapContentInfo->eContent;
+
+               default:
+               if (cms->d.other->type == V_ASN1_OCTET_STRING)
+                       return &cms->d.other->value.octet_string;
+               CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE);
+               return NULL;
+
+               }
+       }
+
+/* Return an ASN1_OBJECT pointer to content type. This allows it to
+ * be accessed or set later.
+ */
+
+static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms)
+       {
+       switch (OBJ_obj2nid(cms->contentType))
+               {
+
+               case NID_pkcs7_signed:
+               return &cms->d.signedData->encapContentInfo->eContentType;
+
+               case NID_pkcs7_enveloped:
+               return &cms->d.envelopedData->encryptedContentInfo->contentType;
+
+               case NID_pkcs7_digest:
+               return &cms->d.digestedData->encapContentInfo->eContentType;
+
+               case NID_pkcs7_encrypted:
+               return &cms->d.encryptedData->encryptedContentInfo->contentType;
+
+               case NID_id_smime_ct_authData:
+               return &cms->d.authenticatedData->encapContentInfo->eContentType;
+
+               case NID_id_smime_ct_compressedData:
+               return &cms->d.compressedData->encapContentInfo->eContentType;
+
+               default:
+               CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE,
+                                       CMS_R_UNSUPPORTED_CONTENT_TYPE);
+               return NULL;
+
+               }
+       }
+
+const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms)
+       {
+       ASN1_OBJECT **petype;
+       petype = cms_get0_econtent_type(cms);
+       if (petype)
+               return *petype;
+       return NULL;
+       }
+
+int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
+       {
+       ASN1_OBJECT **petype, *etype;
+       petype = cms_get0_econtent_type(cms);
+       if (!petype)
+               return 0;
+       if (!oid)
+               return 1;
+       etype = OBJ_dup(oid);
+       if (!etype)
+               return 0;
+       ASN1_OBJECT_free(*petype);
+       *petype = etype;
+       return 1;
+       }
+
+int CMS_is_detached(CMS_ContentInfo *cms)
+       {
+       ASN1_OCTET_STRING **pos;
+       pos = CMS_get0_content(cms);
+       if (!pos)
+               return -1;
+       if (*pos)
+               return 0;
+       return 1;
+       }
+
+int CMS_set_detached(CMS_ContentInfo *cms, int detached)
+       {
+       ASN1_OCTET_STRING **pos;
+       pos = CMS_get0_content(cms);
+       if (!pos)
+               return 0;
+       if (detached)
+               {
+               if (*pos)
+                       {
+                       ASN1_OCTET_STRING_free(*pos);
+                       *pos = NULL;
+                       }
+               return 1;
+               }
+       if (!*pos)
+               *pos = ASN1_OCTET_STRING_new();
+       if (*pos)
+               {
+               /* NB: special flag to show content is created and not
+                * read in.
+                */
+               (*pos)->flags |= ASN1_STRING_FLAG_CONT;
+               return 1;
+               }
+       CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE);
+       return 0;
+       }
+
+/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
+
+void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md)
+       {
+       int param_type;
+
+       switch (EVP_MD_type(md))
+               {
+               case NID_sha1:
+               case NID_sha224:
+               case NID_sha256:
+               case NID_sha384:
+               case NID_sha512:
+               param_type = V_ASN1_UNDEF;
+               break;
+       
+               default:
+               param_type = V_ASN1_NULL;
+               break;
+               }
+
+       X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
+
+       }
+
+/* Create a digest BIO from an X509_ALGOR structure */
+
+BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
+       {
+       BIO *mdbio = NULL;
+       ASN1_OBJECT *digestoid;
+       const EVP_MD *digest;
+       X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
+       digest = EVP_get_digestbyobj(digestoid);
+       if (!digest)
+               {
+               CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
+                               CMS_R_UNKNOWN_DIGEST_ALGORIHM);
+               goto err;       
+               }
+       mdbio = BIO_new(BIO_f_md());
+       if (!mdbio || !BIO_set_md(mdbio, digest))
+               {
+               CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
+                               CMS_R_MD_BIO_INIT_ERROR);
+               goto err;       
+               }
+       return mdbio;
+       err:
+       if (mdbio)
+               BIO_free(mdbio);
+       return NULL;
+       }
+
+/* Locate a message digest content from a BIO chain based on SignerInfo */
+
+int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
+                                       X509_ALGOR *mdalg)
+       {
+       int nid;
+       ASN1_OBJECT *mdoid;
+       X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
+       nid = OBJ_obj2nid(mdoid);
+       /* Look for digest type to match signature */
+       for (;;)
+               {
+               EVP_MD_CTX *mtmp;
+               chain = BIO_find_type(chain, BIO_TYPE_MD);
+               if (chain == NULL)
+                       {
+                       CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX,
+                                               CMS_R_NO_MATCHING_DIGEST);
+                       return 0;
+                       }
+               BIO_get_md_ctx(chain, &mtmp);
+               if (EVP_MD_CTX_type(mtmp) == nid)
+                       {
+                       EVP_MD_CTX_copy_ex(mctx, mtmp);
+                       return 1;
+                       }
+               chain = BIO_next(chain);
+               }
+       }
+
+static STACK_OF(CMS_CertificateChoices) **cms_get0_certificate_choices(CMS_ContentInfo *cms)
+       {
+       switch (OBJ_obj2nid(cms->contentType))
+               {
+
+               case NID_pkcs7_signed:
+               return &cms->d.signedData->certificates;
+
+               case NID_pkcs7_enveloped:
+               return &cms->d.envelopedData->originatorInfo->certificates;
+
+               default:
+               CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES,
+                                       CMS_R_UNSUPPORTED_CONTENT_TYPE);
+               return NULL;
+
+               }
+       }
+
+CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
+       {
+       STACK_OF(CMS_CertificateChoices) **pcerts;
+       CMS_CertificateChoices *cch;
+       pcerts = cms_get0_certificate_choices(cms);
+       if (!pcerts)
+               return NULL;
+       if (!*pcerts)
+               *pcerts = sk_CMS_CertificateChoices_new_null();
+       if (!*pcerts)
+               return NULL;
+       cch = M_ASN1_new_of(CMS_CertificateChoices);
+       if (!cch)
+               return NULL;
+       if (!sk_CMS_CertificateChoices_push(*pcerts, cch))
+               {
+               M_ASN1_free_of(cch, CMS_CertificateChoices);
+               return NULL;
+               }
+       return cch;
+       }
+
+int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
+       {
+       CMS_CertificateChoices *cch;
+       STACK_OF(CMS_CertificateChoices) **pcerts;
+       int i;
+       pcerts = cms_get0_certificate_choices(cms);
+       if (!pcerts)
+               return 0;
+       if (!pcerts)
+               return 0;
+       for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
+               {
+               cch = sk_CMS_CertificateChoices_value(*pcerts, i);
+               if (cch->type == CMS_CERTCHOICE_CERT)
+                       {
+                       if (!X509_cmp(cch->d.certificate, cert))
+                               {
+                               CMSerr(CMS_F_CMS_ADD0_CERT, 
+                                       CMS_R_CERTIFICATE_ALREADY_PRESENT);
+                               return 0;
+                               }
+                       }
+               }
+       cch = CMS_add0_CertificateChoices(cms);
+       if (!cch)
+               return 0;
+       cch->type = CMS_CERTCHOICE_CERT;
+       cch->d.certificate = cert;
+       return 1;
+       }
+
+int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
+       {
+       int r;
+       r = CMS_add0_cert(cms, cert);
+       if (r > 0)
+               CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+       return r;
+       }
+
+static STACK_OF(CMS_RevocationInfoChoice) **cms_get0_revocation_choices(CMS_ContentInfo *cms)
+       {
+       switch (OBJ_obj2nid(cms->contentType))
+               {
+
+               case NID_pkcs7_signed:
+               return &cms->d.signedData->crls;
+
+               case NID_pkcs7_enveloped:
+               return &cms->d.envelopedData->originatorInfo->crls;
+
+               default:
+               CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES,
+                                       CMS_R_UNSUPPORTED_CONTENT_TYPE);
+               return NULL;
+
+               }
+       }
+
+CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
+       {
+       STACK_OF(CMS_RevocationInfoChoice) **pcrls;
+       CMS_RevocationInfoChoice *rch;
+       pcrls = cms_get0_revocation_choices(cms);
+       if (!pcrls)
+               return NULL;
+       if (!*pcrls)
+               *pcrls = sk_CMS_RevocationInfoChoice_new_null();
+       if (!*pcrls)
+               return NULL;
+       rch = M_ASN1_new_of(CMS_RevocationInfoChoice);
+       if (!rch)
+               return NULL;
+       if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch))
+               {
+               M_ASN1_free_of(rch, CMS_RevocationInfoChoice);
+               return NULL;
+               }
+       return rch;
+       }
+
+int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
+       {
+       CMS_RevocationInfoChoice *rch;
+       rch = CMS_add0_RevocationInfoChoice(cms);
+       if (!rch)
+               return 0;
+       rch->type = CMS_REVCHOICE_CRL;
+       rch->d.crl = crl;
+       return 1;
+       }
+
+STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
+       {
+       STACK_OF(X509) *certs = NULL;
+       CMS_CertificateChoices *cch;
+       STACK_OF(CMS_CertificateChoices) **pcerts;
+       int i;
+       pcerts = cms_get0_certificate_choices(cms);
+       if (!pcerts)
+               return NULL;
+       for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
+               {
+               cch = sk_CMS_CertificateChoices_value(*pcerts, i);
+               if (cch->type == 0)
+                       {
+                       if (!certs)
+                               {
+                               certs = sk_X509_new_null();
+                               if (!certs)
+                                       return NULL;
+                               }
+                       if (!sk_X509_push(certs, cch->d.certificate))
+                               {
+                               sk_X509_pop_free(certs, X509_free);
+                               return NULL;
+                               }
+                       CRYPTO_add(&cch->d.certificate->references,
+                                               1, CRYPTO_LOCK_X509);
+                       }
+               }
+       return certs;
+
+       }
+
+STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
+       {
+       STACK_OF(X509_CRL) *crls = NULL;
+       STACK_OF(CMS_RevocationInfoChoice) **pcrls;
+       CMS_RevocationInfoChoice *rch;
+       int i;
+       pcrls = cms_get0_revocation_choices(cms);
+       if (!pcrls)
+               return NULL;
+       for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++)
+               {
+               rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
+               if (rch->type == 0)
+                       {
+                       if (!crls)
+                               {
+                               crls = sk_X509_CRL_new_null();
+                               if (!crls)
+                                       return NULL;
+                               }
+                       if (!sk_X509_CRL_push(crls, rch->d.crl))
+                               {
+                               sk_X509_CRL_pop_free(crls, X509_CRL_free);
+                               return NULL;
+                               }
+                       CRYPTO_add(&rch->d.crl->references,
+                                               1, CRYPTO_LOCK_X509_CRL);
+                       }
+               }
+       return crls;
+       }
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
new file mode 100644 (file)
index 0000000..591bfbe
--- /dev/null
@@ -0,0 +1,1014 @@
+/* crypto/cms/cms_sd.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+/* CMS SignedData Utilities */
+
+DECLARE_ASN1_ITEM(CMS_SignedData)
+
+static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms)
+       {
+       if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed)
+               {
+               CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA);
+               return NULL;
+               }
+       return cms->d.signedData;
+       }
+
+static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
+       {
+       if (cms->d.other == NULL)
+               {
+               cms->d.signedData = M_ASN1_new_of(CMS_SignedData);
+               if (!cms->d.signedData)
+                       {
+                       CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE);
+                       return NULL;
+                       }
+               cms->d.signedData->version = 1;
+               cms->d.signedData->encapContentInfo->eContentType =
+                                               OBJ_nid2obj(NID_pkcs7_data);
+               cms->d.signedData->encapContentInfo->partial = 1;
+               ASN1_OBJECT_free(cms->contentType);
+               cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);
+               return cms->d.signedData;
+               }
+       return cms_get0_signed(cms);
+       }
+
+/* Just initialize SignedData e.g. for certs only structure */
+
+int CMS_SignedData_init(CMS_ContentInfo *cms)
+       {
+       if (cms_signed_data_init(cms))
+               return 1;
+       else
+               return 0;
+       }
+
+/* Check structures and fixup version numbers (if necessary) */
+
+static void cms_sd_set_version(CMS_SignedData *sd)
+       {
+       int i;
+       CMS_CertificateChoices *cch;
+       CMS_RevocationInfoChoice *rch;
+       CMS_SignerInfo *si;
+
+       for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++)
+               {
+               cch = sk_CMS_CertificateChoices_value(sd->certificates, i);
+               if (cch->type == CMS_CERTCHOICE_OTHER)
+                       {
+                       if (sd->version < 5)
+                               sd->version = 5;
+                       }
+               else if (cch->type == CMS_CERTCHOICE_V2ACERT)
+                       {
+                       if (sd->version < 4)
+                               sd->version = 4;
+                       }
+               else if (cch->type == CMS_CERTCHOICE_V1ACERT)
+                       {
+                       if (sd->version < 3)
+                               sd->version = 3;
+                       }
+               }
+
+       for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++)
+               {
+               rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i);
+               if (rch->type == CMS_REVCHOICE_OTHER)
+                       {
+                       if (sd->version < 5)
+                               sd->version = 5;
+                       }
+               }
+
+       if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data)
+                       && (sd->version < 3))
+               sd->version = 3;
+
+       for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++)
+               {
+               si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
+               if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
+                       {
+                       if (si->version < 3)
+                               si->version = 3;
+                       if (sd->version < 3)
+                               sd->version = 3;
+                       }
+               else
+                       sd->version = 1;
+               }
+
+       if (sd->version < 1)
+               sd->version = 1;
+
+       }
+       
+/* Copy an existing messageDigest value */
+
+static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
+       {
+       STACK_OF(CMS_SignerInfo) *sinfos;
+       CMS_SignerInfo *sitmp;
+       int i;
+       sinfos = CMS_get0_SignerInfos(cms);
+       for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
+               {
+               ASN1_OCTET_STRING *messageDigest;
+               sitmp = sk_CMS_SignerInfo_value(sinfos, i);
+               if (sitmp == si)
+                       continue;
+               if (CMS_signed_get_attr_count(sitmp) < 0)
+                       continue;
+               if (OBJ_cmp(si->digestAlgorithm->algorithm,
+                               sitmp->digestAlgorithm->algorithm))
+                       continue;
+               messageDigest = CMS_signed_get0_data_by_OBJ(sitmp,
+                                       OBJ_nid2obj(NID_pkcs9_messageDigest),
+                                       -3, V_ASN1_OCTET_STRING);
+               if (!messageDigest)
+                       {
+                       CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST,
+                               CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
+                       return 0;
+                       }
+
+               if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
+                                               V_ASN1_OCTET_STRING,
+                                               messageDigest, -1))
+                       return 1;
+               else
+                       return 0;
+               }
+               CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST);
+               return 0;
+       }
+
+int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
+       {
+       switch(type)
+               {
+               case CMS_SIGNERINFO_ISSUER_SERIAL:
+               sid->d.issuerAndSerialNumber =
+                       M_ASN1_new_of(CMS_IssuerAndSerialNumber);
+               if (!sid->d.issuerAndSerialNumber)
+                       goto merr;
+               if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer,
+                                       X509_get_issuer_name(cert)))
+                       goto merr;
+               ASN1_STRING_free(sid->d.issuerAndSerialNumber->serialNumber);
+               sid->d.issuerAndSerialNumber->serialNumber =
+                               ASN1_STRING_dup(X509_get_serialNumber(cert));
+               if(!sid->d.issuerAndSerialNumber->serialNumber)
+                       goto merr;
+               break;
+
+               case CMS_SIGNERINFO_KEYIDENTIFIER:
+               if (!cert->skid)
+                       {
+                       CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER,
+                                       CMS_R_CERTIFICATE_HAS_NO_KEYID);
+                       return 0;
+                       }
+               sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid);
+               if (!sid->d.subjectKeyIdentifier)
+                       goto merr;
+               break;
+
+               default:
+               CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID);
+               return 0;
+               }
+
+       sid->type = type;
+
+       return 1;
+
+       merr:
+       CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, ERR_R_MALLOC_FAILURE);
+       return 0;
+
+       }
+
+int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
+                                       ASN1_OCTET_STRING **keyid,
+                                       X509_NAME **issuer, ASN1_INTEGER **sno)
+       {
+       if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
+               {
+               if (issuer)
+                       *issuer = sid->d.issuerAndSerialNumber->issuer;
+               if (sno)
+                       *sno = sid->d.issuerAndSerialNumber->serialNumber;
+               }
+       else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
+               {
+               if (keyid)
+                       *keyid = sid->d.subjectKeyIdentifier;
+               }
+       else
+               return 0;
+       return 1;
+       }
+
+int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
+       {
+       int ret;
+       if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
+               {
+               ret = X509_NAME_cmp(sid->d.issuerAndSerialNumber->issuer,
+                                       X509_get_issuer_name(cert));
+               if (ret)
+                       return ret;
+               return ASN1_INTEGER_cmp(sid->d.issuerAndSerialNumber->serialNumber,
+                                       X509_get_serialNumber(cert));
+               }
+       else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
+               {
+               X509_check_purpose(cert, -1, -1);
+               if (!cert->skid)
+                       return -1;
+               return ASN1_OCTET_STRING_cmp(sid->d.subjectKeyIdentifier,
+                                                       cert->skid);
+               }
+       else
+               return -1;
+       }
+
+CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
+                       X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
+                       unsigned int flags)
+       {
+       CMS_SignedData *sd;
+       CMS_SignerInfo *si = NULL;
+       X509_ALGOR *alg;
+       int i, type;
+       if(!X509_check_private_key(signer, pk))
+               {
+               CMSerr(CMS_F_CMS_ADD1_SIGNER,
+                       CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+                return NULL;
+               }
+       sd = cms_signed_data_init(cms);
+       if (!sd)
+               goto err;
+       si = M_ASN1_new_of(CMS_SignerInfo);
+       if (!si)
+               goto merr;
+       X509_check_purpose(signer, -1, -1);
+
+       CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
+       CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
+
+       si->pkey = pk;
+       si->signer = signer;
+
+       if (flags & CMS_USE_KEYID)
+               {
+               si->version = 3;
+               if (sd->version < 3)
+                       sd->version = 3;
+               type = CMS_SIGNERINFO_KEYIDENTIFIER;
+               }
+       else
+               {
+               type = CMS_SIGNERINFO_ISSUER_SERIAL;
+               si->version = 1;
+               }
+
+       if (!cms_set1_SignerIdentifier(si->sid, signer, type))
+               goto err;
+
+       /* Since no EVP_PKEY_METHOD in 0.9.8 hard code SHA1 as default */
+       if (md == NULL)
+               md = EVP_sha1();
+
+       /* OpenSSL 0.9.8 only supports SHA1 with non-RSA keys */
+
+       if ((pk->type != EVP_PKEY_RSA) && (EVP_MD_type(md) != NID_sha1))
+               {
+               CMSerr(CMS_F_CMS_ADD1_SIGNER,
+                               CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+               goto err;
+               }
+
+       cms_DigestAlgorithm_set(si->digestAlgorithm, md);
+
+       /* See if digest is present in digestAlgorithms */
+       for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++)
+               {
+               ASN1_OBJECT *aoid;
+               alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
+               X509_ALGOR_get0(&aoid, NULL, NULL, alg);
+               if (OBJ_obj2nid(aoid) == EVP_MD_type(md))
+                       break;
+               }
+
+       if (i == sk_X509_ALGOR_num(sd->digestAlgorithms))
+               {
+               alg = X509_ALGOR_new();
+               if (!alg)
+                       goto merr;
+               cms_DigestAlgorithm_set(alg, md);
+               if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg))
+                       {
+                       X509_ALGOR_free(alg);
+                       goto merr;
+                       }
+               }
+
+       /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8,
+        * hard code algorithm parameters.
+        */
+
+       switch (pk->type)
+               {
+
+               case EVP_PKEY_RSA:
+               X509_ALGOR_set0(si->signatureAlgorithm,
+                                       OBJ_nid2obj(NID_rsaEncryption),
+                                       V_ASN1_NULL, 0);
+               break;
+
+               case EVP_PKEY_DSA:
+               X509_ALGOR_set0(si->signatureAlgorithm,
+                                       OBJ_nid2obj(NID_dsaWithSHA1),
+                                       V_ASN1_UNDEF, 0);
+               break;
+
+
+               case EVP_PKEY_EC:
+               X509_ALGOR_set0(si->signatureAlgorithm,
+                                       OBJ_nid2obj(NID_ecdsa_with_SHA1),
+                                       V_ASN1_UNDEF, 0);
+               break;
+
+               default:
+               CMSerr(CMS_F_CMS_ADD1_SIGNER,
+                               CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+               goto err;
+
+               }
+
+       if (!(flags & CMS_NOATTR))
+               {
+               /* Initialialize signed attributes strutucture so other
+                * attributes such as signing time etc are added later
+                * even if we add none here.
+                */
+               if (!si->signedAttrs)
+                       {
+                       si->signedAttrs = sk_X509_ATTRIBUTE_new_null();
+                       if (!si->signedAttrs)
+                               goto merr;
+                       }
+
+               if (!(flags & CMS_NOSMIMECAP))
+                       {
+                       STACK_OF(X509_ALGOR) *smcap = NULL;
+                       i = CMS_add_standard_smimecap(&smcap);
+                       if (i)
+                               i = CMS_add_smimecap(si, smcap);
+                       sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+                       if (!i)
+                               goto merr;
+                       }
+               if (flags & CMS_REUSE_DIGEST)
+                       {
+                       if (!cms_copy_messageDigest(cms, si))
+                               goto err;
+                       if (!(flags & CMS_PARTIAL) &&
+                                       !CMS_SignerInfo_sign(si))
+                               goto err;
+                       }
+               }
+
+       if (!(flags & CMS_NOCERTS))
+               {
+               /* NB ignore -1 return for duplicate cert */
+               if (!CMS_add1_cert(cms, signer))
+                       goto merr;
+               }
+
+       if (!sd->signerInfos)
+               sd->signerInfos = sk_CMS_SignerInfo_new_null();
+       if (!sd->signerInfos ||
+               !sk_CMS_SignerInfo_push(sd->signerInfos, si))
+               goto merr;
+
+       return si;
+
+       merr:
+       CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
+       err:
+       if (si)
+               M_ASN1_free_of(si, CMS_SignerInfo);
+       return NULL;
+
+       }
+
+static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
+       {
+       ASN1_TIME *tt;
+       int r = 0;
+       if (t)
+               tt = t;
+       else
+               tt = X509_gmtime_adj(NULL, 0);
+
+       if (!tt)
+               goto merr;
+
+       if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime,
+                                               tt->type, tt, -1) <= 0)
+               goto merr;
+
+       r = 1;
+
+       merr:
+
+       if (!t)
+               ASN1_TIME_free(tt);
+
+       if (!r)
+               CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE);
+
+       return r;
+
+       }
+
+STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms)
+       {
+       CMS_SignedData *sd;
+       sd = cms_get0_signed(cms);
+       if (!sd)
+               return NULL;
+       return sd->signerInfos;
+       }
+
+STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms)
+       {
+       STACK_OF(X509) *signers = NULL;
+       STACK_OF(CMS_SignerInfo) *sinfos;
+       CMS_SignerInfo *si;
+       int i;
+       sinfos = CMS_get0_SignerInfos(cms);
+       for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
+               {
+               si = sk_CMS_SignerInfo_value(sinfos, i);
+               if (si->signer)
+                       {
+                       if (!signers)
+                               {
+                               signers = sk_X509_new_null();
+                               if (!signers)
+                                       return NULL;
+                               }
+                       if (!sk_X509_push(signers, si->signer))
+                               {
+                               sk_X509_free(signers);
+                               return NULL;
+                               }
+                       }
+               }
+       return signers;
+       }
+
+void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
+       {
+       if (signer)
+               {
+               CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
+               if (si->pkey)
+                       EVP_PKEY_free(si->pkey);
+               si->pkey = X509_get_pubkey(signer);
+               }
+       if (si->signer)
+               X509_free(si->signer);
+       si->signer = signer;
+       }
+
+int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
+                                       ASN1_OCTET_STRING **keyid,
+                                       X509_NAME **issuer, ASN1_INTEGER **sno)
+       {
+       return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno);
+       }
+
+int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert)
+       {
+       return cms_SignerIdentifier_cert_cmp(si->sid, cert);
+       }
+
+int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
+                               unsigned int flags)
+       {
+       CMS_SignedData *sd;
+       CMS_SignerInfo *si;
+       CMS_CertificateChoices *cch;
+       STACK_OF(CMS_CertificateChoices) *certs;
+       X509 *x;
+       int i, j;
+       int ret = 0;
+       sd = cms_get0_signed(cms);
+       if (!sd)
+               return -1;
+       certs = sd->certificates;
+       for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++)
+               {
+               si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
+               if (si->signer)
+                       continue;
+
+               for (j = 0; j < sk_X509_num(scerts); j++)
+                       {
+                       x = sk_X509_value(scerts, j);
+                       if (CMS_SignerInfo_cert_cmp(si, x) == 0)
+                               {
+                               CMS_SignerInfo_set1_signer_cert(si, x);
+                               ret++;
+                               break;
+                               }
+                       }
+
+               if (si->signer || (flags & CMS_NOINTERN))
+                       continue;
+
+               for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++)
+                       {
+                       cch = sk_CMS_CertificateChoices_value(certs, j);
+                       if (cch->type != 0)
+                               continue;
+                       x = cch->d.certificate;
+                       if (CMS_SignerInfo_cert_cmp(si, x) == 0)
+                               {
+                               CMS_SignerInfo_set1_signer_cert(si, x);
+                               ret++;
+                               break;
+                               }
+                       }
+               }
+       return ret;
+       }
+
+void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
+                                       X509_ALGOR **pdig, X509_ALGOR **psig)
+       {
+       if (pk)
+               *pk = si->pkey;
+       if (signer)
+               *signer = si->signer;
+       if (pdig)
+               *pdig = si->digestAlgorithm;
+       if (psig)
+               *psig = si->signatureAlgorithm;
+       }
+
+/* In OpenSSL 0.9.8 we have the link between digest types and public
+ * key types so we need to fixup the digest type if the public key
+ * type is not appropriate.
+ */
+
+static void cms_fixup_mctx(EVP_MD_CTX *mctx, EVP_PKEY *pkey)
+       {
+       if (EVP_MD_CTX_type(mctx) != NID_sha1)
+               return;
+#ifndef OPENSSL_NO_DSA
+       if (pkey->type == EVP_PKEY_DSA)
+               mctx->digest = EVP_dss1();      
+#endif
+#ifndef OPENSSL_NO_ECDSA
+       if (pkey->type == EVP_PKEY_EC)
+               mctx->digest = EVP_ecdsa();     
+#endif
+       }
+
+static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
+                                       CMS_SignerInfo *si, BIO *chain)
+       {
+       EVP_MD_CTX mctx;
+       int r = 0;
+       EVP_MD_CTX_init(&mctx);
+
+
+       if (!si->pkey)
+               {
+               CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY);
+               return 0;
+               }
+
+       if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
+               goto err;
+
+       /* If any signed attributes calculate and add messageDigest attribute */
+
+       if (CMS_signed_get_attr_count(si) >= 0)
+               {
+               ASN1_OBJECT *ctype =
+                       cms->d.signedData->encapContentInfo->eContentType; 
+               unsigned char md[EVP_MAX_MD_SIZE];
+               unsigned int mdlen;
+               EVP_DigestFinal_ex(&mctx, md, &mdlen);
+               if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
+                                               V_ASN1_OCTET_STRING,
+                                               md, mdlen))
+                       goto err;
+               /* Copy content type across */
+               if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
+                                       V_ASN1_OBJECT, ctype, -1) <= 0)
+                       goto err;
+               if (!CMS_SignerInfo_sign(si))
+                       goto err;
+               }
+       else
+               {
+               unsigned char *sig;
+               unsigned int siglen;
+               sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey));
+               if (!sig)
+                       {
+                       CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
+                                       ERR_R_MALLOC_FAILURE);
+                       goto err;
+                       }
+               cms_fixup_mctx(&mctx, si->pkey);
+               if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey))
+                       {
+                       CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
+                                       CMS_R_SIGNFINAL_ERROR);
+                       OPENSSL_free(sig);
+                       goto err;
+                       }
+               ASN1_STRING_set0(si->signature, sig, siglen);
+               }
+
+       r = 1;
+
+       err:
+       EVP_MD_CTX_cleanup(&mctx);
+       return r;
+
+       }
+
+int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
+       {
+       STACK_OF(CMS_SignerInfo) *sinfos;
+       CMS_SignerInfo *si;
+       int i;
+       sinfos = CMS_get0_SignerInfos(cms);
+       for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
+               {
+               si = sk_CMS_SignerInfo_value(sinfos, i);
+               if (!cms_SignerInfo_content_sign(cms, si, chain))
+                       return 0;
+               }
+       cms->d.signedData->encapContentInfo->partial = 0;
+       return 1;
+       }
+
+int CMS_SignerInfo_sign(CMS_SignerInfo *si)
+       {
+       EVP_MD_CTX mctx;
+       unsigned char *abuf = NULL;
+       int alen;
+       unsigned int siglen;
+       const EVP_MD *md = NULL;
+
+       md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
+       if (md == NULL)
+               return 0;
+
+       EVP_MD_CTX_init(&mctx);
+
+       if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0)
+               {
+               if (!cms_add1_signingTime(si, NULL))
+                       goto err;
+               }
+
+       if (EVP_SignInit_ex(&mctx, md, NULL) <= 0)
+               goto err;
+
+#if 0
+       if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+                               EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0)
+               {
+               CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
+               goto err;
+               }
+#endif
+
+       alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
+                               ASN1_ITEM_rptr(CMS_Attributes_Sign));
+       if(!abuf)
+               goto err;
+       if (EVP_SignUpdate(&mctx, abuf, alen) <= 0)
+               goto err;
+       siglen = EVP_PKEY_size(si->pkey);
+       OPENSSL_free(abuf);
+       abuf = OPENSSL_malloc(siglen);
+       if(!abuf)
+               goto err;
+       cms_fixup_mctx(&mctx, si->pkey);
+       if (EVP_SignFinal(&mctx, abuf, &siglen, si->pkey) <= 0)
+               goto err;
+#if 0
+       if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+                               EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0)
+               {
+               CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
+               goto err;
+               }
+#endif
+       EVP_MD_CTX_cleanup(&mctx);
+
+       ASN1_STRING_set0(si->signature, abuf, siglen);
+
+       return 1;
+
+       err:
+       if (abuf)
+               OPENSSL_free(abuf);
+       EVP_MD_CTX_cleanup(&mctx);
+       return 0;
+
+       }
+
+int CMS_SignerInfo_verify(CMS_SignerInfo *si)
+       {
+       EVP_MD_CTX mctx;
+       unsigned char *abuf = NULL;
+       int alen, r = -1;
+       const EVP_MD *md = NULL;
+
+       if (!si->pkey)
+               {
+               CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY);
+               return -1;
+               }
+
+       md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
+       if (md == NULL)
+               return -1;
+       EVP_MD_CTX_init(&mctx);
+       if (EVP_VerifyInit_ex(&mctx, md, NULL) <= 0)
+               goto err;
+
+       alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
+                               ASN1_ITEM_rptr(CMS_Attributes_Verify));
+       if(!abuf)
+               goto err;
+       r = EVP_VerifyUpdate(&mctx, abuf, alen);
+       OPENSSL_free(abuf);
+       if (r <= 0)
+               {
+               r = -1;
+               goto err;
+               }
+       cms_fixup_mctx(&mctx, si->pkey);
+       r = EVP_VerifyFinal(&mctx,
+                       si->signature->data, si->signature->length, si->pkey);
+       if (!r)
+               CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
+       err:
+       EVP_MD_CTX_cleanup(&mctx);
+       return r;
+       }
+
+/* Create a chain of digest BIOs from a CMS ContentInfo */
+
+BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms)
+       {
+       int i;
+       CMS_SignedData *sd;
+       BIO *chain = NULL;
+       sd = cms_get0_signed(cms);
+       if (!sd)
+               return NULL;
+       if (cms->d.signedData->encapContentInfo->partial)
+               cms_sd_set_version(sd);
+       for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++)
+               {
+               X509_ALGOR *digestAlgorithm;
+               BIO *mdbio;
+               digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
+               mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm);
+               if (!mdbio)
+                       goto err;       
+               if (chain)
+                        BIO_push(chain, mdbio);
+               else
+                       chain = mdbio;
+               }
+       return chain;
+       err:
+       if (chain)
+               BIO_free_all(chain);
+       return NULL;
+       }
+
+int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
+       {
+       ASN1_OCTET_STRING *os = NULL;
+       EVP_MD_CTX mctx;
+       int r = -1;
+       EVP_MD_CTX_init(&mctx);
+       /* If we have any signed attributes look for messageDigest value */
+       if (CMS_signed_get_attr_count(si) >= 0)
+               {
+               os = CMS_signed_get0_data_by_OBJ(si,
+                                       OBJ_nid2obj(NID_pkcs9_messageDigest),
+                                       -3, V_ASN1_OCTET_STRING);
+               if (!os)
+                       {
+                       CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+                               CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
+                       goto err;
+                       }
+               }
+
+       if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
+               goto err;
+
+       /* If messageDigest found compare it */
+
+       if (os)
+               {
+               unsigned char mval[EVP_MAX_MD_SIZE];
+               unsigned int mlen;
+               if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0)
+                       {
+                       CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+                               CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
+                       goto err;
+                       }
+               if (mlen != (unsigned int)os->length)
+                       {
+                       CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+                               CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
+                       goto err;
+                       }
+
+               if (memcmp(mval, os->data, mlen))
+                       {
+                       CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+                               CMS_R_VERIFICATION_FAILURE);
+                       r = 0;
+                       }
+               else
+                       r = 1;
+               }
+       else
+               {
+               cms_fixup_mctx(&mctx, si->pkey);
+               r = EVP_VerifyFinal(&mctx, si->signature->data,
+                                       si->signature->length, si->pkey);
+               if (r <= 0)
+                       {
+                       CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+                               CMS_R_VERIFICATION_FAILURE);
+                       r = 0;
+                       }
+               }
+
+       err:
+       EVP_MD_CTX_cleanup(&mctx);
+       return r;
+
+       }
+
+int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
+       {
+       unsigned char *smder = NULL;
+       int smderlen, r;
+       smderlen = i2d_X509_ALGORS(algs, &smder);
+       if (smderlen <= 0)
+               return 0;
+       r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities,
+                                       V_ASN1_SEQUENCE, smder, smderlen);
+       OPENSSL_free(smder);
+       return r;
+       }
+
+int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
+                               int algnid, int keysize)
+       {
+       X509_ALGOR *alg;
+       ASN1_INTEGER *key = NULL;
+       if (keysize > 0)
+               {
+               key = ASN1_INTEGER_new();
+               if (!key || !ASN1_INTEGER_set(key, keysize))
+                       return 0;
+               }
+       alg = X509_ALGOR_new();
+       if (!alg)
+               {
+               if (key)
+                       ASN1_INTEGER_free(key);
+               return 0;
+               }
+               
+       X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
+                               key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
+       if (!*algs)
+               *algs = sk_X509_ALGOR_new_null();
+       if (!*algs || !sk_X509_ALGOR_push(*algs, alg))
+               {
+               X509_ALGOR_free(alg);
+               return 0;
+               }
+       return 1;
+       }
+
+/* Check to see if a cipher exists and if so add S/MIME capabilities */
+
+static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
+       {
+       if (EVP_get_cipherbynid(nid))
+               return CMS_add_simple_smimecap(sk, nid, arg);
+       return 1;
+       }
+#if 0
+static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
+       {
+       if (EVP_get_digestbynid(nid))
+               return CMS_add_simple_smimecap(sk, nid, arg);
+       return 1;
+       }
+#endif
+int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
+       {
+       if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
+               || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
+               || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
+               || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
+               || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128)
+               || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64)
+               || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1)
+               || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40))
+               return 0;
+       return 1;
+       }
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
new file mode 100644 (file)
index 0000000..f79c504
--- /dev/null
@@ -0,0 +1,806 @@
+/* crypto/cms/cms_smime.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
+       {
+       unsigned char buf[4096];
+       int r = 0, i;
+       BIO *tmpout = NULL;
+
+       if (out == NULL)
+               tmpout = BIO_new(BIO_s_null());
+       else if (flags & CMS_TEXT)
+               tmpout = BIO_new(BIO_s_mem());
+       else
+               tmpout = out;
+
+       if(!tmpout)
+               {
+               CMSerr(CMS_F_CMS_COPY_CONTENT,ERR_R_MALLOC_FAILURE);
+               goto err;
+               }
+
+       /* Read all content through chain to process digest, decrypt etc */
+       for (;;)
+       {
+               i=BIO_read(in,buf,sizeof(buf));
+               if (i <= 0)
+                       {
+                       if (BIO_method_type(in) == BIO_TYPE_CIPHER)
+                               {
+                               if (!BIO_get_cipher_status(in))
+                                       goto err;
+                               }
+                       break;
+                       }
+                               
+               if (tmpout)
+                       BIO_write(tmpout, buf, i);
+       }
+
+       if(flags & CMS_TEXT)
+               {
+               if(!SMIME_text(tmpout, out))
+                       {
+                       CMSerr(CMS_F_CMS_COPY_CONTENT,CMS_R_SMIME_TEXT_ERROR);
+                       goto err;
+                       }
+               }
+
+       r = 1;
+
+       err:
+       if (tmpout && (tmpout != out))
+               BIO_free(tmpout);
+       return r;
+
+       }
+
+static int check_content(CMS_ContentInfo *cms)
+       {
+       ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+       if (!pos || !*pos)
+               {
+               CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT);
+               return 0;
+               }
+       return 1;
+       }
+
+static void do_free_upto(BIO *f, BIO *upto)
+       {
+       if (upto)
+               {
+               BIO *tbio;
+               do 
+                       {
+                       tbio = BIO_pop(f);
+                       BIO_free(f);
+                       f = tbio;
+                       }
+               while (f != upto);
+               }
+       else
+               BIO_free_all(f);
+       }
+
+int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
+       {
+       BIO *cont;
+       int r;
+       if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data)
+               {
+               CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA);
+               return 0;
+               }
+       cont = CMS_dataInit(cms, NULL);
+       if (!cont)
+               return 0;
+       r = cms_copy_content(out, cont, flags);
+       BIO_free_all(cont);
+       return r;
+       }
+
+CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
+       {
+       CMS_ContentInfo *cms;
+       cms = cms_Data_create();
+       if (!cms)
+               return NULL;
+
+       if (CMS_final(cms, in, NULL, flags))
+               return cms;
+
+       CMS_ContentInfo_free(cms);
+
+       return NULL;
+       }
+
+int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+                                                       unsigned int flags)
+       {
+       BIO *cont;
+       int r;
+       if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest)
+               {
+               CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA);
+               return 0;
+               }
+
+       if (!dcont && !check_content(cms))
+               return 0;
+
+       cont = CMS_dataInit(cms, dcont);
+       if (!cont)
+               return 0;
+       r = cms_copy_content(out, cont, flags);
+       if (r)
+               r = cms_DigestedData_do_final(cms, cont, 1);
+       do_free_upto(cont, dcont);
+       return r;
+       }
+
+CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
+                                       unsigned int flags)
+       {
+       CMS_ContentInfo *cms;
+       if (!md)
+               md = EVP_sha1();
+       cms = cms_DigestedData_create(md);
+       if (!cms)
+               return NULL;
+
+       if(!(flags & CMS_DETACHED))
+               {
+               flags &= ~CMS_STREAM;
+               CMS_set_detached(cms, 0);
+               }
+
+       if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
+               return cms;
+
+       CMS_ContentInfo_free(cms);
+       return NULL;
+       }
+
+int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
+                               const unsigned char *key, size_t keylen,
+                               BIO *dcont, BIO *out, unsigned int flags)
+       {
+       BIO *cont;
+       int r;
+       if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted)
+               {
+               CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
+                                       CMS_R_TYPE_NOT_ENCRYPTED_DATA);
+               return 0;
+               }
+
+       if (!dcont && !check_content(cms))
+               return 0;
+
+       if (CMS_EncryptedData_set1_key(cms, NULL, key, keylen) <= 0)
+               return 0;
+       cont = CMS_dataInit(cms, dcont);
+       if (!cont)
+               return 0;
+       r = cms_copy_content(out, cont, flags);
+       do_free_upto(cont, dcont);
+       return r;
+       }
+
+CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
+                                       const unsigned char *key, size_t keylen,
+                                       unsigned int flags)
+       {
+       CMS_ContentInfo *cms;
+       if (!cipher)
+               {
+               CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER);
+               return NULL;
+               }
+       cms = CMS_ContentInfo_new();
+       if (!cms)
+               return NULL;
+       if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
+               return NULL;
+
+       if(!(flags & CMS_DETACHED))
+               {
+               flags &= ~CMS_STREAM;
+               CMS_set_detached(cms, 0);
+               }
+
+       if ((flags & (CMS_STREAM|CMS_PARTIAL))
+               || CMS_final(cms, in, NULL, flags))
+               return cms;
+
+       CMS_ContentInfo_free(cms);
+       return NULL;
+       }
+
+static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
+                                       X509_STORE *store,
+                                       STACK_OF(X509) *certs,
+                                       STACK_OF(X509_CRL) *crls,
+                                       unsigned int flags)
+       {
+       X509_STORE_CTX ctx;
+       X509 *signer;
+       int i, j, r = 0;
+       CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
+       if (!X509_STORE_CTX_init(&ctx, store, signer, certs))
+               {
+               CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
+                                               CMS_R_STORE_INIT_ERROR);
+               goto err;
+               }
+       X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_SMIME_SIGN);
+       if (crls)
+               X509_STORE_CTX_set0_crls(&ctx, crls);
+
+       i = X509_verify_cert(&ctx);
+       if (i <= 0)
+               {
+               j = X509_STORE_CTX_get_error(&ctx);
+               CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
+                                               CMS_R_CERTIFICATE_VERIFY_ERROR);
+               ERR_add_error_data(2, "Verify error:",
+                                        X509_verify_cert_error_string(j));
+               goto err;
+               }
+       r = 1;
+       err:
+       X509_STORE_CTX_cleanup(&ctx);
+       return r;
+
+       }
+
+int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+                X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags)
+       {
+       CMS_SignerInfo *si;
+       STACK_OF(CMS_SignerInfo) *sinfos;
+       STACK_OF(X509) *cms_certs = NULL;
+       STACK_OF(X509_CRL) *crls = NULL;
+       X509 *signer;
+       int i, scount = 0, ret = 0;
+       BIO *cmsbio = NULL, *tmpin = NULL;
+
+       if (!dcont && !check_content(cms))
+               return 0;
+
+       /* Attempt to find all signer certificates */
+
+       sinfos = CMS_get0_SignerInfos(cms);
+
+       if (sk_CMS_SignerInfo_num(sinfos) <= 0)
+               {
+               CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS);
+               goto err;
+               }
+
+       for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
+               {
+               si = sk_CMS_SignerInfo_value(sinfos, i);
+               CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
+               if (signer)
+                       scount++;
+               }
+
+       if (scount != sk_CMS_SignerInfo_num(sinfos))
+               scount += CMS_set1_signers_certs(cms, certs, flags);
+
+       if (scount != sk_CMS_SignerInfo_num(sinfos))
+               {
+               CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND);
+               goto err;
+               }
+
+       /* Attempt to verify all signers certs */
+
+       if (!(flags & CMS_NO_SIGNER_CERT_VERIFY))
+               {
+               cms_certs = CMS_get1_certs(cms);
+               if (!(flags & CMS_NOCRL))
+                       crls = CMS_get1_crls(cms);
+               for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
+                       {
+                       si = sk_CMS_SignerInfo_value(sinfos, i);
+                       if (!cms_signerinfo_verify_cert(si, store,
+                                                       cms_certs, crls, flags))
+                               goto err;
+                       }
+               }
+
+       /* Attempt to verify all SignerInfo signed attribute signatures */
+
+       if (!(flags & CMS_NO_ATTR_VERIFY))
+               {
+               for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
+                       {
+                       si = sk_CMS_SignerInfo_value(sinfos, i);
+                       if (CMS_signed_get_attr_count(si) < 0)
+                               continue;
+                       if (CMS_SignerInfo_verify(si) <= 0)
+                               goto err;
+                       }
+               }
+
+       /* Performance optimization: if the content is a memory BIO then
+        * store its contents in a temporary read only memory BIO. This
+        * avoids potentially large numbers of slow copies of data which will
+        * occur when reading from a read write memory BIO when signatures
+        * are calculated.
+        */
+
+       if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM))
+               {
+               char *ptr;
+               long len;
+               len = BIO_get_mem_data(dcont, &ptr);
+               tmpin = BIO_new_mem_buf(ptr, len);
+               if (tmpin == NULL)
+                       {
+                       CMSerr(CMS_F_CMS_VERIFY,ERR_R_MALLOC_FAILURE);
+                       return 0;
+                       }
+               }
+       else
+               tmpin = dcont;
+               
+
+       cmsbio=CMS_dataInit(cms, tmpin);
+       if (!cmsbio)
+               goto err;
+
+       if (!cms_copy_content(out, cmsbio, flags))
+               goto err;
+
+       if (!(flags & CMS_NO_CONTENT_VERIFY))
+               {
+               for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
+                       {
+                       si = sk_CMS_SignerInfo_value(sinfos, i);
+                       if (!CMS_SignerInfo_verify_content(si, cmsbio))
+                               {
+                               CMSerr(CMS_F_CMS_VERIFY,
+                                       CMS_R_CONTENT_VERIFY_ERROR);
+                               goto err;
+                               }
+                       }
+               }
+
+       ret = 1;
+
+       err:
+       
+       if (dcont && (tmpin == dcont))
+               do_free_upto(cmsbio, dcont);
+       else
+               BIO_free_all(cmsbio);
+
+       if (cms_certs)
+               sk_X509_pop_free(cms_certs, X509_free);
+       if (crls)
+               sk_X509_CRL_pop_free(crls, X509_CRL_free);
+
+       return ret;
+       }
+
+int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
+                       STACK_OF(X509) *certs,
+                       X509_STORE *store, unsigned int flags)
+       {
+       int r;
+       r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
+       if (r <= 0)
+               return r;
+       return cms_Receipt_verify(rcms, ocms);
+       }
+
+CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                                               BIO *data, unsigned int flags)
+       {
+       CMS_ContentInfo *cms;
+       int i;
+
+       cms = CMS_ContentInfo_new();
+       if (!cms || !CMS_SignedData_init(cms))
+               goto merr;
+
+       if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags))
+               {
+               CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR);
+               goto err;
+               }
+
+       for (i = 0; i < sk_X509_num(certs); i++)
+               {
+               X509 *x = sk_X509_value(certs, i);
+               if (!CMS_add1_cert(cms, x))
+                       goto merr;
+               }
+
+       if(!(flags & CMS_DETACHED))
+               {
+               flags &= ~CMS_STREAM;
+               CMS_set_detached(cms, 0);
+               }
+
+       if ((flags & (CMS_STREAM|CMS_PARTIAL))
+               || CMS_final(cms, data, NULL, flags))
+               return cms;
+       else
+               goto err;
+
+       merr:
+       CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE);
+
+       err:
+       if (cms)
+               CMS_ContentInfo_free(cms);
+       return NULL;
+       }
+
+CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
+                                       X509 *signcert, EVP_PKEY *pkey,
+                                       STACK_OF(X509) *certs,
+                                       unsigned int flags)
+       {
+       CMS_SignerInfo *rct_si;
+       CMS_ContentInfo *cms = NULL;
+       ASN1_OCTET_STRING **pos, *os;
+       BIO *rct_cont = NULL;
+       int r = 0;
+
+       flags &= ~CMS_STREAM;
+       /* Not really detached but avoids content being allocated */
+       flags |= CMS_PARTIAL|CMS_BINARY|CMS_DETACHED;
+       if (!pkey || !signcert)
+               {
+               CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_NO_KEY_OR_CERT);
+               return NULL;
+               }
+
+       /* Initialize signed data */
+
+       cms = CMS_sign(NULL, NULL, certs, NULL, flags);
+       if (!cms)
+               goto err;
+
+       /* Set inner content type to signed receipt */
+       if (!CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_smime_ct_receipt)))
+               goto err;
+
+       rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags);
+       if (!rct_si)
+               {
+               CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_ADD_SIGNER_ERROR);
+               goto err;
+               }
+
+       os = cms_encode_Receipt(si);
+
+       if (!os)
+               goto err;
+
+       /* Set content to digest */
+       rct_cont = BIO_new_mem_buf(os->data, os->length);
+       if (!rct_cont)
+               goto err;
+
+       /* Add msgSigDigest attribute */
+
+       if (!cms_msgSigDigest_add1(rct_si, si))
+               goto err;
+
+       /* Finalize structure */
+       if (!CMS_final(cms, rct_cont, NULL, flags))
+               goto err;
+
+       /* Set embedded content */
+       pos = CMS_get0_content(cms);
+       *pos = os;
+
+       r = 1;
+
+       err:
+       if (rct_cont)
+               BIO_free(rct_cont);
+       if (r)
+               return cms;
+       CMS_ContentInfo_free(cms);
+       return NULL;
+
+       }
+
+CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
+                               const EVP_CIPHER *cipher, unsigned int flags)
+       {
+       CMS_ContentInfo *cms;
+       int i;
+       X509 *recip;
+       cms = CMS_EnvelopedData_create(cipher);
+       if (!cms)
+               goto merr;
+       for (i = 0; i < sk_X509_num(certs); i++)
+               {
+               recip = sk_X509_value(certs, i);
+               if (!CMS_add1_recipient_cert(cms, recip, flags))
+                       {
+                       CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR);
+                       goto err;
+                       }
+               }
+
+       if(!(flags & CMS_DETACHED))
+               {
+               flags &= ~CMS_STREAM;
+               CMS_set_detached(cms, 0);
+               }
+
+       if ((flags & (CMS_STREAM|CMS_PARTIAL))
+               || CMS_final(cms, data, NULL, flags))
+               return cms;
+       else
+               goto err;
+
+       merr:
+       CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
+       err:
+       if (cms)
+               CMS_ContentInfo_free(cms);
+       return NULL;
+       }
+
+int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
+       {
+       STACK_OF(CMS_RecipientInfo) *ris;
+       CMS_RecipientInfo *ri;
+       int i, r;
+       ris = CMS_get0_RecipientInfos(cms);
+       for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
+               {
+               ri = sk_CMS_RecipientInfo_value(ris, i);
+               if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS)
+                               continue;
+               /* If we have a cert try matching RecipientInfo
+                * otherwise try them all.
+                */
+               if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0))
+                       {
+                       CMS_RecipientInfo_set0_pkey(ri, pk);
+                       r = CMS_RecipientInfo_decrypt(cms, ri);
+                       CMS_RecipientInfo_set0_pkey(ri, NULL);
+                       if (r > 0)
+                               return 1;
+                       if (cert)
+                               {
+                               CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
+                                               CMS_R_DECRYPT_ERROR);
+                               return 0;
+                               }
+                       ERR_clear_error();
+                       }
+               }
+
+       CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
+       return 0;
+
+       }
+
+int CMS_decrypt_set1_key(CMS_ContentInfo *cms, 
+                               unsigned char *key, size_t keylen,
+                               unsigned char *id, size_t idlen)
+       {
+       STACK_OF(CMS_RecipientInfo) *ris;
+       CMS_RecipientInfo *ri;
+       int i, r;
+       ris = CMS_get0_RecipientInfos(cms);
+       for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
+               {
+               ri = sk_CMS_RecipientInfo_value(ris, i);
+               if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK)
+                               continue;
+
+               /* If we have an id try matching RecipientInfo
+                * otherwise try them all.
+                */
+               if (!id || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0))
+                       {
+                       CMS_RecipientInfo_set0_key(ri, key, keylen);
+                       r = CMS_RecipientInfo_decrypt(cms, ri);
+                       CMS_RecipientInfo_set0_key(ri, NULL, 0);
+                       if (r > 0)
+                               return 1;
+                       if (id)
+                               {
+                               CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY,
+                                               CMS_R_DECRYPT_ERROR);
+                               return 0;
+                               }
+                       ERR_clear_error();
+                       }
+               }
+
+       CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT);
+       return 0;
+
+       }
+       
+int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
+                               BIO *dcont, BIO *out,
+                               unsigned int flags)
+       {
+       int r;
+       BIO *cont;
+       if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped)
+               {
+               CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA);
+               return 0;
+               }
+       if (!dcont && !check_content(cms))
+               return 0;
+       if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
+               return 0;
+
+       cont = CMS_dataInit(cms, dcont);
+       if (!cont)
+               return 0;
+       r = cms_copy_content(out, cont, flags);
+       do_free_upto(cont, dcont);
+       return r;
+       }
+
+int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
+       {
+       BIO *cmsbio;
+       int ret = 0;
+       if (!(cmsbio = CMS_dataInit(cms, dcont)))
+               {
+               CMSerr(CMS_F_CMS_FINAL,ERR_R_MALLOC_FAILURE);
+               return 0;
+               }
+
+       SMIME_crlf_copy(data, cmsbio, flags);
+
+       (void)BIO_flush(cmsbio);
+
+
+        if (!CMS_dataFinal(cms, cmsbio))
+               {
+               CMSerr(CMS_F_CMS_FINAL,CMS_R_CMS_DATAFINAL_ERROR);
+               goto err;
+               }
+
+       ret = 1;
+
+       err:
+       do_free_upto(cmsbio, dcont);
+
+       return ret;
+
+       }
+
+#ifdef ZLIB
+
+int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+                                                       unsigned int flags)
+       {
+       BIO *cont;
+       int r;
+       if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData)
+               {
+               CMSerr(CMS_F_CMS_UNCOMPRESS,
+                                       CMS_R_TYPE_NOT_COMPRESSED_DATA);
+               return 0;
+               }
+
+       if (!dcont && !check_content(cms))
+               return 0;
+
+       cont = CMS_dataInit(cms, dcont);
+       if (!cont)
+               return 0;
+       r = cms_copy_content(out, cont, flags);
+       do_free_upto(cont, dcont);
+       return r;
+       }
+
+CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
+       {
+       CMS_ContentInfo *cms;
+       if (comp_nid <= 0)
+               comp_nid = NID_zlib_compression;
+       cms = cms_CompressedData_create(comp_nid);
+       if (!cms)
+               return NULL;
+
+       if(!(flags & CMS_DETACHED))
+               {
+               flags &= ~CMS_STREAM;
+               CMS_set_detached(cms, 0);
+               }
+
+       if (CMS_final(cms, in, NULL, flags))
+               return cms;
+
+       CMS_ContentInfo_free(cms);
+       return NULL;
+       }
+
+#else
+
+int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+                                                       unsigned int flags)
+       {
+       CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+       return 0;
+       }
+
+CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
+       {
+       CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+       return NULL;
+       }
+
+#endif
index 43402e75dbf52f3c8e2a50621911f3a0127107fd..0f34597e70427cf45dd1fe4a6c7c3195e77fea4f 100644 (file)
@@ -105,6 +105,7 @@ typedef int (*deflateEnd_ft)(z_streamp strm);
 typedef int (*deflate_ft)(z_streamp strm, int flush);
 typedef int (*deflateInit__ft)(z_streamp strm, int level,
        const char * version, int stream_size);
+typedef const char * (*zError__ft)(int err);
 static compress_ft     p_compress=NULL;
 static inflateEnd_ft   p_inflateEnd=NULL;
 static inflate_ft      p_inflate=NULL;
@@ -112,6 +113,7 @@ static inflateInit__ft      p_inflateInit_=NULL;
 static deflateEnd_ft   p_deflateEnd=NULL;
 static deflate_ft      p_deflate=NULL;
 static deflateInit__ft p_deflateInit_=NULL;
+static zError__ft      p_zError=NULL;
 
 static int zlib_loaded = 0;     /* only attempt to init func pts once */
 static DSO *zlib_dso = NULL;
@@ -123,6 +125,7 @@ static DSO *zlib_dso = NULL;
 #define deflateEnd              p_deflateEnd
 #define deflate                 p_deflate
 #define deflateInit_            p_deflateInit_
+#define zError                 p_zError
 #endif /* ZLIB_SHARED */
 
 struct zlib_state
@@ -373,10 +376,13 @@ COMP_METHOD *COMP_zlib(void)
                        p_deflateInit_
                                = (deflateInit__ft) DSO_bind_func(zlib_dso,
                                        "deflateInit_");
+                       p_zError
+                               = (zError__ft) DSO_bind_func(zlib_dso,
+                                       "zError");
 
                        if (p_compress && p_inflateEnd && p_inflate
                                && p_inflateInit_ && p_deflateEnd
-                               && p_deflate && p_deflateInit_)
+                               && p_deflate && p_deflateInit_ && p_zError)
                                zlib_loaded++;
                        }
                }
@@ -410,3 +416,386 @@ err:
        return(meth);
        }
 
+void COMP_zlib_cleanup(void)
+       {
+#ifdef ZLIB_SHARED
+       if (zlib_dso)
+               DSO_free(zlib_dso);
+#endif
+       }
+
+#ifdef ZLIB
+
+/* Zlib based compression/decompression filter BIO */
+
+typedef struct
+       {
+       unsigned char *ibuf;    /* Input buffer */
+       int ibufsize;           /* Buffer size */
+       z_stream zin;           /* Input decompress context */
+       unsigned char *obuf;    /* Output buffer */
+       int obufsize;           /* Output buffer size */
+       unsigned char *optr;    /* Position in output buffer */
+       int ocount;             /* Amount of data in output buffer */
+       int odone;              /* deflate EOF */
+       int comp_level;         /* Compression level to use */
+       z_stream zout;          /* Output compression context */
+       } BIO_ZLIB_CTX;
+
+#define ZLIB_DEFAULT_BUFSIZE 1024
+
+static int bio_zlib_new(BIO *bi);
+static int bio_zlib_free(BIO *bi);
+static int bio_zlib_read(BIO *b, char *out, int outl);
+static int bio_zlib_write(BIO *b, const char *in, int inl);
+static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr);
+static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp);
+
+static BIO_METHOD bio_meth_zlib = 
+       {
+       BIO_TYPE_COMP,
+       "zlib",
+       bio_zlib_write,
+       bio_zlib_read,
+       NULL,
+       NULL,
+       bio_zlib_ctrl,
+       bio_zlib_new,
+       bio_zlib_free,
+       bio_zlib_callback_ctrl
+       };
+
+BIO_METHOD *BIO_f_zlib(void)
+       {
+       return &bio_meth_zlib;
+       }
+
+
+static int bio_zlib_new(BIO *bi)
+       {
+       BIO_ZLIB_CTX *ctx;
+#ifdef ZLIB_SHARED
+       (void)COMP_zlib();
+       if (!zlib_loaded)
+               {
+               COMPerr(COMP_F_BIO_ZLIB_NEW, COMP_R_ZLIB_NOT_SUPPORTED);
+               return 0;
+               }
+#endif
+       ctx = OPENSSL_malloc(sizeof(BIO_ZLIB_CTX));
+       if(!ctx)
+               {
+               COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE);
+               return 0;
+               }
+       ctx->ibuf = NULL;
+       ctx->obuf = NULL;
+       ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE;
+       ctx->obufsize = ZLIB_DEFAULT_BUFSIZE;
+       ctx->zin.zalloc = Z_NULL;
+       ctx->zin.zfree = Z_NULL;
+       ctx->zin.next_in = NULL;
+       ctx->zin.avail_in = 0;
+       ctx->zin.next_out = NULL;
+       ctx->zin.avail_out = 0;
+       ctx->zout.zalloc = Z_NULL;
+       ctx->zout.zfree = Z_NULL;
+       ctx->zout.next_in = NULL;
+       ctx->zout.avail_in = 0;
+       ctx->zout.next_out = NULL;
+       ctx->zout.avail_out = 0;
+       ctx->odone = 0;
+       ctx->comp_level = Z_DEFAULT_COMPRESSION;
+       bi->init = 1;
+       bi->ptr = (char *)ctx;
+       bi->flags = 0;
+       return 1;
+       }
+
+static int bio_zlib_free(BIO *bi)
+       {
+       BIO_ZLIB_CTX *ctx;
+       if(!bi) return 0;
+       ctx = (BIO_ZLIB_CTX *)bi->ptr;
+       if(ctx->ibuf)
+               {
+               /* Destroy decompress context */
+               inflateEnd(&ctx->zin);
+               OPENSSL_free(ctx->ibuf);
+               }
+       if(ctx->obuf)
+               {
+               /* Destroy compress context */
+               deflateEnd(&ctx->zout);
+               OPENSSL_free(ctx->obuf);
+               }
+       OPENSSL_free(ctx);
+       bi->ptr = NULL;
+       bi->init = 0;
+       bi->flags = 0;
+       return 1;
+       }
+
+static int bio_zlib_read(BIO *b, char *out, int outl)
+       {
+       BIO_ZLIB_CTX *ctx;
+       int ret;
+       z_stream *zin;
+       if(!out || !outl) return 0;
+       ctx = (BIO_ZLIB_CTX *)b->ptr;
+       zin = &ctx->zin;
+       BIO_clear_retry_flags(b);
+       if(!ctx->ibuf)
+               {
+               ctx->ibuf = OPENSSL_malloc(ctx->ibufsize);
+               if(!ctx->ibuf)
+                       {
+                       COMPerr(COMP_F_BIO_ZLIB_READ, ERR_R_MALLOC_FAILURE);
+                       return 0;
+                       }
+               inflateInit(zin);
+               zin->next_in = ctx->ibuf;
+               zin->avail_in = 0;
+               }
+
+       /* Copy output data directly to supplied buffer */
+       zin->next_out = (unsigned char *)out;
+       zin->avail_out = (unsigned int)outl;
+       for(;;)
+               {
+               /* Decompress while data available */
+               while(zin->avail_in)
+                       {
+                       ret = inflate(zin, 0);
+                       if((ret != Z_OK) && (ret != Z_STREAM_END))
+                               {
+                               COMPerr(COMP_F_BIO_ZLIB_READ,
+                                               COMP_R_ZLIB_INFLATE_ERROR);
+                               ERR_add_error_data(2, "zlib error:",
+                                                       zError(ret));
+                               return 0;
+                               }
+                       /* If EOF or we've read everything then return */
+                       if((ret == Z_STREAM_END) || !zin->avail_out)
+                               return outl - zin->avail_out;
+                       }
+
+               /* No data in input buffer try to read some in,
+                * if an error then return the total data read.
+                */
+               ret = BIO_read(b->next_bio, ctx->ibuf, ctx->ibufsize);
+               if(ret <= 0)
+                       {
+                       /* Total data read */
+                       int tot = outl - zin->avail_out;
+                       BIO_copy_next_retry(b);
+                       if(ret < 0) return (tot > 0) ? tot : ret;
+                       return tot;
+                       }
+               zin->avail_in = ret;
+               zin->next_in = ctx->ibuf;
+               }
+       }
+
+static int bio_zlib_write(BIO *b, const char *in, int inl)
+       {
+       BIO_ZLIB_CTX *ctx;
+       int ret;
+       z_stream *zout;
+       if(!in || !inl) return 0;
+       ctx = (BIO_ZLIB_CTX *)b->ptr;
+       if(ctx->odone) return 0;
+       zout = &ctx->zout;
+       BIO_clear_retry_flags(b);
+       if(!ctx->obuf)
+               {
+               ctx->obuf = OPENSSL_malloc(ctx->obufsize);
+               /* Need error here */
+               if(!ctx->obuf)
+                       {
+                       COMPerr(COMP_F_BIO_ZLIB_WRITE, ERR_R_MALLOC_FAILURE);
+                       return 0;
+                       }
+               ctx->optr = ctx->obuf;
+               ctx->ocount = 0;
+               deflateInit(zout, ctx->comp_level);
+               zout->next_out = ctx->obuf;
+               zout->avail_out = ctx->obufsize;
+               }
+       /* Obtain input data directly from supplied buffer */
+       zout->next_in = (void *)in;
+       zout->avail_in = inl;
+       for(;;)
+               {
+               /* If data in output buffer write it first */
+               while(ctx->ocount) {
+                       ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount);
+                       if(ret <= 0)
+                               {
+                               /* Total data written */
+                               int tot = inl - zout->avail_in;
+                               BIO_copy_next_retry(b);
+                               if(ret < 0) return (tot > 0) ? tot : ret;
+                               return tot;
+                               }
+                       ctx->optr += ret;
+                       ctx->ocount -= ret;
+               }
+
+               /* Have we consumed all supplied data? */
+               if(!zout->avail_in)
+                       return inl;
+
+               /* Compress some more */
+
+               /* Reset buffer */
+               ctx->optr = ctx->obuf;
+               zout->next_out = ctx->obuf;
+               zout->avail_out = ctx->obufsize;
+               /* Compress some more */
+               ret = deflate(zout, 0);
+               if(ret != Z_OK)
+                       {
+                       COMPerr(COMP_F_BIO_ZLIB_WRITE,
+                                               COMP_R_ZLIB_DEFLATE_ERROR);
+                       ERR_add_error_data(2, "zlib error:", zError(ret));
+                       return 0;
+                       }
+               ctx->ocount = ctx->obufsize - zout->avail_out;
+               }
+       }
+
+static int bio_zlib_flush(BIO *b)
+       {
+       BIO_ZLIB_CTX *ctx;
+       int ret;
+       z_stream *zout;
+       ctx = (BIO_ZLIB_CTX *)b->ptr;
+       /* If no data written or already flush show success */
+       if(!ctx->obuf || (ctx->odone && !ctx->ocount)) return 1;
+       zout = &ctx->zout;
+       BIO_clear_retry_flags(b);
+       /* No more input data */
+       zout->next_in = NULL;
+       zout->avail_in = 0;
+       for(;;)
+               {
+               /* If data in output buffer write it first */
+               while(ctx->ocount)
+                       {
+                       ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount);
+                       if(ret <= 0)
+                               {
+                               BIO_copy_next_retry(b);
+                               return ret;
+                               }
+                       ctx->optr += ret;
+                       ctx->ocount -= ret;
+                       }
+               if(ctx->odone) return 1;
+
+               /* Compress some more */
+
+               /* Reset buffer */
+               ctx->optr = ctx->obuf;
+               zout->next_out = ctx->obuf;
+               zout->avail_out = ctx->obufsize;
+               /* Compress some more */
+               ret = deflate(zout, Z_FINISH);
+               if(ret == Z_STREAM_END) ctx->odone = 1;
+               else if(ret != Z_OK)
+                       {
+                       COMPerr(COMP_F_BIO_ZLIB_FLUSH,
+                                               COMP_R_ZLIB_DEFLATE_ERROR);
+                       ERR_add_error_data(2, "zlib error:", zError(ret));
+                       return 0;
+                       }
+               ctx->ocount = ctx->obufsize - zout->avail_out;
+               }
+       }
+
+static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
+       {
+       BIO_ZLIB_CTX *ctx;
+       int ret, *ip;
+       int ibs, obs;
+       if(!b->next_bio) return 0;
+       ctx = (BIO_ZLIB_CTX *)b->ptr;
+       switch (cmd)
+               {
+
+       case BIO_CTRL_RESET:
+               ctx->ocount = 0;
+               ctx->odone = 0;
+               break;
+
+       case BIO_CTRL_FLUSH:
+               ret = bio_zlib_flush(b);
+               if (ret > 0)
+                       ret = BIO_flush(b->next_bio);
+               break;
+
+       case BIO_C_SET_BUFF_SIZE:
+               ibs = -1;
+               obs = -1;
+               if (ptr != NULL)
+                       {
+                       ip = ptr;
+                       if (*ip == 0)
+                               ibs = (int) num;
+                       else 
+                               obs = (int) num;
+                       }
+               else
+                       {
+                       ibs = (int)num;
+                       obs = ibs;
+                       }
+
+               if (ibs != -1)
+                       {
+                       if (ctx->ibuf)
+                               {
+                               OPENSSL_free(ctx->ibuf);
+                               ctx->ibuf = NULL;
+                               }
+                       ctx->ibufsize = ibs;
+                       }
+
+               if (obs != -1)
+                       {
+                       if (ctx->obuf)
+                               {
+                               OPENSSL_free(ctx->obuf);
+                               ctx->obuf = NULL;
+                               }
+                       ctx->obufsize = obs;
+                       }
+
+               break;
+
+       case BIO_C_DO_STATE_MACHINE:
+               BIO_clear_retry_flags(b);
+               ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+               BIO_copy_next_retry(b);
+               break;
+
+       default:
+               ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+               break;
+
+               }
+
+       return ret;
+       }
+
+
+static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+       {
+       if(!b->next_bio)
+               return 0;
+       return
+               BIO_callback_ctrl(b->next_bio, cmd, fp);
+       }
+
+#endif
index 5d59354a5715f9db49dcf258a59c39bd011b4456..4b405c7d49ef1a038a3f652164c9c04d5efb9251 100644 (file)
@@ -47,6 +47,13 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
        unsigned char *in, int ilen);
 COMP_METHOD *COMP_rle(void );
 COMP_METHOD *COMP_zlib(void );
+void COMP_zlib_cleanup(void);
+
+#ifdef HEADER_BIO_H
+#ifdef ZLIB
+BIO_METHOD *BIO_f_zlib(void);
+#endif
+#endif
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -57,8 +64,15 @@ void ERR_load_COMP_strings(void);
 /* Error codes for the COMP functions. */
 
 /* Function codes. */
+#define COMP_F_BIO_ZLIB_FLUSH                           99
+#define COMP_F_BIO_ZLIB_NEW                             100
+#define COMP_F_BIO_ZLIB_READ                            101
+#define COMP_F_BIO_ZLIB_WRITE                           102
 
 /* Reason codes. */
+#define COMP_R_ZLIB_DEFLATE_ERROR                       99
+#define COMP_R_ZLIB_INFLATE_ERROR                       100
+#define COMP_R_ZLIB_NOT_SUPPORTED                       101
 
 #ifdef  __cplusplus
 }
index 07372226c9d08eae5b1d244abbaef7092763a851..187d68b725ca0dda60c69e2b2ed74b870fe2788c 100644 (file)
@@ -1,6 +1,6 @@
 /* crypto/comp/comp_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
 
 static ERR_STRING_DATA COMP_str_functs[]=
        {
+{ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH),      "BIO_ZLIB_FLUSH"},
+{ERR_FUNC(COMP_F_BIO_ZLIB_NEW),        "BIO_ZLIB_NEW"},
+{ERR_FUNC(COMP_F_BIO_ZLIB_READ),       "BIO_ZLIB_READ"},
+{ERR_FUNC(COMP_F_BIO_ZLIB_WRITE),      "BIO_ZLIB_WRITE"},
 {0,NULL}
        };
 
 static ERR_STRING_DATA COMP_str_reasons[]=
        {
+{ERR_REASON(COMP_R_ZLIB_DEFLATE_ERROR)   ,"zlib deflate error"},
+{ERR_REASON(COMP_R_ZLIB_INFLATE_ERROR)   ,"zlib inflate error"},
+{ERR_REASON(COMP_R_ZLIB_NOT_SUPPORTED)   ,"zlib not supported"},
 {0,NULL}
        };
 
index 3cbc2b568e9151e3694dc78541bc8da134531692..92b6663599844580deaeedc642e0036b45ad2960 100644 (file)
@@ -195,9 +195,10 @@ void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out,
                            long length,DES_key_schedule *ks1,
                            DES_key_schedule *ks2,DES_key_schedule *ks3,
                            DES_cblock *ivec,int *num);
-
+#if 0
 void DES_xwhite_in2out(const_DES_cblock *DES_key,const_DES_cblock *in_white,
                       DES_cblock *out_white);
+#endif
 
 int DES_enc_read(int fd,void *buf,int len,DES_key_schedule *sched,
                 DES_cblock *iv);
index 7e4cd7180d181a17ce74363e71730bcf846abde8..7c33ed7a93341cdaf261eb6ac70d163fa7fc37b8 100644 (file)
@@ -169,11 +169,13 @@ void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
                (DES_key_schedule *)ks3, ivec, num);
        }
 
+#if 0 /* broken code, preserved just in case anyone specifically looks for this */
 void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white),
        _ossl_old_des_cblock (*out_white))
        {
        DES_xwhite_in2out(des_key, in_white, out_white);
        }
+#endif
 
 int _ossl_old_des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
        _ossl_old_des_cblock *iv)
index 1b0620c3a2e184d95d47e906caa3db0372eacd53..2b2c37235497ccff2eedc565ce8d5bc4150e8a3e 100644 (file)
@@ -364,9 +364,10 @@ void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
 void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
        long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,
        _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num);
-
+#if 0
 void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white),
        _ossl_old_des_cblock (*out_white));
+#endif
 
 int _ossl_old_des_enc_read(int fd,char *buf,int len,_ossl_old_des_key_schedule sched,
        _ossl_old_des_cblock *iv);
index 65c3b365249ba6e2adba73285d3ca802d86e3186..2ae3a9889bc47301c85faf4fa82a9736f4c24604 100644 (file)
  * 1.1 added norm_expand_bits
  * 1.0 First working version
  */
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 #include "des_locl.h"
 
 OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key);   /* defaults to false */
index 47246eb466497c0667c1221aa83bc5b7811a36a2..dc0c761b71f7090bc8908f642ab1a73f9e966cb3 100644 (file)
@@ -60,6 +60,7 @@
 
 /* RSA's DESX */
 
+#if 0 /* broken code, preserved just in case anyone specifically looks for this */
 static unsigned char desx_white_in2out[256]={
 0xBD,0x56,0xEA,0xF2,0xA2,0xF1,0xAC,0x2A,0xB0,0x93,0xD1,0x9C,0x1B,0x33,0xFD,0xD0,
 0x30,0x04,0xB6,0xDC,0x7D,0xDF,0x32,0x4B,0xF7,0xCB,0x45,0x9B,0x31,0xBB,0x21,0x5A,
@@ -98,7 +99,7 @@ void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white,
                }
 
        out0=out[0];
-       out1=out[i];
+       out1=out[i]; /* BUG: out-of-bounds read */
        for (i=0; i<8; i++)
                {
                out[i]=in[i]^desx_white_in2out[out0^out1];
@@ -106,6 +107,7 @@ void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white,
                out1=(int)out[i&0x07];
                }
        }
+#endif
 
 void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out,
                      long length, DES_key_schedule *schedule,
index 0d10b0353e5ff8df87f437e5a081c20013e711fd..3d59973d6870498421d6377cc63d367ca6b0a5d0 100644 (file)
 #include <openssl/dsa.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 
 /* Override the default new methods */
 static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
index 4fd22283c5fc0eab9484ca198db3ab1d5d57299b..4cfbbe57a802832f2f24c9a3ec3f92243aec64a3 100644 (file)
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        {
index dcceed2f8ed514f1638564f9ef4f796bdbfea33a..c75e423048ac3087a4a43427157f5313eab6eabe 100644 (file)
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 #include <openssl/asn1_mac.h>
 
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
index 8599046717a5d23bcae3bd61ef56f51b9d1c7022..d29cd57dc2f1abb93b147240126c49150a42075f 100644 (file)
@@ -107,6 +107,9 @@ void ENGINE_load_builtin_engines(void)
 #if defined(__OpenBSD__) || defined(__FreeBSD__)
        ENGINE_load_cryptodev();
 #endif
+#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
+       ENGINE_load_capi();
+#endif
 #endif
        }
 
index 369f2e22d3bc4b2b4d138bad8ccb5b4d99aa97b9..574ffbb5c012e1052c34c77842ce98782b172cfa 100644 (file)
@@ -1,6 +1,6 @@
 /* crypto/engine/eng_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -92,6 +92,7 @@ static ERR_STRING_DATA ENGINE_str_functs[]=
 {ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE),        "ENGINE_LIST_REMOVE"},
 {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY),   "ENGINE_load_private_key"},
 {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY),    "ENGINE_load_public_key"},
+{ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT),       "ENGINE_load_ssl_client_cert"},
 {ERR_FUNC(ENGINE_F_ENGINE_NEW),        "ENGINE_new"},
 {ERR_FUNC(ENGINE_F_ENGINE_REMOVE),     "ENGINE_remove"},
 {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), "ENGINE_set_default_string"},
index a5b1edebf4b9be6789cc5f7023eecf07f6d7ea09..a66f107a44d08f994b270d58e0e3c6595f4f0185 100644 (file)
@@ -170,6 +170,8 @@ struct engine_st
        ENGINE_LOAD_KEY_PTR load_privkey;
        ENGINE_LOAD_KEY_PTR load_pubkey;
 
+       ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
+
        const ENGINE_CMD_DEFN *cmd_defns;
        int flags;
        /* reference count on the structure itself */
index 80adbec62f3bd50fc4cd7fdd56a47769a4abbb56..3e4fc60c8e226643e091ebe32dfa1d03161a0a10 100644 (file)
@@ -126,6 +126,9 @@ void ENGINE_load_padlock (void)
 #ifdef _MSC_VER
 # include <malloc.h>
 # define alloca _alloca
+#elif defined(NETWARE_CLIB) && defined(__GNUC__)
+  void *alloca(size_t);
+# define alloca(s) __builtin_alloca(s)
 #else
 # include <stdlib.h>
 #endif
@@ -231,8 +234,8 @@ padlock_bind_fn(ENGINE *e, const char *id)
        return 1;
 }
 
-IMPLEMENT_DYNAMIC_CHECK_FN ()
-IMPLEMENT_DYNAMIC_BIND_FN (padlock_bind_fn)
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(padlock_bind_fn)
 #endif /* DYNAMIC_ENGINE */
 
 /* ===== Here comes the "real" engine ===== */
index bc8b21abec5a6225faeb7f9df1d2baa9edd6386a..1dfa2e366451e9436c30f052d2e36faf2522c628 100644 (file)
@@ -69,6 +69,13 @@ int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
        return 1;
        }
 
+int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
+                               ENGINE_SSL_CLIENT_CERT_PTR loadssl_f)
+       {
+       e->load_ssl_client_cert = loadssl_f;
+       return 1;
+       }
+
 ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e)
        {
        return e->load_privkey;
@@ -79,6 +86,11 @@ ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e)
        return e->load_pubkey;
        }
 
+ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e)
+       {
+       return e->load_ssl_client_cert;
+       }
+
 /* API functions to load public/private keys */
 
 EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
@@ -152,3 +164,33 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
                }
        return pkey;
        }
+
+int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
+       STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
+       STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data)
+       {
+
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+       if(e->funct_ref == 0)
+               {
+               CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+               ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+                       ENGINE_R_NOT_INITIALISED);
+               return 0;
+               }
+       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+       if (!e->load_ssl_client_cert)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+                       ENGINE_R_NO_LOAD_FUNCTION);
+               return 0;
+               }
+       return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
+                                       ui_method, callback_data);
+       }
index 0c1656168d50d60ed45a8bfdd6889eb4e089f6f4..8879a267d1432f8d1008c01e310bea9d8fc1c976 100644 (file)
@@ -135,7 +135,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
                        {
                        fnd = OPENSSL_malloc(sizeof(ENGINE_PILE));
                        if(!fnd) goto end;
-                       fnd->uptodate = 0;
+                       fnd->uptodate = 1;
                        fnd->nid = *nids;
                        fnd->sk = sk_ENGINE_new_null();
                        if(!fnd->sk)
@@ -152,7 +152,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
                if(!sk_ENGINE_push(fnd->sk, e))
                        goto end;
                /* "touch" this ENGINE_PILE */
-               fnd->uptodate = 1;
+               fnd->uptodate = 0;
                if(setdefault)
                        {
                        if(!engine_unlocked_init(e))
@@ -164,6 +164,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
                        if(fnd->funct)
                                engine_unlocked_finish(fnd->funct, 0);
                        fnd->funct = e;
+                       fnd->uptodate = 1;
                        }
                nids++;
                }
@@ -179,8 +180,7 @@ static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e)
        while((n = sk_ENGINE_find(pile->sk, e)) >= 0)
                {
                (void)sk_ENGINE_delete(pile->sk, n);
-               /* "touch" this ENGINE_CIPHER */
-               pile->uptodate = 1;
+               pile->uptodate = 0;
                }
        if(pile->funct == e)
                {
index 3ec59338ffd1ba6d6ebc7e5ce5711cf6c718a61d..f503595eceb724d9c118657d98162f3064ed7bbf 100644 (file)
@@ -93,6 +93,8 @@
 #include <openssl/err.h>
 #endif
 
+#include <openssl/x509.h>
+
 #include <openssl/ossl_typ.h>
 #include <openssl/symhacks.h>
 
@@ -278,6 +280,9 @@ typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)(void)
 /* Generic load_key function pointer */
 typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
        UI_METHOD *ui_method, void *callback_data);
+typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl,
+       STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
+       STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
 /* These callback types are for an ENGINE's handler for cipher and digest logic.
  * These handlers have these prototypes;
  *   int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
@@ -334,6 +339,9 @@ void ENGINE_load_ubsec(void);
 void ENGINE_load_cryptodev(void);
 void ENGINE_load_padlock(void);
 void ENGINE_load_builtin_engines(void);
+#ifndef OPENSSL_NO_CAPIENG
+void ENGINE_load_capi(void);
+#endif
 
 /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
  * "registry" handling. */
@@ -459,6 +467,8 @@ int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
 int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
 int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
 int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
+int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
+                               ENGINE_SSL_CLIENT_CERT_PTR loadssl_f);
 int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
 int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
 int ENGINE_set_flags(ENGINE *e, int flags);
@@ -494,6 +504,7 @@ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
 ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
 ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
 ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
+ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e);
 ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
 ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
 const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
@@ -529,6 +540,10 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
        UI_METHOD *ui_method, void *callback_data);
 EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
        UI_METHOD *ui_method, void *callback_data);
+int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
+       STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
+       STACK_OF(X509) **pother,
+       UI_METHOD *ui_method, void *callback_data);
 
 /* This returns a pointer for the current ENGINE structure that
  * is (by default) performing any RSA operations. The value returned
@@ -723,6 +738,7 @@ void ERR_load_ENGINE_strings(void);
 #define ENGINE_F_ENGINE_LIST_REMOVE                     121
 #define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY                150
 #define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY                         151
+#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT            192
 #define ENGINE_F_ENGINE_NEW                             122
 #define ENGINE_F_ENGINE_REMOVE                          123
 #define ENGINE_F_ENGINE_SET_DEFAULT_STRING              189
index 11906b4a37af8068875d564c310d6334462e700e..287d535c17f81fc2f7def45cf2f0b40f8e5f4f54 100644 (file)
@@ -141,6 +141,7 @@ typedef struct err_state_st
 #define ERR_LIB_ECDH           43
 #define ERR_LIB_STORE           44
 #define ERR_LIB_FIPS           45
+#define ERR_LIB_CMS            46
 
 #define ERR_LIB_USER           128
 
@@ -173,6 +174,7 @@ typedef struct err_state_st
 #define ECDHerr(f,r)  ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
 #define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
 #define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
+#define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)
 
 /* Borland C seems too stupid to be able to shift and do longs in
  * the pre-processor :-( */
index c2d4c473baa3d1ec73b8e59639a982b5786ed9a1..ba87456eb64145a647777da0bafa0bd2e3c72543 100644 (file)
 #include <openssl/ui.h>
 #include <openssl/ocsp.h>
 #include <openssl/err.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
 
 void ERR_load_crypto_strings(void)
        {
@@ -142,5 +148,8 @@ void ERR_load_crypto_strings(void)
 #ifdef OPENSSL_FIPS
        ERR_load_FIPS_strings();
 #endif
+#ifndef OPENSSL_NO_CMS
+       ERR_load_CMS_strings();
+#endif
 #endif
        }
index 4c7807398f18ba04f337fd245b573e0fed88bbf0..11aa7b7af458fb51a207eec4c66a781a9bfc8621 100644 (file)
@@ -147,6 +147,7 @@ static ERR_STRING_DATA ERR_str_libraries[]=
 {ERR_PACK(ERR_LIB_ENGINE,0,0)          ,"engine routines"},
 {ERR_PACK(ERR_LIB_OCSP,0,0)            ,"OCSP routines"},
 {ERR_PACK(ERR_LIB_FIPS,0,0)            ,"FIPS routines"},
+{ERR_PACK(ERR_LIB_CMS,0,0)             ,"CMS routines"},
 {0,NULL},
        };
 
index d3deb47e337cbd042f0f0000da122ae3bb5a1638..b754d29686e61dc76bb6943325f7bfab71745596 100644 (file)
@@ -32,10 +32,12 @@ L ECDSA             crypto/ecdsa/ecdsa.h            crypto/ecdsa/ecs_err.c
 L ECDH         crypto/ecdh/ecdh.h              crypto/ecdh/ech_err.c
 L STORE                crypto/store/store.h            crypto/store/str_err.c
 L FIPS         fips/fips.h                     crypto/fips_err.h
+L CMS          crypto/cms/cms.h                crypto/cms/cms_err.c
 
 # additional header files to be scanned for function names
 L NONE         crypto/x509/x509_vfy.h          NONE
 L NONE         crypto/ec/ec_lcl.h              NONE
+L NONE         crypto/cms/cms_lcl.h            NONE
 
 
 F RSAREF_F_RSA_BN2BIN
index 365d39716455d4a8222ac26619412c425bc0cb1d..a7b40d1c6001065a34ca1a745c3678046a505689 100644 (file)
@@ -93,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY,
        EVP_CIPHER_get_asn1_iv,
        NULL)
 
-#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits)   IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16,0)
+#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits)   IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16)
 
 IMPLEMENT_CAMELLIA_CFBR(128,1)
 IMPLEMENT_CAMELLIA_CFBR(192,1)
index 3881050c5abf9e7239f3ff9367292323196281ea..5bdd57b90c1010581eadaef3ac28e7757f665fde 100644 (file)
 #include <openssl/dso.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 
 /* Algorithm configuration module. */
 
index 84d15ae9c68e08b527a4e6afb61afd89d6bac870..fa75b144661396d3055508fac0060c60770c543e 100644 (file)
 
 #include <openssl/idea.h>
 #include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 #include "idea_lcl.h"
 
 static IDEA_INT inverse(unsigned int xin);
index 54c9781a4bd41d161d7cc61bbddf00c76cb152ec..cc4eeaf7a7ad5c759fcec3a6c516c6ee65b5cc91 100644 (file)
 #include <openssl/md2.h>
 #include <openssl/opensslv.h>
 #include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 #include <openssl/err.h>
 
 const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT;
index 62fb7e6677d208054b8e7f9ccae070074b39cce6..0f5448601d8c92c203cf82293e81001126e1a1ab 100644 (file)
 #include "md4_locl.h"
 #include <openssl/opensslv.h>
 #include <openssl/err.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 
 const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT;
 
index 7cd9d1ea8d0a63c59d4be82ffb1ec3abf9019162..47bb9020ee1df45b770095a10c8aac4980ff14bd 100644 (file)
 #include "md5_locl.h"
 #include <openssl/opensslv.h>
 #include <openssl/err.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 
 const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT;
 
index 45c2a8b0ec09b17d02cd41a870ffdb0b22e79d22..a36b3f578ed1d756e0570df4f25f05a3a18bbb01 100644 (file)
 #include <openssl/des.h>
 #include <openssl/mdc2.h>
 #include <openssl/err.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 
 #undef c2l
 #define c2l(c,l)       (l =((DES_LONG)(*((c)++)))    , \
index 49dd4c1763a94521aa97b767651bf93e66cc49a4..99acf131f853455a9e561c25dc4261c2b90c0794 100644 (file)
  * [including the GNU Public Licence.]
  */
 
-#define NUM_NID 786
-#define NUM_SN 779
-#define NUM_LN 779
-#define NUM_OBJ 735
+#define NUM_NID 791
+#define NUM_SN 784
+#define NUM_LN 784
+#define NUM_OBJ 740
 
-static unsigned char lvalues[5204]={
+static unsigned char lvalues[5258]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -166,643 +166,648 @@ static unsigned char lvalues[5204]={
 0x2B,0x24,0x03,0x03,0x01,0x02,               /* [603] OBJ_ripemd160WithRSA */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08,     /* [609] OBJ_rc5_cbc */
 0x29,0x01,0x01,0x85,0x1A,0x01,               /* [617] OBJ_rle_compression */
-0x29,0x01,0x01,0x85,0x1A,0x02,               /* [623] OBJ_zlib_compression */
-0x55,0x1D,0x25,                              /* [629] OBJ_ext_key_usage */
-0x2B,0x06,0x01,0x05,0x05,0x07,               /* [632] OBJ_id_pkix */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,          /* [638] OBJ_id_kp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,     /* [645] OBJ_server_auth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,     /* [653] OBJ_client_auth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,     /* [661] OBJ_code_sign */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04,     /* [669] OBJ_email_protect */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08,     /* [677] OBJ_time_stamp */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [685] OBJ_ms_code_ind */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [695] OBJ_ms_code_com */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [705] OBJ_ms_ctl_sign */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [715] OBJ_ms_sgc */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [725] OBJ_ms_efs */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [735] OBJ_ns_sgc */
-0x55,0x1D,0x1B,                              /* [744] OBJ_delta_crl */
-0x55,0x1D,0x15,                              /* [747] OBJ_crl_reason */
-0x55,0x1D,0x18,                              /* [750] OBJ_invalidity_date */
-0x2B,0x65,0x01,0x04,0x01,                    /* [753] OBJ_sxnet */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [758] OBJ_pbe_WithSHA1And128BitRC4 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [768] OBJ_pbe_WithSHA1And40BitRC4 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [778] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [788] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [798] OBJ_pbe_WithSHA1And128BitRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [808] OBJ_pbe_WithSHA1And40BitRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [818] OBJ_keyBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [829] OBJ_pkcs8ShroudedKeyBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [840] OBJ_certBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [851] OBJ_crlBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [862] OBJ_secretBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [873] OBJ_safeContentsBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [884] OBJ_friendlyName */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [893] OBJ_localKeyID */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [902] OBJ_x509Certificate */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [912] OBJ_sdsiCertificate */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [922] OBJ_x509Crl */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [932] OBJ_pbes2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [941] OBJ_pbmac1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07,     /* [950] OBJ_hmacWithSHA1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,     /* [958] OBJ_id_qt_cps */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,     /* [966] OBJ_id_qt_unotice */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [974] OBJ_SMIMECapabilities */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [983] OBJ_pbeWithMD2AndRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [992] OBJ_pbeWithMD5AndRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1001] OBJ_pbeWithSHA1AndDES_CBC */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1010] OBJ_ms_ext_req */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1020] OBJ_ext_req */
-0x55,0x04,0x29,                              /* [1029] OBJ_name */
-0x55,0x04,0x2E,                              /* [1032] OBJ_dnQualifier */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,          /* [1035] OBJ_id_pe */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,          /* [1042] OBJ_id_ad */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,     /* [1049] OBJ_info_access */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,     /* [1057] OBJ_ad_OCSP */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,     /* [1065] OBJ_ad_ca_issuers */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09,     /* [1073] OBJ_OCSP_sign */
-0x28,                                        /* [1081] OBJ_iso */
-0x2A,                                        /* [1082] OBJ_member_body */
-0x2A,0x86,0x48,                              /* [1083] OBJ_ISO_US */
-0x2A,0x86,0x48,0xCE,0x38,                    /* [1086] OBJ_X9_57 */
-0x2A,0x86,0x48,0xCE,0x38,0x04,               /* [1091] OBJ_X9cm */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,     /* [1097] OBJ_pkcs1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,     /* [1105] OBJ_pkcs5 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1113] OBJ_SMIME */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1122] OBJ_id_smime_mod */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1132] OBJ_id_smime_ct */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1142] OBJ_id_smime_aa */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1152] OBJ_id_smime_alg */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1162] OBJ_id_smime_cd */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1172] OBJ_id_smime_spq */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1182] OBJ_id_smime_cti */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1192] OBJ_id_smime_mod_cms */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1203] OBJ_id_smime_mod_ess */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1214] OBJ_id_smime_mod_oid */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1225] OBJ_id_smime_mod_msg_v3 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1236] OBJ_id_smime_mod_ets_eSignature_88 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1247] OBJ_id_smime_mod_ets_eSignature_97 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1258] OBJ_id_smime_mod_ets_eSigPolicy_88 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1269] OBJ_id_smime_mod_ets_eSigPolicy_97 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1280] OBJ_id_smime_ct_receipt */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1291] OBJ_id_smime_ct_authData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1302] OBJ_id_smime_ct_publishCert */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1313] OBJ_id_smime_ct_TSTInfo */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1324] OBJ_id_smime_ct_TDTInfo */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1335] OBJ_id_smime_ct_contentInfo */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1346] OBJ_id_smime_ct_DVCSRequestData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1357] OBJ_id_smime_ct_DVCSResponseData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1368] OBJ_id_smime_aa_receiptRequest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1379] OBJ_id_smime_aa_securityLabel */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1390] OBJ_id_smime_aa_mlExpandHistory */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1401] OBJ_id_smime_aa_contentHint */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1412] OBJ_id_smime_aa_msgSigDigest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1423] OBJ_id_smime_aa_encapContentType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1434] OBJ_id_smime_aa_contentIdentifier */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1445] OBJ_id_smime_aa_macValue */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1456] OBJ_id_smime_aa_equivalentLabels */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1467] OBJ_id_smime_aa_contentReference */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1478] OBJ_id_smime_aa_encrypKeyPref */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1489] OBJ_id_smime_aa_signingCertificate */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1500] OBJ_id_smime_aa_smimeEncryptCerts */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1511] OBJ_id_smime_aa_timeStampToken */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1522] OBJ_id_smime_aa_ets_sigPolicyId */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1533] OBJ_id_smime_aa_ets_commitmentType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1544] OBJ_id_smime_aa_ets_signerLocation */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1555] OBJ_id_smime_aa_ets_signerAttr */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1566] OBJ_id_smime_aa_ets_otherSigCert */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1577] OBJ_id_smime_aa_ets_contentTimestamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1588] OBJ_id_smime_aa_ets_CertificateRefs */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1599] OBJ_id_smime_aa_ets_RevocationRefs */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1610] OBJ_id_smime_aa_ets_certValues */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1621] OBJ_id_smime_aa_ets_revocationValues */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1632] OBJ_id_smime_aa_ets_escTimeStamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1643] OBJ_id_smime_aa_ets_certCRLTimestamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1654] OBJ_id_smime_aa_ets_archiveTimeStamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1665] OBJ_id_smime_aa_signatureType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1676] OBJ_id_smime_aa_dvcs_dvc */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1687] OBJ_id_smime_alg_ESDHwith3DES */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1698] OBJ_id_smime_alg_ESDHwithRC2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1709] OBJ_id_smime_alg_3DESwrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1720] OBJ_id_smime_alg_RC2wrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1731] OBJ_id_smime_alg_ESDH */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1742] OBJ_id_smime_alg_CMS3DESwrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1753] OBJ_id_smime_alg_CMSRC2wrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1764] OBJ_id_smime_cd_ldap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1775] OBJ_id_smime_spq_ets_sqt_uri */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1786] OBJ_id_smime_spq_ets_sqt_unotice */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1797] OBJ_id_smime_cti_ets_proofOfOrigin */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1808] OBJ_id_smime_cti_ets_proofOfReceipt */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1819] OBJ_id_smime_cti_ets_proofOfDelivery */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1830] OBJ_id_smime_cti_ets_proofOfSender */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1841] OBJ_id_smime_cti_ets_proofOfApproval */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1852] OBJ_id_smime_cti_ets_proofOfCreation */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04,     /* [1863] OBJ_md4 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,          /* [1871] OBJ_id_pkix_mod */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,          /* [1878] OBJ_id_qt */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,          /* [1885] OBJ_id_it */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,          /* [1892] OBJ_id_pkip */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,          /* [1899] OBJ_id_alg */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,          /* [1906] OBJ_id_cmc */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x08,          /* [1913] OBJ_id_on */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,          /* [1920] OBJ_id_pda */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,          /* [1927] OBJ_id_aca */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,          /* [1934] OBJ_id_qcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,          /* [1941] OBJ_id_cct */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01,     /* [1948] OBJ_id_pkix1_explicit_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02,     /* [1956] OBJ_id_pkix1_implicit_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03,     /* [1964] OBJ_id_pkix1_explicit_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04,     /* [1972] OBJ_id_pkix1_implicit_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05,     /* [1980] OBJ_id_mod_crmf */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06,     /* [1988] OBJ_id_mod_cmc */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07,     /* [1996] OBJ_id_mod_kea_profile_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08,     /* [2004] OBJ_id_mod_kea_profile_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09,     /* [2012] OBJ_id_mod_cmp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A,     /* [2020] OBJ_id_mod_qualified_cert_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B,     /* [2028] OBJ_id_mod_qualified_cert_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C,     /* [2036] OBJ_id_mod_attribute_cert */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D,     /* [2044] OBJ_id_mod_timestamp_protocol */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E,     /* [2052] OBJ_id_mod_ocsp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F,     /* [2060] OBJ_id_mod_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10,     /* [2068] OBJ_id_mod_cmp2000 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02,     /* [2076] OBJ_biometricInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03,     /* [2084] OBJ_qcStatements */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04,     /* [2092] OBJ_ac_auditEntity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05,     /* [2100] OBJ_ac_targeting */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06,     /* [2108] OBJ_aaControls */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07,     /* [2116] OBJ_sbgp_ipAddrBlock */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08,     /* [2124] OBJ_sbgp_autonomousSysNum */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09,     /* [2132] OBJ_sbgp_routerIdentifier */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03,     /* [2140] OBJ_textNotice */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05,     /* [2148] OBJ_ipsecEndSystem */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06,     /* [2156] OBJ_ipsecTunnel */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07,     /* [2164] OBJ_ipsecUser */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A,     /* [2172] OBJ_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01,     /* [2180] OBJ_id_it_caProtEncCert */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02,     /* [2188] OBJ_id_it_signKeyPairTypes */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03,     /* [2196] OBJ_id_it_encKeyPairTypes */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04,     /* [2204] OBJ_id_it_preferredSymmAlg */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05,     /* [2212] OBJ_id_it_caKeyUpdateInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06,     /* [2220] OBJ_id_it_currentCRL */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07,     /* [2228] OBJ_id_it_unsupportedOIDs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08,     /* [2236] OBJ_id_it_subscriptionRequest */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09,     /* [2244] OBJ_id_it_subscriptionResponse */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A,     /* [2252] OBJ_id_it_keyPairParamReq */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B,     /* [2260] OBJ_id_it_keyPairParamRep */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C,     /* [2268] OBJ_id_it_revPassphrase */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D,     /* [2276] OBJ_id_it_implicitConfirm */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E,     /* [2284] OBJ_id_it_confirmWaitTime */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F,     /* [2292] OBJ_id_it_origPKIMessage */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,     /* [2300] OBJ_id_regCtrl */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,     /* [2308] OBJ_id_regInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2316] OBJ_id_regCtrl_regToken */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2325] OBJ_id_regCtrl_authenticator */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2334] OBJ_id_regCtrl_pkiPublicationInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2343] OBJ_id_regCtrl_pkiArchiveOptions */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2352] OBJ_id_regCtrl_oldCertID */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2361] OBJ_id_regCtrl_protocolEncrKey */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2370] OBJ_id_regInfo_utf8Pairs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2379] OBJ_id_regInfo_certReq */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01,     /* [2388] OBJ_id_alg_des40 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02,     /* [2396] OBJ_id_alg_noSignature */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03,     /* [2404] OBJ_id_alg_dh_sig_hmac_sha1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04,     /* [2412] OBJ_id_alg_dh_pop */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01,     /* [2420] OBJ_id_cmc_statusInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02,     /* [2428] OBJ_id_cmc_identification */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03,     /* [2436] OBJ_id_cmc_identityProof */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04,     /* [2444] OBJ_id_cmc_dataReturn */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05,     /* [2452] OBJ_id_cmc_transactionId */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06,     /* [2460] OBJ_id_cmc_senderNonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07,     /* [2468] OBJ_id_cmc_recipientNonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08,     /* [2476] OBJ_id_cmc_addExtensions */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09,     /* [2484] OBJ_id_cmc_encryptedPOP */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A,     /* [2492] OBJ_id_cmc_decryptedPOP */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B,     /* [2500] OBJ_id_cmc_lraPOPWitness */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F,     /* [2508] OBJ_id_cmc_getCert */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10,     /* [2516] OBJ_id_cmc_getCRL */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11,     /* [2524] OBJ_id_cmc_revokeRequest */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12,     /* [2532] OBJ_id_cmc_regInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13,     /* [2540] OBJ_id_cmc_responseInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15,     /* [2548] OBJ_id_cmc_queryPending */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16,     /* [2556] OBJ_id_cmc_popLinkRandom */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17,     /* [2564] OBJ_id_cmc_popLinkWitness */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18,     /* [2572] OBJ_id_cmc_confirmCertAcceptance */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01,     /* [2580] OBJ_id_on_personalData */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01,     /* [2588] OBJ_id_pda_dateOfBirth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02,     /* [2596] OBJ_id_pda_placeOfBirth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03,     /* [2604] OBJ_id_pda_gender */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04,     /* [2612] OBJ_id_pda_countryOfCitizenship */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05,     /* [2620] OBJ_id_pda_countryOfResidence */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01,     /* [2628] OBJ_id_aca_authenticationInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02,     /* [2636] OBJ_id_aca_accessIdentity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03,     /* [2644] OBJ_id_aca_chargingIdentity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04,     /* [2652] OBJ_id_aca_group */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05,     /* [2660] OBJ_id_aca_role */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01,     /* [2668] OBJ_id_qcs_pkixQCSyntax_v1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01,     /* [2676] OBJ_id_cct_crs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02,     /* [2684] OBJ_id_cct_PKIData */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03,     /* [2692] OBJ_id_cct_PKIResponse */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03,     /* [2700] OBJ_ad_timeStamping */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04,     /* [2708] OBJ_ad_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2716] OBJ_id_pkix_OCSP_basic */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2725] OBJ_id_pkix_OCSP_Nonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2734] OBJ_id_pkix_OCSP_CrlID */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2743] OBJ_id_pkix_OCSP_acceptableResponses */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2752] OBJ_id_pkix_OCSP_noCheck */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2761] OBJ_id_pkix_OCSP_archiveCutoff */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2770] OBJ_id_pkix_OCSP_serviceLocator */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2779] OBJ_id_pkix_OCSP_extendedStatus */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2788] OBJ_id_pkix_OCSP_valid */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2797] OBJ_id_pkix_OCSP_path */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2806] OBJ_id_pkix_OCSP_trustRoot */
-0x2B,0x0E,0x03,0x02,                         /* [2815] OBJ_algorithm */
-0x2B,0x0E,0x03,0x02,0x0B,                    /* [2819] OBJ_rsaSignature */
-0x55,0x08,                                   /* [2824] OBJ_X500algorithms */
-0x2B,                                        /* [2826] OBJ_org */
-0x2B,0x06,                                   /* [2827] OBJ_dod */
-0x2B,0x06,0x01,                              /* [2829] OBJ_iana */
-0x2B,0x06,0x01,0x01,                         /* [2832] OBJ_Directory */
-0x2B,0x06,0x01,0x02,                         /* [2836] OBJ_Management */
-0x2B,0x06,0x01,0x03,                         /* [2840] OBJ_Experimental */
-0x2B,0x06,0x01,0x04,                         /* [2844] OBJ_Private */
-0x2B,0x06,0x01,0x05,                         /* [2848] OBJ_Security */
-0x2B,0x06,0x01,0x06,                         /* [2852] OBJ_SNMPv2 */
-0x2B,0x06,0x01,0x07,                         /* [2856] OBJ_Mail */
-0x2B,0x06,0x01,0x04,0x01,                    /* [2860] OBJ_Enterprises */
-0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2865] OBJ_dcObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2874] OBJ_domainComponent */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2884] OBJ_Domain */
-0x00,                                        /* [2894] OBJ_joint_iso_ccitt */
-0x55,0x01,0x05,                              /* [2895] OBJ_selected_attribute_types */
-0x55,0x01,0x05,0x37,                         /* [2898] OBJ_clearance */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2902] OBJ_md4WithRSAEncryption */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A,     /* [2911] OBJ_ac_proxying */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B,     /* [2919] OBJ_sinfo_access */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06,     /* [2927] OBJ_id_aca_encAttrs */
-0x55,0x04,0x48,                              /* [2935] OBJ_role */
-0x55,0x1D,0x24,                              /* [2938] OBJ_policy_constraints */
-0x55,0x1D,0x37,                              /* [2941] OBJ_target_information */
-0x55,0x1D,0x38,                              /* [2944] OBJ_no_rev_avail */
-0x00,                                        /* [2947] OBJ_ccitt */
-0x2A,0x86,0x48,0xCE,0x3D,                    /* [2948] OBJ_ansi_X9_62 */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01,          /* [2953] OBJ_X9_62_prime_field */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,          /* [2960] OBJ_X9_62_characteristic_two_field */
-0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01,          /* [2967] OBJ_X9_62_id_ecPublicKey */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01,     /* [2974] OBJ_X9_62_prime192v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02,     /* [2982] OBJ_X9_62_prime192v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03,     /* [2990] OBJ_X9_62_prime192v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04,     /* [2998] OBJ_X9_62_prime239v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05,     /* [3006] OBJ_X9_62_prime239v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06,     /* [3014] OBJ_X9_62_prime239v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07,     /* [3022] OBJ_X9_62_prime256v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01,          /* [3030] OBJ_ecdsa_with_SHA1 */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3037] OBJ_ms_csp_name */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3046] OBJ_aes_128_ecb */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3055] OBJ_aes_128_cbc */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3064] OBJ_aes_128_ofb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3073] OBJ_aes_128_cfb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3082] OBJ_aes_192_ecb */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3091] OBJ_aes_192_cbc */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3100] OBJ_aes_192_ofb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3109] OBJ_aes_192_cfb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3118] OBJ_aes_256_ecb */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3127] OBJ_aes_256_cbc */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3136] OBJ_aes_256_ofb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3145] OBJ_aes_256_cfb128 */
-0x55,0x1D,0x17,                              /* [3154] OBJ_hold_instruction_code */
-0x2A,0x86,0x48,0xCE,0x38,0x02,0x01,          /* [3157] OBJ_hold_instruction_none */
-0x2A,0x86,0x48,0xCE,0x38,0x02,0x02,          /* [3164] OBJ_hold_instruction_call_issuer */
-0x2A,0x86,0x48,0xCE,0x38,0x02,0x03,          /* [3171] OBJ_hold_instruction_reject */
-0x09,                                        /* [3178] OBJ_data */
-0x09,0x92,0x26,                              /* [3179] OBJ_pss */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,          /* [3182] OBJ_ucl */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,     /* [3189] OBJ_pilot */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3197] OBJ_pilotAttributeType */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3206] OBJ_pilotAttributeSyntax */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3215] OBJ_pilotObjectClass */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3224] OBJ_pilotGroups */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3233] OBJ_iA5StringSyntax */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3243] OBJ_caseIgnoreIA5StringSyntax */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3253] OBJ_pilotObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3263] OBJ_pilotPerson */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3273] OBJ_account */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3283] OBJ_document */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3293] OBJ_room */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3303] OBJ_documentSeries */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3313] OBJ_rFC822localPart */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3323] OBJ_dNSDomain */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3333] OBJ_domainRelatedObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3343] OBJ_friendlyCountry */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3353] OBJ_simpleSecurityObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3363] OBJ_pilotOrganization */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3373] OBJ_pilotDSA */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3383] OBJ_qualityLabelledData */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3393] OBJ_userId */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3403] OBJ_textEncodedORAddress */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3413] OBJ_rfc822Mailbox */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3423] OBJ_info */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3433] OBJ_favouriteDrink */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3443] OBJ_roomNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3453] OBJ_photo */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3463] OBJ_userClass */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3473] OBJ_host */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3483] OBJ_manager */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3493] OBJ_documentIdentifier */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3503] OBJ_documentTitle */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3513] OBJ_documentVersion */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3523] OBJ_documentAuthor */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3533] OBJ_documentLocation */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3543] OBJ_homeTelephoneNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3553] OBJ_secretary */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3563] OBJ_otherMailbox */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3573] OBJ_lastModifiedTime */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3583] OBJ_lastModifiedBy */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3593] OBJ_aRecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3603] OBJ_pilotAttributeType27 */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3613] OBJ_mXRecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3623] OBJ_nSRecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3633] OBJ_sOARecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3643] OBJ_cNAMERecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3653] OBJ_associatedDomain */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3663] OBJ_associatedName */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3673] OBJ_homePostalAddress */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3683] OBJ_personalTitle */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3693] OBJ_mobileTelephoneNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3703] OBJ_pagerTelephoneNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3713] OBJ_friendlyCountryName */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3723] OBJ_organizationalStatus */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3733] OBJ_janetMailbox */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3743] OBJ_mailPreferenceOption */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3753] OBJ_buildingName */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3763] OBJ_dSAQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3773] OBJ_singleLevelQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3783] OBJ_subtreeMinimumQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3793] OBJ_subtreeMaximumQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3803] OBJ_personalSignature */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3813] OBJ_dITRedirect */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3823] OBJ_audio */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3833] OBJ_documentPublisher */
-0x55,0x04,0x2D,                              /* [3843] OBJ_x500UniqueIdentifier */
-0x2B,0x06,0x01,0x07,0x01,                    /* [3846] OBJ_mime_mhs */
-0x2B,0x06,0x01,0x07,0x01,0x01,               /* [3851] OBJ_mime_mhs_headings */
-0x2B,0x06,0x01,0x07,0x01,0x02,               /* [3857] OBJ_mime_mhs_bodies */
-0x2B,0x06,0x01,0x07,0x01,0x01,0x01,          /* [3863] OBJ_id_hex_partial_message */
-0x2B,0x06,0x01,0x07,0x01,0x01,0x02,          /* [3870] OBJ_id_hex_multipart_message */
-0x55,0x04,0x2C,                              /* [3877] OBJ_generationQualifier */
-0x55,0x04,0x41,                              /* [3880] OBJ_pseudonym */
-0x67,0x2A,                                   /* [3883] OBJ_id_set */
-0x67,0x2A,0x00,                              /* [3885] OBJ_set_ctype */
-0x67,0x2A,0x01,                              /* [3888] OBJ_set_msgExt */
-0x67,0x2A,0x03,                              /* [3891] OBJ_set_attr */
-0x67,0x2A,0x05,                              /* [3894] OBJ_set_policy */
-0x67,0x2A,0x07,                              /* [3897] OBJ_set_certExt */
-0x67,0x2A,0x08,                              /* [3900] OBJ_set_brand */
-0x67,0x2A,0x00,0x00,                         /* [3903] OBJ_setct_PANData */
-0x67,0x2A,0x00,0x01,                         /* [3907] OBJ_setct_PANToken */
-0x67,0x2A,0x00,0x02,                         /* [3911] OBJ_setct_PANOnly */
-0x67,0x2A,0x00,0x03,                         /* [3915] OBJ_setct_OIData */
-0x67,0x2A,0x00,0x04,                         /* [3919] OBJ_setct_PI */
-0x67,0x2A,0x00,0x05,                         /* [3923] OBJ_setct_PIData */
-0x67,0x2A,0x00,0x06,                         /* [3927] OBJ_setct_PIDataUnsigned */
-0x67,0x2A,0x00,0x07,                         /* [3931] OBJ_setct_HODInput */
-0x67,0x2A,0x00,0x08,                         /* [3935] OBJ_setct_AuthResBaggage */
-0x67,0x2A,0x00,0x09,                         /* [3939] OBJ_setct_AuthRevReqBaggage */
-0x67,0x2A,0x00,0x0A,                         /* [3943] OBJ_setct_AuthRevResBaggage */
-0x67,0x2A,0x00,0x0B,                         /* [3947] OBJ_setct_CapTokenSeq */
-0x67,0x2A,0x00,0x0C,                         /* [3951] OBJ_setct_PInitResData */
-0x67,0x2A,0x00,0x0D,                         /* [3955] OBJ_setct_PI_TBS */
-0x67,0x2A,0x00,0x0E,                         /* [3959] OBJ_setct_PResData */
-0x67,0x2A,0x00,0x10,                         /* [3963] OBJ_setct_AuthReqTBS */
-0x67,0x2A,0x00,0x11,                         /* [3967] OBJ_setct_AuthResTBS */
-0x67,0x2A,0x00,0x12,                         /* [3971] OBJ_setct_AuthResTBSX */
-0x67,0x2A,0x00,0x13,                         /* [3975] OBJ_setct_AuthTokenTBS */
-0x67,0x2A,0x00,0x14,                         /* [3979] OBJ_setct_CapTokenData */
-0x67,0x2A,0x00,0x15,                         /* [3983] OBJ_setct_CapTokenTBS */
-0x67,0x2A,0x00,0x16,                         /* [3987] OBJ_setct_AcqCardCodeMsg */
-0x67,0x2A,0x00,0x17,                         /* [3991] OBJ_setct_AuthRevReqTBS */
-0x67,0x2A,0x00,0x18,                         /* [3995] OBJ_setct_AuthRevResData */
-0x67,0x2A,0x00,0x19,                         /* [3999] OBJ_setct_AuthRevResTBS */
-0x67,0x2A,0x00,0x1A,                         /* [4003] OBJ_setct_CapReqTBS */
-0x67,0x2A,0x00,0x1B,                         /* [4007] OBJ_setct_CapReqTBSX */
-0x67,0x2A,0x00,0x1C,                         /* [4011] OBJ_setct_CapResData */
-0x67,0x2A,0x00,0x1D,                         /* [4015] OBJ_setct_CapRevReqTBS */
-0x67,0x2A,0x00,0x1E,                         /* [4019] OBJ_setct_CapRevReqTBSX */
-0x67,0x2A,0x00,0x1F,                         /* [4023] OBJ_setct_CapRevResData */
-0x67,0x2A,0x00,0x20,                         /* [4027] OBJ_setct_CredReqTBS */
-0x67,0x2A,0x00,0x21,                         /* [4031] OBJ_setct_CredReqTBSX */
-0x67,0x2A,0x00,0x22,                         /* [4035] OBJ_setct_CredResData */
-0x67,0x2A,0x00,0x23,                         /* [4039] OBJ_setct_CredRevReqTBS */
-0x67,0x2A,0x00,0x24,                         /* [4043] OBJ_setct_CredRevReqTBSX */
-0x67,0x2A,0x00,0x25,                         /* [4047] OBJ_setct_CredRevResData */
-0x67,0x2A,0x00,0x26,                         /* [4051] OBJ_setct_PCertReqData */
-0x67,0x2A,0x00,0x27,                         /* [4055] OBJ_setct_PCertResTBS */
-0x67,0x2A,0x00,0x28,                         /* [4059] OBJ_setct_BatchAdminReqData */
-0x67,0x2A,0x00,0x29,                         /* [4063] OBJ_setct_BatchAdminResData */
-0x67,0x2A,0x00,0x2A,                         /* [4067] OBJ_setct_CardCInitResTBS */
-0x67,0x2A,0x00,0x2B,                         /* [4071] OBJ_setct_MeAqCInitResTBS */
-0x67,0x2A,0x00,0x2C,                         /* [4075] OBJ_setct_RegFormResTBS */
-0x67,0x2A,0x00,0x2D,                         /* [4079] OBJ_setct_CertReqData */
-0x67,0x2A,0x00,0x2E,                         /* [4083] OBJ_setct_CertReqTBS */
-0x67,0x2A,0x00,0x2F,                         /* [4087] OBJ_setct_CertResData */
-0x67,0x2A,0x00,0x30,                         /* [4091] OBJ_setct_CertInqReqTBS */
-0x67,0x2A,0x00,0x31,                         /* [4095] OBJ_setct_ErrorTBS */
-0x67,0x2A,0x00,0x32,                         /* [4099] OBJ_setct_PIDualSignedTBE */
-0x67,0x2A,0x00,0x33,                         /* [4103] OBJ_setct_PIUnsignedTBE */
-0x67,0x2A,0x00,0x34,                         /* [4107] OBJ_setct_AuthReqTBE */
-0x67,0x2A,0x00,0x35,                         /* [4111] OBJ_setct_AuthResTBE */
-0x67,0x2A,0x00,0x36,                         /* [4115] OBJ_setct_AuthResTBEX */
-0x67,0x2A,0x00,0x37,                         /* [4119] OBJ_setct_AuthTokenTBE */
-0x67,0x2A,0x00,0x38,                         /* [4123] OBJ_setct_CapTokenTBE */
-0x67,0x2A,0x00,0x39,                         /* [4127] OBJ_setct_CapTokenTBEX */
-0x67,0x2A,0x00,0x3A,                         /* [4131] OBJ_setct_AcqCardCodeMsgTBE */
-0x67,0x2A,0x00,0x3B,                         /* [4135] OBJ_setct_AuthRevReqTBE */
-0x67,0x2A,0x00,0x3C,                         /* [4139] OBJ_setct_AuthRevResTBE */
-0x67,0x2A,0x00,0x3D,                         /* [4143] OBJ_setct_AuthRevResTBEB */
-0x67,0x2A,0x00,0x3E,                         /* [4147] OBJ_setct_CapReqTBE */
-0x67,0x2A,0x00,0x3F,                         /* [4151] OBJ_setct_CapReqTBEX */
-0x67,0x2A,0x00,0x40,                         /* [4155] OBJ_setct_CapResTBE */
-0x67,0x2A,0x00,0x41,                         /* [4159] OBJ_setct_CapRevReqTBE */
-0x67,0x2A,0x00,0x42,                         /* [4163] OBJ_setct_CapRevReqTBEX */
-0x67,0x2A,0x00,0x43,                         /* [4167] OBJ_setct_CapRevResTBE */
-0x67,0x2A,0x00,0x44,                         /* [4171] OBJ_setct_CredReqTBE */
-0x67,0x2A,0x00,0x45,                         /* [4175] OBJ_setct_CredReqTBEX */
-0x67,0x2A,0x00,0x46,                         /* [4179] OBJ_setct_CredResTBE */
-0x67,0x2A,0x00,0x47,                         /* [4183] OBJ_setct_CredRevReqTBE */
-0x67,0x2A,0x00,0x48,                         /* [4187] OBJ_setct_CredRevReqTBEX */
-0x67,0x2A,0x00,0x49,                         /* [4191] OBJ_setct_CredRevResTBE */
-0x67,0x2A,0x00,0x4A,                         /* [4195] OBJ_setct_BatchAdminReqTBE */
-0x67,0x2A,0x00,0x4B,                         /* [4199] OBJ_setct_BatchAdminResTBE */
-0x67,0x2A,0x00,0x4C,                         /* [4203] OBJ_setct_RegFormReqTBE */
-0x67,0x2A,0x00,0x4D,                         /* [4207] OBJ_setct_CertReqTBE */
-0x67,0x2A,0x00,0x4E,                         /* [4211] OBJ_setct_CertReqTBEX */
-0x67,0x2A,0x00,0x4F,                         /* [4215] OBJ_setct_CertResTBE */
-0x67,0x2A,0x00,0x50,                         /* [4219] OBJ_setct_CRLNotificationTBS */
-0x67,0x2A,0x00,0x51,                         /* [4223] OBJ_setct_CRLNotificationResTBS */
-0x67,0x2A,0x00,0x52,                         /* [4227] OBJ_setct_BCIDistributionTBS */
-0x67,0x2A,0x01,0x01,                         /* [4231] OBJ_setext_genCrypt */
-0x67,0x2A,0x01,0x03,                         /* [4235] OBJ_setext_miAuth */
-0x67,0x2A,0x01,0x04,                         /* [4239] OBJ_setext_pinSecure */
-0x67,0x2A,0x01,0x05,                         /* [4243] OBJ_setext_pinAny */
-0x67,0x2A,0x01,0x07,                         /* [4247] OBJ_setext_track2 */
-0x67,0x2A,0x01,0x08,                         /* [4251] OBJ_setext_cv */
-0x67,0x2A,0x05,0x00,                         /* [4255] OBJ_set_policy_root */
-0x67,0x2A,0x07,0x00,                         /* [4259] OBJ_setCext_hashedRoot */
-0x67,0x2A,0x07,0x01,                         /* [4263] OBJ_setCext_certType */
-0x67,0x2A,0x07,0x02,                         /* [4267] OBJ_setCext_merchData */
-0x67,0x2A,0x07,0x03,                         /* [4271] OBJ_setCext_cCertRequired */
-0x67,0x2A,0x07,0x04,                         /* [4275] OBJ_setCext_tunneling */
-0x67,0x2A,0x07,0x05,                         /* [4279] OBJ_setCext_setExt */
-0x67,0x2A,0x07,0x06,                         /* [4283] OBJ_setCext_setQualf */
-0x67,0x2A,0x07,0x07,                         /* [4287] OBJ_setCext_PGWYcapabilities */
-0x67,0x2A,0x07,0x08,                         /* [4291] OBJ_setCext_TokenIdentifier */
-0x67,0x2A,0x07,0x09,                         /* [4295] OBJ_setCext_Track2Data */
-0x67,0x2A,0x07,0x0A,                         /* [4299] OBJ_setCext_TokenType */
-0x67,0x2A,0x07,0x0B,                         /* [4303] OBJ_setCext_IssuerCapabilities */
-0x67,0x2A,0x03,0x00,                         /* [4307] OBJ_setAttr_Cert */
-0x67,0x2A,0x03,0x01,                         /* [4311] OBJ_setAttr_PGWYcap */
-0x67,0x2A,0x03,0x02,                         /* [4315] OBJ_setAttr_TokenType */
-0x67,0x2A,0x03,0x03,                         /* [4319] OBJ_setAttr_IssCap */
-0x67,0x2A,0x03,0x00,0x00,                    /* [4323] OBJ_set_rootKeyThumb */
-0x67,0x2A,0x03,0x00,0x01,                    /* [4328] OBJ_set_addPolicy */
-0x67,0x2A,0x03,0x02,0x01,                    /* [4333] OBJ_setAttr_Token_EMV */
-0x67,0x2A,0x03,0x02,0x02,                    /* [4338] OBJ_setAttr_Token_B0Prime */
-0x67,0x2A,0x03,0x03,0x03,                    /* [4343] OBJ_setAttr_IssCap_CVM */
-0x67,0x2A,0x03,0x03,0x04,                    /* [4348] OBJ_setAttr_IssCap_T2 */
-0x67,0x2A,0x03,0x03,0x05,                    /* [4353] OBJ_setAttr_IssCap_Sig */
-0x67,0x2A,0x03,0x03,0x03,0x01,               /* [4358] OBJ_setAttr_GenCryptgrm */
-0x67,0x2A,0x03,0x03,0x04,0x01,               /* [4364] OBJ_setAttr_T2Enc */
-0x67,0x2A,0x03,0x03,0x04,0x02,               /* [4370] OBJ_setAttr_T2cleartxt */
-0x67,0x2A,0x03,0x03,0x05,0x01,               /* [4376] OBJ_setAttr_TokICCsig */
-0x67,0x2A,0x03,0x03,0x05,0x02,               /* [4382] OBJ_setAttr_SecDevSig */
-0x67,0x2A,0x08,0x01,                         /* [4388] OBJ_set_brand_IATA_ATA */
-0x67,0x2A,0x08,0x1E,                         /* [4392] OBJ_set_brand_Diners */
-0x67,0x2A,0x08,0x22,                         /* [4396] OBJ_set_brand_AmericanExpress */
-0x67,0x2A,0x08,0x23,                         /* [4400] OBJ_set_brand_JCB */
-0x67,0x2A,0x08,0x04,                         /* [4404] OBJ_set_brand_Visa */
-0x67,0x2A,0x08,0x05,                         /* [4408] OBJ_set_brand_MasterCard */
-0x67,0x2A,0x08,0xAE,0x7B,                    /* [4412] OBJ_set_brand_Novus */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A,     /* [4417] OBJ_des_cdmf */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4425] OBJ_rsaOAEPEncryptionSET */
-0x00,                                        /* [4434] OBJ_itu_t */
-0x50,                                        /* [4435] OBJ_joint_iso_itu_t */
-0x67,                                        /* [4436] OBJ_international_organizations */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4437] OBJ_ms_smartcard_login */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4447] OBJ_ms_upn */
-0x55,0x04,0x09,                              /* [4457] OBJ_streetAddress */
-0x55,0x04,0x11,                              /* [4460] OBJ_postalCode */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,          /* [4463] OBJ_id_ppl */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E,     /* [4470] OBJ_proxyCertInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00,     /* [4478] OBJ_id_ppl_anyLanguage */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01,     /* [4486] OBJ_id_ppl_inheritAll */
-0x55,0x1D,0x1E,                              /* [4494] OBJ_name_constraints */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02,     /* [4497] OBJ_Independent */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4505] OBJ_sha256WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4514] OBJ_sha384WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4523] OBJ_sha512WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4532] OBJ_sha224WithRSAEncryption */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4541] OBJ_sha256 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4550] OBJ_sha384 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4559] OBJ_sha512 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4568] OBJ_sha224 */
-0x2B,                                        /* [4577] OBJ_identified_organization */
-0x2B,0x81,0x04,                              /* [4578] OBJ_certicom_arc */
-0x67,0x2B,                                   /* [4581] OBJ_wap */
-0x67,0x2B,0x0D,                              /* [4583] OBJ_wap_wsg */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,     /* [4586] OBJ_X9_62_id_characteristic_two_basis */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4594] OBJ_X9_62_onBasis */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4603] OBJ_X9_62_tpBasis */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4612] OBJ_X9_62_ppBasis */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01,     /* [4621] OBJ_X9_62_c2pnb163v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02,     /* [4629] OBJ_X9_62_c2pnb163v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03,     /* [4637] OBJ_X9_62_c2pnb163v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04,     /* [4645] OBJ_X9_62_c2pnb176v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05,     /* [4653] OBJ_X9_62_c2tnb191v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06,     /* [4661] OBJ_X9_62_c2tnb191v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07,     /* [4669] OBJ_X9_62_c2tnb191v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08,     /* [4677] OBJ_X9_62_c2onb191v4 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09,     /* [4685] OBJ_X9_62_c2onb191v5 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A,     /* [4693] OBJ_X9_62_c2pnb208w1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B,     /* [4701] OBJ_X9_62_c2tnb239v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C,     /* [4709] OBJ_X9_62_c2tnb239v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D,     /* [4717] OBJ_X9_62_c2tnb239v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E,     /* [4725] OBJ_X9_62_c2onb239v4 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F,     /* [4733] OBJ_X9_62_c2onb239v5 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10,     /* [4741] OBJ_X9_62_c2pnb272w1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11,     /* [4749] OBJ_X9_62_c2pnb304w1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12,     /* [4757] OBJ_X9_62_c2tnb359v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13,     /* [4765] OBJ_X9_62_c2pnb368w1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14,     /* [4773] OBJ_X9_62_c2tnb431r1 */
-0x2B,0x81,0x04,0x00,0x06,                    /* [4781] OBJ_secp112r1 */
-0x2B,0x81,0x04,0x00,0x07,                    /* [4786] OBJ_secp112r2 */
-0x2B,0x81,0x04,0x00,0x1C,                    /* [4791] OBJ_secp128r1 */
-0x2B,0x81,0x04,0x00,0x1D,                    /* [4796] OBJ_secp128r2 */
-0x2B,0x81,0x04,0x00,0x09,                    /* [4801] OBJ_secp160k1 */
-0x2B,0x81,0x04,0x00,0x08,                    /* [4806] OBJ_secp160r1 */
-0x2B,0x81,0x04,0x00,0x1E,                    /* [4811] OBJ_secp160r2 */
-0x2B,0x81,0x04,0x00,0x1F,                    /* [4816] OBJ_secp192k1 */
-0x2B,0x81,0x04,0x00,0x20,                    /* [4821] OBJ_secp224k1 */
-0x2B,0x81,0x04,0x00,0x21,                    /* [4826] OBJ_secp224r1 */
-0x2B,0x81,0x04,0x00,0x0A,                    /* [4831] OBJ_secp256k1 */
-0x2B,0x81,0x04,0x00,0x22,                    /* [4836] OBJ_secp384r1 */
-0x2B,0x81,0x04,0x00,0x23,                    /* [4841] OBJ_secp521r1 */
-0x2B,0x81,0x04,0x00,0x04,                    /* [4846] OBJ_sect113r1 */
-0x2B,0x81,0x04,0x00,0x05,                    /* [4851] OBJ_sect113r2 */
-0x2B,0x81,0x04,0x00,0x16,                    /* [4856] OBJ_sect131r1 */
-0x2B,0x81,0x04,0x00,0x17,                    /* [4861] OBJ_sect131r2 */
-0x2B,0x81,0x04,0x00,0x01,                    /* [4866] OBJ_sect163k1 */
-0x2B,0x81,0x04,0x00,0x02,                    /* [4871] OBJ_sect163r1 */
-0x2B,0x81,0x04,0x00,0x0F,                    /* [4876] OBJ_sect163r2 */
-0x2B,0x81,0x04,0x00,0x18,                    /* [4881] OBJ_sect193r1 */
-0x2B,0x81,0x04,0x00,0x19,                    /* [4886] OBJ_sect193r2 */
-0x2B,0x81,0x04,0x00,0x1A,                    /* [4891] OBJ_sect233k1 */
-0x2B,0x81,0x04,0x00,0x1B,                    /* [4896] OBJ_sect233r1 */
-0x2B,0x81,0x04,0x00,0x03,                    /* [4901] OBJ_sect239k1 */
-0x2B,0x81,0x04,0x00,0x10,                    /* [4906] OBJ_sect283k1 */
-0x2B,0x81,0x04,0x00,0x11,                    /* [4911] OBJ_sect283r1 */
-0x2B,0x81,0x04,0x00,0x24,                    /* [4916] OBJ_sect409k1 */
-0x2B,0x81,0x04,0x00,0x25,                    /* [4921] OBJ_sect409r1 */
-0x2B,0x81,0x04,0x00,0x26,                    /* [4926] OBJ_sect571k1 */
-0x2B,0x81,0x04,0x00,0x27,                    /* [4931] OBJ_sect571r1 */
-0x67,0x2B,0x0D,0x04,0x01,                    /* [4936] OBJ_wap_wsg_idm_ecid_wtls1 */
-0x67,0x2B,0x0D,0x04,0x03,                    /* [4941] OBJ_wap_wsg_idm_ecid_wtls3 */
-0x67,0x2B,0x0D,0x04,0x04,                    /* [4946] OBJ_wap_wsg_idm_ecid_wtls4 */
-0x67,0x2B,0x0D,0x04,0x05,                    /* [4951] OBJ_wap_wsg_idm_ecid_wtls5 */
-0x67,0x2B,0x0D,0x04,0x06,                    /* [4956] OBJ_wap_wsg_idm_ecid_wtls6 */
-0x67,0x2B,0x0D,0x04,0x07,                    /* [4961] OBJ_wap_wsg_idm_ecid_wtls7 */
-0x67,0x2B,0x0D,0x04,0x08,                    /* [4966] OBJ_wap_wsg_idm_ecid_wtls8 */
-0x67,0x2B,0x0D,0x04,0x09,                    /* [4971] OBJ_wap_wsg_idm_ecid_wtls9 */
-0x67,0x2B,0x0D,0x04,0x0A,                    /* [4976] OBJ_wap_wsg_idm_ecid_wtls10 */
-0x67,0x2B,0x0D,0x04,0x0B,                    /* [4981] OBJ_wap_wsg_idm_ecid_wtls11 */
-0x67,0x2B,0x0D,0x04,0x0C,                    /* [4986] OBJ_wap_wsg_idm_ecid_wtls12 */
-0x55,0x1D,0x20,0x00,                         /* [4991] OBJ_any_policy */
-0x55,0x1D,0x21,                              /* [4995] OBJ_policy_mappings */
-0x55,0x1D,0x36,                              /* [4998] OBJ_inhibit_any_policy */
-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [5001] OBJ_camellia_128_cbc */
-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5012] OBJ_camellia_192_cbc */
-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5023] OBJ_camellia_256_cbc */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01,     /* [5034] OBJ_camellia_128_ecb */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15,     /* [5042] OBJ_camellia_192_ecb */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29,     /* [5050] OBJ_camellia_256_ecb */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04,     /* [5058] OBJ_camellia_128_cfb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18,     /* [5066] OBJ_camellia_192_cfb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C,     /* [5074] OBJ_camellia_256_cfb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03,     /* [5082] OBJ_camellia_128_ofb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17,     /* [5090] OBJ_camellia_192_ofb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B,     /* [5098] OBJ_camellia_256_ofb128 */
-0x55,0x1D,0x09,                              /* [5106] OBJ_subject_directory_attributes */
-0x55,0x1D,0x1C,                              /* [5109] OBJ_issuing_distribution_point */
-0x55,0x1D,0x1D,                              /* [5112] OBJ_certificate_issuer */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,               /* [5115] OBJ_kisa */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03,     /* [5121] OBJ_seed_ecb */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04,     /* [5129] OBJ_seed_cbc */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06,     /* [5137] OBJ_seed_ofb128 */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05,     /* [5145] OBJ_seed_cfb128 */
-0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01,     /* [5153] OBJ_hmac_md5 */
-0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02,     /* [5161] OBJ_hmac_sha1 */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,/* [5169] OBJ_id_PasswordBasedMAC */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,/* [5178] OBJ_id_DHBasedMac */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10,     /* [5187] OBJ_id_it_suppLangTags */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05,     /* [5195] OBJ_caRepository */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08,/* [623] OBJ_zlib_compression */
+0x55,0x1D,0x25,                              /* [634] OBJ_ext_key_usage */
+0x2B,0x06,0x01,0x05,0x05,0x07,               /* [637] OBJ_id_pkix */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,          /* [643] OBJ_id_kp */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,     /* [650] OBJ_server_auth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,     /* [658] OBJ_client_auth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,     /* [666] OBJ_code_sign */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04,     /* [674] OBJ_email_protect */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08,     /* [682] OBJ_time_stamp */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [690] OBJ_ms_code_ind */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [700] OBJ_ms_code_com */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [710] OBJ_ms_ctl_sign */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [720] OBJ_ms_sgc */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [730] OBJ_ms_efs */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [740] OBJ_ns_sgc */
+0x55,0x1D,0x1B,                              /* [749] OBJ_delta_crl */
+0x55,0x1D,0x15,                              /* [752] OBJ_crl_reason */
+0x55,0x1D,0x18,                              /* [755] OBJ_invalidity_date */
+0x2B,0x65,0x01,0x04,0x01,                    /* [758] OBJ_sxnet */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [763] OBJ_pbe_WithSHA1And128BitRC4 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [773] OBJ_pbe_WithSHA1And40BitRC4 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [783] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [793] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [803] OBJ_pbe_WithSHA1And128BitRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [813] OBJ_pbe_WithSHA1And40BitRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [823] OBJ_keyBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [834] OBJ_pkcs8ShroudedKeyBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [845] OBJ_certBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [856] OBJ_crlBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [867] OBJ_secretBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [878] OBJ_safeContentsBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [889] OBJ_friendlyName */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [898] OBJ_localKeyID */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [907] OBJ_x509Certificate */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [917] OBJ_sdsiCertificate */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [927] OBJ_x509Crl */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [937] OBJ_pbes2 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [946] OBJ_pbmac1 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07,     /* [955] OBJ_hmacWithSHA1 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,     /* [963] OBJ_id_qt_cps */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,     /* [971] OBJ_id_qt_unotice */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [979] OBJ_SMIMECapabilities */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [988] OBJ_pbeWithMD2AndRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [997] OBJ_pbeWithMD5AndRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1006] OBJ_pbeWithSHA1AndDES_CBC */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1015] OBJ_ms_ext_req */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1025] OBJ_ext_req */
+0x55,0x04,0x29,                              /* [1034] OBJ_name */
+0x55,0x04,0x2E,                              /* [1037] OBJ_dnQualifier */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,          /* [1040] OBJ_id_pe */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,          /* [1047] OBJ_id_ad */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,     /* [1054] OBJ_info_access */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,     /* [1062] OBJ_ad_OCSP */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,     /* [1070] OBJ_ad_ca_issuers */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09,     /* [1078] OBJ_OCSP_sign */
+0x28,                                        /* [1086] OBJ_iso */
+0x2A,                                        /* [1087] OBJ_member_body */
+0x2A,0x86,0x48,                              /* [1088] OBJ_ISO_US */
+0x2A,0x86,0x48,0xCE,0x38,                    /* [1091] OBJ_X9_57 */
+0x2A,0x86,0x48,0xCE,0x38,0x04,               /* [1096] OBJ_X9cm */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,     /* [1102] OBJ_pkcs1 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,     /* [1110] OBJ_pkcs5 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1118] OBJ_SMIME */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1127] OBJ_id_smime_mod */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1137] OBJ_id_smime_ct */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1147] OBJ_id_smime_aa */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1157] OBJ_id_smime_alg */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1167] OBJ_id_smime_cd */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1177] OBJ_id_smime_spq */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1187] OBJ_id_smime_cti */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1197] OBJ_id_smime_mod_cms */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1208] OBJ_id_smime_mod_ess */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1219] OBJ_id_smime_mod_oid */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1230] OBJ_id_smime_mod_msg_v3 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1241] OBJ_id_smime_mod_ets_eSignature_88 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1252] OBJ_id_smime_mod_ets_eSignature_97 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1263] OBJ_id_smime_mod_ets_eSigPolicy_88 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1274] OBJ_id_smime_mod_ets_eSigPolicy_97 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1285] OBJ_id_smime_ct_receipt */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1296] OBJ_id_smime_ct_authData */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1307] OBJ_id_smime_ct_publishCert */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1318] OBJ_id_smime_ct_TSTInfo */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1329] OBJ_id_smime_ct_TDTInfo */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1340] OBJ_id_smime_ct_contentInfo */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1351] OBJ_id_smime_ct_DVCSRequestData */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1362] OBJ_id_smime_ct_DVCSResponseData */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1373] OBJ_id_smime_aa_receiptRequest */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1384] OBJ_id_smime_aa_securityLabel */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1395] OBJ_id_smime_aa_mlExpandHistory */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1406] OBJ_id_smime_aa_contentHint */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1417] OBJ_id_smime_aa_msgSigDigest */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1428] OBJ_id_smime_aa_encapContentType */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1439] OBJ_id_smime_aa_contentIdentifier */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1450] OBJ_id_smime_aa_macValue */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1461] OBJ_id_smime_aa_equivalentLabels */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1472] OBJ_id_smime_aa_contentReference */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1483] OBJ_id_smime_aa_encrypKeyPref */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1494] OBJ_id_smime_aa_signingCertificate */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1505] OBJ_id_smime_aa_smimeEncryptCerts */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1516] OBJ_id_smime_aa_timeStampToken */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1527] OBJ_id_smime_aa_ets_sigPolicyId */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1538] OBJ_id_smime_aa_ets_commitmentType */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1549] OBJ_id_smime_aa_ets_signerLocation */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1560] OBJ_id_smime_aa_ets_signerAttr */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1571] OBJ_id_smime_aa_ets_otherSigCert */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1582] OBJ_id_smime_aa_ets_contentTimestamp */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1593] OBJ_id_smime_aa_ets_CertificateRefs */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1604] OBJ_id_smime_aa_ets_RevocationRefs */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1615] OBJ_id_smime_aa_ets_certValues */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1626] OBJ_id_smime_aa_ets_revocationValues */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1637] OBJ_id_smime_aa_ets_escTimeStamp */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1648] OBJ_id_smime_aa_ets_certCRLTimestamp */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1659] OBJ_id_smime_aa_ets_archiveTimeStamp */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1670] OBJ_id_smime_aa_signatureType */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1681] OBJ_id_smime_aa_dvcs_dvc */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1692] OBJ_id_smime_alg_ESDHwith3DES */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1703] OBJ_id_smime_alg_ESDHwithRC2 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1714] OBJ_id_smime_alg_3DESwrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1725] OBJ_id_smime_alg_RC2wrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1736] OBJ_id_smime_alg_ESDH */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1747] OBJ_id_smime_alg_CMS3DESwrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1758] OBJ_id_smime_alg_CMSRC2wrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1769] OBJ_id_smime_cd_ldap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1780] OBJ_id_smime_spq_ets_sqt_uri */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1791] OBJ_id_smime_spq_ets_sqt_unotice */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1802] OBJ_id_smime_cti_ets_proofOfOrigin */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1813] OBJ_id_smime_cti_ets_proofOfReceipt */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1824] OBJ_id_smime_cti_ets_proofOfDelivery */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1835] OBJ_id_smime_cti_ets_proofOfSender */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1846] OBJ_id_smime_cti_ets_proofOfApproval */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1857] OBJ_id_smime_cti_ets_proofOfCreation */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04,     /* [1868] OBJ_md4 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,          /* [1876] OBJ_id_pkix_mod */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,          /* [1883] OBJ_id_qt */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,          /* [1890] OBJ_id_it */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,          /* [1897] OBJ_id_pkip */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,          /* [1904] OBJ_id_alg */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,          /* [1911] OBJ_id_cmc */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x08,          /* [1918] OBJ_id_on */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,          /* [1925] OBJ_id_pda */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,          /* [1932] OBJ_id_aca */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,          /* [1939] OBJ_id_qcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,          /* [1946] OBJ_id_cct */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01,     /* [1953] OBJ_id_pkix1_explicit_88 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02,     /* [1961] OBJ_id_pkix1_implicit_88 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03,     /* [1969] OBJ_id_pkix1_explicit_93 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04,     /* [1977] OBJ_id_pkix1_implicit_93 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05,     /* [1985] OBJ_id_mod_crmf */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06,     /* [1993] OBJ_id_mod_cmc */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07,     /* [2001] OBJ_id_mod_kea_profile_88 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08,     /* [2009] OBJ_id_mod_kea_profile_93 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09,     /* [2017] OBJ_id_mod_cmp */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A,     /* [2025] OBJ_id_mod_qualified_cert_88 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B,     /* [2033] OBJ_id_mod_qualified_cert_93 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C,     /* [2041] OBJ_id_mod_attribute_cert */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D,     /* [2049] OBJ_id_mod_timestamp_protocol */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E,     /* [2057] OBJ_id_mod_ocsp */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F,     /* [2065] OBJ_id_mod_dvcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10,     /* [2073] OBJ_id_mod_cmp2000 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02,     /* [2081] OBJ_biometricInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03,     /* [2089] OBJ_qcStatements */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04,     /* [2097] OBJ_ac_auditEntity */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05,     /* [2105] OBJ_ac_targeting */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06,     /* [2113] OBJ_aaControls */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07,     /* [2121] OBJ_sbgp_ipAddrBlock */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08,     /* [2129] OBJ_sbgp_autonomousSysNum */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09,     /* [2137] OBJ_sbgp_routerIdentifier */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03,     /* [2145] OBJ_textNotice */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05,     /* [2153] OBJ_ipsecEndSystem */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06,     /* [2161] OBJ_ipsecTunnel */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07,     /* [2169] OBJ_ipsecUser */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A,     /* [2177] OBJ_dvcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01,     /* [2185] OBJ_id_it_caProtEncCert */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02,     /* [2193] OBJ_id_it_signKeyPairTypes */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03,     /* [2201] OBJ_id_it_encKeyPairTypes */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04,     /* [2209] OBJ_id_it_preferredSymmAlg */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05,     /* [2217] OBJ_id_it_caKeyUpdateInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06,     /* [2225] OBJ_id_it_currentCRL */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07,     /* [2233] OBJ_id_it_unsupportedOIDs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08,     /* [2241] OBJ_id_it_subscriptionRequest */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09,     /* [2249] OBJ_id_it_subscriptionResponse */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A,     /* [2257] OBJ_id_it_keyPairParamReq */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B,     /* [2265] OBJ_id_it_keyPairParamRep */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C,     /* [2273] OBJ_id_it_revPassphrase */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D,     /* [2281] OBJ_id_it_implicitConfirm */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E,     /* [2289] OBJ_id_it_confirmWaitTime */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F,     /* [2297] OBJ_id_it_origPKIMessage */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,     /* [2305] OBJ_id_regCtrl */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,     /* [2313] OBJ_id_regInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2321] OBJ_id_regCtrl_regToken */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2330] OBJ_id_regCtrl_authenticator */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2339] OBJ_id_regCtrl_pkiPublicationInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2348] OBJ_id_regCtrl_pkiArchiveOptions */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2357] OBJ_id_regCtrl_oldCertID */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2366] OBJ_id_regCtrl_protocolEncrKey */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2375] OBJ_id_regInfo_utf8Pairs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2384] OBJ_id_regInfo_certReq */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01,     /* [2393] OBJ_id_alg_des40 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02,     /* [2401] OBJ_id_alg_noSignature */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03,     /* [2409] OBJ_id_alg_dh_sig_hmac_sha1 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04,     /* [2417] OBJ_id_alg_dh_pop */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01,     /* [2425] OBJ_id_cmc_statusInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02,     /* [2433] OBJ_id_cmc_identification */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03,     /* [2441] OBJ_id_cmc_identityProof */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04,     /* [2449] OBJ_id_cmc_dataReturn */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05,     /* [2457] OBJ_id_cmc_transactionId */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06,     /* [2465] OBJ_id_cmc_senderNonce */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07,     /* [2473] OBJ_id_cmc_recipientNonce */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08,     /* [2481] OBJ_id_cmc_addExtensions */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09,     /* [2489] OBJ_id_cmc_encryptedPOP */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A,     /* [2497] OBJ_id_cmc_decryptedPOP */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B,     /* [2505] OBJ_id_cmc_lraPOPWitness */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F,     /* [2513] OBJ_id_cmc_getCert */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10,     /* [2521] OBJ_id_cmc_getCRL */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11,     /* [2529] OBJ_id_cmc_revokeRequest */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12,     /* [2537] OBJ_id_cmc_regInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13,     /* [2545] OBJ_id_cmc_responseInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15,     /* [2553] OBJ_id_cmc_queryPending */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16,     /* [2561] OBJ_id_cmc_popLinkRandom */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17,     /* [2569] OBJ_id_cmc_popLinkWitness */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18,     /* [2577] OBJ_id_cmc_confirmCertAcceptance */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01,     /* [2585] OBJ_id_on_personalData */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01,     /* [2593] OBJ_id_pda_dateOfBirth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02,     /* [2601] OBJ_id_pda_placeOfBirth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03,     /* [2609] OBJ_id_pda_gender */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04,     /* [2617] OBJ_id_pda_countryOfCitizenship */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05,     /* [2625] OBJ_id_pda_countryOfResidence */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01,     /* [2633] OBJ_id_aca_authenticationInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02,     /* [2641] OBJ_id_aca_accessIdentity */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03,     /* [2649] OBJ_id_aca_chargingIdentity */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04,     /* [2657] OBJ_id_aca_group */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05,     /* [2665] OBJ_id_aca_role */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01,     /* [2673] OBJ_id_qcs_pkixQCSyntax_v1 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01,     /* [2681] OBJ_id_cct_crs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02,     /* [2689] OBJ_id_cct_PKIData */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03,     /* [2697] OBJ_id_cct_PKIResponse */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03,     /* [2705] OBJ_ad_timeStamping */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04,     /* [2713] OBJ_ad_dvcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2721] OBJ_id_pkix_OCSP_basic */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2730] OBJ_id_pkix_OCSP_Nonce */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2739] OBJ_id_pkix_OCSP_CrlID */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2748] OBJ_id_pkix_OCSP_acceptableResponses */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2757] OBJ_id_pkix_OCSP_noCheck */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2766] OBJ_id_pkix_OCSP_archiveCutoff */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2775] OBJ_id_pkix_OCSP_serviceLocator */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2784] OBJ_id_pkix_OCSP_extendedStatus */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2793] OBJ_id_pkix_OCSP_valid */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2802] OBJ_id_pkix_OCSP_path */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2811] OBJ_id_pkix_OCSP_trustRoot */
+0x2B,0x0E,0x03,0x02,                         /* [2820] OBJ_algorithm */
+0x2B,0x0E,0x03,0x02,0x0B,                    /* [2824] OBJ_rsaSignature */
+0x55,0x08,                                   /* [2829] OBJ_X500algorithms */
+0x2B,                                        /* [2831] OBJ_org */
+0x2B,0x06,                                   /* [2832] OBJ_dod */
+0x2B,0x06,0x01,                              /* [2834] OBJ_iana */
+0x2B,0x06,0x01,0x01,                         /* [2837] OBJ_Directory */
+0x2B,0x06,0x01,0x02,                         /* [2841] OBJ_Management */
+0x2B,0x06,0x01,0x03,                         /* [2845] OBJ_Experimental */
+0x2B,0x06,0x01,0x04,                         /* [2849] OBJ_Private */
+0x2B,0x06,0x01,0x05,                         /* [2853] OBJ_Security */
+0x2B,0x06,0x01,0x06,                         /* [2857] OBJ_SNMPv2 */
+0x2B,0x06,0x01,0x07,                         /* [2861] OBJ_Mail */
+0x2B,0x06,0x01,0x04,0x01,                    /* [2865] OBJ_Enterprises */
+0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2870] OBJ_dcObject */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2879] OBJ_domainComponent */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2889] OBJ_Domain */
+0x00,                                        /* [2899] OBJ_joint_iso_ccitt */
+0x55,0x01,0x05,                              /* [2900] OBJ_selected_attribute_types */
+0x55,0x01,0x05,0x37,                         /* [2903] OBJ_clearance */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2907] OBJ_md4WithRSAEncryption */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A,     /* [2916] OBJ_ac_proxying */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B,     /* [2924] OBJ_sinfo_access */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06,     /* [2932] OBJ_id_aca_encAttrs */
+0x55,0x04,0x48,                              /* [2940] OBJ_role */
+0x55,0x1D,0x24,                              /* [2943] OBJ_policy_constraints */
+0x55,0x1D,0x37,                              /* [2946] OBJ_target_information */
+0x55,0x1D,0x38,                              /* [2949] OBJ_no_rev_avail */
+0x00,                                        /* [2952] OBJ_ccitt */
+0x2A,0x86,0x48,0xCE,0x3D,                    /* [2953] OBJ_ansi_X9_62 */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01,          /* [2958] OBJ_X9_62_prime_field */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,          /* [2965] OBJ_X9_62_characteristic_two_field */
+0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01,          /* [2972] OBJ_X9_62_id_ecPublicKey */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01,     /* [2979] OBJ_X9_62_prime192v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02,     /* [2987] OBJ_X9_62_prime192v2 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03,     /* [2995] OBJ_X9_62_prime192v3 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04,     /* [3003] OBJ_X9_62_prime239v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05,     /* [3011] OBJ_X9_62_prime239v2 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06,     /* [3019] OBJ_X9_62_prime239v3 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07,     /* [3027] OBJ_X9_62_prime256v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01,          /* [3035] OBJ_ecdsa_with_SHA1 */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3042] OBJ_ms_csp_name */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3051] OBJ_aes_128_ecb */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3060] OBJ_aes_128_cbc */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3069] OBJ_aes_128_ofb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3078] OBJ_aes_128_cfb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3087] OBJ_aes_192_ecb */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3096] OBJ_aes_192_cbc */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3105] OBJ_aes_192_ofb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3114] OBJ_aes_192_cfb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3123] OBJ_aes_256_ecb */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3132] OBJ_aes_256_cbc */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3141] OBJ_aes_256_ofb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3150] OBJ_aes_256_cfb128 */
+0x55,0x1D,0x17,                              /* [3159] OBJ_hold_instruction_code */
+0x2A,0x86,0x48,0xCE,0x38,0x02,0x01,          /* [3162] OBJ_hold_instruction_none */
+0x2A,0x86,0x48,0xCE,0x38,0x02,0x02,          /* [3169] OBJ_hold_instruction_call_issuer */
+0x2A,0x86,0x48,0xCE,0x38,0x02,0x03,          /* [3176] OBJ_hold_instruction_reject */
+0x09,                                        /* [3183] OBJ_data */
+0x09,0x92,0x26,                              /* [3184] OBJ_pss */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,          /* [3187] OBJ_ucl */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,     /* [3194] OBJ_pilot */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3202] OBJ_pilotAttributeType */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3211] OBJ_pilotAttributeSyntax */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3220] OBJ_pilotObjectClass */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3229] OBJ_pilotGroups */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3238] OBJ_iA5StringSyntax */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3248] OBJ_caseIgnoreIA5StringSyntax */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3258] OBJ_pilotObject */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3268] OBJ_pilotPerson */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3278] OBJ_account */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3288] OBJ_document */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3298] OBJ_room */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3308] OBJ_documentSeries */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3318] OBJ_rFC822localPart */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3328] OBJ_dNSDomain */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3338] OBJ_domainRelatedObject */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3348] OBJ_friendlyCountry */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3358] OBJ_simpleSecurityObject */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3368] OBJ_pilotOrganization */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3378] OBJ_pilotDSA */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3388] OBJ_qualityLabelledData */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3398] OBJ_userId */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3408] OBJ_textEncodedORAddress */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3418] OBJ_rfc822Mailbox */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3428] OBJ_info */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3438] OBJ_favouriteDrink */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3448] OBJ_roomNumber */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3458] OBJ_photo */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3468] OBJ_userClass */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3478] OBJ_host */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3488] OBJ_manager */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3498] OBJ_documentIdentifier */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3508] OBJ_documentTitle */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3518] OBJ_documentVersion */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3528] OBJ_documentAuthor */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3538] OBJ_documentLocation */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3548] OBJ_homeTelephoneNumber */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3558] OBJ_secretary */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3568] OBJ_otherMailbox */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3578] OBJ_lastModifiedTime */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3588] OBJ_lastModifiedBy */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3598] OBJ_aRecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3608] OBJ_pilotAttributeType27 */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3618] OBJ_mXRecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3628] OBJ_nSRecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3638] OBJ_sOARecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3648] OBJ_cNAMERecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3658] OBJ_associatedDomain */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3668] OBJ_associatedName */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3678] OBJ_homePostalAddress */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3688] OBJ_personalTitle */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3698] OBJ_mobileTelephoneNumber */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3708] OBJ_pagerTelephoneNumber */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3718] OBJ_friendlyCountryName */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3728] OBJ_organizationalStatus */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3738] OBJ_janetMailbox */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3748] OBJ_mailPreferenceOption */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3758] OBJ_buildingName */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3768] OBJ_dSAQuality */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3778] OBJ_singleLevelQuality */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3788] OBJ_subtreeMinimumQuality */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3798] OBJ_subtreeMaximumQuality */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3808] OBJ_personalSignature */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3818] OBJ_dITRedirect */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3828] OBJ_audio */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3838] OBJ_documentPublisher */
+0x55,0x04,0x2D,                              /* [3848] OBJ_x500UniqueIdentifier */
+0x2B,0x06,0x01,0x07,0x01,                    /* [3851] OBJ_mime_mhs */
+0x2B,0x06,0x01,0x07,0x01,0x01,               /* [3856] OBJ_mime_mhs_headings */
+0x2B,0x06,0x01,0x07,0x01,0x02,               /* [3862] OBJ_mime_mhs_bodies */
+0x2B,0x06,0x01,0x07,0x01,0x01,0x01,          /* [3868] OBJ_id_hex_partial_message */
+0x2B,0x06,0x01,0x07,0x01,0x01,0x02,          /* [3875] OBJ_id_hex_multipart_message */
+0x55,0x04,0x2C,                              /* [3882] OBJ_generationQualifier */
+0x55,0x04,0x41,                              /* [3885] OBJ_pseudonym */
+0x67,0x2A,                                   /* [3888] OBJ_id_set */
+0x67,0x2A,0x00,                              /* [3890] OBJ_set_ctype */
+0x67,0x2A,0x01,                              /* [3893] OBJ_set_msgExt */
+0x67,0x2A,0x03,                              /* [3896] OBJ_set_attr */
+0x67,0x2A,0x05,                              /* [3899] OBJ_set_policy */
+0x67,0x2A,0x07,                              /* [3902] OBJ_set_certExt */
+0x67,0x2A,0x08,                              /* [3905] OBJ_set_brand */
+0x67,0x2A,0x00,0x00,                         /* [3908] OBJ_setct_PANData */
+0x67,0x2A,0x00,0x01,                         /* [3912] OBJ_setct_PANToken */
+0x67,0x2A,0x00,0x02,                         /* [3916] OBJ_setct_PANOnly */
+0x67,0x2A,0x00,0x03,                         /* [3920] OBJ_setct_OIData */
+0x67,0x2A,0x00,0x04,                         /* [3924] OBJ_setct_PI */
+0x67,0x2A,0x00,0x05,                         /* [3928] OBJ_setct_PIData */
+0x67,0x2A,0x00,0x06,                         /* [3932] OBJ_setct_PIDataUnsigned */
+0x67,0x2A,0x00,0x07,                         /* [3936] OBJ_setct_HODInput */
+0x67,0x2A,0x00,0x08,                         /* [3940] OBJ_setct_AuthResBaggage */
+0x67,0x2A,0x00,0x09,                         /* [3944] OBJ_setct_AuthRevReqBaggage */
+0x67,0x2A,0x00,0x0A,                         /* [3948] OBJ_setct_AuthRevResBaggage */
+0x67,0x2A,0x00,0x0B,                         /* [3952] OBJ_setct_CapTokenSeq */
+0x67,0x2A,0x00,0x0C,                         /* [3956] OBJ_setct_PInitResData */
+0x67,0x2A,0x00,0x0D,                         /* [3960] OBJ_setct_PI_TBS */
+0x67,0x2A,0x00,0x0E,                         /* [3964] OBJ_setct_PResData */
+0x67,0x2A,0x00,0x10,                         /* [3968] OBJ_setct_AuthReqTBS */
+0x67,0x2A,0x00,0x11,                         /* [3972] OBJ_setct_AuthResTBS */
+0x67,0x2A,0x00,0x12,                         /* [3976] OBJ_setct_AuthResTBSX */
+0x67,0x2A,0x00,0x13,                         /* [3980] OBJ_setct_AuthTokenTBS */
+0x67,0x2A,0x00,0x14,                         /* [3984] OBJ_setct_CapTokenData */
+0x67,0x2A,0x00,0x15,                         /* [3988] OBJ_setct_CapTokenTBS */
+0x67,0x2A,0x00,0x16,                         /* [3992] OBJ_setct_AcqCardCodeMsg */
+0x67,0x2A,0x00,0x17,                         /* [3996] OBJ_setct_AuthRevReqTBS */
+0x67,0x2A,0x00,0x18,                         /* [4000] OBJ_setct_AuthRevResData */
+0x67,0x2A,0x00,0x19,                         /* [4004] OBJ_setct_AuthRevResTBS */
+0x67,0x2A,0x00,0x1A,                         /* [4008] OBJ_setct_CapReqTBS */
+0x67,0x2A,0x00,0x1B,                         /* [4012] OBJ_setct_CapReqTBSX */
+0x67,0x2A,0x00,0x1C,                         /* [4016] OBJ_setct_CapResData */
+0x67,0x2A,0x00,0x1D,                         /* [4020] OBJ_setct_CapRevReqTBS */
+0x67,0x2A,0x00,0x1E,                         /* [4024] OBJ_setct_CapRevReqTBSX */
+0x67,0x2A,0x00,0x1F,                         /* [4028] OBJ_setct_CapRevResData */
+0x67,0x2A,0x00,0x20,                         /* [4032] OBJ_setct_CredReqTBS */
+0x67,0x2A,0x00,0x21,                         /* [4036] OBJ_setct_CredReqTBSX */
+0x67,0x2A,0x00,0x22,                         /* [4040] OBJ_setct_CredResData */
+0x67,0x2A,0x00,0x23,                         /* [4044] OBJ_setct_CredRevReqTBS */
+0x67,0x2A,0x00,0x24,                         /* [4048] OBJ_setct_CredRevReqTBSX */
+0x67,0x2A,0x00,0x25,                         /* [4052] OBJ_setct_CredRevResData */
+0x67,0x2A,0x00,0x26,                         /* [4056] OBJ_setct_PCertReqData */
+0x67,0x2A,0x00,0x27,                         /* [4060] OBJ_setct_PCertResTBS */
+0x67,0x2A,0x00,0x28,                         /* [4064] OBJ_setct_BatchAdminReqData */
+0x67,0x2A,0x00,0x29,                         /* [4068] OBJ_setct_BatchAdminResData */
+0x67,0x2A,0x00,0x2A,                         /* [4072] OBJ_setct_CardCInitResTBS */
+0x67,0x2A,0x00,0x2B,                         /* [4076] OBJ_setct_MeAqCInitResTBS */
+0x67,0x2A,0x00,0x2C,                         /* [4080] OBJ_setct_RegFormResTBS */
+0x67,0x2A,0x00,0x2D,                         /* [4084] OBJ_setct_CertReqData */
+0x67,0x2A,0x00,0x2E,                         /* [4088] OBJ_setct_CertReqTBS */
+0x67,0x2A,0x00,0x2F,                         /* [4092] OBJ_setct_CertResData */
+0x67,0x2A,0x00,0x30,                         /* [4096] OBJ_setct_CertInqReqTBS */
+0x67,0x2A,0x00,0x31,                         /* [4100] OBJ_setct_ErrorTBS */
+0x67,0x2A,0x00,0x32,                         /* [4104] OBJ_setct_PIDualSignedTBE */
+0x67,0x2A,0x00,0x33,                         /* [4108] OBJ_setct_PIUnsignedTBE */
+0x67,0x2A,0x00,0x34,                         /* [4112] OBJ_setct_AuthReqTBE */
+0x67,0x2A,0x00,0x35,                         /* [4116] OBJ_setct_AuthResTBE */
+0x67,0x2A,0x00,0x36,                         /* [4120] OBJ_setct_AuthResTBEX */
+0x67,0x2A,0x00,0x37,                         /* [4124] OBJ_setct_AuthTokenTBE */
+0x67,0x2A,0x00,0x38,                         /* [4128] OBJ_setct_CapTokenTBE */
+0x67,0x2A,0x00,0x39,                         /* [4132] OBJ_setct_CapTokenTBEX */
+0x67,0x2A,0x00,0x3A,                         /* [4136] OBJ_setct_AcqCardCodeMsgTBE */
+0x67,0x2A,0x00,0x3B,                         /* [4140] OBJ_setct_AuthRevReqTBE */
+0x67,0x2A,0x00,0x3C,                         /* [4144] OBJ_setct_AuthRevResTBE */
+0x67,0x2A,0x00,0x3D,                         /* [4148] OBJ_setct_AuthRevResTBEB */
+0x67,0x2A,0x00,0x3E,                         /* [4152] OBJ_setct_CapReqTBE */
+0x67,0x2A,0x00,0x3F,                         /* [4156] OBJ_setct_CapReqTBEX */
+0x67,0x2A,0x00,0x40,                         /* [4160] OBJ_setct_CapResTBE */
+0x67,0x2A,0x00,0x41,                         /* [4164] OBJ_setct_CapRevReqTBE */
+0x67,0x2A,0x00,0x42,                         /* [4168] OBJ_setct_CapRevReqTBEX */
+0x67,0x2A,0x00,0x43,                         /* [4172] OBJ_setct_CapRevResTBE */
+0x67,0x2A,0x00,0x44,                         /* [4176] OBJ_setct_CredReqTBE */
+0x67,0x2A,0x00,0x45,                         /* [4180] OBJ_setct_CredReqTBEX */
+0x67,0x2A,0x00,0x46,                         /* [4184] OBJ_setct_CredResTBE */
+0x67,0x2A,0x00,0x47,                         /* [4188] OBJ_setct_CredRevReqTBE */
+0x67,0x2A,0x00,0x48,                         /* [4192] OBJ_setct_CredRevReqTBEX */
+0x67,0x2A,0x00,0x49,                         /* [4196] OBJ_setct_CredRevResTBE */
+0x67,0x2A,0x00,0x4A,                         /* [4200] OBJ_setct_BatchAdminReqTBE */
+0x67,0x2A,0x00,0x4B,                         /* [4204] OBJ_setct_BatchAdminResTBE */
+0x67,0x2A,0x00,0x4C,                         /* [4208] OBJ_setct_RegFormReqTBE */
+0x67,0x2A,0x00,0x4D,                         /* [4212] OBJ_setct_CertReqTBE */
+0x67,0x2A,0x00,0x4E,                         /* [4216] OBJ_setct_CertReqTBEX */
+0x67,0x2A,0x00,0x4F,                         /* [4220] OBJ_setct_CertResTBE */
+0x67,0x2A,0x00,0x50,                         /* [4224] OBJ_setct_CRLNotificationTBS */
+0x67,0x2A,0x00,0x51,                         /* [4228] OBJ_setct_CRLNotificationResTBS */
+0x67,0x2A,0x00,0x52,                         /* [4232] OBJ_setct_BCIDistributionTBS */
+0x67,0x2A,0x01,0x01,                         /* [4236] OBJ_setext_genCrypt */
+0x67,0x2A,0x01,0x03,                         /* [4240] OBJ_setext_miAuth */
+0x67,0x2A,0x01,0x04,                         /* [4244] OBJ_setext_pinSecure */
+0x67,0x2A,0x01,0x05,                         /* [4248] OBJ_setext_pinAny */
+0x67,0x2A,0x01,0x07,                         /* [4252] OBJ_setext_track2 */
+0x67,0x2A,0x01,0x08,                         /* [4256] OBJ_setext_cv */
+0x67,0x2A,0x05,0x00,                         /* [4260] OBJ_set_policy_root */
+0x67,0x2A,0x07,0x00,                         /* [4264] OBJ_setCext_hashedRoot */
+0x67,0x2A,0x07,0x01,                         /* [4268] OBJ_setCext_certType */
+0x67,0x2A,0x07,0x02,                         /* [4272] OBJ_setCext_merchData */
+0x67,0x2A,0x07,0x03,                         /* [4276] OBJ_setCext_cCertRequired */
+0x67,0x2A,0x07,0x04,                         /* [4280] OBJ_setCext_tunneling */
+0x67,0x2A,0x07,0x05,                         /* [4284] OBJ_setCext_setExt */
+0x67,0x2A,0x07,0x06,                         /* [4288] OBJ_setCext_setQualf */
+0x67,0x2A,0x07,0x07,                         /* [4292] OBJ_setCext_PGWYcapabilities */
+0x67,0x2A,0x07,0x08,                         /* [4296] OBJ_setCext_TokenIdentifier */
+0x67,0x2A,0x07,0x09,                         /* [4300] OBJ_setCext_Track2Data */
+0x67,0x2A,0x07,0x0A,                         /* [4304] OBJ_setCext_TokenType */
+0x67,0x2A,0x07,0x0B,                         /* [4308] OBJ_setCext_IssuerCapabilities */
+0x67,0x2A,0x03,0x00,                         /* [4312] OBJ_setAttr_Cert */
+0x67,0x2A,0x03,0x01,                         /* [4316] OBJ_setAttr_PGWYcap */
+0x67,0x2A,0x03,0x02,                         /* [4320] OBJ_setAttr_TokenType */
+0x67,0x2A,0x03,0x03,                         /* [4324] OBJ_setAttr_IssCap */
+0x67,0x2A,0x03,0x00,0x00,                    /* [4328] OBJ_set_rootKeyThumb */
+0x67,0x2A,0x03,0x00,0x01,                    /* [4333] OBJ_set_addPolicy */
+0x67,0x2A,0x03,0x02,0x01,                    /* [4338] OBJ_setAttr_Token_EMV */
+0x67,0x2A,0x03,0x02,0x02,                    /* [4343] OBJ_setAttr_Token_B0Prime */
+0x67,0x2A,0x03,0x03,0x03,                    /* [4348] OBJ_setAttr_IssCap_CVM */
+0x67,0x2A,0x03,0x03,0x04,                    /* [4353] OBJ_setAttr_IssCap_T2 */
+0x67,0x2A,0x03,0x03,0x05,                    /* [4358] OBJ_setAttr_IssCap_Sig */
+0x67,0x2A,0x03,0x03,0x03,0x01,               /* [4363] OBJ_setAttr_GenCryptgrm */
+0x67,0x2A,0x03,0x03,0x04,0x01,               /* [4369] OBJ_setAttr_T2Enc */
+0x67,0x2A,0x03,0x03,0x04,0x02,               /* [4375] OBJ_setAttr_T2cleartxt */
+0x67,0x2A,0x03,0x03,0x05,0x01,               /* [4381] OBJ_setAttr_TokICCsig */
+0x67,0x2A,0x03,0x03,0x05,0x02,               /* [4387] OBJ_setAttr_SecDevSig */
+0x67,0x2A,0x08,0x01,                         /* [4393] OBJ_set_brand_IATA_ATA */
+0x67,0x2A,0x08,0x1E,                         /* [4397] OBJ_set_brand_Diners */
+0x67,0x2A,0x08,0x22,                         /* [4401] OBJ_set_brand_AmericanExpress */
+0x67,0x2A,0x08,0x23,                         /* [4405] OBJ_set_brand_JCB */
+0x67,0x2A,0x08,0x04,                         /* [4409] OBJ_set_brand_Visa */
+0x67,0x2A,0x08,0x05,                         /* [4413] OBJ_set_brand_MasterCard */
+0x67,0x2A,0x08,0xAE,0x7B,                    /* [4417] OBJ_set_brand_Novus */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A,     /* [4422] OBJ_des_cdmf */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4430] OBJ_rsaOAEPEncryptionSET */
+0x00,                                        /* [4439] OBJ_itu_t */
+0x50,                                        /* [4440] OBJ_joint_iso_itu_t */
+0x67,                                        /* [4441] OBJ_international_organizations */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4442] OBJ_ms_smartcard_login */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4452] OBJ_ms_upn */
+0x55,0x04,0x09,                              /* [4462] OBJ_streetAddress */
+0x55,0x04,0x11,                              /* [4465] OBJ_postalCode */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x15,          /* [4468] OBJ_id_ppl */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E,     /* [4475] OBJ_proxyCertInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00,     /* [4483] OBJ_id_ppl_anyLanguage */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01,     /* [4491] OBJ_id_ppl_inheritAll */
+0x55,0x1D,0x1E,                              /* [4499] OBJ_name_constraints */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02,     /* [4502] OBJ_Independent */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4510] OBJ_sha256WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4519] OBJ_sha384WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4528] OBJ_sha512WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4537] OBJ_sha224WithRSAEncryption */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4546] OBJ_sha256 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4555] OBJ_sha384 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4564] OBJ_sha512 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4573] OBJ_sha224 */
+0x2B,                                        /* [4582] OBJ_identified_organization */
+0x2B,0x81,0x04,                              /* [4583] OBJ_certicom_arc */
+0x67,0x2B,                                   /* [4586] OBJ_wap */
+0x67,0x2B,0x0D,                              /* [4588] OBJ_wap_wsg */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,     /* [4591] OBJ_X9_62_id_characteristic_two_basis */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4599] OBJ_X9_62_onBasis */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4608] OBJ_X9_62_tpBasis */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4617] OBJ_X9_62_ppBasis */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01,     /* [4626] OBJ_X9_62_c2pnb163v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02,     /* [4634] OBJ_X9_62_c2pnb163v2 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03,     /* [4642] OBJ_X9_62_c2pnb163v3 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04,     /* [4650] OBJ_X9_62_c2pnb176v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05,     /* [4658] OBJ_X9_62_c2tnb191v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06,     /* [4666] OBJ_X9_62_c2tnb191v2 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07,     /* [4674] OBJ_X9_62_c2tnb191v3 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08,     /* [4682] OBJ_X9_62_c2onb191v4 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09,     /* [4690] OBJ_X9_62_c2onb191v5 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A,     /* [4698] OBJ_X9_62_c2pnb208w1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B,     /* [4706] OBJ_X9_62_c2tnb239v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C,     /* [4714] OBJ_X9_62_c2tnb239v2 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D,     /* [4722] OBJ_X9_62_c2tnb239v3 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E,     /* [4730] OBJ_X9_62_c2onb239v4 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F,     /* [4738] OBJ_X9_62_c2onb239v5 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10,     /* [4746] OBJ_X9_62_c2pnb272w1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11,     /* [4754] OBJ_X9_62_c2pnb304w1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12,     /* [4762] OBJ_X9_62_c2tnb359v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13,     /* [4770] OBJ_X9_62_c2pnb368w1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14,     /* [4778] OBJ_X9_62_c2tnb431r1 */
+0x2B,0x81,0x04,0x00,0x06,                    /* [4786] OBJ_secp112r1 */
+0x2B,0x81,0x04,0x00,0x07,                    /* [4791] OBJ_secp112r2 */
+0x2B,0x81,0x04,0x00,0x1C,                    /* [4796] OBJ_secp128r1 */
+0x2B,0x81,0x04,0x00,0x1D,                    /* [4801] OBJ_secp128r2 */
+0x2B,0x81,0x04,0x00,0x09,                    /* [4806] OBJ_secp160k1 */
+0x2B,0x81,0x04,0x00,0x08,                    /* [4811] OBJ_secp160r1 */
+0x2B,0x81,0x04,0x00,0x1E,                    /* [4816] OBJ_secp160r2 */
+0x2B,0x81,0x04,0x00,0x1F,                    /* [4821] OBJ_secp192k1 */
+0x2B,0x81,0x04,0x00,0x20,                    /* [4826] OBJ_secp224k1 */
+0x2B,0x81,0x04,0x00,0x21,                    /* [4831] OBJ_secp224r1 */
+0x2B,0x81,0x04,0x00,0x0A,                    /* [4836] OBJ_secp256k1 */
+0x2B,0x81,0x04,0x00,0x22,                    /* [4841] OBJ_secp384r1 */
+0x2B,0x81,0x04,0x00,0x23,                    /* [4846] OBJ_secp521r1 */
+0x2B,0x81,0x04,0x00,0x04,                    /* [4851] OBJ_sect113r1 */
+0x2B,0x81,0x04,0x00,0x05,                    /* [4856] OBJ_sect113r2 */
+0x2B,0x81,0x04,0x00,0x16,                    /* [4861] OBJ_sect131r1 */
+0x2B,0x81,0x04,0x00,0x17,                    /* [4866] OBJ_sect131r2 */
+0x2B,0x81,0x04,0x00,0x01,                    /* [4871] OBJ_sect163k1 */
+0x2B,0x81,0x04,0x00,0x02,                    /* [4876] OBJ_sect163r1 */
+0x2B,0x81,0x04,0x00,0x0F,                    /* [4881] OBJ_sect163r2 */
+0x2B,0x81,0x04,0x00,0x18,                    /* [4886] OBJ_sect193r1 */
+0x2B,0x81,0x04,0x00,0x19,                    /* [4891] OBJ_sect193r2 */
+0x2B,0x81,0x04,0x00,0x1A,                    /* [4896] OBJ_sect233k1 */
+0x2B,0x81,0x04,0x00,0x1B,                    /* [4901] OBJ_sect233r1 */
+0x2B,0x81,0x04,0x00,0x03,                    /* [4906] OBJ_sect239k1 */
+0x2B,0x81,0x04,0x00,0x10,                    /* [4911] OBJ_sect283k1 */
+0x2B,0x81,0x04,0x00,0x11,                    /* [4916] OBJ_sect283r1 */
+0x2B,0x81,0x04,0x00,0x24,                    /* [4921] OBJ_sect409k1 */
+0x2B,0x81,0x04,0x00,0x25,                    /* [4926] OBJ_sect409r1 */
+0x2B,0x81,0x04,0x00,0x26,                    /* [4931] OBJ_sect571k1 */
+0x2B,0x81,0x04,0x00,0x27,                    /* [4936] OBJ_sect571r1 */
+0x67,0x2B,0x0D,0x04,0x01,                    /* [4941] OBJ_wap_wsg_idm_ecid_wtls1 */
+0x67,0x2B,0x0D,0x04,0x03,                    /* [4946] OBJ_wap_wsg_idm_ecid_wtls3 */
+0x67,0x2B,0x0D,0x04,0x04,                    /* [4951] OBJ_wap_wsg_idm_ecid_wtls4 */
+0x67,0x2B,0x0D,0x04,0x05,                    /* [4956] OBJ_wap_wsg_idm_ecid_wtls5 */
+0x67,0x2B,0x0D,0x04,0x06,                    /* [4961] OBJ_wap_wsg_idm_ecid_wtls6 */
+0x67,0x2B,0x0D,0x04,0x07,                    /* [4966] OBJ_wap_wsg_idm_ecid_wtls7 */
+0x67,0x2B,0x0D,0x04,0x08,                    /* [4971] OBJ_wap_wsg_idm_ecid_wtls8 */
+0x67,0x2B,0x0D,0x04,0x09,                    /* [4976] OBJ_wap_wsg_idm_ecid_wtls9 */
+0x67,0x2B,0x0D,0x04,0x0A,                    /* [4981] OBJ_wap_wsg_idm_ecid_wtls10 */
+0x67,0x2B,0x0D,0x04,0x0B,                    /* [4986] OBJ_wap_wsg_idm_ecid_wtls11 */
+0x67,0x2B,0x0D,0x04,0x0C,                    /* [4991] OBJ_wap_wsg_idm_ecid_wtls12 */
+0x55,0x1D,0x20,0x00,                         /* [4996] OBJ_any_policy */
+0x55,0x1D,0x21,                              /* [5000] OBJ_policy_mappings */
+0x55,0x1D,0x36,                              /* [5003] OBJ_inhibit_any_policy */
+0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [5006] OBJ_camellia_128_cbc */
+0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5017] OBJ_camellia_192_cbc */
+0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5028] OBJ_camellia_256_cbc */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01,     /* [5039] OBJ_camellia_128_ecb */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15,     /* [5047] OBJ_camellia_192_ecb */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29,     /* [5055] OBJ_camellia_256_ecb */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04,     /* [5063] OBJ_camellia_128_cfb128 */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18,     /* [5071] OBJ_camellia_192_cfb128 */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C,     /* [5079] OBJ_camellia_256_cfb128 */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03,     /* [5087] OBJ_camellia_128_ofb128 */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17,     /* [5095] OBJ_camellia_192_ofb128 */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B,     /* [5103] OBJ_camellia_256_ofb128 */
+0x55,0x1D,0x09,                              /* [5111] OBJ_subject_directory_attributes */
+0x55,0x1D,0x1C,                              /* [5114] OBJ_issuing_distribution_point */
+0x55,0x1D,0x1D,                              /* [5117] OBJ_certificate_issuer */
+0x2A,0x83,0x1A,0x8C,0x9A,0x44,               /* [5120] OBJ_kisa */
+0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03,     /* [5126] OBJ_seed_ecb */
+0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04,     /* [5134] OBJ_seed_cbc */
+0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06,     /* [5142] OBJ_seed_ofb128 */
+0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05,     /* [5150] OBJ_seed_cfb128 */
+0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01,     /* [5158] OBJ_hmac_md5 */
+0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02,     /* [5166] OBJ_hmac_sha1 */
+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,/* [5174] OBJ_id_PasswordBasedMAC */
+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,/* [5183] OBJ_id_DHBasedMac */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10,     /* [5192] OBJ_id_it_suppLangTags */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05,     /* [5200] OBJ_caRepository */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,/* [5208] OBJ_id_smime_ct_compressedData */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,/* [5219] OBJ_id_ct_asciiTextWithCRLF */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5230] OBJ_id_aes128_wrap */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5239] OBJ_id_aes192_wrap */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5248] OBJ_id_aes256_wrap */
 };
 
 static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -973,880 +978,880 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL,0},
 {"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL,0},
 {"RLE","run length compression",NID_rle_compression,6,&(lvalues[617]),0},
-{"ZLIB","zlib compression",NID_zlib_compression,6,&(lvalues[623]),0},
+{"ZLIB","zlib compression",NID_zlib_compression,11,&(lvalues[623]),0},
 {"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3,
-       &(lvalues[629]),0},
-{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[632]),0},
-{"id-kp","id-kp",NID_id_kp,7,&(lvalues[638]),0},
+       &(lvalues[634]),0},
+{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[637]),0},
+{"id-kp","id-kp",NID_id_kp,7,&(lvalues[643]),0},
 {"serverAuth","TLS Web Server Authentication",NID_server_auth,8,
-       &(lvalues[645]),0},
+       &(lvalues[650]),0},
 {"clientAuth","TLS Web Client Authentication",NID_client_auth,8,
-       &(lvalues[653]),0},
-{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[661]),0},
+       &(lvalues[658]),0},
+{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[666]),0},
 {"emailProtection","E-mail Protection",NID_email_protect,8,
-       &(lvalues[669]),0},
-{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[677]),0},
+       &(lvalues[674]),0},
+{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[682]),0},
 {"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10,
-       &(lvalues[685]),0},
+       &(lvalues[690]),0},
 {"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10,
-       &(lvalues[695]),0},
+       &(lvalues[700]),0},
 {"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10,
-       &(lvalues[705]),0},
-{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[715]),0},
+       &(lvalues[710]),0},
+{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[720]),0},
 {"msEFS","Microsoft Encrypted File System",NID_ms_efs,10,
-       &(lvalues[725]),0},
-{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[735]),0},
+       &(lvalues[730]),0},
+{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[740]),0},
 {"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3,
-       &(lvalues[744]),0},
-{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[747]),0},
+       &(lvalues[749]),0},
+{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[752]),0},
 {"invalidityDate","Invalidity Date",NID_invalidity_date,3,
-       &(lvalues[750]),0},
-{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[753]),0},
+       &(lvalues[755]),0},
+{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[758]),0},
 {"PBE-SHA1-RC4-128","pbeWithSHA1And128BitRC4",
-       NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[758]),0},
+       NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[763]),0},
 {"PBE-SHA1-RC4-40","pbeWithSHA1And40BitRC4",
-       NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[768]),0},
+       NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[773]),0},
 {"PBE-SHA1-3DES","pbeWithSHA1And3-KeyTripleDES-CBC",
-       NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[778]),0},
+       NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[783]),0},
 {"PBE-SHA1-2DES","pbeWithSHA1And2-KeyTripleDES-CBC",
-       NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[788]),0},
+       NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[793]),0},
 {"PBE-SHA1-RC2-128","pbeWithSHA1And128BitRC2-CBC",
-       NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[798]),0},
+       NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[803]),0},
 {"PBE-SHA1-RC2-40","pbeWithSHA1And40BitRC2-CBC",
-       NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[808]),0},
-{"keyBag","keyBag",NID_keyBag,11,&(lvalues[818]),0},
+       NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[813]),0},
+{"keyBag","keyBag",NID_keyBag,11,&(lvalues[823]),0},
 {"pkcs8ShroudedKeyBag","pkcs8ShroudedKeyBag",NID_pkcs8ShroudedKeyBag,
-       11,&(lvalues[829]),0},
-{"certBag","certBag",NID_certBag,11,&(lvalues[840]),0},
-{"crlBag","crlBag",NID_crlBag,11,&(lvalues[851]),0},
-{"secretBag","secretBag",NID_secretBag,11,&(lvalues[862]),0},
+       11,&(lvalues[834]),0},
+{"certBag","certBag",NID_certBag,11,&(lvalues[845]),0},
+{"crlBag","crlBag",NID_crlBag,11,&(lvalues[856]),0},
+{"secretBag","secretBag",NID_secretBag,11,&(lvalues[867]),0},
 {"safeContentsBag","safeContentsBag",NID_safeContentsBag,11,
-       &(lvalues[873]),0},
-{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[884]),0},
-{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[893]),0},
+       &(lvalues[878]),0},
+{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[889]),0},
+{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[898]),0},
 {"x509Certificate","x509Certificate",NID_x509Certificate,10,
-       &(lvalues[902]),0},
+       &(lvalues[907]),0},
 {"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10,
-       &(lvalues[912]),0},
-{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[922]),0},
-{"PBES2","PBES2",NID_pbes2,9,&(lvalues[932]),0},
-{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[941]),0},
-{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[950]),0},
-{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[958]),0},
+       &(lvalues[917]),0},
+{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[927]),0},
+{"PBES2","PBES2",NID_pbes2,9,&(lvalues[937]),0},
+{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[946]),0},
+{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[955]),0},
+{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[963]),0},
 {"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8,
-       &(lvalues[966]),0},
+       &(lvalues[971]),0},
 {"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL,0},
 {"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9,
-       &(lvalues[974]),0},
+       &(lvalues[979]),0},
 {"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9,
-       &(lvalues[983]),0},
+       &(lvalues[988]),0},
 {"PBE-MD5-RC2-64","pbeWithMD5AndRC2-CBC",NID_pbeWithMD5AndRC2_CBC,9,
-       &(lvalues[992]),0},
+       &(lvalues[997]),0},
 {"PBE-SHA1-DES","pbeWithSHA1AndDES-CBC",NID_pbeWithSHA1AndDES_CBC,9,
-       &(lvalues[1001]),0},
+       &(lvalues[1006]),0},
 {"msExtReq","Microsoft Extension Request",NID_ms_ext_req,10,
-       &(lvalues[1010]),0},
-{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1020]),0},
-{"name","name",NID_name,3,&(lvalues[1029]),0},
-{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1032]),0},
-{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1035]),0},
-{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1042]),0},
+       &(lvalues[1015]),0},
+{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1025]),0},
+{"name","name",NID_name,3,&(lvalues[1034]),0},
+{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1037]),0},
+{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1040]),0},
+{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1047]),0},
 {"authorityInfoAccess","Authority Information Access",NID_info_access,
-       8,&(lvalues[1049]),0},
-{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1057]),0},
-{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1065]),0},
-{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1073]),0},
-{"ISO","iso",NID_iso,1,&(lvalues[1081]),0},
-{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1082]),0},
-{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1083]),0},
-{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1086]),0},
-{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1091]),0},
-{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1097]),0},
-{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1105]),0},
-{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1113]),0},
-{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1122]),0},
-{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1132]),0},
-{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1142]),0},
-{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1152]),0},
-{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1162]),0},
-{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1172]),0},
-{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1182]),0},
+       8,&(lvalues[1054]),0},
+{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1062]),0},
+{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1070]),0},
+{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1078]),0},
+{"ISO","iso",NID_iso,1,&(lvalues[1086]),0},
+{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1087]),0},
+{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1088]),0},
+{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1091]),0},
+{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1096]),0},
+{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1102]),0},
+{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1110]),0},
+{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1118]),0},
+{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1127]),0},
+{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1137]),0},
+{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1147]),0},
+{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1157]),0},
+{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1167]),0},
+{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1177]),0},
+{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1187]),0},
 {"id-smime-mod-cms","id-smime-mod-cms",NID_id_smime_mod_cms,11,
-       &(lvalues[1192]),0},
+       &(lvalues[1197]),0},
 {"id-smime-mod-ess","id-smime-mod-ess",NID_id_smime_mod_ess,11,
-       &(lvalues[1203]),0},
+       &(lvalues[1208]),0},
 {"id-smime-mod-oid","id-smime-mod-oid",NID_id_smime_mod_oid,11,
-       &(lvalues[1214]),0},
+       &(lvalues[1219]),0},
 {"id-smime-mod-msg-v3","id-smime-mod-msg-v3",NID_id_smime_mod_msg_v3,
-       11,&(lvalues[1225]),0},
+       11,&(lvalues[1230]),0},
 {"id-smime-mod-ets-eSignature-88","id-smime-mod-ets-eSignature-88",
-       NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1236]),0},
+       NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1241]),0},
 {"id-smime-mod-ets-eSignature-97","id-smime-mod-ets-eSignature-97",
-       NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1247]),0},
+       NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1252]),0},
 {"id-smime-mod-ets-eSigPolicy-88","id-smime-mod-ets-eSigPolicy-88",
-       NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1258]),0},
+       NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1263]),0},
 {"id-smime-mod-ets-eSigPolicy-97","id-smime-mod-ets-eSigPolicy-97",
-       NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1269]),0},
+       NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1274]),0},
 {"id-smime-ct-receipt","id-smime-ct-receipt",NID_id_smime_ct_receipt,
-       11,&(lvalues[1280]),0},
+       11,&(lvalues[1285]),0},
 {"id-smime-ct-authData","id-smime-ct-authData",
-       NID_id_smime_ct_authData,11,&(lvalues[1291]),0},
+       NID_id_smime_ct_authData,11,&(lvalues[1296]),0},
 {"id-smime-ct-publishCert","id-smime-ct-publishCert",
-       NID_id_smime_ct_publishCert,11,&(lvalues[1302]),0},
+       NID_id_smime_ct_publishCert,11,&(lvalues[1307]),0},
 {"id-smime-ct-TSTInfo","id-smime-ct-TSTInfo",NID_id_smime_ct_TSTInfo,
-       11,&(lvalues[1313]),0},
+       11,&(lvalues[1318]),0},
 {"id-smime-ct-TDTInfo","id-smime-ct-TDTInfo",NID_id_smime_ct_TDTInfo,
-       11,&(lvalues[1324]),0},
+       11,&(lvalues[1329]),0},
 {"id-smime-ct-contentInfo","id-smime-ct-contentInfo",
-       NID_id_smime_ct_contentInfo,11,&(lvalues[1335]),0},
+       NID_id_smime_ct_contentInfo,11,&(lvalues[1340]),0},
 {"id-smime-ct-DVCSRequestData","id-smime-ct-DVCSRequestData",
-       NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1346]),0},
+       NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1351]),0},
 {"id-smime-ct-DVCSResponseData","id-smime-ct-DVCSResponseData",
-       NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1357]),0},
+       NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1362]),0},
 {"id-smime-aa-receiptRequest","id-smime-aa-receiptRequest",
-       NID_id_smime_aa_receiptRequest,11,&(lvalues[1368]),0},
+       NID_id_smime_aa_receiptRequest,11,&(lvalues[1373]),0},
 {"id-smime-aa-securityLabel","id-smime-aa-securityLabel",
-       NID_id_smime_aa_securityLabel,11,&(lvalues[1379]),0},
+       NID_id_smime_aa_securityLabel,11,&(lvalues[1384]),0},
 {"id-smime-aa-mlExpandHistory","id-smime-aa-mlExpandHistory",
-       NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1390]),0},
+       NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1395]),0},
 {"id-smime-aa-contentHint","id-smime-aa-contentHint",
-       NID_id_smime_aa_contentHint,11,&(lvalues[1401]),0},
+       NID_id_smime_aa_contentHint,11,&(lvalues[1406]),0},
 {"id-smime-aa-msgSigDigest","id-smime-aa-msgSigDigest",
-       NID_id_smime_aa_msgSigDigest,11,&(lvalues[1412]),0},
+       NID_id_smime_aa_msgSigDigest,11,&(lvalues[1417]),0},
 {"id-smime-aa-encapContentType","id-smime-aa-encapContentType",
-       NID_id_smime_aa_encapContentType,11,&(lvalues[1423]),0},
+       NID_id_smime_aa_encapContentType,11,&(lvalues[1428]),0},
 {"id-smime-aa-contentIdentifier","id-smime-aa-contentIdentifier",
-       NID_id_smime_aa_contentIdentifier,11,&(lvalues[1434]),0},
+       NID_id_smime_aa_contentIdentifier,11,&(lvalues[1439]),0},
 {"id-smime-aa-macValue","id-smime-aa-macValue",
-       NID_id_smime_aa_macValue,11,&(lvalues[1445]),0},
+       NID_id_smime_aa_macValue,11,&(lvalues[1450]),0},
 {"id-smime-aa-equivalentLabels","id-smime-aa-equivalentLabels",
-       NID_id_smime_aa_equivalentLabels,11,&(lvalues[1456]),0},
+       NID_id_smime_aa_equivalentLabels,11,&(lvalues[1461]),0},
 {"id-smime-aa-contentReference","id-smime-aa-contentReference",
-       NID_id_smime_aa_contentReference,11,&(lvalues[1467]),0},
+       NID_id_smime_aa_contentReference,11,&(lvalues[1472]),0},
 {"id-smime-aa-encrypKeyPref","id-smime-aa-encrypKeyPref",
-       NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1478]),0},
+       NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1483]),0},
 {"id-smime-aa-signingCertificate","id-smime-aa-signingCertificate",
-       NID_id_smime_aa_signingCertificate,11,&(lvalues[1489]),0},
+       NID_id_smime_aa_signingCertificate,11,&(lvalues[1494]),0},
 {"id-smime-aa-smimeEncryptCerts","id-smime-aa-smimeEncryptCerts",
-       NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1500]),0},
+       NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1505]),0},
 {"id-smime-aa-timeStampToken","id-smime-aa-timeStampToken",
-       NID_id_smime_aa_timeStampToken,11,&(lvalues[1511]),0},
+       NID_id_smime_aa_timeStampToken,11,&(lvalues[1516]),0},
 {"id-smime-aa-ets-sigPolicyId","id-smime-aa-ets-sigPolicyId",
-       NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1522]),0},
+       NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1527]),0},
 {"id-smime-aa-ets-commitmentType","id-smime-aa-ets-commitmentType",
-       NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1533]),0},
+       NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1538]),0},
 {"id-smime-aa-ets-signerLocation","id-smime-aa-ets-signerLocation",
-       NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1544]),0},
+       NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1549]),0},
 {"id-smime-aa-ets-signerAttr","id-smime-aa-ets-signerAttr",
-       NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1555]),0},
+       NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1560]),0},
 {"id-smime-aa-ets-otherSigCert","id-smime-aa-ets-otherSigCert",
-       NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1566]),0},
+       NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1571]),0},
 {"id-smime-aa-ets-contentTimestamp",
        "id-smime-aa-ets-contentTimestamp",
-       NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1577]),0},
+       NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1582]),0},
 {"id-smime-aa-ets-CertificateRefs","id-smime-aa-ets-CertificateRefs",
-       NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1588]),0},
+       NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1593]),0},
 {"id-smime-aa-ets-RevocationRefs","id-smime-aa-ets-RevocationRefs",
-       NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1599]),0},
+       NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1604]),0},
 {"id-smime-aa-ets-certValues","id-smime-aa-ets-certValues",
-       NID_id_smime_aa_ets_certValues,11,&(lvalues[1610]),0},
+       NID_id_smime_aa_ets_certValues,11,&(lvalues[1615]),0},
 {"id-smime-aa-ets-revocationValues",
        "id-smime-aa-ets-revocationValues",
-       NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1621]),0},
+       NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1626]),0},
 {"id-smime-aa-ets-escTimeStamp","id-smime-aa-ets-escTimeStamp",
-       NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1632]),0},
+       NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1637]),0},
 {"id-smime-aa-ets-certCRLTimestamp",
        "id-smime-aa-ets-certCRLTimestamp",
-       NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1643]),0},
+       NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1648]),0},
 {"id-smime-aa-ets-archiveTimeStamp",
        "id-smime-aa-ets-archiveTimeStamp",
-       NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1654]),0},
+       NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1659]),0},
 {"id-smime-aa-signatureType","id-smime-aa-signatureType",
-       NID_id_smime_aa_signatureType,11,&(lvalues[1665]),0},
+       NID_id_smime_aa_signatureType,11,&(lvalues[1670]),0},
 {"id-smime-aa-dvcs-dvc","id-smime-aa-dvcs-dvc",
-       NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1676]),0},
+       NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1681]),0},
 {"id-smime-alg-ESDHwith3DES","id-smime-alg-ESDHwith3DES",
-       NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1687]),0},
+       NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1692]),0},
 {"id-smime-alg-ESDHwithRC2","id-smime-alg-ESDHwithRC2",
-       NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1698]),0},
+       NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1703]),0},
 {"id-smime-alg-3DESwrap","id-smime-alg-3DESwrap",
-       NID_id_smime_alg_3DESwrap,11,&(lvalues[1709]),0},
+       NID_id_smime_alg_3DESwrap,11,&(lvalues[1714]),0},
 {"id-smime-alg-RC2wrap","id-smime-alg-RC2wrap",
-       NID_id_smime_alg_RC2wrap,11,&(lvalues[1720]),0},
+       NID_id_smime_alg_RC2wrap,11,&(lvalues[1725]),0},
 {"id-smime-alg-ESDH","id-smime-alg-ESDH",NID_id_smime_alg_ESDH,11,
-       &(lvalues[1731]),0},
+       &(lvalues[1736]),0},
 {"id-smime-alg-CMS3DESwrap","id-smime-alg-CMS3DESwrap",
-       NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1742]),0},
+       NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1747]),0},
 {"id-smime-alg-CMSRC2wrap","id-smime-alg-CMSRC2wrap",
-       NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1753]),0},
+       NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1758]),0},
 {"id-smime-cd-ldap","id-smime-cd-ldap",NID_id_smime_cd_ldap,11,
-       &(lvalues[1764]),0},
+       &(lvalues[1769]),0},
 {"id-smime-spq-ets-sqt-uri","id-smime-spq-ets-sqt-uri",
-       NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1775]),0},
+       NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1780]),0},
 {"id-smime-spq-ets-sqt-unotice","id-smime-spq-ets-sqt-unotice",
-       NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1786]),0},
+       NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1791]),0},
 {"id-smime-cti-ets-proofOfOrigin","id-smime-cti-ets-proofOfOrigin",
-       NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1797]),0},
+       NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1802]),0},
 {"id-smime-cti-ets-proofOfReceipt","id-smime-cti-ets-proofOfReceipt",
-       NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1808]),0},
+       NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1813]),0},
 {"id-smime-cti-ets-proofOfDelivery",
        "id-smime-cti-ets-proofOfDelivery",
-       NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1819]),0},
+       NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1824]),0},
 {"id-smime-cti-ets-proofOfSender","id-smime-cti-ets-proofOfSender",
-       NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1830]),0},
+       NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1835]),0},
 {"id-smime-cti-ets-proofOfApproval",
        "id-smime-cti-ets-proofOfApproval",
-       NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1841]),0},
+       NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1846]),0},
 {"id-smime-cti-ets-proofOfCreation",
        "id-smime-cti-ets-proofOfCreation",
-       NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1852]),0},
-{"MD4","md4",NID_md4,8,&(lvalues[1863]),0},
-{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1871]),0},
-{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1878]),0},
-{"id-it","id-it",NID_id_it,7,&(lvalues[1885]),0},
-{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1892]),0},
-{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1899]),0},
-{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1906]),0},
-{"id-on","id-on",NID_id_on,7,&(lvalues[1913]),0},
-{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1920]),0},
-{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1927]),0},
-{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1934]),0},
-{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1941]),0},
+       NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1857]),0},
+{"MD4","md4",NID_md4,8,&(lvalues[1868]),0},
+{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1876]),0},
+{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1883]),0},
+{"id-it","id-it",NID_id_it,7,&(lvalues[1890]),0},
+{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1897]),0},
+{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1904]),0},
+{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1911]),0},
+{"id-on","id-on",NID_id_on,7,&(lvalues[1918]),0},
+{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1925]),0},
+{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1932]),0},
+{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1939]),0},
+{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1946]),0},
 {"id-pkix1-explicit-88","id-pkix1-explicit-88",
-       NID_id_pkix1_explicit_88,8,&(lvalues[1948]),0},
+       NID_id_pkix1_explicit_88,8,&(lvalues[1953]),0},
 {"id-pkix1-implicit-88","id-pkix1-implicit-88",
-       NID_id_pkix1_implicit_88,8,&(lvalues[1956]),0},
+       NID_id_pkix1_implicit_88,8,&(lvalues[1961]),0},
 {"id-pkix1-explicit-93","id-pkix1-explicit-93",
-       NID_id_pkix1_explicit_93,8,&(lvalues[1964]),0},
+       NID_id_pkix1_explicit_93,8,&(lvalues[1969]),0},
 {"id-pkix1-implicit-93","id-pkix1-implicit-93",
-       NID_id_pkix1_implicit_93,8,&(lvalues[1972]),0},
-{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1980]),0},
-{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1988]),0},
+       NID_id_pkix1_implicit_93,8,&(lvalues[1977]),0},
+{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1985]),0},
+{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1993]),0},
 {"id-mod-kea-profile-88","id-mod-kea-profile-88",
-       NID_id_mod_kea_profile_88,8,&(lvalues[1996]),0},
+       NID_id_mod_kea_profile_88,8,&(lvalues[2001]),0},
 {"id-mod-kea-profile-93","id-mod-kea-profile-93",
-       NID_id_mod_kea_profile_93,8,&(lvalues[2004]),0},
-{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2012]),0},
+       NID_id_mod_kea_profile_93,8,&(lvalues[2009]),0},
+{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2017]),0},
 {"id-mod-qualified-cert-88","id-mod-qualified-cert-88",
-       NID_id_mod_qualified_cert_88,8,&(lvalues[2020]),0},
+       NID_id_mod_qualified_cert_88,8,&(lvalues[2025]),0},
 {"id-mod-qualified-cert-93","id-mod-qualified-cert-93",
-       NID_id_mod_qualified_cert_93,8,&(lvalues[2028]),0},
+       NID_id_mod_qualified_cert_93,8,&(lvalues[2033]),0},
 {"id-mod-attribute-cert","id-mod-attribute-cert",
-       NID_id_mod_attribute_cert,8,&(lvalues[2036]),0},
+       NID_id_mod_attribute_cert,8,&(lvalues[2041]),0},
 {"id-mod-timestamp-protocol","id-mod-timestamp-protocol",
-       NID_id_mod_timestamp_protocol,8,&(lvalues[2044]),0},
-{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2052]),0},
-{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2060]),0},
+       NID_id_mod_timestamp_protocol,8,&(lvalues[2049]),0},
+{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2057]),0},
+{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2065]),0},
 {"id-mod-cmp2000","id-mod-cmp2000",NID_id_mod_cmp2000,8,
-       &(lvalues[2068]),0},
-{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2076]),0},
-{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2084]),0},
+       &(lvalues[2073]),0},
+{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2081]),0},
+{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2089]),0},
 {"ac-auditEntity","ac-auditEntity",NID_ac_auditEntity,8,
-       &(lvalues[2092]),0},
-{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2100]),0},
-{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2108]),0},
+       &(lvalues[2097]),0},
+{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2105]),0},
+{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2113]),0},
 {"sbgp-ipAddrBlock","sbgp-ipAddrBlock",NID_sbgp_ipAddrBlock,8,
-       &(lvalues[2116]),0},
+       &(lvalues[2121]),0},
 {"sbgp-autonomousSysNum","sbgp-autonomousSysNum",
-       NID_sbgp_autonomousSysNum,8,&(lvalues[2124]),0},
+       NID_sbgp_autonomousSysNum,8,&(lvalues[2129]),0},
 {"sbgp-routerIdentifier","sbgp-routerIdentifier",
-       NID_sbgp_routerIdentifier,8,&(lvalues[2132]),0},
-{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2140]),0},
+       NID_sbgp_routerIdentifier,8,&(lvalues[2137]),0},
+{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2145]),0},
 {"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8,
-       &(lvalues[2148]),0},
-{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2156]),0},
-{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2164]),0},
-{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2172]),0},
+       &(lvalues[2153]),0},
+{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2161]),0},
+{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2169]),0},
+{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2177]),0},
 {"id-it-caProtEncCert","id-it-caProtEncCert",NID_id_it_caProtEncCert,
-       8,&(lvalues[2180]),0},
+       8,&(lvalues[2185]),0},
 {"id-it-signKeyPairTypes","id-it-signKeyPairTypes",
-       NID_id_it_signKeyPairTypes,8,&(lvalues[2188]),0},
+       NID_id_it_signKeyPairTypes,8,&(lvalues[2193]),0},
 {"id-it-encKeyPairTypes","id-it-encKeyPairTypes",
-       NID_id_it_encKeyPairTypes,8,&(lvalues[2196]),0},
+       NID_id_it_encKeyPairTypes,8,&(lvalues[2201]),0},
 {"id-it-preferredSymmAlg","id-it-preferredSymmAlg",
-       NID_id_it_preferredSymmAlg,8,&(lvalues[2204]),0},
+       NID_id_it_preferredSymmAlg,8,&(lvalues[2209]),0},
 {"id-it-caKeyUpdateInfo","id-it-caKeyUpdateInfo",
-       NID_id_it_caKeyUpdateInfo,8,&(lvalues[2212]),0},
+       NID_id_it_caKeyUpdateInfo,8,&(lvalues[2217]),0},
 {"id-it-currentCRL","id-it-currentCRL",NID_id_it_currentCRL,8,
-       &(lvalues[2220]),0},
+       &(lvalues[2225]),0},
 {"id-it-unsupportedOIDs","id-it-unsupportedOIDs",
-       NID_id_it_unsupportedOIDs,8,&(lvalues[2228]),0},
+       NID_id_it_unsupportedOIDs,8,&(lvalues[2233]),0},
 {"id-it-subscriptionRequest","id-it-subscriptionRequest",
-       NID_id_it_subscriptionRequest,8,&(lvalues[2236]),0},
+       NID_id_it_subscriptionRequest,8,&(lvalues[2241]),0},
 {"id-it-subscriptionResponse","id-it-subscriptionResponse",
-       NID_id_it_subscriptionResponse,8,&(lvalues[2244]),0},
+       NID_id_it_subscriptionResponse,8,&(lvalues[2249]),0},
 {"id-it-keyPairParamReq","id-it-keyPairParamReq",
-       NID_id_it_keyPairParamReq,8,&(lvalues[2252]),0},
+       NID_id_it_keyPairParamReq,8,&(lvalues[2257]),0},
 {"id-it-keyPairParamRep","id-it-keyPairParamRep",
-       NID_id_it_keyPairParamRep,8,&(lvalues[2260]),0},
+       NID_id_it_keyPairParamRep,8,&(lvalues[2265]),0},
 {"id-it-revPassphrase","id-it-revPassphrase",NID_id_it_revPassphrase,
-       8,&(lvalues[2268]),0},
+       8,&(lvalues[2273]),0},
 {"id-it-implicitConfirm","id-it-implicitConfirm",
-       NID_id_it_implicitConfirm,8,&(lvalues[2276]),0},
+       NID_id_it_implicitConfirm,8,&(lvalues[2281]),0},
 {"id-it-confirmWaitTime","id-it-confirmWaitTime",
-       NID_id_it_confirmWaitTime,8,&(lvalues[2284]),0},
+       NID_id_it_confirmWaitTime,8,&(lvalues[2289]),0},
 {"id-it-origPKIMessage","id-it-origPKIMessage",
-       NID_id_it_origPKIMessage,8,&(lvalues[2292]),0},
-{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2300]),0},
-{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2308]),0},
+       NID_id_it_origPKIMessage,8,&(lvalues[2297]),0},
+{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2305]),0},
+{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2313]),0},
 {"id-regCtrl-regToken","id-regCtrl-regToken",NID_id_regCtrl_regToken,
-       9,&(lvalues[2316]),0},
+       9,&(lvalues[2321]),0},
 {"id-regCtrl-authenticator","id-regCtrl-authenticator",
-       NID_id_regCtrl_authenticator,9,&(lvalues[2325]),0},
+       NID_id_regCtrl_authenticator,9,&(lvalues[2330]),0},
 {"id-regCtrl-pkiPublicationInfo","id-regCtrl-pkiPublicationInfo",
-       NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2334]),0},
+       NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2339]),0},
 {"id-regCtrl-pkiArchiveOptions","id-regCtrl-pkiArchiveOptions",
-       NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2343]),0},
+       NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2348]),0},
 {"id-regCtrl-oldCertID","id-regCtrl-oldCertID",
-       NID_id_regCtrl_oldCertID,9,&(lvalues[2352]),0},
+       NID_id_regCtrl_oldCertID,9,&(lvalues[2357]),0},
 {"id-regCtrl-protocolEncrKey","id-regCtrl-protocolEncrKey",
-       NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2361]),0},
+       NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2366]),0},
 {"id-regInfo-utf8Pairs","id-regInfo-utf8Pairs",
-       NID_id_regInfo_utf8Pairs,9,&(lvalues[2370]),0},
+       NID_id_regInfo_utf8Pairs,9,&(lvalues[2375]),0},
 {"id-regInfo-certReq","id-regInfo-certReq",NID_id_regInfo_certReq,9,
-       &(lvalues[2379]),0},
-{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2388]),0},
+       &(lvalues[2384]),0},
+{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2393]),0},
 {"id-alg-noSignature","id-alg-noSignature",NID_id_alg_noSignature,8,
-       &(lvalues[2396]),0},
+       &(lvalues[2401]),0},
 {"id-alg-dh-sig-hmac-sha1","id-alg-dh-sig-hmac-sha1",
-       NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2404]),0},
-{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2412]),0},
+       NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2409]),0},
+{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2417]),0},
 {"id-cmc-statusInfo","id-cmc-statusInfo",NID_id_cmc_statusInfo,8,
-       &(lvalues[2420]),0},
+       &(lvalues[2425]),0},
 {"id-cmc-identification","id-cmc-identification",
-       NID_id_cmc_identification,8,&(lvalues[2428]),0},
+       NID_id_cmc_identification,8,&(lvalues[2433]),0},
 {"id-cmc-identityProof","id-cmc-identityProof",
-       NID_id_cmc_identityProof,8,&(lvalues[2436]),0},
+       NID_id_cmc_identityProof,8,&(lvalues[2441]),0},
 {"id-cmc-dataReturn","id-cmc-dataReturn",NID_id_cmc_dataReturn,8,
-       &(lvalues[2444]),0},
+       &(lvalues[2449]),0},
 {"id-cmc-transactionId","id-cmc-transactionId",
-       NID_id_cmc_transactionId,8,&(lvalues[2452]),0},
+       NID_id_cmc_transactionId,8,&(lvalues[2457]),0},
 {"id-cmc-senderNonce","id-cmc-senderNonce",NID_id_cmc_senderNonce,8,
-       &(lvalues[2460]),0},
+       &(lvalues[2465]),0},
 {"id-cmc-recipientNonce","id-cmc-recipientNonce",
-       NID_id_cmc_recipientNonce,8,&(lvalues[2468]),0},
+       NID_id_cmc_recipientNonce,8,&(lvalues[2473]),0},
 {"id-cmc-addExtensions","id-cmc-addExtensions",
-       NID_id_cmc_addExtensions,8,&(lvalues[2476]),0},
+       NID_id_cmc_addExtensions,8,&(lvalues[2481]),0},
 {"id-cmc-encryptedPOP","id-cmc-encryptedPOP",NID_id_cmc_encryptedPOP,
-       8,&(lvalues[2484]),0},
+       8,&(lvalues[2489]),0},
 {"id-cmc-decryptedPOP","id-cmc-decryptedPOP",NID_id_cmc_decryptedPOP,
-       8,&(lvalues[2492]),0},
+       8,&(lvalues[2497]),0},
 {"id-cmc-lraPOPWitness","id-cmc-lraPOPWitness",
-       NID_id_cmc_lraPOPWitness,8,&(lvalues[2500]),0},
+       NID_id_cmc_lraPOPWitness,8,&(lvalues[2505]),0},
 {"id-cmc-getCert","id-cmc-getCert",NID_id_cmc_getCert,8,
-       &(lvalues[2508]),0},
-{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2516]),0},
+       &(lvalues[2513]),0},
+{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2521]),0},
 {"id-cmc-revokeRequest","id-cmc-revokeRequest",
-       NID_id_cmc_revokeRequest,8,&(lvalues[2524]),0},
+       NID_id_cmc_revokeRequest,8,&(lvalues[2529]),0},
 {"id-cmc-regInfo","id-cmc-regInfo",NID_id_cmc_regInfo,8,
-       &(lvalues[2532]),0},
+       &(lvalues[2537]),0},
 {"id-cmc-responseInfo","id-cmc-responseInfo",NID_id_cmc_responseInfo,
-       8,&(lvalues[2540]),0},
+       8,&(lvalues[2545]),0},
 {"id-cmc-queryPending","id-cmc-queryPending",NID_id_cmc_queryPending,
-       8,&(lvalues[2548]),0},
+       8,&(lvalues[2553]),0},
 {"id-cmc-popLinkRandom","id-cmc-popLinkRandom",
-       NID_id_cmc_popLinkRandom,8,&(lvalues[2556]),0},
+       NID_id_cmc_popLinkRandom,8,&(lvalues[2561]),0},
 {"id-cmc-popLinkWitness","id-cmc-popLinkWitness",
-       NID_id_cmc_popLinkWitness,8,&(lvalues[2564]),0},
+       NID_id_cmc_popLinkWitness,8,&(lvalues[2569]),0},
 {"id-cmc-confirmCertAcceptance","id-cmc-confirmCertAcceptance",
-       NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2572]),0},
+       NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2577]),0},
 {"id-on-personalData","id-on-personalData",NID_id_on_personalData,8,
-       &(lvalues[2580]),0},
+       &(lvalues[2585]),0},
 {"id-pda-dateOfBirth","id-pda-dateOfBirth",NID_id_pda_dateOfBirth,8,
-       &(lvalues[2588]),0},
+       &(lvalues[2593]),0},
 {"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth,
-       8,&(lvalues[2596]),0},
+       8,&(lvalues[2601]),0},
 {NULL,NULL,NID_undef,0,NULL,0},
-{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2604]),0},
+{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2609]),0},
 {"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship",
-       NID_id_pda_countryOfCitizenship,8,&(lvalues[2612]),0},
+       NID_id_pda_countryOfCitizenship,8,&(lvalues[2617]),0},
 {"id-pda-countryOfResidence","id-pda-countryOfResidence",
-       NID_id_pda_countryOfResidence,8,&(lvalues[2620]),0},
+       NID_id_pda_countryOfResidence,8,&(lvalues[2625]),0},
 {"id-aca-authenticationInfo","id-aca-authenticationInfo",
-       NID_id_aca_authenticationInfo,8,&(lvalues[2628]),0},
+       NID_id_aca_authenticationInfo,8,&(lvalues[2633]),0},
 {"id-aca-accessIdentity","id-aca-accessIdentity",
-       NID_id_aca_accessIdentity,8,&(lvalues[2636]),0},
+       NID_id_aca_accessIdentity,8,&(lvalues[2641]),0},
 {"id-aca-chargingIdentity","id-aca-chargingIdentity",
-       NID_id_aca_chargingIdentity,8,&(lvalues[2644]),0},
-{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2652]),0},
-{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2660]),0},
+       NID_id_aca_chargingIdentity,8,&(lvalues[2649]),0},
+{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2657]),0},
+{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2665]),0},
 {"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1",
-       NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2668]),0},
-{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2676]),0},
+       NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2673]),0},
+{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2681]),0},
 {"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8,
-       &(lvalues[2684]),0},
+       &(lvalues[2689]),0},
 {"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8,
-       &(lvalues[2692]),0},
+       &(lvalues[2697]),0},
 {"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8,
-       &(lvalues[2700]),0},
-{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2708]),0},
+       &(lvalues[2705]),0},
+{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2713]),0},
 {"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9,
-       &(lvalues[2716]),0},
-{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2725]),0},
-{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2734]),0},
+       &(lvalues[2721]),0},
+{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2730]),0},
+{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2739]),0},
 {"acceptableResponses","Acceptable OCSP Responses",
-       NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2743]),0},
-{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2752]),0},
+       NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2748]),0},
+{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2757]),0},
 {"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff,
-       9,&(lvalues[2761]),0},
+       9,&(lvalues[2766]),0},
 {"serviceLocator","OCSP Service Locator",
-       NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2770]),0},
+       NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2775]),0},
 {"extendedStatus","Extended OCSP Status",
-       NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2779]),0},
-{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2788]),0},
-{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2797]),0},
+       NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2784]),0},
+{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2793]),0},
+{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2802]),0},
 {"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9,
-       &(lvalues[2806]),0},
-{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2815]),0},
-{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2819]),0},
+       &(lvalues[2811]),0},
+{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2820]),0},
+{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2824]),0},
 {"X500algorithms","directory services - algorithms",
-       NID_X500algorithms,2,&(lvalues[2824]),0},
-{"ORG","org",NID_org,1,&(lvalues[2826]),0},
-{"DOD","dod",NID_dod,2,&(lvalues[2827]),0},
-{"IANA","iana",NID_iana,3,&(lvalues[2829]),0},
-{"directory","Directory",NID_Directory,4,&(lvalues[2832]),0},
-{"mgmt","Management",NID_Management,4,&(lvalues[2836]),0},
-{"experimental","Experimental",NID_Experimental,4,&(lvalues[2840]),0},
-{"private","Private",NID_Private,4,&(lvalues[2844]),0},
-{"security","Security",NID_Security,4,&(lvalues[2848]),0},
-{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2852]),0},
-{"Mail","Mail",NID_Mail,4,&(lvalues[2856]),0},
-{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2860]),0},
-{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2865]),0},
-{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2874]),0},
-{"domain","Domain",NID_Domain,10,&(lvalues[2884]),0},
-{"NULL","NULL",NID_joint_iso_ccitt,1,&(lvalues[2894]),0},
+       NID_X500algorithms,2,&(lvalues[2829]),0},
+{"ORG","org",NID_org,1,&(lvalues[2831]),0},
+{"DOD","dod",NID_dod,2,&(lvalues[2832]),0},
+{"IANA","iana",NID_iana,3,&(lvalues[2834]),0},
+{"directory","Directory",NID_Directory,4,&(lvalues[2837]),0},
+{"mgmt","Management",NID_Management,4,&(lvalues[2841]),0},
+{"experimental","Experimental",NID_Experimental,4,&(lvalues[2845]),0},
+{"private","Private",NID_Private,4,&(lvalues[2849]),0},
+{"security","Security",NID_Security,4,&(lvalues[2853]),0},
+{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2857]),0},
+{"Mail","Mail",NID_Mail,4,&(lvalues[2861]),0},
+{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2865]),0},
+{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2870]),0},
+{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2879]),0},
+{"domain","Domain",NID_Domain,10,&(lvalues[2889]),0},
+{"NULL","NULL",NID_joint_iso_ccitt,1,&(lvalues[2899]),0},
 {"selected-attribute-types","Selected Attribute Types",
-       NID_selected_attribute_types,3,&(lvalues[2895]),0},
-{"clearance","clearance",NID_clearance,4,&(lvalues[2898]),0},
+       NID_selected_attribute_types,3,&(lvalues[2900]),0},
+{"clearance","clearance",NID_clearance,4,&(lvalues[2903]),0},
 {"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9,
-       &(lvalues[2902]),0},
-{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2911]),0},
+       &(lvalues[2907]),0},
+{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2916]),0},
 {"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8,
-       &(lvalues[2919]),0},
+       &(lvalues[2924]),0},
 {"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8,
-       &(lvalues[2927]),0},
-{"role","role",NID_role,3,&(lvalues[2935]),0},
+       &(lvalues[2932]),0},
+{"role","role",NID_role,3,&(lvalues[2940]),0},
 {"policyConstraints","X509v3 Policy Constraints",
-       NID_policy_constraints,3,&(lvalues[2938]),0},
+       NID_policy_constraints,3,&(lvalues[2943]),0},
 {"targetInformation","X509v3 AC Targeting",NID_target_information,3,
-       &(lvalues[2941]),0},
+       &(lvalues[2946]),0},
 {"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3,
-       &(lvalues[2944]),0},
-{"NULL","NULL",NID_ccitt,1,&(lvalues[2947]),0},
-{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2948]),0},
-{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2953]),0},
+       &(lvalues[2949]),0},
+{"NULL","NULL",NID_ccitt,1,&(lvalues[2952]),0},
+{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2953]),0},
+{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2958]),0},
 {"characteristic-two-field","characteristic-two-field",
-       NID_X9_62_characteristic_two_field,7,&(lvalues[2960]),0},
+       NID_X9_62_characteristic_two_field,7,&(lvalues[2965]),0},
 {"id-ecPublicKey","id-ecPublicKey",NID_X9_62_id_ecPublicKey,7,
-       &(lvalues[2967]),0},
-{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2974]),0},
-{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2982]),0},
-{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2990]),0},
-{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[2998]),0},
-{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3006]),0},
-{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3014]),0},
-{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3022]),0},
+       &(lvalues[2972]),0},
+{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2979]),0},
+{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2987]),0},
+{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2995]),0},
+{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[3003]),0},
+{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3011]),0},
+{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3019]),0},
+{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3027]),0},
 {"ecdsa-with-SHA1","ecdsa-with-SHA1",NID_ecdsa_with_SHA1,7,
-       &(lvalues[3030]),0},
-{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3037]),0},
-{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3046]),0},
-{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3055]),0},
-{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3064]),0},
-{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3073]),0},
-{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3082]),0},
-{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3091]),0},
-{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3100]),0},
-{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3109]),0},
-{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3118]),0},
-{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3127]),0},
-{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3136]),0},
-{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3145]),0},
+       &(lvalues[3035]),0},
+{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3042]),0},
+{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3051]),0},
+{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3060]),0},
+{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3069]),0},
+{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3078]),0},
+{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3087]),0},
+{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3096]),0},
+{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3105]),0},
+{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3114]),0},
+{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3123]),0},
+{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3132]),0},
+{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3141]),0},
+{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3150]),0},
 {"holdInstructionCode","Hold Instruction Code",
-       NID_hold_instruction_code,3,&(lvalues[3154]),0},
+       NID_hold_instruction_code,3,&(lvalues[3159]),0},
 {"holdInstructionNone","Hold Instruction None",
-       NID_hold_instruction_none,7,&(lvalues[3157]),0},
+       NID_hold_instruction_none,7,&(lvalues[3162]),0},
 {"holdInstructionCallIssuer","Hold Instruction Call Issuer",
-       NID_hold_instruction_call_issuer,7,&(lvalues[3164]),0},
+       NID_hold_instruction_call_issuer,7,&(lvalues[3169]),0},
 {"holdInstructionReject","Hold Instruction Reject",
-       NID_hold_instruction_reject,7,&(lvalues[3171]),0},
-{"data","data",NID_data,1,&(lvalues[3178]),0},
-{"pss","pss",NID_pss,3,&(lvalues[3179]),0},
-{"ucl","ucl",NID_ucl,7,&(lvalues[3182]),0},
-{"pilot","pilot",NID_pilot,8,&(lvalues[3189]),0},
+       NID_hold_instruction_reject,7,&(lvalues[3176]),0},
+{"data","data",NID_data,1,&(lvalues[3183]),0},
+{"pss","pss",NID_pss,3,&(lvalues[3184]),0},
+{"ucl","ucl",NID_ucl,7,&(lvalues[3187]),0},
+{"pilot","pilot",NID_pilot,8,&(lvalues[3194]),0},
 {"pilotAttributeType","pilotAttributeType",NID_pilotAttributeType,9,
-       &(lvalues[3197]),0},
+       &(lvalues[3202]),0},
 {"pilotAttributeSyntax","pilotAttributeSyntax",
-       NID_pilotAttributeSyntax,9,&(lvalues[3206]),0},
+       NID_pilotAttributeSyntax,9,&(lvalues[3211]),0},
 {"pilotObjectClass","pilotObjectClass",NID_pilotObjectClass,9,
-       &(lvalues[3215]),0},
-{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3224]),0},
+       &(lvalues[3220]),0},
+{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3229]),0},
 {"iA5StringSyntax","iA5StringSyntax",NID_iA5StringSyntax,10,
-       &(lvalues[3233]),0},
+       &(lvalues[3238]),0},
 {"caseIgnoreIA5StringSyntax","caseIgnoreIA5StringSyntax",
-       NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3243]),0},
-{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3253]),0},
-{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3263]),0},
-{"account","account",NID_account,10,&(lvalues[3273]),0},
-{"document","document",NID_document,10,&(lvalues[3283]),0},
-{"room","room",NID_room,10,&(lvalues[3293]),0},
+       NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3248]),0},
+{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3258]),0},
+{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3268]),0},
+{"account","account",NID_account,10,&(lvalues[3278]),0},
+{"document","document",NID_document,10,&(lvalues[3288]),0},
+{"room","room",NID_room,10,&(lvalues[3298]),0},
 {"documentSeries","documentSeries",NID_documentSeries,10,
-       &(lvalues[3303]),0},
+       &(lvalues[3308]),0},
 {"rFC822localPart","rFC822localPart",NID_rFC822localPart,10,
-       &(lvalues[3313]),0},
-{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3323]),0},
+       &(lvalues[3318]),0},
+{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3328]),0},
 {"domainRelatedObject","domainRelatedObject",NID_domainRelatedObject,
-       10,&(lvalues[3333]),0},
+       10,&(lvalues[3338]),0},
 {"friendlyCountry","friendlyCountry",NID_friendlyCountry,10,
-       &(lvalues[3343]),0},
+       &(lvalues[3348]),0},
 {"simpleSecurityObject","simpleSecurityObject",
-       NID_simpleSecurityObject,10,&(lvalues[3353]),0},
+       NID_simpleSecurityObject,10,&(lvalues[3358]),0},
 {"pilotOrganization","pilotOrganization",NID_pilotOrganization,10,
-       &(lvalues[3363]),0},
-{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3373]),0},
+       &(lvalues[3368]),0},
+{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3378]),0},
 {"qualityLabelledData","qualityLabelledData",NID_qualityLabelledData,
-       10,&(lvalues[3383]),0},
-{"UID","userId",NID_userId,10,&(lvalues[3393]),0},
+       10,&(lvalues[3388]),0},
+{"UID","userId",NID_userId,10,&(lvalues[3398]),0},
 {"textEncodedORAddress","textEncodedORAddress",
-       NID_textEncodedORAddress,10,&(lvalues[3403]),0},
-{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3413]),0},
-{"info","info",NID_info,10,&(lvalues[3423]),0},
+       NID_textEncodedORAddress,10,&(lvalues[3408]),0},
+{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3418]),0},
+{"info","info",NID_info,10,&(lvalues[3428]),0},
 {"favouriteDrink","favouriteDrink",NID_favouriteDrink,10,
-       &(lvalues[3433]),0},
-{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3443]),0},
-{"photo","photo",NID_photo,10,&(lvalues[3453]),0},
-{"userClass","userClass",NID_userClass,10,&(lvalues[3463]),0},
-{"host","host",NID_host,10,&(lvalues[3473]),0},
-{"manager","manager",NID_manager,10,&(lvalues[3483]),0},
+       &(lvalues[3438]),0},
+{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3448]),0},
+{"photo","photo",NID_photo,10,&(lvalues[3458]),0},
+{"userClass","userClass",NID_userClass,10,&(lvalues[3468]),0},
+{"host","host",NID_host,10,&(lvalues[3478]),0},
+{"manager","manager",NID_manager,10,&(lvalues[3488]),0},
 {"documentIdentifier","documentIdentifier",NID_documentIdentifier,10,
-       &(lvalues[3493]),0},
-{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3503]),0},
+       &(lvalues[3498]),0},
+{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3508]),0},
 {"documentVersion","documentVersion",NID_documentVersion,10,
-       &(lvalues[3513]),0},
+       &(lvalues[3518]),0},
 {"documentAuthor","documentAuthor",NID_documentAuthor,10,
-       &(lvalues[3523]),0},
+       &(lvalues[3528]),0},
 {"documentLocation","documentLocation",NID_documentLocation,10,
-       &(lvalues[3533]),0},
+       &(lvalues[3538]),0},
 {"homeTelephoneNumber","homeTelephoneNumber",NID_homeTelephoneNumber,
-       10,&(lvalues[3543]),0},
-{"secretary","secretary",NID_secretary,10,&(lvalues[3553]),0},
-{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3563]),0},
+       10,&(lvalues[3548]),0},
+{"secretary","secretary",NID_secretary,10,&(lvalues[3558]),0},
+{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3568]),0},
 {"lastModifiedTime","lastModifiedTime",NID_lastModifiedTime,10,
-       &(lvalues[3573]),0},
+       &(lvalues[3578]),0},
 {"lastModifiedBy","lastModifiedBy",NID_lastModifiedBy,10,
-       &(lvalues[3583]),0},
-{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3593]),0},
+       &(lvalues[3588]),0},
+{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3598]),0},
 {"pilotAttributeType27","pilotAttributeType27",
-       NID_pilotAttributeType27,10,&(lvalues[3603]),0},
-{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3613]),0},
-{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3623]),0},
-{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3633]),0},
-{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3643]),0},
+       NID_pilotAttributeType27,10,&(lvalues[3608]),0},
+{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3618]),0},
+{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3628]),0},
+{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3638]),0},
+{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3648]),0},
 {"associatedDomain","associatedDomain",NID_associatedDomain,10,
-       &(lvalues[3653]),0},
+       &(lvalues[3658]),0},
 {"associatedName","associatedName",NID_associatedName,10,
-       &(lvalues[3663]),0},
+       &(lvalues[3668]),0},
 {"homePostalAddress","homePostalAddress",NID_homePostalAddress,10,
-       &(lvalues[3673]),0},
-{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3683]),0},
+       &(lvalues[3678]),0},
+{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3688]),0},
 {"mobileTelephoneNumber","mobileTelephoneNumber",
-       NID_mobileTelephoneNumber,10,&(lvalues[3693]),0},
+       NID_mobileTelephoneNumber,10,&(lvalues[3698]),0},
 {"pagerTelephoneNumber","pagerTelephoneNumber",
-       NID_pagerTelephoneNumber,10,&(lvalues[3703]),0},
+       NID_pagerTelephoneNumber,10,&(lvalues[3708]),0},
 {"friendlyCountryName","friendlyCountryName",NID_friendlyCountryName,
-       10,&(lvalues[3713]),0},
+       10,&(lvalues[3718]),0},
 {"organizationalStatus","organizationalStatus",
-       NID_organizationalStatus,10,&(lvalues[3723]),0},
-{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3733]),0},
+       NID_organizationalStatus,10,&(lvalues[3728]),0},
+{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3738]),0},
 {"mailPreferenceOption","mailPreferenceOption",
-       NID_mailPreferenceOption,10,&(lvalues[3743]),0},
-{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3753]),0},
-{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3763]),0},
+       NID_mailPreferenceOption,10,&(lvalues[3748]),0},
+{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3758]),0},
+{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3768]),0},
 {"singleLevelQuality","singleLevelQuality",NID_singleLevelQuality,10,
-       &(lvalues[3773]),0},
+       &(lvalues[3778]),0},
 {"subtreeMinimumQuality","subtreeMinimumQuality",
-       NID_subtreeMinimumQuality,10,&(lvalues[3783]),0},
+       NID_subtreeMinimumQuality,10,&(lvalues[3788]),0},
 {"subtreeMaximumQuality","subtreeMaximumQuality",
-       NID_subtreeMaximumQuality,10,&(lvalues[3793]),0},
+       NID_subtreeMaximumQuality,10,&(lvalues[3798]),0},
 {"personalSignature","personalSignature",NID_personalSignature,10,
-       &(lvalues[3803]),0},
-{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3813]),0},
-{"audio","audio",NID_audio,10,&(lvalues[3823]),0},
+       &(lvalues[3808]),0},
+{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3818]),0},
+{"audio","audio",NID_audio,10,&(lvalues[3828]),0},
 {"documentPublisher","documentPublisher",NID_documentPublisher,10,
-       &(lvalues[3833]),0},
+       &(lvalues[3838]),0},
 {"x500UniqueIdentifier","x500UniqueIdentifier",
-       NID_x500UniqueIdentifier,3,&(lvalues[3843]),0},
-{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3846]),0},
+       NID_x500UniqueIdentifier,3,&(lvalues[3848]),0},
+{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3851]),0},
 {"mime-mhs-headings","mime-mhs-headings",NID_mime_mhs_headings,6,
-       &(lvalues[3851]),0},
+       &(lvalues[3856]),0},
 {"mime-mhs-bodies","mime-mhs-bodies",NID_mime_mhs_bodies,6,
-       &(lvalues[3857]),0},
+       &(lvalues[3862]),0},
 {"id-hex-partial-message","id-hex-partial-message",
-       NID_id_hex_partial_message,7,&(lvalues[3863]),0},
+       NID_id_hex_partial_message,7,&(lvalues[3868]),0},
 {"id-hex-multipart-message","id-hex-multipart-message",
-       NID_id_hex_multipart_message,7,&(lvalues[3870]),0},
+       NID_id_hex_multipart_message,7,&(lvalues[3875]),0},
 {"generationQualifier","generationQualifier",NID_generationQualifier,
-       3,&(lvalues[3877]),0},
-{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3880]),0},
+       3,&(lvalues[3882]),0},
+{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3885]),0},
 {NULL,NULL,NID_undef,0,NULL,0},
 {"id-set","Secure Electronic Transactions",NID_id_set,2,
-       &(lvalues[3883]),0},
-{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3885]),0},
-{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3888]),0},
-{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3891]),0},
-{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3894]),0},
+       &(lvalues[3888]),0},
+{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3890]),0},
+{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3893]),0},
+{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3896]),0},
+{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3899]),0},
 {"set-certExt","certificate extensions",NID_set_certExt,3,
-       &(lvalues[3897]),0},
-{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3900]),0},
-{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3903]),0},
+       &(lvalues[3902]),0},
+{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3905]),0},
+{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3908]),0},
 {"setct-PANToken","setct-PANToken",NID_setct_PANToken,4,
-       &(lvalues[3907]),0},
-{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3911]),0},
-{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3915]),0},
-{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3919]),0},
-{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3923]),0},
+       &(lvalues[3912]),0},
+{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3916]),0},
+{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3920]),0},
+{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3924]),0},
+{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3928]),0},
 {"setct-PIDataUnsigned","setct-PIDataUnsigned",
-       NID_setct_PIDataUnsigned,4,&(lvalues[3927]),0},
+       NID_setct_PIDataUnsigned,4,&(lvalues[3932]),0},
 {"setct-HODInput","setct-HODInput",NID_setct_HODInput,4,
-       &(lvalues[3931]),0},
+       &(lvalues[3936]),0},
 {"setct-AuthResBaggage","setct-AuthResBaggage",
-       NID_setct_AuthResBaggage,4,&(lvalues[3935]),0},
+       NID_setct_AuthResBaggage,4,&(lvalues[3940]),0},
 {"setct-AuthRevReqBaggage","setct-AuthRevReqBaggage",
-       NID_setct_AuthRevReqBaggage,4,&(lvalues[3939]),0},
+       NID_setct_AuthRevReqBaggage,4,&(lvalues[3944]),0},
 {"setct-AuthRevResBaggage","setct-AuthRevResBaggage",
-       NID_setct_AuthRevResBaggage,4,&(lvalues[3943]),0},
+       NID_setct_AuthRevResBaggage,4,&(lvalues[3948]),0},
 {"setct-CapTokenSeq","setct-CapTokenSeq",NID_setct_CapTokenSeq,4,
-       &(lvalues[3947]),0},
+       &(lvalues[3952]),0},
 {"setct-PInitResData","setct-PInitResData",NID_setct_PInitResData,4,
-       &(lvalues[3951]),0},
-{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3955]),0},
+       &(lvalues[3956]),0},
+{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3960]),0},
 {"setct-PResData","setct-PResData",NID_setct_PResData,4,
-       &(lvalues[3959]),0},
+       &(lvalues[3964]),0},
 {"setct-AuthReqTBS","setct-AuthReqTBS",NID_setct_AuthReqTBS,4,
-       &(lvalues[3963]),0},
+       &(lvalues[3968]),0},
 {"setct-AuthResTBS","setct-AuthResTBS",NID_setct_AuthResTBS,4,
-       &(lvalues[3967]),0},
+       &(lvalues[3972]),0},
 {"setct-AuthResTBSX","setct-AuthResTBSX",NID_setct_AuthResTBSX,4,
-       &(lvalues[3971]),0},
+       &(lvalues[3976]),0},
 {"setct-AuthTokenTBS","setct-AuthTokenTBS",NID_setct_AuthTokenTBS,4,
-       &(lvalues[3975]),0},
+       &(lvalues[3980]),0},
 {"setct-CapTokenData","setct-CapTokenData",NID_setct_CapTokenData,4,
-       &(lvalues[3979]),0},
+       &(lvalues[3984]),0},
 {"setct-CapTokenTBS","setct-CapTokenTBS",NID_setct_CapTokenTBS,4,
-       &(lvalues[3983]),0},
+       &(lvalues[3988]),0},
 {"setct-AcqCardCodeMsg","setct-AcqCardCodeMsg",
-       NID_setct_AcqCardCodeMsg,4,&(lvalues[3987]),0},
+       NID_setct_AcqCardCodeMsg,4,&(lvalues[3992]),0},
 {"setct-AuthRevReqTBS","setct-AuthRevReqTBS",NID_setct_AuthRevReqTBS,
-       4,&(lvalues[3991]),0},
+       4,&(lvalues[3996]),0},
 {"setct-AuthRevResData","setct-AuthRevResData",
-       NID_setct_AuthRevResData,4,&(lvalues[3995]),0},
+       NID_setct_AuthRevResData,4,&(lvalues[4000]),0},
 {"setct-AuthRevResTBS","setct-AuthRevResTBS",NID_setct_AuthRevResTBS,
-       4,&(lvalues[3999]),0},
+       4,&(lvalues[4004]),0},
 {"setct-CapReqTBS","setct-CapReqTBS",NID_setct_CapReqTBS,4,
-       &(lvalues[4003]),0},
+       &(lvalues[4008]),0},
 {"setct-CapReqTBSX","setct-CapReqTBSX",NID_setct_CapReqTBSX,4,
-       &(lvalues[4007]),0},
+       &(lvalues[4012]),0},
 {"setct-CapResData","setct-CapResData",NID_setct_CapResData,4,
-       &(lvalues[4011]),0},
+       &(lvalues[4016]),0},
 {"setct-CapRevReqTBS","setct-CapRevReqTBS",NID_setct_CapRevReqTBS,4,
-       &(lvalues[4015]),0},
+       &(lvalues[4020]),0},
 {"setct-CapRevReqTBSX","setct-CapRevReqTBSX",NID_setct_CapRevReqTBSX,
-       4,&(lvalues[4019]),0},
+       4,&(lvalues[4024]),0},
 {"setct-CapRevResData","setct-CapRevResData",NID_setct_CapRevResData,
-       4,&(lvalues[4023]),0},
+       4,&(lvalues[4028]),0},
 {"setct-CredReqTBS","setct-CredReqTBS",NID_setct_CredReqTBS,4,
-       &(lvalues[4027]),0},
+       &(lvalues[4032]),0},
 {"setct-CredReqTBSX","setct-CredReqTBSX",NID_setct_CredReqTBSX,4,
-       &(lvalues[4031]),0},
+       &(lvalues[4036]),0},
 {"setct-CredResData","setct-CredResData",NID_setct_CredResData,4,
-       &(lvalues[4035]),0},
+       &(lvalues[4040]),0},
 {"setct-CredRevReqTBS","setct-CredRevReqTBS",NID_setct_CredRevReqTBS,
-       4,&(lvalues[4039]),0},
+       4,&(lvalues[4044]),0},
 {"setct-CredRevReqTBSX","setct-CredRevReqTBSX",
-       NID_setct_CredRevReqTBSX,4,&(lvalues[4043]),0},
+       NID_setct_CredRevReqTBSX,4,&(lvalues[4048]),0},
 {"setct-CredRevResData","setct-CredRevResData",
-       NID_setct_CredRevResData,4,&(lvalues[4047]),0},
+       NID_setct_CredRevResData,4,&(lvalues[4052]),0},
 {"setct-PCertReqData","setct-PCertReqData",NID_setct_PCertReqData,4,
-       &(lvalues[4051]),0},
+       &(lvalues[4056]),0},
 {"setct-PCertResTBS","setct-PCertResTBS",NID_setct_PCertResTBS,4,
-       &(lvalues[4055]),0},
+       &(lvalues[4060]),0},
 {"setct-BatchAdminReqData","setct-BatchAdminReqData",
-       NID_setct_BatchAdminReqData,4,&(lvalues[4059]),0},
+       NID_setct_BatchAdminReqData,4,&(lvalues[4064]),0},
 {"setct-BatchAdminResData","setct-BatchAdminResData",
-       NID_setct_BatchAdminResData,4,&(lvalues[4063]),0},
+       NID_setct_BatchAdminResData,4,&(lvalues[4068]),0},
 {"setct-CardCInitResTBS","setct-CardCInitResTBS",
-       NID_setct_CardCInitResTBS,4,&(lvalues[4067]),0},
+       NID_setct_CardCInitResTBS,4,&(lvalues[4072]),0},
 {"setct-MeAqCInitResTBS","setct-MeAqCInitResTBS",
-       NID_setct_MeAqCInitResTBS,4,&(lvalues[4071]),0},
+       NID_setct_MeAqCInitResTBS,4,&(lvalues[4076]),0},
 {"setct-RegFormResTBS","setct-RegFormResTBS",NID_setct_RegFormResTBS,
-       4,&(lvalues[4075]),0},
+       4,&(lvalues[4080]),0},
 {"setct-CertReqData","setct-CertReqData",NID_setct_CertReqData,4,
-       &(lvalues[4079]),0},
+       &(lvalues[4084]),0},
 {"setct-CertReqTBS","setct-CertReqTBS",NID_setct_CertReqTBS,4,
-       &(lvalues[4083]),0},
+       &(lvalues[4088]),0},
 {"setct-CertResData","setct-CertResData",NID_setct_CertResData,4,
-       &(lvalues[4087]),0},
+       &(lvalues[4092]),0},
 {"setct-CertInqReqTBS","setct-CertInqReqTBS",NID_setct_CertInqReqTBS,
-       4,&(lvalues[4091]),0},
+       4,&(lvalues[4096]),0},
 {"setct-ErrorTBS","setct-ErrorTBS",NID_setct_ErrorTBS,4,
-       &(lvalues[4095]),0},
+       &(lvalues[4100]),0},
 {"setct-PIDualSignedTBE","setct-PIDualSignedTBE",
-       NID_setct_PIDualSignedTBE,4,&(lvalues[4099]),0},
+       NID_setct_PIDualSignedTBE,4,&(lvalues[4104]),0},
 {"setct-PIUnsignedTBE","setct-PIUnsignedTBE",NID_setct_PIUnsignedTBE,
-       4,&(lvalues[4103]),0},
+       4,&(lvalues[4108]),0},
 {"setct-AuthReqTBE","setct-AuthReqTBE",NID_setct_AuthReqTBE,4,
-       &(lvalues[4107]),0},
+       &(lvalues[4112]),0},
 {"setct-AuthResTBE","setct-AuthResTBE",NID_setct_AuthResTBE,4,
-       &(lvalues[4111]),0},
+       &(lvalues[4116]),0},
 {"setct-AuthResTBEX","setct-AuthResTBEX",NID_setct_AuthResTBEX,4,
-       &(lvalues[4115]),0},
+       &(lvalues[4120]),0},
 {"setct-AuthTokenTBE","setct-AuthTokenTBE",NID_setct_AuthTokenTBE,4,
-       &(lvalues[4119]),0},
+       &(lvalues[4124]),0},
 {"setct-CapTokenTBE","setct-CapTokenTBE",NID_setct_CapTokenTBE,4,
-       &(lvalues[4123]),0},
+       &(lvalues[4128]),0},
 {"setct-CapTokenTBEX","setct-CapTokenTBEX",NID_setct_CapTokenTBEX,4,
-       &(lvalues[4127]),0},
+       &(lvalues[4132]),0},
 {"setct-AcqCardCodeMsgTBE","setct-AcqCardCodeMsgTBE",
-       NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4131]),0},
+       NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4136]),0},
 {"setct-AuthRevReqTBE","setct-AuthRevReqTBE",NID_setct_AuthRevReqTBE,
-       4,&(lvalues[4135]),0},
+       4,&(lvalues[4140]),0},
 {"setct-AuthRevResTBE","setct-AuthRevResTBE",NID_setct_AuthRevResTBE,
-       4,&(lvalues[4139]),0},
+       4,&(lvalues[4144]),0},
 {"setct-AuthRevResTBEB","setct-AuthRevResTBEB",
-       NID_setct_AuthRevResTBEB,4,&(lvalues[4143]),0},
+       NID_setct_AuthRevResTBEB,4,&(lvalues[4148]),0},
 {"setct-CapReqTBE","setct-CapReqTBE",NID_setct_CapReqTBE,4,
-       &(lvalues[4147]),0},
+       &(lvalues[4152]),0},
 {"setct-CapReqTBEX","setct-CapReqTBEX",NID_setct_CapReqTBEX,4,
-       &(lvalues[4151]),0},
+       &(lvalues[4156]),0},
 {"setct-CapResTBE","setct-CapResTBE",NID_setct_CapResTBE,4,
-       &(lvalues[4155]),0},
+       &(lvalues[4160]),0},
 {"setct-CapRevReqTBE","setct-CapRevReqTBE",NID_setct_CapRevReqTBE,4,
-       &(lvalues[4159]),0},
+       &(lvalues[4164]),0},
 {"setct-CapRevReqTBEX","setct-CapRevReqTBEX",NID_setct_CapRevReqTBEX,
-       4,&(lvalues[4163]),0},
+       4,&(lvalues[4168]),0},
 {"setct-CapRevResTBE","setct-CapRevResTBE",NID_setct_CapRevResTBE,4,
-       &(lvalues[4167]),0},
+       &(lvalues[4172]),0},
 {"setct-CredReqTBE","setct-CredReqTBE",NID_setct_CredReqTBE,4,
-       &(lvalues[4171]),0},
+       &(lvalues[4176]),0},
 {"setct-CredReqTBEX","setct-CredReqTBEX",NID_setct_CredReqTBEX,4,
-       &(lvalues[4175]),0},
+       &(lvalues[4180]),0},
 {"setct-CredResTBE","setct-CredResTBE",NID_setct_CredResTBE,4,
-       &(lvalues[4179]),0},
+       &(lvalues[4184]),0},
 {"setct-CredRevReqTBE","setct-CredRevReqTBE",NID_setct_CredRevReqTBE,
-       4,&(lvalues[4183]),0},
+       4,&(lvalues[4188]),0},
 {"setct-CredRevReqTBEX","setct-CredRevReqTBEX",
-       NID_setct_CredRevReqTBEX,4,&(lvalues[4187]),0},
+       NID_setct_CredRevReqTBEX,4,&(lvalues[4192]),0},
 {"setct-CredRevResTBE","setct-CredRevResTBE",NID_setct_CredRevResTBE,
-       4,&(lvalues[4191]),0},
+       4,&(lvalues[4196]),0},
 {"setct-BatchAdminReqTBE","setct-BatchAdminReqTBE",
-       NID_setct_BatchAdminReqTBE,4,&(lvalues[4195]),0},
+       NID_setct_BatchAdminReqTBE,4,&(lvalues[4200]),0},
 {"setct-BatchAdminResTBE","setct-BatchAdminResTBE",
-       NID_setct_BatchAdminResTBE,4,&(lvalues[4199]),0},
+       NID_setct_BatchAdminResTBE,4,&(lvalues[4204]),0},
 {"setct-RegFormReqTBE","setct-RegFormReqTBE",NID_setct_RegFormReqTBE,
-       4,&(lvalues[4203]),0},
+       4,&(lvalues[4208]),0},
 {"setct-CertReqTBE","setct-CertReqTBE",NID_setct_CertReqTBE,4,
-       &(lvalues[4207]),0},
+       &(lvalues[4212]),0},
 {"setct-CertReqTBEX","setct-CertReqTBEX",NID_setct_CertReqTBEX,4,
-       &(lvalues[4211]),0},
+       &(lvalues[4216]),0},
 {"setct-CertResTBE","setct-CertResTBE",NID_setct_CertResTBE,4,
-       &(lvalues[4215]),0},
+       &(lvalues[4220]),0},
 {"setct-CRLNotificationTBS","setct-CRLNotificationTBS",
-       NID_setct_CRLNotificationTBS,4,&(lvalues[4219]),0},
+       NID_setct_CRLNotificationTBS,4,&(lvalues[4224]),0},
 {"setct-CRLNotificationResTBS","setct-CRLNotificationResTBS",
-       NID_setct_CRLNotificationResTBS,4,&(lvalues[4223]),0},
+       NID_setct_CRLNotificationResTBS,4,&(lvalues[4228]),0},
 {"setct-BCIDistributionTBS","setct-BCIDistributionTBS",
-       NID_setct_BCIDistributionTBS,4,&(lvalues[4227]),0},
+       NID_setct_BCIDistributionTBS,4,&(lvalues[4232]),0},
 {"setext-genCrypt","generic cryptogram",NID_setext_genCrypt,4,
-       &(lvalues[4231]),0},
+       &(lvalues[4236]),0},
 {"setext-miAuth","merchant initiated auth",NID_setext_miAuth,4,
-       &(lvalues[4235]),0},
+       &(lvalues[4240]),0},
 {"setext-pinSecure","setext-pinSecure",NID_setext_pinSecure,4,
-       &(lvalues[4239]),0},
-{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4243]),0},
-{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4247]),0},
+       &(lvalues[4244]),0},
+{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4248]),0},
+{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4252]),0},
 {"setext-cv","additional verification",NID_setext_cv,4,
-       &(lvalues[4251]),0},
+       &(lvalues[4256]),0},
 {"set-policy-root","set-policy-root",NID_set_policy_root,4,
-       &(lvalues[4255]),0},
+       &(lvalues[4260]),0},
 {"setCext-hashedRoot","setCext-hashedRoot",NID_setCext_hashedRoot,4,
-       &(lvalues[4259]),0},
+       &(lvalues[4264]),0},
 {"setCext-certType","setCext-certType",NID_setCext_certType,4,
-       &(lvalues[4263]),0},
+       &(lvalues[4268]),0},
 {"setCext-merchData","setCext-merchData",NID_setCext_merchData,4,
-       &(lvalues[4267]),0},
+       &(lvalues[4272]),0},
 {"setCext-cCertRequired","setCext-cCertRequired",
-       NID_setCext_cCertRequired,4,&(lvalues[4271]),0},
+       NID_setCext_cCertRequired,4,&(lvalues[4276]),0},
 {"setCext-tunneling","setCext-tunneling",NID_setCext_tunneling,4,
-       &(lvalues[4275]),0},
+       &(lvalues[4280]),0},
 {"setCext-setExt","setCext-setExt",NID_setCext_setExt,4,
-       &(lvalues[4279]),0},
+       &(lvalues[4284]),0},
 {"setCext-setQualf","setCext-setQualf",NID_setCext_setQualf,4,
-       &(lvalues[4283]),0},
+       &(lvalues[4288]),0},
 {"setCext-PGWYcapabilities","setCext-PGWYcapabilities",
-       NID_setCext_PGWYcapabilities,4,&(lvalues[4287]),0},
+       NID_setCext_PGWYcapabilities,4,&(lvalues[4292]),0},
 {"setCext-TokenIdentifier","setCext-TokenIdentifier",
-       NID_setCext_TokenIdentifier,4,&(lvalues[4291]),0},
+       NID_setCext_TokenIdentifier,4,&(lvalues[4296]),0},
 {"setCext-Track2Data","setCext-Track2Data",NID_setCext_Track2Data,4,
-       &(lvalues[4295]),0},
+       &(lvalues[4300]),0},
 {"setCext-TokenType","setCext-TokenType",NID_setCext_TokenType,4,
-       &(lvalues[4299]),0},
+       &(lvalues[4304]),0},
 {"setCext-IssuerCapabilities","setCext-IssuerCapabilities",
-       NID_setCext_IssuerCapabilities,4,&(lvalues[4303]),0},
-{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4307]),0},
+       NID_setCext_IssuerCapabilities,4,&(lvalues[4308]),0},
+{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4312]),0},
 {"setAttr-PGWYcap","payment gateway capabilities",NID_setAttr_PGWYcap,
-       4,&(lvalues[4311]),0},
+       4,&(lvalues[4316]),0},
 {"setAttr-TokenType","setAttr-TokenType",NID_setAttr_TokenType,4,
-       &(lvalues[4315]),0},
+       &(lvalues[4320]),0},
 {"setAttr-IssCap","issuer capabilities",NID_setAttr_IssCap,4,
-       &(lvalues[4319]),0},
+       &(lvalues[4324]),0},
 {"set-rootKeyThumb","set-rootKeyThumb",NID_set_rootKeyThumb,5,
-       &(lvalues[4323]),0},
-{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4328]),0},
+       &(lvalues[4328]),0},
+{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4333]),0},
 {"setAttr-Token-EMV","setAttr-Token-EMV",NID_setAttr_Token_EMV,5,
-       &(lvalues[4333]),0},
+       &(lvalues[4338]),0},
 {"setAttr-Token-B0Prime","setAttr-Token-B0Prime",
-       NID_setAttr_Token_B0Prime,5,&(lvalues[4338]),0},
+       NID_setAttr_Token_B0Prime,5,&(lvalues[4343]),0},
 {"setAttr-IssCap-CVM","setAttr-IssCap-CVM",NID_setAttr_IssCap_CVM,5,
-       &(lvalues[4343]),0},
-{"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5,
        &(lvalues[4348]),0},
-{"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5,
+{"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5,
        &(lvalues[4353]),0},
+{"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5,
+       &(lvalues[4358]),0},
 {"setAttr-GenCryptgrm","generate cryptogram",NID_setAttr_GenCryptgrm,
-       6,&(lvalues[4358]),0},
+       6,&(lvalues[4363]),0},
 {"setAttr-T2Enc","encrypted track 2",NID_setAttr_T2Enc,6,
-       &(lvalues[4364]),0},
+       &(lvalues[4369]),0},
 {"setAttr-T2cleartxt","cleartext track 2",NID_setAttr_T2cleartxt,6,
-       &(lvalues[4370]),0},
+       &(lvalues[4375]),0},
 {"setAttr-TokICCsig","ICC or token signature",NID_setAttr_TokICCsig,6,
-       &(lvalues[4376]),0},
+       &(lvalues[4381]),0},
 {"setAttr-SecDevSig","secure device signature",NID_setAttr_SecDevSig,
-       6,&(lvalues[4382]),0},
+       6,&(lvalues[4387]),0},
 {"set-brand-IATA-ATA","set-brand-IATA-ATA",NID_set_brand_IATA_ATA,4,
-       &(lvalues[4388]),0},
+       &(lvalues[4393]),0},
 {"set-brand-Diners","set-brand-Diners",NID_set_brand_Diners,4,
-       &(lvalues[4392]),0},
+       &(lvalues[4397]),0},
 {"set-brand-AmericanExpress","set-brand-AmericanExpress",
-       NID_set_brand_AmericanExpress,4,&(lvalues[4396]),0},
-{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4400]),0},
+       NID_set_brand_AmericanExpress,4,&(lvalues[4401]),0},
+{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4405]),0},
 {"set-brand-Visa","set-brand-Visa",NID_set_brand_Visa,4,
-       &(lvalues[4404]),0},
+       &(lvalues[4409]),0},
 {"set-brand-MasterCard","set-brand-MasterCard",
-       NID_set_brand_MasterCard,4,&(lvalues[4408]),0},
+       NID_set_brand_MasterCard,4,&(lvalues[4413]),0},
 {"set-brand-Novus","set-brand-Novus",NID_set_brand_Novus,5,
-       &(lvalues[4412]),0},
-{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4417]),0},
+       &(lvalues[4417]),0},
+{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4422]),0},
 {"rsaOAEPEncryptionSET","rsaOAEPEncryptionSET",
-       NID_rsaOAEPEncryptionSET,9,&(lvalues[4425]),0},
-{"ITU-T","itu-t",NID_itu_t,1,&(lvalues[4434]),0},
+       NID_rsaOAEPEncryptionSET,9,&(lvalues[4430]),0},
+{"ITU-T","itu-t",NID_itu_t,1,&(lvalues[4439]),0},
 {"JOINT-ISO-ITU-T","joint-iso-itu-t",NID_joint_iso_itu_t,1,
-       &(lvalues[4435]),0},
+       &(lvalues[4440]),0},
 {"international-organizations","International Organizations",
-       NID_international_organizations,1,&(lvalues[4436]),0},
+       NID_international_organizations,1,&(lvalues[4441]),0},
 {"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login,
-       10,&(lvalues[4437]),0},
+       10,&(lvalues[4442]),0},
 {"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10,
-       &(lvalues[4447]),0},
+       &(lvalues[4452]),0},
 {"AES-128-CFB1","aes-128-cfb1",NID_aes_128_cfb1,0,NULL,0},
 {"AES-192-CFB1","aes-192-cfb1",NID_aes_192_cfb1,0,NULL,0},
 {"AES-256-CFB1","aes-256-cfb1",NID_aes_256_cfb1,0,NULL,0},
@@ -1857,138 +1862,138 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0},
 {"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0},
 {"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0},
-{"streetAddress","streetAddress",NID_streetAddress,3,&(lvalues[4457]),0},
-{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4460]),0},
-{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4463]),0},
+{"streetAddress","streetAddress",NID_streetAddress,3,&(lvalues[4462]),0},
+{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4465]),0},
+{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4468]),0},
 {"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8,
-       &(lvalues[4470]),0},
+       &(lvalues[4475]),0},
 {"id-ppl-anyLanguage","Any language",NID_id_ppl_anyLanguage,8,
-       &(lvalues[4478]),0},
+       &(lvalues[4483]),0},
 {"id-ppl-inheritAll","Inherit all",NID_id_ppl_inheritAll,8,
-       &(lvalues[4486]),0},
+       &(lvalues[4491]),0},
 {"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3,
-       &(lvalues[4494]),0},
-{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4497]),0},
+       &(lvalues[4499]),0},
+{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4502]),0},
 {"RSA-SHA256","sha256WithRSAEncryption",NID_sha256WithRSAEncryption,9,
-       &(lvalues[4505]),0},
+       &(lvalues[4510]),0},
 {"RSA-SHA384","sha384WithRSAEncryption",NID_sha384WithRSAEncryption,9,
-       &(lvalues[4514]),0},
+       &(lvalues[4519]),0},
 {"RSA-SHA512","sha512WithRSAEncryption",NID_sha512WithRSAEncryption,9,
-       &(lvalues[4523]),0},
+       &(lvalues[4528]),0},
 {"RSA-SHA224","sha224WithRSAEncryption",NID_sha224WithRSAEncryption,9,
-       &(lvalues[4532]),0},
-{"SHA256","sha256",NID_sha256,9,&(lvalues[4541]),0},
-{"SHA384","sha384",NID_sha384,9,&(lvalues[4550]),0},
-{"SHA512","sha512",NID_sha512,9,&(lvalues[4559]),0},
-{"SHA224","sha224",NID_sha224,9,&(lvalues[4568]),0},
+       &(lvalues[4537]),0},
+{"SHA256","sha256",NID_sha256,9,&(lvalues[4546]),0},
+{"SHA384","sha384",NID_sha384,9,&(lvalues[4555]),0},
+{"SHA512","sha512",NID_sha512,9,&(lvalues[4564]),0},
+{"SHA224","sha224",NID_sha224,9,&(lvalues[4573]),0},
 {"identified-organization","identified-organization",
-       NID_identified_organization,1,&(lvalues[4577]),0},
-{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4578]),0},
-{"wap","wap",NID_wap,2,&(lvalues[4581]),0},
-{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4583]),0},
+       NID_identified_organization,1,&(lvalues[4582]),0},
+{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4583]),0},
+{"wap","wap",NID_wap,2,&(lvalues[4586]),0},
+{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4588]),0},
 {"id-characteristic-two-basis","id-characteristic-two-basis",
-       NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4586]),0},
-{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4594]),0},
-{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4603]),0},
-{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4612]),0},
-{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4621]),0},
-{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4629]),0},
-{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4637]),0},
-{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4645]),0},
-{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4653]),0},
-{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4661]),0},
-{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4669]),0},
-{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4677]),0},
-{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4685]),0},
-{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4693]),0},
-{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4701]),0},
-{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4709]),0},
-{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4717]),0},
-{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4725]),0},
-{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4733]),0},
-{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4741]),0},
-{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4749]),0},
-{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4757]),0},
-{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4765]),0},
-{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4773]),0},
-{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4781]),0},
-{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4786]),0},
-{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4791]),0},
-{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4796]),0},
-{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4801]),0},
-{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4806]),0},
-{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4811]),0},
-{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4816]),0},
-{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4821]),0},
-{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4826]),0},
-{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4831]),0},
-{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4836]),0},
-{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4841]),0},
-{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4846]),0},
-{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4851]),0},
-{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4856]),0},
-{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4861]),0},
-{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4866]),0},
-{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4871]),0},
-{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4876]),0},
-{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4881]),0},
-{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4886]),0},
-{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4891]),0},
-{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4896]),0},
-{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4901]),0},
-{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4906]),0},
-{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4911]),0},
-{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4916]),0},
-{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4921]),0},
-{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4926]),0},
-{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4931]),0},
+       NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4591]),0},
+{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4599]),0},
+{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4608]),0},
+{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4617]),0},
+{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4626]),0},
+{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4634]),0},
+{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4642]),0},
+{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4650]),0},
+{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4658]),0},
+{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4666]),0},
+{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4674]),0},
+{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4682]),0},
+{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4690]),0},
+{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4698]),0},
+{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4706]),0},
+{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4714]),0},
+{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4722]),0},
+{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4730]),0},
+{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4738]),0},
+{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4746]),0},
+{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4754]),0},
+{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4762]),0},
+{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4770]),0},
+{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4778]),0},
+{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4786]),0},
+{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4791]),0},
+{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4796]),0},
+{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4801]),0},
+{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4806]),0},
+{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4811]),0},
+{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4816]),0},
+{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4821]),0},
+{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4826]),0},
+{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4831]),0},
+{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4836]),0},
+{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4841]),0},
+{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4846]),0},
+{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4851]),0},
+{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4856]),0},
+{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4861]),0},
+{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4866]),0},
+{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4871]),0},
+{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4876]),0},
+{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4881]),0},
+{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4886]),0},
+{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4891]),0},
+{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4896]),0},
+{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4901]),0},
+{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4906]),0},
+{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4911]),0},
+{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4916]),0},
+{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4921]),0},
+{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4926]),0},
+{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4931]),0},
+{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4936]),0},
 {"wap-wsg-idm-ecid-wtls1","wap-wsg-idm-ecid-wtls1",
-       NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4936]),0},
+       NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4941]),0},
 {"wap-wsg-idm-ecid-wtls3","wap-wsg-idm-ecid-wtls3",
-       NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4941]),0},
+       NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4946]),0},
 {"wap-wsg-idm-ecid-wtls4","wap-wsg-idm-ecid-wtls4",
-       NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4946]),0},
+       NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4951]),0},
 {"wap-wsg-idm-ecid-wtls5","wap-wsg-idm-ecid-wtls5",
-       NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4951]),0},
+       NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4956]),0},
 {"wap-wsg-idm-ecid-wtls6","wap-wsg-idm-ecid-wtls6",
-       NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4956]),0},
+       NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4961]),0},
 {"wap-wsg-idm-ecid-wtls7","wap-wsg-idm-ecid-wtls7",
-       NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4961]),0},
+       NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4966]),0},
 {"wap-wsg-idm-ecid-wtls8","wap-wsg-idm-ecid-wtls8",
-       NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4966]),0},
+       NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4971]),0},
 {"wap-wsg-idm-ecid-wtls9","wap-wsg-idm-ecid-wtls9",
-       NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4971]),0},
+       NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4976]),0},
 {"wap-wsg-idm-ecid-wtls10","wap-wsg-idm-ecid-wtls10",
-       NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4976]),0},
+       NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4981]),0},
 {"wap-wsg-idm-ecid-wtls11","wap-wsg-idm-ecid-wtls11",
-       NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4981]),0},
+       NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4986]),0},
 {"wap-wsg-idm-ecid-wtls12","wap-wsg-idm-ecid-wtls12",
-       NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4986]),0},
-{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4991]),0},
+       NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4991]),0},
+{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4996]),0},
 {"policyMappings","X509v3 Policy Mappings",NID_policy_mappings,3,
-       &(lvalues[4995]),0},
+       &(lvalues[5000]),0},
 {"inhibitAnyPolicy","X509v3 Inhibit Any Policy",
-       NID_inhibit_any_policy,3,&(lvalues[4998]),0},
+       NID_inhibit_any_policy,3,&(lvalues[5003]),0},
 {"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL,0},
 {"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL,0},
 {"CAMELLIA-128-CBC","camellia-128-cbc",NID_camellia_128_cbc,11,
-       &(lvalues[5001]),0},
+       &(lvalues[5006]),0},
 {"CAMELLIA-192-CBC","camellia-192-cbc",NID_camellia_192_cbc,11,
-       &(lvalues[5012]),0},
+       &(lvalues[5017]),0},
 {"CAMELLIA-256-CBC","camellia-256-cbc",NID_camellia_256_cbc,11,
-       &(lvalues[5023]),0},
+       &(lvalues[5028]),0},
 {"CAMELLIA-128-ECB","camellia-128-ecb",NID_camellia_128_ecb,8,
-       &(lvalues[5034]),0},
+       &(lvalues[5039]),0},
 {"CAMELLIA-192-ECB","camellia-192-ecb",NID_camellia_192_ecb,8,
-       &(lvalues[5042]),0},
+       &(lvalues[5047]),0},
 {"CAMELLIA-256-ECB","camellia-256-ecb",NID_camellia_256_ecb,8,
-       &(lvalues[5050]),0},
+       &(lvalues[5055]),0},
 {"CAMELLIA-128-CFB","camellia-128-cfb",NID_camellia_128_cfb128,8,
-       &(lvalues[5058]),0},
+       &(lvalues[5063]),0},
 {"CAMELLIA-192-CFB","camellia-192-cfb",NID_camellia_192_cfb128,8,
-       &(lvalues[5066]),0},
+       &(lvalues[5071]),0},
 {"CAMELLIA-256-CFB","camellia-256-cfb",NID_camellia_256_cfb128,8,
-       &(lvalues[5074]),0},
+       &(lvalues[5079]),0},
 {"CAMELLIA-128-CFB1","camellia-128-cfb1",NID_camellia_128_cfb1,0,NULL,0},
 {"CAMELLIA-192-CFB1","camellia-192-cfb1",NID_camellia_192_cfb1,0,NULL,0},
 {"CAMELLIA-256-CFB1","camellia-256-cfb1",NID_camellia_256_cfb1,0,NULL,0},
@@ -1996,34 +2001,44 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"CAMELLIA-192-CFB8","camellia-192-cfb8",NID_camellia_192_cfb8,0,NULL,0},
 {"CAMELLIA-256-CFB8","camellia-256-cfb8",NID_camellia_256_cfb8,0,NULL,0},
 {"CAMELLIA-128-OFB","camellia-128-ofb",NID_camellia_128_ofb128,8,
-       &(lvalues[5082]),0},
+       &(lvalues[5087]),0},
 {"CAMELLIA-192-OFB","camellia-192-ofb",NID_camellia_192_ofb128,8,
-       &(lvalues[5090]),0},
+       &(lvalues[5095]),0},
 {"CAMELLIA-256-OFB","camellia-256-ofb",NID_camellia_256_ofb128,8,
-       &(lvalues[5098]),0},
+       &(lvalues[5103]),0},
 {"subjectDirectoryAttributes","X509v3 Subject Directory Attributes",
-       NID_subject_directory_attributes,3,&(lvalues[5106]),0},
+       NID_subject_directory_attributes,3,&(lvalues[5111]),0},
 {"issuingDistributionPoint","X509v3 Issuing Distrubution Point",
-       NID_issuing_distribution_point,3,&(lvalues[5109]),0},
+       NID_issuing_distribution_point,3,&(lvalues[5114]),0},
 {"certificateIssuer","X509v3 Certificate Issuer",
-       NID_certificate_issuer,3,&(lvalues[5112]),0},
+       NID_certificate_issuer,3,&(lvalues[5117]),0},
 {NULL,NULL,NID_undef,0,NULL,0},
-{"KISA","kisa",NID_kisa,6,&(lvalues[5115]),0},
+{"KISA","kisa",NID_kisa,6,&(lvalues[5120]),0},
 {NULL,NULL,NID_undef,0,NULL,0},
 {NULL,NULL,NID_undef,0,NULL,0},
-{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5121]),0},
-{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5129]),0},
-{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5137]),0},
-{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5145]),0},
-{"HMAC-MD5","hmac-md5",NID_hmac_md5,8,&(lvalues[5153]),0},
-{"HMAC-SHA1","hmac-sha1",NID_hmac_sha1,8,&(lvalues[5161]),0},
+{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5126]),0},
+{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5134]),0},
+{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5142]),0},
+{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5150]),0},
+{"HMAC-MD5","hmac-md5",NID_hmac_md5,8,&(lvalues[5158]),0},
+{"HMAC-SHA1","hmac-sha1",NID_hmac_sha1,8,&(lvalues[5166]),0},
 {"id-PasswordBasedMAC","password based MAC",NID_id_PasswordBasedMAC,9,
-       &(lvalues[5169]),0},
+       &(lvalues[5174]),0},
 {"id-DHBasedMac","Diffie-Hellman based MAC",NID_id_DHBasedMac,9,
-       &(lvalues[5178]),0},
+       &(lvalues[5183]),0},
 {"id-it-suppLangTags","id-it-suppLangTags",NID_id_it_suppLangTags,8,
-       &(lvalues[5187]),0},
-{"caRepository","CA Repository",NID_caRepository,8,&(lvalues[5195]),0},
+       &(lvalues[5192]),0},
+{"caRepository","CA Repository",NID_caRepository,8,&(lvalues[5200]),0},
+{"id-smime-ct-compressedData","id-smime-ct-compressedData",
+       NID_id_smime_ct_compressedData,11,&(lvalues[5208]),0},
+{"id-ct-asciiTextWithCRLF","id-ct-asciiTextWithCRLF",
+       NID_id_ct_asciiTextWithCRLF,11,&(lvalues[5219]),0},
+{"id-aes128-wrap","id-aes128-wrap",NID_id_aes128_wrap,9,
+       &(lvalues[5230]),0},
+{"id-aes192-wrap","id-aes192-wrap",NID_id_aes192_wrap,9,
+       &(lvalues[5239]),0},
+{"id-aes256-wrap","id-aes256-wrap",NID_id_aes256_wrap,9,
+       &(lvalues[5248]),0},
 };
 
 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -2313,6 +2328,9 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[357]),/* "id-aca-group" */
 &(nid_objs[358]),/* "id-aca-role" */
 &(nid_objs[176]),/* "id-ad" */
+&(nid_objs[788]),/* "id-aes128-wrap" */
+&(nid_objs[789]),/* "id-aes192-wrap" */
+&(nid_objs[790]),/* "id-aes256-wrap" */
 &(nid_objs[262]),/* "id-alg" */
 &(nid_objs[323]),/* "id-alg-des40" */
 &(nid_objs[326]),/* "id-alg-dh-pop" */
@@ -2345,6 +2363,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[332]),/* "id-cmc-senderNonce" */
 &(nid_objs[327]),/* "id-cmc-statusInfo" */
 &(nid_objs[331]),/* "id-cmc-transactionId" */
+&(nid_objs[787]),/* "id-ct-asciiTextWithCRLF" */
 &(nid_objs[408]),/* "id-ecPublicKey" */
 &(nid_objs[508]),/* "id-hex-multipart-message" */
 &(nid_objs[507]),/* "id-hex-partial-message" */
@@ -2459,6 +2478,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[208]),/* "id-smime-ct-TDTInfo" */
 &(nid_objs[207]),/* "id-smime-ct-TSTInfo" */
 &(nid_objs[205]),/* "id-smime-ct-authData" */
+&(nid_objs[786]),/* "id-smime-ct-compressedData" */
 &(nid_objs[209]),/* "id-smime-ct-contentInfo" */
 &(nid_objs[206]),/* "id-smime-ct-publishCert" */
 &(nid_objs[204]),/* "id-smime-ct-receipt" */
@@ -3088,6 +3108,9 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[357]),/* "id-aca-group" */
 &(nid_objs[358]),/* "id-aca-role" */
 &(nid_objs[176]),/* "id-ad" */
+&(nid_objs[788]),/* "id-aes128-wrap" */
+&(nid_objs[789]),/* "id-aes192-wrap" */
+&(nid_objs[790]),/* "id-aes256-wrap" */
 &(nid_objs[262]),/* "id-alg" */
 &(nid_objs[323]),/* "id-alg-des40" */
 &(nid_objs[326]),/* "id-alg-dh-pop" */
@@ -3120,6 +3143,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[332]),/* "id-cmc-senderNonce" */
 &(nid_objs[327]),/* "id-cmc-statusInfo" */
 &(nid_objs[331]),/* "id-cmc-transactionId" */
+&(nid_objs[787]),/* "id-ct-asciiTextWithCRLF" */
 &(nid_objs[408]),/* "id-ecPublicKey" */
 &(nid_objs[508]),/* "id-hex-multipart-message" */
 &(nid_objs[507]),/* "id-hex-partial-message" */
@@ -3228,6 +3252,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[208]),/* "id-smime-ct-TDTInfo" */
 &(nid_objs[207]),/* "id-smime-ct-TSTInfo" */
 &(nid_objs[205]),/* "id-smime-ct-authData" */
+&(nid_objs[786]),/* "id-smime-ct-compressedData" */
 &(nid_objs[209]),/* "id-smime-ct-contentInfo" */
 &(nid_objs[206]),/* "id-smime-ct-publishCert" */
 &(nid_objs[204]),/* "id-smime-ct-receipt" */
@@ -3860,7 +3885,6 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[744]),/* OBJ_wap_wsg_idm_ecid_wtls11      2 23 43 13 4 11 */
 &(nid_objs[745]),/* OBJ_wap_wsg_idm_ecid_wtls12      2 23 43 13 4 12 */
 &(nid_objs[124]),/* OBJ_rle_compression              1 1 1 1 666 1 */
-&(nid_objs[125]),/* OBJ_zlib_compression             1 1 1 1 666 2 */
 &(nid_objs[773]),/* OBJ_kisa                         1 2 410 200004 */
 &(nid_objs[ 1]),/* OBJ_rsadsi                       1 2 840 113549 */
 &(nid_objs[185]),/* OBJ_X9cm                         1 2 840 10040 4 */
@@ -4146,14 +4170,17 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[419]),/* OBJ_aes_128_cbc                  2 16 840 1 101 3 4 1 2 */
 &(nid_objs[420]),/* OBJ_aes_128_ofb128               2 16 840 1 101 3 4 1 3 */
 &(nid_objs[421]),/* OBJ_aes_128_cfb128               2 16 840 1 101 3 4 1 4 */
+&(nid_objs[788]),/* OBJ_id_aes128_wrap               2 16 840 1 101 3 4 1 5 */
 &(nid_objs[422]),/* OBJ_aes_192_ecb                  2 16 840 1 101 3 4 1 21 */
 &(nid_objs[423]),/* OBJ_aes_192_cbc                  2 16 840 1 101 3 4 1 22 */
 &(nid_objs[424]),/* OBJ_aes_192_ofb128               2 16 840 1 101 3 4 1 23 */
 &(nid_objs[425]),/* OBJ_aes_192_cfb128               2 16 840 1 101 3 4 1 24 */
+&(nid_objs[789]),/* OBJ_id_aes192_wrap               2 16 840 1 101 3 4 1 25 */
 &(nid_objs[426]),/* OBJ_aes_256_ecb                  2 16 840 1 101 3 4 1 41 */
 &(nid_objs[427]),/* OBJ_aes_256_cbc                  2 16 840 1 101 3 4 1 42 */
 &(nid_objs[428]),/* OBJ_aes_256_ofb128               2 16 840 1 101 3 4 1 43 */
 &(nid_objs[429]),/* OBJ_aes_256_cfb128               2 16 840 1 101 3 4 1 44 */
+&(nid_objs[790]),/* OBJ_id_aes256_wrap               2 16 840 1 101 3 4 1 45 */
 &(nid_objs[672]),/* OBJ_sha256                       2 16 840 1 101 3 4 2 1 */
 &(nid_objs[673]),/* OBJ_sha384                       2 16 840 1 101 3 4 2 2 */
 &(nid_objs[674]),/* OBJ_sha512                       2 16 840 1 101 3 4 2 3 */
@@ -4274,6 +4301,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[209]),/* OBJ_id_smime_ct_contentInfo      1 2 840 113549 1 9 16 1 6 */
 &(nid_objs[210]),/* OBJ_id_smime_ct_DVCSRequestData  1 2 840 113549 1 9 16 1 7 */
 &(nid_objs[211]),/* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */
+&(nid_objs[786]),/* OBJ_id_smime_ct_compressedData   1 2 840 113549 1 9 16 1 9 */
+&(nid_objs[787]),/* OBJ_id_ct_asciiTextWithCRLF      1 2 840 113549 1 9 16 1 27 */
 &(nid_objs[212]),/* OBJ_id_smime_aa_receiptRequest   1 2 840 113549 1 9 16 2 1 */
 &(nid_objs[213]),/* OBJ_id_smime_aa_securityLabel    1 2 840 113549 1 9 16 2 2 */
 &(nid_objs[214]),/* OBJ_id_smime_aa_mlExpandHistory  1 2 840 113549 1 9 16 2 3 */
@@ -4310,6 +4339,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[245]),/* OBJ_id_smime_alg_ESDH            1 2 840 113549 1 9 16 3 5 */
 &(nid_objs[246]),/* OBJ_id_smime_alg_CMS3DESwrap     1 2 840 113549 1 9 16 3 6 */
 &(nid_objs[247]),/* OBJ_id_smime_alg_CMSRC2wrap      1 2 840 113549 1 9 16 3 7 */
+&(nid_objs[125]),/* OBJ_zlib_compression             1 2 840 113549 1 9 16 3 8 */
 &(nid_objs[248]),/* OBJ_id_smime_cd_ldap             1 2 840 113549 1 9 16 4 1 */
 &(nid_objs[249]),/* OBJ_id_smime_spq_ets_sqt_uri     1 2 840 113549 1 9 16 5 1 */
 &(nid_objs[250]),/* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */
index e4ce03b3f08d7c93572ebf15fd9f3ed5955aa2c4..76d5ec9c0bd0823333a8f6da09ed53bc38e1da96 100644 (file)
 #define NID_id_smime_ct_DVCSResponseData               211
 #define OBJ_id_smime_ct_DVCSResponseData               OBJ_id_smime_ct,8L
 
+#define SN_id_smime_ct_compressedData          "id-smime-ct-compressedData"
+#define NID_id_smime_ct_compressedData         786
+#define OBJ_id_smime_ct_compressedData         OBJ_id_smime_ct,9L
+
+#define SN_id_ct_asciiTextWithCRLF             "id-ct-asciiTextWithCRLF"
+#define NID_id_ct_asciiTextWithCRLF            787
+#define OBJ_id_ct_asciiTextWithCRLF            OBJ_id_smime_ct,27L
+
 #define SN_id_smime_aa_receiptRequest          "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest         212
 #define OBJ_id_smime_aa_receiptRequest         OBJ_id_smime_aa,1L
 #define SN_zlib_compression            "ZLIB"
 #define LN_zlib_compression            "zlib compression"
 #define NID_zlib_compression           125
-#define OBJ_zlib_compression           1L,1L,1L,1L,666L,2L
+#define OBJ_zlib_compression           OBJ_id_smime_alg,8L
 
 #define OBJ_csor               2L,16L,840L,1L,101L,3L
 
 #define LN_des_ede3_cfb8               "des-ede3-cfb8"
 #define NID_des_ede3_cfb8              659
 
+#define SN_id_aes128_wrap              "id-aes128-wrap"
+#define NID_id_aes128_wrap             788
+#define OBJ_id_aes128_wrap             OBJ_aes,5L
+
+#define SN_id_aes192_wrap              "id-aes192-wrap"
+#define NID_id_aes192_wrap             789
+#define OBJ_id_aes192_wrap             OBJ_aes,25L
+
+#define SN_id_aes256_wrap              "id-aes256-wrap"
+#define NID_id_aes256_wrap             790
+#define OBJ_id_aes256_wrap             OBJ_aes,45L
+
 #define OBJ_nist_hashalgs              OBJ_nistAlgorithms,2L
 
 #define SN_sha256              "SHA256"
index 06e4193651b02049e1032413626d5ff6cfbdf6e8..47815b1e4e8694d771b2e55453c5d732d8b71da9 100644 (file)
@@ -783,3 +783,8 @@ id_PasswordBasedMAC         782
 id_DHBasedMac          783
 id_it_suppLangTags             784
 caRepository           785
+id_smime_ct_compressedData             786
+id_ct_asciiTextWithCRLF                787
+id_aes128_wrap         788
+id_aes192_wrap         789
+id_aes256_wrap         790
index bbba5ed04b9164d8e99d1c71f8a0d6278f470259..34c8d1d64732441b32f1d15f3f147af3c4489a33 100644 (file)
@@ -245,6 +245,8 @@ id-smime-ct 5               : id-smime-ct-TDTInfo
 id-smime-ct 6          : id-smime-ct-contentInfo
 id-smime-ct 7          : id-smime-ct-DVCSRequestData
 id-smime-ct 8          : id-smime-ct-DVCSResponseData
+id-smime-ct 9          : id-smime-ct-compressedData
+id-smime-ct 27         : id-ct-asciiTextWithCRLF
 
 # S/MIME Attributes
 id-smime-aa 1          : id-smime-aa-receiptRequest
@@ -778,7 +780,7 @@ mime-mhs-headings 2 : id-hex-multipart-message : id-hex-multipart-message
 !Cname rle-compression
 1 1 1 1 666 1          : RLE                   : run length compression
 !Cname zlib-compression
-1 1 1 1 666 2          : ZLIB                  : zlib compression
+id-smime-alg 8         : ZLIB                  : zlib compression
 
 # AES aka Rijndael
 
@@ -820,6 +822,10 @@ aes 44                     : AES-256-CFB           : aes-256-cfb
                        : DES-EDE3-CFB1         : des-ede3-cfb1
                        : DES-EDE3-CFB8         : des-ede3-cfb8
 
+aes 5                  : id-aes128-wrap 
+aes 25                 : id-aes192-wrap 
+aes 45                 : id-aes256-wrap 
+
 # OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84.
 !Alias nist_hashalgs nistAlgorithms 2
 nist_hashalgs 1                : SHA256                : sha256
index 345fb1dc4d6c0a49e4180e2cc3bd185a585468bc..734200428f6de3fe96c3a56bfa2c9a50d54b6e1d 100644 (file)
@@ -140,6 +140,8 @@ typedef struct X509_crl_st X509_CRL;
 typedef struct X509_name_st X509_NAME;
 typedef struct x509_store_st X509_STORE;
 typedef struct x509_store_ctx_st X509_STORE_CTX;
+typedef struct ssl_st SSL;
+typedef struct ssl_ctx_st SSL_CTX;
 
 typedef struct v3_ext_ctx X509V3_CTX;
 typedef struct conf_st CONF;
index 4e24cc5b5228119cdb95e8df6ce3d01fc1525fa4..670afa670bafee2f1d8bf4bb891fa5ea1d4b253e 100644 (file)
@@ -133,6 +133,7 @@ extern "C" {
 #define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
 #define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
 #define PEM_STRING_ECPRIVATEKEY        "EC PRIVATE KEY"
+#define PEM_STRING_CMS         "CMS"
 
   /* Note that this structure is initialised by PEM_SealInit and cleaned up
      by PEM_SealFinal (at least for now) */
index 8ae2b7d927a2812311b68a5220f85a4c84909d4e..5979122158fd0d14e25ecb29f8c86f063e1a401b 100644 (file)
-#!/usr/bin/env perl
+#!/usr/local/bin/perl
 
 # require 'x86asm.pl';
-# &asm_init(<flavor>,"des-586.pl"[,$i386only]);
-# &function_begin("foo");
-# ...
-# &function_end("foo");
-# &asm_finish
-
-# AUTOLOAD is this context has quite unpleasant side effect, namely
-# that typos in function calls effectively go to assembler output,
-# but on the pros side we don't have to implement one subroutine per
-# each opcode...
-sub ::AUTOLOAD
-{ my $opcode = $AUTOLOAD;
-
-    die "more than 2 arguments passed to $opcode" if ($#_>1);
-
-    $opcode =~ s/.*:://;
-    if    ($opcode =~ /^push/) { $stack+=4; }
-    elsif ($opcode =~ /^pop/)  { $stack-=4; }
-
-    &generic($opcode,@_) or die "undefined subroutine \&$AUTOLOAD";
-}
-
-$out=();
-$i386=0;
-
-sub ::emit
-{ my $opcode=shift;
-
-    if ($#_==-1)    { push(@out,"\t$opcode\n");                                }
-    else            { push(@out,"\t$opcode\t".join(',',@_)."\n");      }
-}
-
-sub ::LB
-{   $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'low byte'";
-  $1."l";
-}
-sub ::HB
-{   $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'high byte'";
-  $1."h";
-}
-sub ::stack_push{ my $num=$_[0]*4; $stack+=$num; &sub("esp",$num);     }
-sub ::stack_pop        { my $num=$_[0]*4; $stack-=$num; &add("esp",$num);      }
-sub ::blindpop { &pop($_[0]); $stack+=4;                               }
-sub ::wparam   { &DWP($stack+4*$_[0],"esp");                           }
-sub ::swtmp    { &DWP(4*$_[0],"esp");                                  }
-
-sub ::bswap
-{   if ($i386) # emulate bswap for i386
-    {  &comment("bswap @_");
-       &xchg(&HB(@_),&LB(@_));
-       &ror (@_,16);
-       &xchg(&HB(@_),&LB(@_));
-    }
-    else
-    {  &generic("bswap",@_);   }
-}
-# These are made-up opcodes introduced over the years essentially
-# by ignorance, just alias them to real ones...
-sub ::movb     { &mov(@_);     }
-sub ::xorb     { &xor(@_);     }
-sub ::rotl     { &rol(@_);     }
-sub ::rotr     { &ror(@_);     }
-sub ::exch     { &xchg(@_);    }
-sub ::halt     { &hlt;         }
-
-sub ::function_begin
-{   &function_begin_B(@_);
-    $stack=4;
-    &push("ebp");
-    &push("ebx");
-    &push("esi");
-    &push("edi");
-}
-
-sub ::function_end
-{   &pop("edi");
-    &pop("esi");
-    &pop("ebx");
-    &pop("ebp");
-    &ret();
-    $stack=0;
-    &function_end_B(@_);
-}
-
-sub ::function_end_A
-{   &pop("edi");
-    &pop("esi");
-    &pop("ebx");
-    &pop("ebp");
-    &ret();
-    $stack+=16;        # readjust esp as if we didn't pop anything
-}
-
-sub ::asciz {   foreach (@_) { &data_byte(unpack("C*",$_),0); }   }
-
-sub ::asm_finish
-{   &file_end();
-    print @out;
-}
-
-sub ::asm_init
-{ my ($type,$fn,$cpu)=@_;
-
-    $filename=$fn;
-    $i386=$cpu;
-
-    $elf=$cpp=$coff=$aout=$win32=$netware=$mwerks=0;
-    if    (($type eq "elf"))
-    {  $elf=1;                 require "x86unix.pl";   }
-    elsif (($type eq "a\.out"))
-    {  $aout=1;                require "x86unix.pl";   }
-    elsif (($type eq "coff" or $type eq "gaswin"))
-    {  $coff=1;                require "x86unix.pl";   }
-    elsif (($type eq "win32n"))
-    {  $win32=1;               require "x86nasm.pl";   }
-    elsif (($type eq "nw-nasm"))
-    {  $netware=1;             require "x86nasm.pl";   }
-    elsif (($type eq "nw-mwasm"))
-    {  $netware=1; $mwerks=1;  require "x86nasm.pl";   }
-    else
-    {  print STDERR <<"EOF";
+# &asm_init("cpp","des-586.pl");
+# XXX
+# XXX
+# main'asm_finish
+
+sub main'asm_finish
+       {
+       &file_end();
+       &asm_finish_cpp() if $cpp;
+       print &asm_get_output();
+       }
+
+sub main'asm_init
+       {
+       ($type,$fn,$i386)=@_;
+       $filename=$fn;
+
+       $elf=$cpp=$coff=$aout=$win32=$netware=$mwerks=0;
+       if (    ($type eq "elf"))
+               { $elf=1; require "x86unix.pl"; }
+       elsif ( ($type eq "a.out"))
+               { $aout=1; require "x86unix.pl"; }
+       elsif ( ($type eq "coff" or $type eq "gaswin"))
+               { $coff=1; require "x86unix.pl"; }
+       elsif ( ($type eq "cpp"))
+               { $cpp=1; require "x86unix.pl"; }
+       elsif ( ($type eq "win32"))
+               { $win32=1; require "x86ms.pl"; }
+       elsif ( ($type eq "win32n"))
+               { $win32=1; require "x86nasm.pl"; }
+       elsif ( ($type eq "nw-nasm"))
+               { $netware=1; require "x86nasm.pl"; }
+       elsif ( ($type eq "nw-mwasm"))
+               { $netware=1; $mwerks=1; require "x86nasm.pl"; }
+       else
+               {
+               print STDERR <<"EOF";
 Pick one target type from
        elf     - Linux, FreeBSD, Solaris x86, etc.
-       a.out   - DJGPP, elder OpenBSD, etc.
+       a.out   - OpenBSD, DJGPP, etc.
        coff    - GAS/COFF such as Win32 targets
+       win32   - Windows 95/Windows NT
        win32n  - Windows 95/Windows NT NASM format
        nw-nasm - NetWare NASM format
        nw-mwasm- NetWare Metrowerks Assembler
 EOF
-       exit(1);
-    }
-
-    $pic=0;
-    for (@ARGV) { $pic=1 if (/\-[fK]PIC/i); }
-
-    $filename =~ s/\.pl$//;
-    &file($filename);
-}
+               exit(1);
+               }
+
+       $pic=0;
+       for (@ARGV) {   $pic=1 if (/\-[fK]PIC/i);       }
+
+       &asm_init_output();
+
+&comment("Don't even think of reading this code");
+&comment("It was automatically generated by $filename");
+&comment("Which is a perl program used to generate the x86 assember for");
+&comment("any of ELF, a.out, COFF, Win32, ...");
+&comment("eric <eay\@cryptsoft.com>");
+&comment("");
+
+       $filename =~ s/\.pl$//;
+       &file($filename);
+       }
+
+sub asm_finish_cpp
+       {
+       return unless $cpp;
+
+       local($tmp,$i);
+       foreach $i (&get_labels())
+               {
+               $tmp.="#define $i _$i\n";
+               }
+       print <<"EOF";
+/* Run the C pre-processor over this file with one of the following defined
+ * ELF - elf object files,
+ * OUT - a.out object files,
+ * BSDI - BSDI style a.out object files
+ * SOL - Solaris style elf
+ */
+
+#define TYPE(a,b)       .type   a,b
+#define SIZE(a,b)       .size   a,b
+
+#if defined(OUT) || (defined(BSDI) && !defined(ELF))
+$tmp
+#endif
+
+#ifdef OUT
+#define OK     1
+#define ALIGN  4
+#if defined(__CYGWIN__) || defined(__DJGPP__) || (__MINGW32__)
+#undef SIZE
+#undef TYPE
+#define SIZE(a,b)
+#define TYPE(a,b)      .def a; .scl 2; .type 32; .endef
+#endif /* __CYGWIN || __DJGPP */
+#endif
+
+#if defined(BSDI) && !defined(ELF)
+#define OK              1
+#define ALIGN           4
+#undef SIZE
+#undef TYPE
+#define SIZE(a,b)
+#define TYPE(a,b)
+#endif
+
+#if defined(ELF) || defined(SOL)
+#define OK              1
+#define ALIGN           16
+#endif
+
+#ifndef OK
+You need to define one of
+ELF - elf systems - linux-elf, NetBSD and DG-UX
+OUT - a.out systems - linux-a.out and FreeBSD
+SOL - solaris systems, which are elf with strange comment lines
+BSDI - a.out with a very primative version of as.
+#endif
+
+/* Let the Assembler begin :-) */
+EOF
+       }
 
 1;
index 68c89e8466a58a1a7f4e17fa09b64ed3d97b540f..fa38f89c09fc7bef2fc0eedc99aa4a91f36c9310 100644 (file)
-#!/usr/bin/env perl
+#!/usr/local/bin/perl
 
 package x86nasm;
 
-*out=\@::out;
-
-$lprfx="\@L";
-$label="000";
-$under=($::netware)?'':'_';
-$initseg="";
-
-sub ::generic
-{ my $opcode=shift;
-  my $tmp;
-
-    if (!$::mwerks)
-    {   if    ($opcode =~ m/^j/o && $#_==0) # optimize jumps
-       {   $_[0] = "NEAR $_[0]";       }
-       elsif ($opcode eq "lea" && $#_==1)# wipe storage qualifier from lea
-       {   $_[1] =~ s/^[^\[]*\[/\[/o;  }
-    }
-    &::emit($opcode,@_);
-  1;
+$label="L000";
+$under=($main'netware)?'':'_';
+
+%lb=(  'eax',  'al',
+       'ebx',  'bl',
+       'ecx',  'cl',
+       'edx',  'dl',
+       'ax',   'al',
+       'bx',   'bl',
+       'cx',   'cl',
+       'dx',   'dl',
+       );
+
+%hb=(  'eax',  'ah',
+       'ebx',  'bh',
+       'ecx',  'ch',
+       'edx',  'dh',
+       'ax',   'ah',
+       'bx',   'bh',
+       'cx',   'ch',
+       'dx',   'dh',
+       );
+
+sub main'asm_init_output { @out=(); }
+sub main'asm_get_output { return(@out); }
+sub main'get_labels { return(@labels); }
+
+sub main'external_label
+{
+       push(@labels,@_);
+       foreach (@_) {
+               push(@out,".") if ($main'mwerks);
+               push(@out, "extern\t${under}$_\n");
+       }
 }
-#
-# opcodes not covered by ::generic above, mostly inconsistent namings...
-#
-sub ::movz     { &::movzx(@_);         }
-sub ::pushf    { &::pushfd;            }
-sub ::popf     { &::popfd;             }
-
-sub ::call     { &::emit("call",(&islabel($_[0]) or "$under$_[0]")); }
-sub ::call_ptr { &::emit("call",@_);   }
-sub ::jmp_ptr  { &::emit("jmp",@_);    }
-
-# chosen SSE instructions
-sub ::movq
-{ my($p1,$p2,$optimize)=@_;
-
-    if ($optimize && $p1=~/^mm[0-7]$/ && $p2=~/^mm[0-7]$/)
-    # movq between mmx registers can sink Intel CPUs
-    {  &::pshufw($p1,$p2,0xe4);                }
-    else
-    {  &::emit("movq",@_);                     }
-}
-sub ::pshufw { &::emit("pshufw",@_); }
+
+sub main'LB
+       {
+       (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
+       return($lb{$_[0]});
+       }
+
+sub main'HB
+       {
+       (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
+       return($hb{$_[0]});
+       }
+
+sub main'BP
+       {
+       &get_mem("BYTE",@_);
+       }
+
+sub main'DWP
+       {
+       &get_mem("DWORD",@_);
+       }
+
+sub main'QWP
+       {
+       &get_mem("",@_);
+       }
+
+sub main'BC
+       {
+       return (($main'mwerks)?"":"BYTE ")."@_";
+       }
+
+sub main'DWC
+       {
+       return (($main'mwerks)?"":"DWORD ")."@_";
+       }
+
+sub main'stack_push
+       {
+       my($num)=@_;
+       $stack+=$num*4;
+       &main'sub("esp",$num*4);
+       }
+
+sub main'stack_pop
+       {
+       my($num)=@_;
+       $stack-=$num*4;
+       &main'add("esp",$num*4);
+       }
 
 sub get_mem
-{ my($size,$addr,$reg1,$reg2,$idx)=@_;
-  my($post,$ret);
-
-    if ($size ne "")
-    {  $ret .= "$size";
-       $ret .= " PTR" if ($::mwerks);
-       $ret .= " ";
-    }
-    $ret .= "[";
-
-    $addr =~ s/^\s+//;
-    # prepend global references with optional underscore
-    $addr =~ s/^([^\+\-0-9][^\+\-]*)/islabel($1) or "$under$1"/ige;
-    # put address arithmetic expression in parenthesis
-    $addr="($addr)" if ($addr =~ /^.+[\-\+].+$/);
-
-    if (($addr ne "") && ($addr ne 0))
-    {  if ($addr !~ /^-/)      { $ret .= "$addr+"; }
-       else                    { $post=$addr;      }
-    }
-
-    if ($reg2 ne "")
-    {  $idx!=0 or $idx=1;
-       $ret .= "$reg2*$idx";
-       $ret .= "+$reg1" if ($reg1 ne "");
-    }
-    else
-    {  $ret .= "$reg1";   }
-
-    $ret .= "$post]";
-    $ret =~ s/\+\]/]/; # in case $addr was the only argument
-
-  $ret;
-}
-sub ::BP       { &get_mem("BYTE",@_);  }
-sub ::DWP      { &get_mem("DWORD",@_); }
-sub ::QWP      { &get_mem("",@_);      }
-sub ::BC       { (($::mwerks)?"":"BYTE ")."@_";  }
-sub ::DWC      { (($::mwerks)?"":"DWORD ")."@_"; }
-
-sub ::file
-{   if ($::mwerks)     { push(@out,".section\t.text\n"); }
-    else
-    { my $tmp=<<___;
+       {
+       my($size,$addr,$reg1,$reg2,$idx)=@_;
+       my($t,$post);
+       my($ret)=$size;
+       if ($ret ne "")
+               {
+               $ret .= " PTR" if ($main'mwerks);
+               $ret .= " ";
+               }
+       $ret .= "[";
+       $addr =~ s/^\s+//;
+       if ($addr =~ /^(.+)\+(.+)$/)
+               {
+               $reg2=&conv($1);
+               $addr="$under$2";
+               }
+       elsif ($addr =~ /^[_a-z][_a-z0-9]*$/i)
+               {
+               $addr="$under$addr";
+               }
+
+       if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; }
+
+       $reg1="$regs{$reg1}" if defined($regs{$reg1});
+       $reg2="$regs{$reg2}" if defined($regs{$reg2});
+       if (($addr ne "") && ($addr ne 0))
+               {
+               if ($addr !~ /^-/)
+                       { $ret.="${addr}+"; }
+               else    { $post=$addr; }
+               }
+       if ($reg2 ne "")
+               {
+               $t="";
+               $t="*$idx" if ($idx != 0);
+               $reg1="+".$reg1 if ("$reg1$post" ne "");
+               $ret.="$reg2$t$reg1$post]";
+               }
+       else
+               {
+               $ret.="$reg1$post]"
+               }
+       $ret =~ s/\+\]/]/; # in case $addr was the only argument
+       return($ret);
+       }
+
+sub main'mov   { &out2("mov",@_); }
+sub main'movb  { &out2("mov",@_); }
+sub main'and   { &out2("and",@_); }
+sub main'or    { &out2("or",@_); }
+sub main'shl   { &out2("shl",@_); }
+sub main'shr   { &out2("shr",@_); }
+sub main'xor   { &out2("xor",@_); }
+sub main'xorb  { &out2("xor",@_); }
+sub main'add   { &out2("add",@_); }
+sub main'adc   { &out2("adc",@_); }
+sub main'sub   { &out2("sub",@_); }
+sub main'sbb   { &out2("sbb",@_); }
+sub main'rotl  { &out2("rol",@_); }
+sub main'rotr  { &out2("ror",@_); }
+sub main'exch  { &out2("xchg",@_); }
+sub main'cmp   { &out2("cmp",@_); }
+sub main'lea   { &out2("lea",@_); }
+sub main'mul   { &out1("mul",@_); }
+sub main'imul  { &out2("imul",@_); }
+sub main'div   { &out1("div",@_); }
+sub main'dec   { &out1("dec",@_); }
+sub main'inc   { &out1("inc",@_); }
+sub main'jmp   { &out1("jmp",@_); }
+sub main'jmp_ptr { &out1p("jmp",@_); }
+
+# This is a bit of a kludge: declare all branches as NEAR.
+$near=($main'mwerks)?'':'NEAR';
+sub main'je    { &out1("je $near",@_); }
+sub main'jle   { &out1("jle $near",@_); }
+sub main'jz    { &out1("jz $near",@_); }
+sub main'jge   { &out1("jge $near",@_); }
+sub main'jl    { &out1("jl $near",@_); }
+sub main'ja    { &out1("ja $near",@_); }
+sub main'jae   { &out1("jae $near",@_); }
+sub main'jb    { &out1("jb $near",@_); }
+sub main'jbe   { &out1("jbe $near",@_); }
+sub main'jc    { &out1("jc $near",@_); }
+sub main'jnc   { &out1("jnc $near",@_); }
+sub main'jnz   { &out1("jnz $near",@_); }
+sub main'jne   { &out1("jne $near",@_); }
+sub main'jno   { &out1("jno $near",@_); }
+
+sub main'push  { &out1("push",@_); $stack+=4; }
+sub main'pop   { &out1("pop",@_); $stack-=4; }
+sub main'pushf { &out0("pushfd"); $stack+=4; }
+sub main'popf  { &out0("popfd"); $stack-=4; }
+sub main'bswap { &out1("bswap",@_); &using486(); }
+sub main'not   { &out1("not",@_); }
+sub main'call  { &out1("call",($_[0]=~/^\@L/?'':$under).$_[0]); }
+sub main'call_ptr { &out1p("call",@_); }
+sub main'ret   { &out0("ret"); }
+sub main'nop   { &out0("nop"); }
+sub main'test  { &out2("test",@_); }
+sub main'bt    { &out2("bt",@_); }
+sub main'leave { &out0("leave"); }
+sub main'cpuid { &out0("cpuid"); }
+sub main'rdtsc { &out0("rdtsc"); }
+sub main'halt  { &out0("hlt"); }
+sub main'movz  { &out2("movzx",@_); }
+sub main'neg   { &out1("neg",@_); }
+sub main'cld   { &out0("cld"); }
+
+# SSE2
+sub main'emms  { &out0("emms"); }
+sub main'movd  { &out2("movd",@_); }
+sub main'movq  { &out2("movq",@_); }
+sub main'movdqu        { &out2("movdqu",@_); }
+sub main'movdqa        { &out2("movdqa",@_); }
+sub main'movdq2q{ &out2("movdq2q",@_); }
+sub main'movq2dq{ &out2("movq2dq",@_); }
+sub main'paddq { &out2("paddq",@_); }
+sub main'pmuludq{ &out2("pmuludq",@_); }
+sub main'psrlq { &out2("psrlq",@_); }
+sub main'psllq { &out2("psllq",@_); }
+sub main'pxor  { &out2("pxor",@_); }
+sub main'por   { &out2("por",@_); }
+sub main'pand  { &out2("pand",@_); }
+
+sub out2
+       {
+       my($name,$p1,$p2)=@_;
+       my($l,$t);
+
+       push(@out,"\t$name\t");
+       if (!$main'mwerks and $name eq "lea")
+               {
+               $p1 =~ s/^[^\[]*\[/\[/;
+               $p2 =~ s/^[^\[]*\[/\[/;
+               }
+       $t=&conv($p1).",";
+       $l=length($t);
+       push(@out,$t);
+       $l=4-($l+9)/8;
+       push(@out,"\t" x $l);
+       push(@out,&conv($p2));
+       push(@out,"\n");
+       }
+
+sub out0
+       {
+       my($name)=@_;
+
+       push(@out,"\t$name\n");
+       }
+
+sub out1
+       {
+       my($name,$p1)=@_;
+       my($l,$t);
+       push(@out,"\t$name\t".&conv($p1)."\n");
+       }
+
+sub conv
+       {
+       my($p)=@_;
+       $p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
+       return $p;
+       }
+
+sub using486
+       {
+       return if $using486;
+       $using486++;
+       grep(s/\.386/\.486/,@out);
+       }
+
+sub main'file
+       {
+       if ($main'mwerks)       { push(@out,".section\t.text\n"); }
+       else    {
+               local $tmp=<<___;
 %ifdef __omf__
-section        code    use32 class=code align=64
+section        code    use32 class=code
 %else
-section        .text   code align=64
+section        .text
 %endif
 ___
+               push(@out,$tmp);
+               }
+       }
+
+sub main'function_begin
+       {
+       my($func,$extra)=@_;
+
+       push(@labels,$func);
+       push(@out,".") if ($main'mwerks);
+       my($tmp)=<<"EOF";
+global $under$func
+$under$func:
+       push    ebp
+       push    ebx
+       push    esi
+       push    edi
+EOF
        push(@out,$tmp);
-    }
-}
+       $stack=20;
+       }
+
+sub main'function_begin_B
+       {
+       my($func,$extra)=@_;
+       push(@out,".") if ($main'mwerks);
+       my($tmp)=<<"EOF";
+global $under$func
+$under$func:
+EOF
+       push(@out,$tmp);
+       $stack=4;
+       }
 
-sub ::function_begin_B
-{ my $func=$under.shift;
-  my $tmp=<<___;
-global $func
-align  16
-$func:
-___
-    push(@out,$tmp);
-    $::stack=4;
-}
-sub ::function_end_B
-{ my $i;
-    foreach $i (%label) { undef $label{$i} if ($label{$i} =~ /^$prfx/);  }
-    $::stack=0;
-}
+sub main'function_end
+       {
+       my($func)=@_;
 
-sub ::file_end
-{   # try to detect if SSE2 or MMX extensions were used on Win32...
-    if ($::win32 && grep {/\b[x]?mm[0-7]\b|OPENSSL_ia32cap_P\b/i} @out)
-    {  # $1<<10 sets a reserved bit to signal that variable
-       # was initialized already...
-       my $code=<<___;
-align  16
-${lprfx}OPENSSL_ia32cap_init:
-       lea     edx,[${under}OPENSSL_ia32cap_P]
-       cmp     DWORD [edx],0
-       jne     NEAR ${lprfx}nocpuid
-       mov     DWORD [edx],1<<10
-       pushfd
-       pop     eax
-       mov     ecx,eax
-       xor     eax,1<<21
-       push    eax
-       popfd
-       pushfd
-       pop     eax
-       xor     eax,ecx
-       bt      eax,21
-       jnc     NEAR ${lprfx}nocpuid
-       push    ebp
-       push    edi
-       push    ebx
-       mov     edi,edx
-       xor     eax,eax
-       cpuid
-       xor     eax,eax
-       cmp     ebx,'Genu'
-       setne   al
-       mov     ebp,eax
-       cmp     edx,'ineI'
-       setne   al
-       or      ebp,eax
-       cmp     eax,'ntel'
-       setne   al
-       or      ebp,eax
-       mov     eax,1
-       cpuid
-       cmp     ebp,0
-       jne     ${lprfx}notP4
-       and     ah,15
-       cmp     ah,15
-       jne     ${lprfx}notP4
-       or      edx,1<<20
-${lprfx}notP4:
-       bt      edx,28
-       jnc     ${lprfx}done
-       shr     ebx,16
-       cmp     bl,1
-       ja      ${lprfx}done
-       and     edx,0xefffffff
-${lprfx}done:
-       or      edx,1<<10
-       mov     DWORD [edi],edx
-       pop     ebx
+       my($tmp)=<<"EOF";
        pop     edi
+       pop     esi
+       pop     ebx
        pop     ebp
-${lprfx}nocpuid:
        ret
-segment        .CRT\$XCU data align=4
-dd     ${lprfx}OPENSSL_ia32cap_init
-___
-       my $data=<<___;
-segment        .bss
-common ${under}OPENSSL_ia32cap_P 4
-___
-
-       #<not needed in OpenSSL context>#push (@out,$code);
-
-       # comment out OPENSSL_ia32cap_P declarations
-       grep {s/(^extern\s+${under}OPENSSL_ia32cap_P)/\;$1/} @out;
-       push (@out,$data)
-    }
-    push (@out,$initseg) if ($initseg);                
-}
-
-sub ::comment {   foreach (@_) { push(@out,"\t; $_\n"); }   }
-
-sub islabel    # see is argument is known label
-{ my $i;
-    foreach $i (%label) { return $label{$i} if ($label{$i} eq $_[0]); }
-  undef;
-}
-
-sub ::external_label
-{   push(@labels,@_);
-    foreach (@_)
-    {  push(@out,".") if ($::mwerks);
-       push(@out, "extern\t${under}$_\n");
-    }
-}
+EOF
+       push(@out,$tmp);
+       $stack=0;
+       %label=();
+       }
 
-sub ::public_label
-{   $label{$_[0]}="${under}${_[0]}" if (!defined($label{$_[0]}));
-    push(@out,"global\t$label{$_[0]}\n");
-}
+sub main'function_end_B
+       {
+       $stack=0;
+       %label=();
+       }
 
-sub ::label
-{   if (!defined($label{$_[0]}))
-    {  $label{$_[0]}="${lprfx}${label}${_[0]}"; $label++;   }
-  $label{$_[0]};
-}
+sub main'function_end_A
+       {
+       my($func)=@_;
 
-sub ::set_label
-{ my $label=&::label($_[0]);
-    &::align($_[1]) if ($_[1]>1);
-    push(@out,"$label{$_[0]}:\n");
-}
+       my($tmp)=<<"EOF";
+       pop     edi
+       pop     esi
+       pop     ebx
+       pop     ebp
+       ret
+EOF
+       push(@out,$tmp);
+       }
 
-sub ::data_byte
-{   push(@out,(($::mwerks)?".byte\t":"db\t").join(',',@_)."\n");       }
+sub main'file_end
+       {
+       }
 
-sub ::data_word
-{   push(@out,(($::mwerks)?".long\t":"dd\t").join(',',@_)."\n");       }
+sub main'wparam
+       {
+       my($num)=@_;
 
-sub ::align
-{   push(@out,".") if ($::mwerks); push(@out,"align\t$_[0]\n");        }
+       return(&main'DWP($stack+$num*4,"esp","",0));
+       }
 
-sub ::picmeup
-{ my($dst,$sym)=@_;
-    &::lea($dst,&::DWP($sym));
-}
+sub main'swtmp
+       {
+       return(&main'DWP($_[0]*4,"esp","",0));
+       }
 
-sub ::initseg
-{ my($f)=$under.shift;
-    if ($::win32)
-    {  $initseg=<<___;
-segment        .CRT\$XCU data align=4
-extern $f
-dd     $f
+# Should use swtmp, which is above esp.  Linix can trash the stack above esp
+#sub main'wtmp
+#      {
+#      my($num)=@_;
+#
+#      return(&main'DWP(-(($num+1)*4),"esp","",0));
+#      }
+
+sub main'comment
+       {
+       foreach (@_)
+               {
+               push(@out,"\t; $_\n");
+               }
+       }
+
+sub main'public_label
+       {
+       $label{$_[0]}="${under}${_[0]}" if (!defined($label{$_[0]}));
+       push(@out,".") if ($main'mwerks);
+       push(@out,"global\t$label{$_[0]}\n");
+       }
+
+sub main'label
+       {
+       if (!defined($label{$_[0]}))
+               {
+               $label{$_[0]}="\@${label}${_[0]}";
+               $label++;
+               }
+       return($label{$_[0]});
+       }
+
+sub main'set_label
+       {
+       if (!defined($label{$_[0]}))
+               {
+               $label{$_[0]}="\@${label}${_[0]}";
+               $label++;
+               }
+       if ($_[1]!=0 && $_[1]>1)
+               {
+               main'align($_[1]);
+               }
+       push(@out,"$label{$_[0]}:\n");
+       }
+
+sub main'data_byte
+       {
+       push(@out,(($main'mwerks)?".byte\t":"DB\t").join(',',@_)."\n");
+       }
+
+sub main'data_word
+       {
+       push(@out,(($main'mwerks)?".long\t":"DD\t").join(',',@_)."\n");
+       }
+
+sub main'align
+       {
+       push(@out,".") if ($main'mwerks);
+       push(@out,"align\t$_[0]\n");
+       }
+
+sub out1p
+       {
+       my($name,$p1)=@_;
+       my($l,$t);
+
+       push(@out,"\t$name\t".&conv($p1)."\n");
+       }
+
+sub main'picmeup
+       {
+       local($dst,$sym)=@_;
+       &main'lea($dst,&main'DWP($sym));
+       }
+
+sub main'blindpop { &out1("pop",@_); }
+
+sub main'initseg
+       {
+       local($f)=@_;
+       if ($main'win32)
+               {
+               local($tmp)=<<___;
+segment        .CRT\$XCU data
+extern $under$f
+DD     $under$f
 ___
-    }
-}
+               push(@out,$tmp);
+               }
+       }
 
 1;
index 8e3e4bd3837376e36c154961a9e365213dbe000a..a4c947165e535033e315cf7079defbc8664b7322 100644 (file)
-#!/usr/bin/env perl
+#!/usr/local/bin/perl
 
 package x86unix;       # GAS actually...
 
-*out=\@::out;
-
 $label="L000";
+$const="";
+$constl=0;
+
+$align=($main'aout)?"4":"16";
+$under=($main'aout or $main'coff)?"_":"";
+$dot=($main'aout)?"":".";
+$com_start="#" if ($main'aout or $main'coff);
+
+sub main'asm_init_output { @out=(); }
+sub main'asm_get_output { return(@out); }
+sub main'get_labels { return(@labels); }
+sub main'external_label { push(@labels,@_); }
+
+if ($main'cpp)
+       {
+       $align="ALIGN";
+       $under="";
+       $com_start='/*';
+       $com_end='*/';
+       }
+
+%lb=(  'eax',  '%al',
+       'ebx',  '%bl',
+       'ecx',  '%cl',
+       'edx',  '%dl',
+       'ax',   '%al',
+       'bx',   '%bl',
+       'cx',   '%cl',
+       'dx',   '%dl',
+       );
+
+%hb=(  'eax',  '%ah',
+       'ebx',  '%bh',
+       'ecx',  '%ch',
+       'edx',  '%dh',
+       'ax',   '%ah',
+       'bx',   '%bh',
+       'cx',   '%ch',
+       'dx',   '%dh',
+       );
+
+%regs=(        'eax',  '%eax',
+       'ebx',  '%ebx',
+       'ecx',  '%ecx',
+       'edx',  '%edx',
+       'esi',  '%esi',
+       'edi',  '%edi',
+       'ebp',  '%ebp',
+       'esp',  '%esp',
+
+       'mm0',  '%mm0',
+       'mm1',  '%mm1',
+       'mm2',  '%mm2',
+       'mm3',  '%mm3',
+       'mm4',  '%mm4',
+       'mm5',  '%mm5',
+       'mm6',  '%mm6',
+       'mm7',  '%mm7',
+
+       'xmm0', '%xmm0',
+       'xmm1', '%xmm1',
+       'xmm2', '%xmm2',
+       'xmm3', '%xmm3',
+       'xmm4', '%xmm4',
+       'xmm5', '%xmm5',
+       'xmm6', '%xmm6',
+       'xmm7', '%xmm7',
+       );
+
+%reg_val=(
+       'eax',  0x00,
+       'ebx',  0x03,
+       'ecx',  0x01,
+       'edx',  0x02,
+       'esi',  0x06,
+       'edi',  0x07,
+       'ebp',  0x05,
+       'esp',  0x04,
+       );
+
+sub main'LB
+       {
+       (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
+       return($lb{$_[0]});
+       }
+
+sub main'HB
+       {
+       (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
+       return($hb{$_[0]});
+       }
+
+sub main'DWP
+       {
+       local($addr,$reg1,$reg2,$idx)=@_;
+
+       $ret="";
+       $addr =~ s/(^|[+ \t])([A-Za-z_]+[A-Za-z0-9_]+)($|[+ \t])/$1$under$2$3/;
+       $reg1="$regs{$reg1}" if defined($regs{$reg1});
+       $reg2="$regs{$reg2}" if defined($regs{$reg2});
+       $ret.=$addr if ($addr ne "") && ($addr ne 0);
+       if ($reg2 ne "")
+               {
+               if($idx ne "" && $idx != 0)
+                   { $ret.="($reg1,$reg2,$idx)"; }
+               else
+                   { $ret.="($reg1,$reg2)"; }
+               }
+       elsif ($reg1 ne "")
+               { $ret.="($reg1)" }
+       return($ret);
+       }
+
+sub main'QWP
+       {
+       return(&main'DWP(@_));
+       }
+
+sub main'BP
+       {
+       return(&main'DWP(@_));
+       }
+
+sub main'BC
+       {
+       return @_;
+       }
+
+sub main'DWC
+       {
+       return @_;
+       }
 
-$align=($::aout)?"4":"16";
-$under=($::aout or $::coff)?"_":"";
-$dot=($::aout)?"":".";
-$com_start="#" if ($::aout or $::coff);
-
-sub opsize()
-{ my $reg=shift;
-    if    ($reg =~ m/^%e/o)            { "l"; }
-    elsif ($reg =~ m/^%[a-d][hl]$/o)   { "b"; }
-    elsif ($reg =~ m/^%[xm]/o)         { undef; }
-    else                               { "w"; }
-}
-
-# swap arguments;
-# expand opcode with size suffix;
-# prefix numeric constants with $;
-sub ::generic
-{ my($opcode,$dst,$src)=@_;
-  my($tmp,$suffix,@arg);
-
-    if (defined($src))
-    {  $src =~ s/^(e?[a-dsixphl]{2})$/%$1/o;
-       $src =~ s/^(x?mm[0-7])$/%$1/o;
-       $src =~ s/^(\-?[0-9]+)$/\$$1/o;
-       $src =~ s/^(\-?0x[0-9a-f]+)$/\$$1/o;
-       push(@arg,$src);
-    }
-    if (defined($dst))
-    {  $dst =~ s/^(\*?)(e?[a-dsixphl]{2})$/$1%$2/o;
-       $dst =~ s/^(x?mm[0-7])$/%$1/o;
-       $dst =~ s/^(\-?[0-9]+)$/\$$1/o          if(!defined($src));
-       $dst =~ s/^(\-?0x[0-9a-f]+)$/\$$1/o     if(!defined($src));
-       push(@arg,$dst);
-    }
-
-    if    ($dst =~ m/^%/o)     { $suffix=&opsize($dst); }
-    elsif ($src =~ m/^%/o)     { $suffix=&opsize($src); }
-    else                       { $suffix="l";           }
-    undef $suffix if ($dst =~ m/^%[xm]/o || $src =~ m/^%[xm]/o);
-
-    if ($#_==0)                                { &::emit($opcode);             }
-    elsif ($opcode =~ m/^j/o && $#_==1)        { &::emit($opcode,@arg);        }
-    elsif ($opcode eq "call" && $#_==1)        { &::emit($opcode,@arg);        }
-    elsif ($opcode =~ m/^set/&& $#_==1)        { &::emit($opcode,@arg);        }
-    else                               { &::emit($opcode.$suffix,@arg);}
-
-  1;
-}
+#sub main'BP
+#      {
+#      local($addr,$reg1,$reg2,$idx)=@_;
+#
+#      $ret="";
 #
-# opcodes not covered by ::generic above, mostly inconsistent namings...
+#      $addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/;
+#      $reg1="$regs{$reg1}" if defined($regs{$reg1});
+#      $reg2="$regs{$reg2}" if defined($regs{$reg2});
+#      $ret.=$addr if ($addr ne "") && ($addr ne 0);
+#      if ($reg2 ne "")
+#              { $ret.="($reg1,$reg2,$idx)"; }
+#      else
+#              { $ret.="($reg1)" }
+#      return($ret);
+#      }
+
+sub main'mov   { &out2("movl",@_); }
+sub main'movb  { &out2("movb",@_); }
+sub main'and   { &out2("andl",@_); }
+sub main'or    { &out2("orl",@_); }
+sub main'shl   { &out2("sall",@_); }
+sub main'shr   { &out2("shrl",@_); }
+sub main'xor   { &out2("xorl",@_); }
+sub main'xorb  { &out2("xorb",@_); }
+sub main'add   { &out2($_[0]=~/%[a-d][lh]/?"addb":"addl",@_); }
+sub main'adc   { &out2("adcl",@_); }
+sub main'sub   { &out2("subl",@_); }
+sub main'sbb   { &out2("sbbl",@_); }
+sub main'rotl  { &out2("roll",@_); }
+sub main'rotr  { &out2("rorl",@_); }
+sub main'exch  { &out2($_[0]=~/%[a-d][lh]/?"xchgb":"xchgl",@_); }
+sub main'cmp   { &out2("cmpl",@_); }
+sub main'lea   { &out2("leal",@_); }
+sub main'mul   { &out1("mull",@_); }
+sub main'imul  { &out2("imull",@_); }
+sub main'div   { &out1("divl",@_); }
+sub main'jmp   { &out1("jmp",@_); }
+sub main'jmp_ptr { &out1p("jmp",@_); }
+sub main'je    { &out1("je",@_); }
+sub main'jle   { &out1("jle",@_); }
+sub main'jne   { &out1("jne",@_); }
+sub main'jnz   { &out1("jnz",@_); }
+sub main'jz    { &out1("jz",@_); }
+sub main'jge   { &out1("jge",@_); }
+sub main'jl    { &out1("jl",@_); }
+sub main'ja    { &out1("ja",@_); }
+sub main'jae   { &out1("jae",@_); }
+sub main'jb    { &out1("jb",@_); }
+sub main'jbe   { &out1("jbe",@_); }
+sub main'jc    { &out1("jc",@_); }
+sub main'jnc   { &out1("jnc",@_); }
+sub main'jno   { &out1("jno",@_); }
+sub main'dec   { &out1("decl",@_); }
+sub main'inc   { &out1($_[0]=~/%[a-d][hl]/?"incb":"incl",@_); }
+sub main'push  { &out1("pushl",@_); $stack+=4; }
+sub main'pop   { &out1("popl",@_); $stack-=4; }
+sub main'pushf { &out0("pushfl"); $stack+=4; }
+sub main'popf  { &out0("popfl"); $stack-=4; }
+sub main'not   { &out1("notl",@_); }
+sub main'call  {       my $pre=$under;
+                       foreach $i (%label)
+                       { if ($label{$i} eq $_[0]) { $pre=''; last; } }
+                       &out1("call",$pre.$_[0]);
+               }
+sub main'call_ptr { &out1p("call",@_); }
+sub main'ret   { &out0("ret"); }
+sub main'nop   { &out0("nop"); }
+sub main'test  { &out2("testl",@_); }
+sub main'bt    { &out2("btl",@_); }
+sub main'leave { &out0("leave"); }
+sub main'cpuid { &out0(".byte\t0x0f,0xa2"); }
+sub main'rdtsc { &out0(".byte\t0x0f,0x31"); }
+sub main'halt  { &out0("hlt"); }
+sub main'movz  { &out2("movzbl",@_); }
+sub main'neg   { &out1("negl",@_); }
+sub main'cld   { &out0("cld"); }
+
+# SSE2
+sub main'emms  { &out0("emms"); }
+sub main'movd  { &out2("movd",@_); }
+sub main'movdqu        { &out2("movdqu",@_); }
+sub main'movdqa        { &out2("movdqa",@_); }
+sub main'movdq2q{ &out2("movdq2q",@_); }
+sub main'movq2dq{ &out2("movq2dq",@_); }
+sub main'paddq { &out2("paddq",@_); }
+sub main'pmuludq{ &out2("pmuludq",@_); }
+sub main'psrlq { &out2("psrlq",@_); }
+sub main'psllq { &out2("psllq",@_); }
+sub main'pxor  { &out2("pxor",@_); }
+sub main'por   { &out2("por",@_); }
+sub main'pand  { &out2("pand",@_); }
+sub main'movq  {
+       local($p1,$p2,$optimize)=@_;
+       if ($optimize && $p1=~/^mm[0-7]$/ && $p2=~/^mm[0-7]$/)
+               # movq between mmx registers can sink Intel CPUs
+               {       push(@out,"\tpshufw\t\$0xe4,%$p2,%$p1\n");      }
+       else    {       &out2("movq",@_);                               }
+       }
+
+# The bswapl instruction is new for the 486. Emulate if i386.
+sub main'bswap
+       {
+       if ($main'i386)
+               {
+               &main'comment("bswapl @_");
+               &main'exch(main'HB(@_),main'LB(@_));
+               &main'rotr(@_,16);
+               &main'exch(main'HB(@_),main'LB(@_));
+               }
+       else
+               {
+               &out1("bswapl",@_);
+               }
+       }
+
+sub out2
+       {
+       local($name,$p1,$p2)=@_;
+       local($l,$ll,$t);
+       local(%special)=(       "roll",0xD1C0,"rorl",0xD1C8,
+                               "rcll",0xD1D0,"rcrl",0xD1D8,
+                               "shll",0xD1E0,"shrl",0xD1E8,
+                               "sarl",0xD1F8);
+       
+       if ((defined($special{$name})) && defined($regs{$p1}) && ($p2 == 1))
+               {
+               $op=$special{$name}|$reg_val{$p1};
+               $tmp1=sprintf(".byte %d\n",($op>>8)&0xff);
+               $tmp2=sprintf(".byte %d\t",$op     &0xff);
+               push(@out,$tmp1);
+               push(@out,$tmp2);
+
+               $p2=&conv($p2);
+               $p1=&conv($p1);
+               &main'comment("$name $p2 $p1");
+               return;
+               }
+
+       push(@out,"\t$name\t");
+       $t=&conv($p2).",";
+       $l=length($t);
+       push(@out,$t);
+       $ll=4-($l+9)/8;
+       $tmp1=sprintf("\t" x $ll);
+       push(@out,$tmp1);
+       push(@out,&conv($p1)."\n");
+       }
+
+sub out1
+       {
+       local($name,$p1)=@_;
+       local($l,$t);
+       local(%special)=("bswapl",0x0FC8);
+
+       if ((defined($special{$name})) && defined($regs{$p1}))
+               {
+               $op=$special{$name}|$reg_val{$p1};
+               $tmp1=sprintf(".byte %d\n",($op>>8)&0xff);
+               $tmp2=sprintf(".byte %d\t",$op     &0xff);
+               push(@out,$tmp1);
+               push(@out,$tmp2);
+
+               $p2=&conv($p2);
+               $p1=&conv($p1);
+               &main'comment("$name $p2 $p1");
+               return;
+               }
+
+       push(@out,"\t$name\t".&conv($p1)."\n");
+       }
+
+sub out1p
+       {
+       local($name,$p1)=@_;
+       local($l,$t);
+
+       push(@out,"\t$name\t*".&conv($p1)."\n");
+       }
+
+sub out0
+       {
+       push(@out,"\t$_[0]\n");
+       }
+
+sub conv
+       {
+       local($p)=@_;
+
+#      $p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
+
+       $p=$regs{$p} if (defined($regs{$p}));
+
+       $p =~ s/^(-{0,1}[0-9A-Fa-f]+)$/\$$1/;
+       $p =~ s/^(0x[0-9A-Fa-f]+)$/\$$1/;
+       return $p;
+       }
+
+sub main'file
+       {
+       local($file)=@_;
+
+       local($tmp)=<<"EOF";
+       .file   "$file.s"
+EOF
+       push(@out,$tmp);
+       }
+
+sub main'function_begin
+       {
+       local($func)=@_;
+
+       &main'external_label($func);
+       $func=$under.$func;
+
+       local($tmp)=<<"EOF";
+.text
+.globl $func
+EOF
+       push(@out,$tmp);
+       if ($main'cpp)
+               { $tmp=push(@out,"TYPE($func,\@function)\n"); }
+       elsif ($main'coff)
+               { $tmp=push(@out,".def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); }
+       elsif ($main'aout and !$main'pic)
+               { }
+       else    { $tmp=push(@out,".type\t$func,\@function\n"); }
+       push(@out,".align\t$align\n");
+       push(@out,"$func:\n");
+       $tmp=<<"EOF";
+       pushl   %ebp
+       pushl   %ebx
+       pushl   %esi
+       pushl   %edi
+
+EOF
+       push(@out,$tmp);
+       $stack=20;
+       }
+
+sub main'function_begin_B
+       {
+       local($func,$extra)=@_;
+
+       &main'external_label($func);
+       $func=$under.$func;
+
+       local($tmp)=<<"EOF";
+.text
+.globl $func
+EOF
+       push(@out,$tmp);
+       if ($main'cpp)
+               { push(@out,"TYPE($func,\@function)\n"); }
+       elsif ($main'coff)
+               { $tmp=push(@out,".def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); }
+       elsif ($main'aout and !$main'pic)
+               { }
+       else    { push(@out,".type      $func,\@function\n"); }
+       push(@out,".align\t$align\n");
+       push(@out,"$func:\n");
+       $stack=4;
+       }
+
+sub main'function_end
+       {
+       local($func)=@_;
+
+       $func=$under.$func;
+
+       local($tmp)=<<"EOF";
+       popl    %edi
+       popl    %esi
+       popl    %ebx
+       popl    %ebp
+       ret
+${dot}L_${func}_end:
+EOF
+       push(@out,$tmp);
+
+       if ($main'cpp)
+               { push(@out,"SIZE($func,${dot}L_${func}_end-$func)\n"); }
+       elsif ($main'coff or $main'aout)
+                { }
+       else    { push(@out,".size\t$func,${dot}L_${func}_end-$func\n"); }
+       push(@out,".ident       \"$func\"\n");
+       $stack=0;
+       %label=();
+       }
+
+sub main'function_end_A
+       {
+       local($func)=@_;
+
+       local($tmp)=<<"EOF";
+       popl    %edi
+       popl    %esi
+       popl    %ebx
+       popl    %ebp
+       ret
+EOF
+       push(@out,$tmp);
+       }
+
+sub main'function_end_B
+       {
+       local($func)=@_;
+
+       $func=$under.$func;
+
+       push(@out,"${dot}L_${func}_end:\n");
+       if ($main'cpp)
+               { push(@out,"SIZE($func,${dot}L_${func}_end-$func)\n"); }
+        elsif ($main'coff or $main'aout)
+                { }
+       else    { push(@out,".size\t$func,${dot}L_${func}_end-$func\n"); }
+       push(@out,".ident       \"$func\"\n");
+       $stack=0;
+       %label=();
+       }
+
+sub main'wparam
+       {
+       local($num)=@_;
+
+       return(&main'DWP($stack+$num*4,"esp","",0));
+       }
+
+sub main'stack_push
+       {
+       local($num)=@_;
+       $stack+=$num*4;
+       &main'sub("esp",$num*4);
+       }
+
+sub main'stack_pop
+       {
+       local($num)=@_;
+       $stack-=$num*4;
+       &main'add("esp",$num*4);
+       }
+
+sub main'swtmp
+       {
+       return(&main'DWP($_[0]*4,"esp","",0));
+       }
+
+# Should use swtmp, which is above esp.  Linix can trash the stack above esp
+#sub main'wtmp
+#      {
+#      local($num)=@_;
 #
-sub ::movz     { &::movzb(@_);                 }
-sub ::pushf    { &::pushfl;                    }
-sub ::popf     { &::popfl;                     }
-sub ::cpuid    { &::emit(".byte\t0x0f,0xa2");  }
-sub ::rdtsc    { &::emit(".byte\t0x0f,0x31");  }
-
-sub ::call     { &::emit("call",(&islabel($_[0]) or "$under$_[0]")); }
-sub ::call_ptr { &::generic("call","*$_[0]");  }
-sub ::jmp_ptr  { &::generic("jmp","*$_[0]");   }
-
-*::bswap = sub { &::emit("bswap","%$_[0]");    } if (!$::i386);
-
-# chosen SSE instructions
-sub ::movq
-{ my($p1,$p2,$optimize)=@_;
-    if ($optimize && $p1=~/^mm[0-7]$/ && $p2=~/^mm[0-7]$/)
-    # movq between mmx registers can sink Intel CPUs
-    {  &::pshufw($p1,$p2,0xe4);        }
-    else
-    {  &::generic("movq",@_);  }
-}
-sub ::pshufw
-{ my($dst,$src,$magic)=@_;
-    &::emit("pshufw","\$$magic","%$src","%$dst");
-}
-
-sub ::DWP
-{ my($addr,$reg1,$reg2,$idx)=@_;
-  my $ret="";
-
-    $addr =~ s/^\s+//;
-    # prepend global references with optional underscore
-    $addr =~ s/^([^\+\-0-9][^\+\-]*)/islabel($1) or "$under$1"/ige;
-
-    $reg1 = "%$reg1" if ($reg1);
-    $reg2 = "%$reg2" if ($reg2);
-
-    $ret .= $addr if (($addr ne "") && ($addr ne 0));
-
-    if ($reg2)
-    {  $idx!= 0 or $idx=1;
-       $ret .= "($reg1,$reg2,$idx)";
-    }
-    elsif ($reg1)
-    {  $ret .= "($reg1)";      }
-
-  $ret;
-}
-sub ::QWP      { &::DWP(@_);   }
-sub ::BP       { &::DWP(@_);   }
-sub ::BC       { @_;           }
-sub ::DWC      { @_;           }
-
-sub ::file
-{   push(@out,".file\t\"$_[0].s\"\n"); }
-
-sub ::function_begin_B
-{ my($func,$extra)=@_;
-  my $tmp;
-
-    &::external_label($func);
-    $func=$under.$func;
-
-    push(@out,".text\n.globl\t$func\n");
-    if ($::coff)
-    {  push(@out,".def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); }
-    elsif ($::aout and !$::pic)
-    { }
-    else
-    {  push(@out,".type        $func,\@function\n"); }
-    push(@out,".align\t$align\n");
-    push(@out,"$func:\n");
-    $::stack=4;
-}
-
-sub ::function_end_B
-{ my($func)=@_;
-
-    $func=$under.$func;
-    push(@out,"${dot}L_${func}_end:\n");
-    if ($::elf)
-    {  push(@out,".size\t$func,${dot}L_${func}_end-$func\n"); }
-    $::stack=0;
-    %label=();
-}
-
-sub ::comment
-       {
-       if (!defined($com_start) or $::elf)
-               {       # Regarding $::elf above...
+#      return(&main'DWP(-($num+1)*4,"esp","",0));
+#      }
+
+sub main'comment
+       {
+       if (!defined($com_start) or $main'elf)
+               {       # Regarding $main'elf above...
                        # GNU and SVR4 as'es use different comment delimiters,
                push(@out,"\n");        # so we just skip ELF comments...
                return;
@@ -160,167 +508,218 @@ sub ::comment
                }
        }
 
-sub islabel    # see is argument is a known label
-{ my $i;
-    foreach $i (%label) { return $label{$i} if ($label{$i} eq $_[0]); }
-  undef;
-}
-
-sub ::external_label { push(@labels,@_); }
-
-sub ::public_label
-{   $label{$_[0]}="${under}${_[0]}"    if (!defined($label{$_[0]}));
-    push(@out,".globl\t$label{$_[0]}\n");
-}
-
-sub ::label
-{   if (!defined($label{$_[0]}))
-    {  $label{$_[0]}="${dot}${label}${_[0]}"; $label++;   }
-  $label{$_[0]};
-}
-
-sub ::set_label
-{ my $label=&::label($_[0]);
-    &::align($_[1]) if ($_[1]>1);
-    push(@out,"$label:\n");
-}
-
-sub ::file_end
-{   # try to detect if SSE2 or MMX extensions were used on ELF platform...
-    if ($::elf && grep {/\b%[x]?mm[0-7]\b|OPENSSL_ia32cap_P\b/i} @out) {
-
-       push (@out,"\n.section\t.bss\n");
-       push (@out,".comm\t${under}OPENSSL_ia32cap_P,4,4\n");
-
-       return; # below is not needed in OpenSSL context
-
-       push (@out,".section\t.init\n");
-       &::picmeup("edx","OPENSSL_ia32cap_P");
-       # $1<<10 sets a reserved bit to signal that variable
-       # was initialized already...
-       my $code=<<___;
-       cmpl    \$0,(%edx)
-       jne     3f
-       movl    \$1<<10,(%edx)
-       pushf
-       popl    %eax
-       movl    %eax,%ecx
-       xorl    \$1<<21,%eax
-       pushl   %eax
-       popf
-       pushf
-       popl    %eax
-       xorl    %ecx,%eax
-       btl     \$21,%eax
-       jnc     3f
-       pushl   %ebp
-       pushl   %edi
-       pushl   %ebx
-       movl    %edx,%edi
-       xor     %eax,%eax
-       .byte   0x0f,0xa2
-       xorl    %eax,%eax
-       cmpl    $1970169159,%ebx
-       setne   %al
-       movl    %eax,%ebp
-       cmpl    $1231384169,%edx
-       setne   %al
-       orl     %eax,%ebp
-       cmpl    $1818588270,%ecx
-       setne   %al
-       orl     %eax,%ebp
-       movl    $1,%eax
-       .byte   0x0f,0xa2
-       cmpl    $0,%ebp
-       jne     1f
-       andb    $15,%ah
-       cmpb    $15,%ah
-       jne     1f
-       orl     $1048576,%edx
-1:     btl     $28,%edx
-       jnc     2f
-       shrl    $16,%ebx
-       cmpb    $1,%bl
-       ja      2f
-       andl    $4026531839,%edx
-2:     orl     \$1<<10,%edx
-       movl    %edx,0(%edi)
-       popl    %ebx
-       popl    %edi
-       popl    %ebp
-       jmp     3f
-       .align  $align
-       3:
-___
-       push (@out,$code);
-    }
-}
-
-sub ::data_byte        {   push(@out,".byte\t".join(',',@_)."\n");   }
-sub ::data_word {   push(@out,".long\t".join(',',@_)."\n");   }
-
-sub ::align
-{ my $val=$_[0],$p2,$i;
-    if ($::aout)
-    {  for ($p2=0;$val!=0;$val>>=1) { $p2++; }
-       $val=$p2-1;
-       $val.=",0x90";
-    }
-    push(@out,".align\t$val\n");
-}
-
-sub ::picmeup
-{ my($dst,$sym,$base,$reflabel)=@_;
-
-    if ($::pic && ($::elf || $::aout))
-    {  if (!defined($base))
-       {   &::call(&::label("PIC_me_up"));
-           &::set_label("PIC_me_up");
-           &::blindpop($dst);
-           &::add($dst,"\$${under}_GLOBAL_OFFSET_TABLE_+[.-".
-                           &::label("PIC_me_up") . "]");
+sub main'public_label
+       {
+       $label{$_[0]}="${under}${_[0]}" if (!defined($label{$_[0]}));
+       push(@out,".globl\t$label{$_[0]}\n");
+       }
+
+sub main'label
+       {
+       if (!defined($label{$_[0]}))
+               {
+               $label{$_[0]}="${dot}${label}${_[0]}";
+               $label++;
+               }
+       return($label{$_[0]});
+       }
+
+sub main'set_label
+       {
+       if (!defined($label{$_[0]}))
+               {
+               $label{$_[0]}="${dot}${label}${_[0]}";
+               $label++;
+               }
+       if ($_[1]!=0)
+               {
+               if ($_[1]>1)    { main'align($_[1]);            }
+               else            { push(@out,".align $align\n"); }
+               }
+       push(@out,"$label{$_[0]}:\n");
+       }
+
+sub main'file_end
+       {
+       # try to detect if SSE2 or MMX extensions were used on ELF platform...
+       if ($main'elf && grep {/\b%[x]*mm[0-7]\b|OPENSSL_ia32cap_P\b/i} @out) {
+               local($tmp);
+
+               push (@out,"\n.section\t.bss\n");
+               push (@out,".comm\t${under}OPENSSL_ia32cap_P,4,4\n");
+
+               return;
+       }
+
+       if ($const ne "")
+               {
+               push(@out,".section .rodata\n");
+               push(@out,$const);
+               $const="";
+               }
+       }
+
+sub main'data_byte
+       {
+       push(@out,"\t.byte\t".join(',',@_)."\n");
+       }
+
+sub main'data_word
+       {
+       push(@out,"\t.long\t".join(',',@_)."\n");
+       }
+
+sub main'align
+       {
+       my $val=$_[0],$p2,$i;
+       if ($main'aout) {
+               for ($p2=0;$val!=0;$val>>=1) { $p2++; }
+               $val=$p2-1;
+               $val.=",0x90";
+       }
+       push(@out,".align\t$val\n");
+       }
+
+# debug output functions: puts, putx, printf
+
+sub main'puts
+       {
+       &pushvars();
+       &main'push('$Lstring' . ++$constl);
+       &main'call('puts');
+       $stack-=4;
+       &main'add("esp",4);
+       &popvars();
+
+       $const .= "Lstring$constl:\n\t.string \"@_[0]\"\n";
+       }
+
+sub main'putx
+       {
+       &pushvars();
+       &main'push($_[0]);
+       &main'push('$Lstring' . ++$constl);
+       &main'call('printf');
+       &main'add("esp",8);
+       $stack-=8;
+       &popvars();
+
+       $const .= "Lstring$constl:\n\t.string \"\%X\"\n";
+       }
+
+sub main'printf
+       {
+       $ostack = $stack;
+       &pushvars();
+       for ($i = @_ - 1; $i >= 0; $i--)
+               {
+               if ($i == 0) # change this to support %s format strings
+                       {
+                       &main'push('$Lstring' . ++$constl);
+                       $const .= "Lstring$constl:\n\t.string \"@_[$i]\"\n";
+                       }
+               else
+                       {
+                       if ($_[$i] =~ /([0-9]*)\(%esp\)/)
+                               {
+                               &main'push(($1 + $stack - $ostack) . '(%esp)');
+                               }
+                       else
+                               {
+                               &main'push($_[$i]);
+                               }
+                       }
+               }
+       &main'call('printf');
+       $stack-=4*@_;
+       &main'add("esp",4*@_);
+       &popvars();
+       }
+
+sub pushvars
+       {
+       &main'pushf();
+       &main'push("edx");
+       &main'push("ecx");
+       &main'push("eax");
+       }
+
+sub popvars
+       {
+       &main'pop("eax");
+       &main'pop("ecx");
+       &main'pop("edx");
+       &main'popf();
        }
+
+sub main'picmeup
+       {
+       local($dst,$sym)=@_;
+       if ($main'cpp)
+               {
+               local($tmp)=<<___;
+#if (defined(ELF) || defined(SOL)) && defined(PIC)
+       call    1f
+1:     popl    $regs{$dst}
+       addl    \$_GLOBAL_OFFSET_TABLE_+[.-1b],$regs{$dst}
+       movl    $sym\@GOT($regs{$dst}),$regs{$dst}
+#else
+       leal    $sym,$regs{$dst}
+#endif
+___
+               push(@out,$tmp);
+               }
+       elsif ($main'pic && ($main'elf || $main'aout))
+               {
+               &main'call(&main'label("PIC_me_up"));
+               &main'set_label("PIC_me_up");
+               &main'blindpop($dst);
+               &main'add($dst,"\$${under}_GLOBAL_OFFSET_TABLE_+[.-".
+                               &main'label("PIC_me_up") . "]");
+               &main'mov($dst,&main'DWP($under.$sym."\@GOT",$dst));
+               }
        else
-       {   &::lea($dst,&::DWP("${under}_GLOBAL_OFFSET_TABLE_+[.-$reflabel]",
-                           $base));
+               {
+               &main'lea($dst,&main'DWP($sym));
+               }
        }
-       &::mov($dst,&::DWP($under.$sym."\@GOT",$dst));
-    }
-    else
-    {  &::lea($dst,&::DWP($sym));      }
-}
 
-sub ::initseg
-{ my($f)=@_;
-  my($tmp,$ctor);
+sub main'blindpop { &out1("popl",@_); }
 
-    if ($::elf)
-    {  $tmp=<<___;
+sub main'initseg
+       {
+       local($f)=@_;
+       local($tmp);
+       if ($main'elf)
+               {
+               $tmp=<<___;
 .section       .init
        call    $under$f
        jmp     .Linitalign
 .align $align
 .Linitalign:
 ___
-    }
-    elsif ($::coff)
-    {   $tmp=<<___;    # applies to both Cygwin and Mingw
+               }
+       elsif ($main'coff)
+               {
+               $tmp=<<___;     # applies to both Cygwin and Mingw
 .section       .ctors
 .long  $under$f
 ___
-    }
-    elsif ($::aout)
-    {  $ctor="${under}_GLOBAL_\$I\$$f";
-       $tmp=".text\n";
-       $tmp.=".type    $ctor,\@function\n" if ($::pic);
-       $tmp.=<<___;    # OpenBSD way...
+               }
+       elsif ($main'aout)
+               {
+               local($ctor)="${under}_GLOBAL_\$I\$$f";
+               $tmp=".text\n";
+               $tmp.=".type    $ctor,\@function\n" if ($main'pic);
+               $tmp.=<<___;    # OpenBSD way...
 .globl $ctor
 .align 2
 $ctor:
        jmp     $under$f
 ___
-    }
-    push(@out,$tmp) if ($tmp);
-}
+               }
+       push(@out,$tmp) if ($tmp);
+       }
 
 1;
index ef450da2d36f60e1271c4d9c41a911c28f99df94..f800f7db04a6b1edd66afb331a6de184638cea62 100644 (file)
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/pkcs12.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 
 
 static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
index 25566a4c21a7b15644a5df1a3fe4891e49827fdc..17b68992f7dbf3f3ea871416a71315eed1e3fde1 100644 (file)
@@ -377,57 +377,6 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
 
 }
 
-/* Copy text from one BIO to another making the output CRLF at EOL */
-int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
-{
-       char eol;
-       int len;
-       char linebuf[MAX_SMLEN];
-       if(flags & PKCS7_BINARY) {
-               while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
-                                               BIO_write(out, linebuf, len);
-               return 1;
-       }
-       if(flags & PKCS7_TEXT)
-               BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
-       while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
-               eol = strip_eol(linebuf, &len);
-               if (len)
-                       BIO_write(out, linebuf, len);
-               if(eol) BIO_write(out, "\r\n", 2);
-       }
-       return 1;
-}
-
-/* Strip off headers if they are text/plain */
-int SMIME_text(BIO *in, BIO *out)
-{
-       char iobuf[4096];
-       int len;
-       STACK_OF(MIME_HEADER) *headers;
-       MIME_HEADER *hdr;
-
-       if (!(headers = mime_parse_hdr(in))) {
-               PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR);
-               return 0;
-       }
-       if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
-               PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE);
-               sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-               return 0;
-       }
-       if (strcmp (hdr->value, "text/plain")) {
-               PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE);
-               ERR_add_error_data(2, "type: ", hdr->value);
-               sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-               return 0;
-       }
-       sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-       while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
-                                               BIO_write(out, iobuf, len);
-       return 1;
-}
-
 /* Split a multipart/XXX message body into component parts: result is
  * canonical parts in a STACK of bios
  */
index a98aeb7cd396b0b23f94dcd00e6e0194a9c6035d..0f8dd3e00faf3d8afcfc11944577ea579af08d67 100644 (file)
 
 #include <openssl/crypto.h>
 #include <openssl/err.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 
 #ifdef BN_DEBUG
 # define PREDICT
index 1897d6db7032165e2fa3a9c50771d52a665abac4..5ab3b1eac413c9fdf00d3c37aea9acc6f8b7bea2 100644 (file)
 #include "cryptlib.h"
 #include "rand_lcl.h"
 #include <openssl/rand.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 #include <openssl/fips_rand.h>
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
index 28b2ebfd141c5697d1e580479c49b6bb58118fa2..372061c0ad50b335cdf6f7b032adade6906efc96 100644 (file)
 #include "cryptlib.h"
 #include <openssl/rand.h>
 #include "rand_lcl.h"
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 #include <openssl/fips_rand.h>
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
index 3fb6cf50c980b7cac8578b74fa65b90737632585..4e000e5b992a1428f381bdb1765846d482b005da 100644 (file)
 
 #include <openssl/rc2.h>
 #include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 #include "rc2_locl.h"
 
 static unsigned char key_table[256]={
index 22bda4b451e9915297177780599499e5f22ec624..ef7eee766cb96b27fa281d15654c7e6d5b22ea6c 100644 (file)
@@ -212,11 +212,11 @@ sub RC4
                &movz   ($ty,&BP(0,$d,$ty));
                &add    (&LB($x),1);
                &xorb   (&LB($ty),&BP(0,$in));
-               &lea    ($in,&BP(1,$in));
+               &lea    ($in,&DWP(1,$in));
                &movz   ($tx,&BP(0,$d,$x));
                &cmp    ($in,&swtmp(2));
                &movb   (&BP(0,$out),&LB($ty));
-               &lea    ($out,&BP(1,$out));
+               &lea    ($out,&DWP(1,$out));
        &jb     (&label("RC4_CHAR_loop"));
 
        &set_label("finished");
index 4b990cba077e21ac5233724af0e1f1d9d1045dcf..2d473204854c235c9ff6c2086485956f60fb9e9d 100755 (executable)
@@ -2,8 +2,9 @@
 #
 # ====================================================================
 # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. Rights for redistribution and usage in source and binary
-# forms are granted according to the OpenSSL license.
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
 # ====================================================================
 #
 # 2.22x RC4 tune-up:-) It should be noted though that my hand [as in
 # is not implemented, then this final RC4_CHAR code-path should be
 # preferred, as it provides better *all-round* performance].
 
+# Intel Core2 was observed to perform poorly on both code paths:-( It
+# apparently suffers from some kind of partial register stall, which
+# occurs in 64-bit mode only [as virtually identical 32-bit loop was
+# observed to outperform 64-bit one by almost 50%]. Adding two movzb to
+# cloop1 boosts its performance by 80%! This loop appears to be optimal
+# fit for Core2 and therefore the code was modified to skip cloop8 on
+# this CPU.
+
 $output=shift;
-open STDOUT,"| $^X ../perlasm/x86_64-xlate.pl $output";
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open STDOUT,"| $^X $xlate $output";
 
 $dat="%rdi";       # arg1
 $len="%rsi";       # arg2
@@ -152,6 +167,8 @@ $code.=<<___;
        movzb   ($dat,$XX[0]),$TX[0]#d
        test    \$-8,$len
        jz      .Lcloop1
+       cmp     \$0,260($dat)
+       jnz     .Lcloop1
        push    %rbx
        jmp     .Lcloop8
 .align 16
@@ -221,6 +238,8 @@ $code.=<<___;
        movb    $TY#b,($dat,$XX[0])
        add     $TX[0]#b,$TY#b
        add     \$1,$XX[0]#b
+       movzb   $TY#b,$TY#d
+       movzb   $XX[0]#b,$XX[0]#d
        movzb   ($dat,$TY),$TY#d
        movzb   ($dat,$XX[0]),$TX[0]#d
        xorb    ($inp),$TY#b
@@ -233,6 +252,111 @@ $code.=<<___;
 .size  RC4,.-RC4
 ___
 
+$idx="%r8";
+$ido="%r9";
+
+$code.=<<___;
+.extern        OPENSSL_ia32cap_P
+.globl RC4_set_key
+.type  RC4_set_key,\@function,3
+.align 16
+RC4_set_key:
+       lea     8($dat),$dat
+       lea     ($inp,$len),$inp
+       neg     $len
+       mov     $len,%rcx
+       xor     %eax,%eax
+       xor     $ido,$ido
+       xor     %r10,%r10
+       xor     %r11,%r11
+
+       mov     OPENSSL_ia32cap_P(%rip),$idx#d
+       bt      \$20,$idx#d
+       jnc     .Lw1stloop
+       bt      \$30,$idx#d
+       setc    $ido#b
+       mov     $ido#d,260($dat)
+       jmp     .Lc1stloop
+
+.align 16
+.Lw1stloop:
+       mov     %eax,($dat,%rax,4)
+       add     \$1,%al
+       jnc     .Lw1stloop
+
+       xor     $ido,$ido
+       xor     $idx,$idx
+.align 16
+.Lw2ndloop:
+       mov     ($dat,$ido,4),%r10d
+       add     ($inp,$len,1),$idx#b
+       add     %r10b,$idx#b
+       add     \$1,$len
+       mov     ($dat,$idx,4),%r11d
+       cmovz   %rcx,$len
+       mov     %r10d,($dat,$idx,4)
+       mov     %r11d,($dat,$ido,4)
+       add     \$1,$ido#b
+       jnc     .Lw2ndloop
+       jmp     .Lexit_key
+
+.align 16
+.Lc1stloop:
+       mov     %al,($dat,%rax)
+       add     \$1,%al
+       jnc     .Lc1stloop
+
+       xor     $ido,$ido
+       xor     $idx,$idx
+.align 16
+.Lc2ndloop:
+       mov     ($dat,$ido),%r10b
+       add     ($inp,$len),$idx#b
+       add     %r10b,$idx#b
+       add     \$1,$len
+       mov     ($dat,$idx),%r11b
+       jnz     .Lcnowrap
+       mov     %rcx,$len
+.Lcnowrap:
+       mov     %r10b,($dat,$idx)
+       mov     %r11b,($dat,$ido)
+       add     \$1,$ido#b
+       jnc     .Lc2ndloop
+       movl    \$-1,256($dat)
+
+.align 16
+.Lexit_key:
+       xor     %eax,%eax
+       mov     %eax,-8($dat)
+       mov     %eax,-4($dat)
+       ret
+.size  RC4_set_key,.-RC4_set_key
+
+.globl RC4_options
+.type  RC4_options,\@function,0
+.align 16
+RC4_options:
+       .picmeup %rax
+       lea     .Lopts-.(%rax),%rax
+       mov     OPENSSL_ia32cap_P(%rip),%edx
+       bt      \$20,%edx
+       jnc     .Ldone
+       add     \$12,%rax
+       bt      \$30,%edx
+       jnc     .Ldone
+       add     \$13,%rax
+.Ldone:
+       ret
+.align 64
+.Lopts:
+.asciz "rc4(8x,int)"
+.asciz "rc4(8x,char)"
+.asciz "rc4(1x,char)"
+.asciz "RC4 for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align 64
+.size  RC4_options,.-RC4_options
+___
+
 $code =~ s/#([bwd])/$1/gm;
 
 print $code;
index 4ab9981b227410e8a053965afc491d733950e66a..870a659ff4915170d53229f9bc24d1cbb8987b66 100644 (file)
 #include "rc4_locl.h"
 #include <openssl/opensslv.h>
 #include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 
 const char RC4_version[]="RC4" OPENSSL_VERSION_PTEXT;
 
index f2ac09d1b7b97e3644ab37e7be602dc3ce3fe2e6..247fa6500ce8bcb7a723309d6014d99c72525834 100644 (file)
 
 #include <openssl/crypto.h>
 #include <openssl/rc5.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 #include "rc5_locl.h"
 
 #ifdef OPENSSL_FIPS
index 3c4ad4ff1080d744ded9c7cb833e424cf4d0c1c7..ead11d075ac9f91bbb56edb1ee94cd4026d4d715 100644 (file)
 #include "rmd_locl.h"
 #include <openssl/opensslv.h>
 #include <openssl/err.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 
 const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT;
 
index 6f154625485eb72d74523beb9a2027137f409c1d..d31f0781a06a8846c07fcdb81b23e76c8941a084 100644 (file)
 #define SHA_1
 
 #include <openssl/opensslv.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 
 const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT;
 
index 223d80f82c51aede800dc87506690344dc0b3656..3256a83e98e10f74ead2111b2522ef830f5966e1 100644 (file)
 
 #include <openssl/crypto.h>
 #include <openssl/sha.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 #include <openssl/opensslv.h>
 
 const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
index a3964793213f7c5295ec32da0dabcd4b731d7f9c..f5ed468b85eb8140c6f3c8c9d85e55ff8b96a5e9 100644 (file)
@@ -5,7 +5,10 @@
  * ====================================================================
  */
 #include <openssl/opensslconf.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
 /*
  * IMPLEMENTATION NOTES.
index 0b524ecf1f4daa49d16aeaa97b04a5567f474fb1..598f4d721af963695c05eb665b32c78243163a5a 100644 (file)
 
 #include <openssl/opensslconf.h>
 #include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 #include <openssl/err.h>
 #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
 
index c3b7ed53db0840f86283c4514228d8d8fc7f9e4c..78cc485e6d144b71b52afa371df2fa69c6fa7e26 100644 (file)
@@ -175,7 +175,7 @@ STACK_OF(type) \
 #define SKM_sk_push(type, st,val) \
        sk_push(st, (char *)val)
 #define SKM_sk_unshift(type, st,val) \
-       sk_unshift(st, val)
+       sk_unshift(st, (char *)val)
 #define SKM_sk_find(type, st,val) \
        sk_find(st, (char *)val)
 #define SKM_sk_delete(type, st,i) \
@@ -414,6 +414,94 @@ STACK_OF(type) \
 #define sk_BIO_sort(st) SKM_sk_sort(BIO, (st))
 #define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st))
 
+#define sk_CMS_CertificateChoices_new(st) SKM_sk_new(CMS_CertificateChoices, (st))
+#define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices)
+#define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st))
+#define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st))
+#define sk_CMS_CertificateChoices_value(st, i) SKM_sk_value(CMS_CertificateChoices, (st), (i))
+#define sk_CMS_CertificateChoices_set(st, i, val) SKM_sk_set(CMS_CertificateChoices, (st), (i), (val))
+#define sk_CMS_CertificateChoices_zero(st) SKM_sk_zero(CMS_CertificateChoices, (st))
+#define sk_CMS_CertificateChoices_push(st, val) SKM_sk_push(CMS_CertificateChoices, (st), (val))
+#define sk_CMS_CertificateChoices_unshift(st, val) SKM_sk_unshift(CMS_CertificateChoices, (st), (val))
+#define sk_CMS_CertificateChoices_find(st, val) SKM_sk_find(CMS_CertificateChoices, (st), (val))
+#define sk_CMS_CertificateChoices_find_ex(st, val) SKM_sk_find_ex(CMS_CertificateChoices, (st), (val))
+#define sk_CMS_CertificateChoices_delete(st, i) SKM_sk_delete(CMS_CertificateChoices, (st), (i))
+#define sk_CMS_CertificateChoices_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_CertificateChoices, (st), (ptr))
+#define sk_CMS_CertificateChoices_insert(st, val, i) SKM_sk_insert(CMS_CertificateChoices, (st), (val), (i))
+#define sk_CMS_CertificateChoices_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_CertificateChoices, (st), (cmp))
+#define sk_CMS_CertificateChoices_dup(st) SKM_sk_dup(CMS_CertificateChoices, st)
+#define sk_CMS_CertificateChoices_pop_free(st, free_func) SKM_sk_pop_free(CMS_CertificateChoices, (st), (free_func))
+#define sk_CMS_CertificateChoices_shift(st) SKM_sk_shift(CMS_CertificateChoices, (st))
+#define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st))
+#define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st))
+#define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st))
+
+#define sk_CMS_RecipientInfo_new(st) SKM_sk_new(CMS_RecipientInfo, (st))
+#define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo)
+#define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st))
+#define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st))
+#define sk_CMS_RecipientInfo_value(st, i) SKM_sk_value(CMS_RecipientInfo, (st), (i))
+#define sk_CMS_RecipientInfo_set(st, i, val) SKM_sk_set(CMS_RecipientInfo, (st), (i), (val))
+#define sk_CMS_RecipientInfo_zero(st) SKM_sk_zero(CMS_RecipientInfo, (st))
+#define sk_CMS_RecipientInfo_push(st, val) SKM_sk_push(CMS_RecipientInfo, (st), (val))
+#define sk_CMS_RecipientInfo_unshift(st, val) SKM_sk_unshift(CMS_RecipientInfo, (st), (val))
+#define sk_CMS_RecipientInfo_find(st, val) SKM_sk_find(CMS_RecipientInfo, (st), (val))
+#define sk_CMS_RecipientInfo_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientInfo, (st), (val))
+#define sk_CMS_RecipientInfo_delete(st, i) SKM_sk_delete(CMS_RecipientInfo, (st), (i))
+#define sk_CMS_RecipientInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientInfo, (st), (ptr))
+#define sk_CMS_RecipientInfo_insert(st, val, i) SKM_sk_insert(CMS_RecipientInfo, (st), (val), (i))
+#define sk_CMS_RecipientInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientInfo, (st), (cmp))
+#define sk_CMS_RecipientInfo_dup(st) SKM_sk_dup(CMS_RecipientInfo, st)
+#define sk_CMS_RecipientInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientInfo, (st), (free_func))
+#define sk_CMS_RecipientInfo_shift(st) SKM_sk_shift(CMS_RecipientInfo, (st))
+#define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st))
+#define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st))
+#define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st))
+
+#define sk_CMS_RevocationInfoChoice_new(st) SKM_sk_new(CMS_RevocationInfoChoice, (st))
+#define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice)
+#define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st))
+#define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st))
+#define sk_CMS_RevocationInfoChoice_value(st, i) SKM_sk_value(CMS_RevocationInfoChoice, (st), (i))
+#define sk_CMS_RevocationInfoChoice_set(st, i, val) SKM_sk_set(CMS_RevocationInfoChoice, (st), (i), (val))
+#define sk_CMS_RevocationInfoChoice_zero(st) SKM_sk_zero(CMS_RevocationInfoChoice, (st))
+#define sk_CMS_RevocationInfoChoice_push(st, val) SKM_sk_push(CMS_RevocationInfoChoice, (st), (val))
+#define sk_CMS_RevocationInfoChoice_unshift(st, val) SKM_sk_unshift(CMS_RevocationInfoChoice, (st), (val))
+#define sk_CMS_RevocationInfoChoice_find(st, val) SKM_sk_find(CMS_RevocationInfoChoice, (st), (val))
+#define sk_CMS_RevocationInfoChoice_find_ex(st, val) SKM_sk_find_ex(CMS_RevocationInfoChoice, (st), (val))
+#define sk_CMS_RevocationInfoChoice_delete(st, i) SKM_sk_delete(CMS_RevocationInfoChoice, (st), (i))
+#define sk_CMS_RevocationInfoChoice_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RevocationInfoChoice, (st), (ptr))
+#define sk_CMS_RevocationInfoChoice_insert(st, val, i) SKM_sk_insert(CMS_RevocationInfoChoice, (st), (val), (i))
+#define sk_CMS_RevocationInfoChoice_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RevocationInfoChoice, (st), (cmp))
+#define sk_CMS_RevocationInfoChoice_dup(st) SKM_sk_dup(CMS_RevocationInfoChoice, st)
+#define sk_CMS_RevocationInfoChoice_pop_free(st, free_func) SKM_sk_pop_free(CMS_RevocationInfoChoice, (st), (free_func))
+#define sk_CMS_RevocationInfoChoice_shift(st) SKM_sk_shift(CMS_RevocationInfoChoice, (st))
+#define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st))
+#define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st))
+#define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st))
+
+#define sk_CMS_SignerInfo_new(st) SKM_sk_new(CMS_SignerInfo, (st))
+#define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo)
+#define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st))
+#define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st))
+#define sk_CMS_SignerInfo_value(st, i) SKM_sk_value(CMS_SignerInfo, (st), (i))
+#define sk_CMS_SignerInfo_set(st, i, val) SKM_sk_set(CMS_SignerInfo, (st), (i), (val))
+#define sk_CMS_SignerInfo_zero(st) SKM_sk_zero(CMS_SignerInfo, (st))
+#define sk_CMS_SignerInfo_push(st, val) SKM_sk_push(CMS_SignerInfo, (st), (val))
+#define sk_CMS_SignerInfo_unshift(st, val) SKM_sk_unshift(CMS_SignerInfo, (st), (val))
+#define sk_CMS_SignerInfo_find(st, val) SKM_sk_find(CMS_SignerInfo, (st), (val))
+#define sk_CMS_SignerInfo_find_ex(st, val) SKM_sk_find_ex(CMS_SignerInfo, (st), (val))
+#define sk_CMS_SignerInfo_delete(st, i) SKM_sk_delete(CMS_SignerInfo, (st), (i))
+#define sk_CMS_SignerInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_SignerInfo, (st), (ptr))
+#define sk_CMS_SignerInfo_insert(st, val, i) SKM_sk_insert(CMS_SignerInfo, (st), (val), (i))
+#define sk_CMS_SignerInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_SignerInfo, (st), (cmp))
+#define sk_CMS_SignerInfo_dup(st) SKM_sk_dup(CMS_SignerInfo, st)
+#define sk_CMS_SignerInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_SignerInfo, (st), (free_func))
+#define sk_CMS_SignerInfo_shift(st) SKM_sk_shift(CMS_SignerInfo, (st))
+#define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st))
+#define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st))
+#define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st))
+
 #define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st))
 #define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE)
 #define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st))
@@ -612,6 +700,28 @@ STACK_OF(type) \
 #define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st))
 #define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st))
 
+#define sk_GENERAL_NAMES_new(st) SKM_sk_new(GENERAL_NAMES, (st))
+#define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES)
+#define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st))
+#define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st))
+#define sk_GENERAL_NAMES_value(st, i) SKM_sk_value(GENERAL_NAMES, (st), (i))
+#define sk_GENERAL_NAMES_set(st, i, val) SKM_sk_set(GENERAL_NAMES, (st), (i), (val))
+#define sk_GENERAL_NAMES_zero(st) SKM_sk_zero(GENERAL_NAMES, (st))
+#define sk_GENERAL_NAMES_push(st, val) SKM_sk_push(GENERAL_NAMES, (st), (val))
+#define sk_GENERAL_NAMES_unshift(st, val) SKM_sk_unshift(GENERAL_NAMES, (st), (val))
+#define sk_GENERAL_NAMES_find(st, val) SKM_sk_find(GENERAL_NAMES, (st), (val))
+#define sk_GENERAL_NAMES_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAMES, (st), (val))
+#define sk_GENERAL_NAMES_delete(st, i) SKM_sk_delete(GENERAL_NAMES, (st), (i))
+#define sk_GENERAL_NAMES_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAMES, (st), (ptr))
+#define sk_GENERAL_NAMES_insert(st, val, i) SKM_sk_insert(GENERAL_NAMES, (st), (val), (i))
+#define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp))
+#define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st)
+#define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func))
+#define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st))
+#define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st))
+#define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st))
+#define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st))
+
 #define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st))
 #define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE)
 #define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st))
index c431237ec7e94aaa3e6389b86667cefefbf0d62d..e71b5257e576135c544e353ad86cc08a2d09ae54 100644 (file)
@@ -146,9 +146,10 @@ struct X509_algor_st
        ASN1_TYPE *parameter;
        } /* X509_ALGOR */;
 
-DECLARE_STACK_OF(X509_ALGOR)
 DECLARE_ASN1_SET_OF(X509_ALGOR)
 
+typedef STACK_OF(X509_ALGOR) X509_ALGORS;
+
 typedef struct X509_val_st
        {
        ASN1_TIME *notBefore;
@@ -864,6 +865,10 @@ X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
 X509_CRL *X509_CRL_dup(X509_CRL *crl);
 X509_REQ *X509_REQ_dup(X509_REQ *req);
 X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
+int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
+void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
+                                               X509_ALGOR *algor);
+
 X509_NAME *X509_NAME_dup(X509_NAME *xn);
 X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
 
@@ -885,6 +890,7 @@ X509_REQ *  X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
 X509 *         X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
 
 DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
+DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS)
 DECLARE_ASN1_FUNCTIONS(X509_VAL)
 
 DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
@@ -1194,6 +1200,8 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
                        const char *attrname, int type,
                        const unsigned char *bytes, int len);
+void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
+                               ASN1_OBJECT *obj, int lastpos, int type);
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
             int atrtype, const void *data, int len);
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
index 65968c4944aab7f2986eec2ee41fc5efbcb4041e..2c9061e3d2f3e841b9b16f533d9c6bb15f2a328f 100644 (file)
@@ -67,8 +67,7 @@
 
 int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
 {
-       if (!x) return 0;
-       return(sk_X509_ATTRIBUTE_num(x));
+       return sk_X509_ATTRIBUTE_num(x);
 }
 
 int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
@@ -193,6 +192,22 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
        return ret;
 }
 
+void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
+                               ASN1_OBJECT *obj, int lastpos, int type)
+{
+       int i;
+       X509_ATTRIBUTE *at;
+       i = X509at_get_attr_by_OBJ(x, obj, lastpos);
+       if (i == -1)
+               return NULL;
+       if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1))
+               return NULL;
+       at = X509at_get_attr(x, i);
+       if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1))
+               return NULL;
+       return X509_ATTRIBUTE_get0_data(at, 0, type, NULL);
+}
+
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
             int atrtype, const void *data, int len)
 {
@@ -270,8 +285,8 @@ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
 int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len)
 {
        ASN1_TYPE *ttmp;
-       ASN1_STRING *stmp;
-       int atype;
+       ASN1_STRING *stmp = NULL;
+       int atype = 0;
        if (!attr) return 0;
        if(attrtype & MBSTRING_FLAG) {
                stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
@@ -281,16 +296,22 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *dat
                        return 0;
                }
                atype = stmp->type;
-       } else {
+       } else if (len != -1){
                if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err;
                if(!ASN1_STRING_set(stmp, data, len)) goto err;
                atype = attrtype;
        }
        if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
        if(!(ttmp = ASN1_TYPE_new())) goto err;
+       if ((len == -1) && !(attrtype & MBSTRING_FLAG))
+               {
+               if (!ASN1_TYPE_set1(ttmp, attrtype, data))
+                       goto err;
+               }
+       else
+               ASN1_TYPE_set(ttmp, atype, stmp);
        if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
        attr->single = 0;
-       ASN1_TYPE_set(ttmp, atype, stmp);
        return 1;
        err:
        X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
index 9f0f06bd4e89084c65205b4eaf485471a9ffc7b3..2616a03da6994edfc776dec02762e5a33fdc2cf5 100644 (file)
@@ -140,7 +140,7 @@ OPENSSL_ia32_cpuid:
        and     \$15,%ah
        cmp     \$15,%ah                # examine Family ID
        je      .Lnotintel
-       or      \$0x40000000,%edx       # use reserved 30th bit to skip unrolled loop
+       or      \$0x40000000,%edx       # use reserved bit to skip unrolled loop
 .Lnotintel:
        bt      \$28,%edx               # test hyper-threading bit
        jnc     .Ldone
index 6bf6a7b57ff4e800842b62092adb4731fbfbb4d4..4408ef2936ecff908d7965e2fa9ed718ccfe6331 100644 (file)
@@ -24,27 +24,28 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
        &cpuid  ();
        &xor    ("eax","eax");
        &cmp    ("ebx",0x756e6547);     # "Genu"
-       &setne  (&LB("eax"));
+       &data_byte(0x0f,0x95,0xc0);     #&setne (&LB("eax"));
        &mov    ("ebp","eax");
        &cmp    ("edx",0x49656e69);     # "ineI"
-       &setne  (&LB("eax"));
+       &data_byte(0x0f,0x95,0xc0);     #&setne (&LB("eax"));
        &or     ("ebp","eax");
        &cmp    ("ecx",0x6c65746e);     # "ntel"
-       &setne  (&LB("eax"));
+       &data_byte(0x0f,0x95,0xc0);     #&setne (&LB("eax"));
        &or     ("ebp","eax");
        &mov    ("eax",1);
        &cpuid  ();
        &cmp    ("ebp",0);
        &jne    (&label("notP4"));
-       &and    (&HB("eax"),15);        # familiy ID
-       &cmp    (&HB("eax"),15);        # P4?
+       &and    ("eax",15<<8);          # familiy ID
+       &cmp    ("eax",15<<8);          # P4?
        &jne    (&label("notP4"));
        &or     ("edx",1<<20);          # use reserved bit to engage RC4_CHAR
 &set_label("notP4");
        &bt     ("edx",28);             # test hyper-threading bit
        &jnc    (&label("done"));
        &shr    ("ebx",16);
-       &cmp    (&LB("ebx"),1);         # see if cache is shared(*)
+       &and    ("ebx",0xff);
+       &cmp    ("ebx",1);              # see if cache is shared(*)
        &ja     (&label("done"));
        &and    ("edx",0xefffffff);     # clear hyper-threading bit if not
 &set_label("done");
index b0d198724c6b28770e0ea5656421939de522c1da..908cd2a6d657db9906ef6af19817eb6dc91ff3d7 100644 (file)
@@ -18,6 +18,7 @@ B<openssl> B<dgst>
 [B<-verify filename>]
 [B<-prverify filename>]
 [B<-signature filename>]
+[B<-hmac key>]
 [B<file...>]
 
 [B<md5|md4|md2|sha1|sha|mdc2|ripemd160>]
@@ -78,6 +79,10 @@ verify the signature using the  the private key in "filename".
 
 the actual signature to verify.
 
+=item B<-hmac key>
+
+create a hashed MAC using "key".
+
 =item B<-rand file(s)>
 
 a file or files containing random data used to seed the random number
index 57c2adfb9f9da88e5000d08ee665918ab26f6488..fdcc170e2832a764c109446f1c0cacfe91a257e4 100644 (file)
@@ -12,6 +12,8 @@ B<openssl> B<s_server>
 [B<-context id>]
 [B<-verify depth>]
 [B<-Verify depth>]
+[B<-crl_check>]
+[B<-crl_check_all>]
 [B<-cert filename>]
 [B<-certform DER|PEM>]
 [B<-key keyfile>]
@@ -142,6 +144,12 @@ the client. With the B<-verify> option a certificate is requested but the
 client does not have to send one, with the B<-Verify> option the client
 must supply a certificate or an error occurs.
 
+=item B<-crl_check>, B<-crl_check_all>
+
+Check the peer certificate has not been revoked by its CA.
+The CRL(s) are appended to the certificate file. With the B<-crl_check_all>
+option all CRLs of all CAs in the chain are checked.
+
 =item B<-CApath directory>
 
 The directory to use for client certificate verification. This directory
index ea5c29c150218f3131970c36b4de276ac1cc1f18..ff2629d2cf851733b4aa6c5704a4cf594137a74c 100644 (file)
@@ -169,7 +169,7 @@ the operation was successful.
 the issuer certificate could not be found: this occurs if the issuer certificate
 of an untrusted certificate cannot be found.
 
-=item B<3 X509_V_ERR_UNABLE_TO_GET_CRL unable to get certificate CRL>
+=item B<3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL>
 
 the CRL of a certificate could not be found. Unused.
 
index cbf01cb1720a4f39b4655bc3d0df9041bb086742..90861d397978090e393b3b6154a518460d8aecab 100644 (file)
@@ -20,6 +20,7 @@
 
 (c-add-style "eay"
             '((c-basic-offset . 8)
+              (indent-tabs-mode . t)
               (c-comment-only-line-offset . 0)
               (c-hanging-braces-alist)
               (c-offsets-alist . ((defun-open . +)
index 60867d951acb433b437fe736af7d0396bcbd71de..1157cff510d6cb56151ab40cafce178554f7f1d0 100644 (file)
@@ -151,10 +151,11 @@ bits is set to zero.
 This specifies the format of the ultimate value. It should be followed
 by a colon and one of the strings B<ASCII>, B<UTF8>, B<HEX> or B<BITLIST>.
 
-If no format specifier is included then B<ASCII> is used. If B<UTF8> is specified
-then the value string must be a valid B<UTF8> string. For B<HEX> the output must
-be a set of hex digits. B<BITLIST> (which is only valid for a BIT STRING) is a
-comma separated list of set bits.
+If no format specifier is included then B<ASCII> is used. If B<UTF8> is
+specified then the value string must be a valid B<UTF8> string. For B<HEX> the
+output must be a set of hex digits. B<BITLIST> (which is only valid for a BIT
+STRING) is a comma separated list of the indices of the set bits, all other
+bits are zero.
 
 =back
 
@@ -172,6 +173,10 @@ An IA5String explicitly tagged using APPLICATION tagging:
 
  EXPLICIT:0A,IA5STRING:Hello World
 
+A BITSTRING with bits 1 and 5 set and all others zero:
+
+ FORMAT=BITLIST,BITSTRING:1,5
+
 A more complex example using a config file to produce a
 SEQUENCE consiting of a BOOL an OID and a UTF8String:
 
index 44f8c0bbc4f41cd770d551afb9b3eefe81458e2d..251f5661480a2193c0d5487fe962822f01a5892f 100644 (file)
@@ -20,7 +20,7 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec
+LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec capi
 
 LIBSRC=        e_4758cca.c \
        e_aep.c \
@@ -30,7 +30,8 @@ LIBSRC=       e_4758cca.c \
        e_chil.c \
        e_nuron.c \
        e_sureware.c \
-       e_ubsec.c
+       e_ubsec.c \
+       e_capi.c
 LIBOBJ= e_4758cca.o \
        e_aep.o \
        e_atalla.o \
@@ -39,7 +40,8 @@ LIBOBJ= e_4758cca.o \
        e_chil.o \
        e_nuron.o \
        e_sureware.o \
-       e_ubsec.o
+       e_ubsec.o \
+       e_capi.o
 
 SRC= $(LIBSRC)
 
@@ -52,7 +54,8 @@ HEADER=       e_4758cca_err.c e_4758cca_err.h \
        e_chil_err.c e_chil_err.h \
        e_nuron_err.c e_nuron_err.h \
        e_sureware_err.c e_sureware_err.h \
-       e_ubsec_err.c e_ubsec_err.h
+       e_ubsec_err.c e_ubsec_err.h \
+       e_capi_err.c e_capi_err.h
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
@@ -143,16 +146,16 @@ e_4758cca.o: ../include/openssl/crypto.h ../include/openssl/dso.h
 e_4758cca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 e_4758cca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 e_4758cca.o: ../include/openssl/engine.h ../include/openssl/err.h
-e_4758cca.o: ../include/openssl/evp.h ../include/openssl/fips.h
-e_4758cca.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-e_4758cca.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-e_4758cca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-e_4758cca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-e_4758cca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-e_4758cca.o: ../include/openssl/sha.h ../include/openssl/stack.h
-e_4758cca.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-e_4758cca.o: ../include/openssl/x509_vfy.h e_4758cca.c e_4758cca_err.c
-e_4758cca.o: e_4758cca_err.h vendor_defns/hw_4758_cca.h
+e_4758cca.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+e_4758cca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+e_4758cca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+e_4758cca.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+e_4758cca.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+e_4758cca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+e_4758cca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+e_4758cca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+e_4758cca.o: e_4758cca.c e_4758cca_err.c e_4758cca_err.h
+e_4758cca.o: vendor_defns/hw_4758_cca.h
 e_aep.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 e_aep.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 e_aep.o: ../include/openssl/crypto.h ../include/openssl/dh.h
@@ -182,17 +185,16 @@ e_chil.o: ../include/openssl/dso.h ../include/openssl/e_os2.h
 e_chil.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 e_chil.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 e_chil.o: ../include/openssl/err.h ../include/openssl/evp.h
-e_chil.o: ../include/openssl/fips.h ../include/openssl/lhash.h
-e_chil.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-e_chil.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-e_chil.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-e_chil.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-e_chil.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-e_chil.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-e_chil.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-e_chil.o: ../include/openssl/ui.h ../include/openssl/x509.h
-e_chil.o: ../include/openssl/x509_vfy.h e_chil.c e_chil_err.c e_chil_err.h
-e_chil.o: vendor_defns/hwcryptohook.h
+e_chil.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+e_chil.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+e_chil.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+e_chil.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+e_chil.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+e_chil.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+e_chil.o: ../include/openssl/sha.h ../include/openssl/stack.h
+e_chil.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+e_chil.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_chil.c
+e_chil.o: e_chil_err.c e_chil_err.h vendor_defns/hwcryptohook.h
 e_cswift.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 e_cswift.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 e_cswift.o: ../include/openssl/crypto.h ../include/openssl/dh.h
@@ -226,17 +228,17 @@ e_sureware.o: ../include/openssl/dsa.h ../include/openssl/dso.h
 e_sureware.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 e_sureware.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 e_sureware.o: ../include/openssl/engine.h ../include/openssl/err.h
-e_sureware.o: ../include/openssl/evp.h ../include/openssl/fips.h
-e_sureware.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-e_sureware.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-e_sureware.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-e_sureware.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-e_sureware.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-e_sureware.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-e_sureware.o: ../include/openssl/sha.h ../include/openssl/stack.h
-e_sureware.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-e_sureware.o: ../include/openssl/x509_vfy.h e_sureware.c e_sureware_err.c
-e_sureware.o: e_sureware_err.h vendor_defns/sureware.h
+e_sureware.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+e_sureware.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+e_sureware.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+e_sureware.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+e_sureware.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+e_sureware.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+e_sureware.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+e_sureware.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+e_sureware.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+e_sureware.o: e_sureware.c e_sureware_err.c e_sureware_err.h
+e_sureware.o: vendor_defns/sureware.h
 e_ubsec.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 e_ubsec.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 e_ubsec.o: ../include/openssl/crypto.h ../include/openssl/dh.h
index 3d4276be91b39be20c8ebf5250f825da3344e976..26087edbfae763477730c7bf77a86d2d3f6a8605 100644 (file)
 #ifndef HEADER_CCA4758_ERR_H
 #define HEADER_CCA4758_ERR_H
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
index 7307ddfafb5b4aeb9668de15afdbf9904b332778..ffdc354cdcf99053845c4f3efa1545185ede8825 100644 (file)
 typedef int pid_t;
 #endif
 
+#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
+#define getpid GetThreadID
+extern int GetThreadID(void);
+#endif
+
 #include <openssl/crypto.h>
 #include <openssl/dso.h>
 #include <openssl/engine.h>
index 8fe4cf921f06a7e9b6e4c7b77df92708bf6ee5ea..35b2e742603aa4ef69e730011206d2d922e615d0 100644 (file)
 #ifndef HEADER_AEPHK_ERR_H
 #define HEADER_AEPHK_ERR_H
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
index cdac052d8c98096574f09af44e83c39a3589625a..36e09bf42fe10a8642d0dc4781bbc03215b20514 100644 (file)
 #ifndef HEADER_ATALLA_ERR_H
 #define HEADER_ATALLA_ERR_H
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
diff --git a/engines/e_capi.c b/engines/e_capi.c
new file mode 100644 (file)
index 0000000..081646b
--- /dev/null
@@ -0,0 +1,1722 @@
+/* engines/e_capi.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
+
+#ifdef OPENSSL_SYS_WIN32
+#ifndef OPENSSL_NO_CAPIENG
+
+#include <windows.h>
+#include <wincrypt.h>
+
+#undef X509_EXTENSIONS
+#undef X509_CERT_PAIR
+
+#include <openssl/engine.h>
+#include <openssl/pem.h>
+
+#include "e_capi_err.h"
+#include "e_capi_err.c"
+
+
+static const char *engine_capi_id = "capi";
+static const char *engine_capi_name = "CryptoAPI ENGINE";
+
+typedef struct CAPI_CTX_st CAPI_CTX;
+typedef struct CAPI_KEY_st CAPI_KEY;
+
+static void capi_addlasterror(void);
+static void capi_adderror(DWORD err);
+
+static void CAPI_trace(CAPI_CTX *ctx, char *format, ...);
+
+static int capi_list_providers(CAPI_CTX *ctx, BIO *out);
+static int capi_list_containers(CAPI_CTX *ctx, BIO *out);
+int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *storename);
+void capi_free_key(CAPI_KEY *key);
+
+static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE hstore);
+
+CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id);
+
+static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id,
+       UI_METHOD *ui_method, void *callback_data);
+static int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
+             unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
+static int capi_rsa_priv_enc(int flen, const unsigned char *from,
+                unsigned char *to, RSA *rsa, int padding);
+static int capi_rsa_priv_dec(int flen, const unsigned char *from,
+                unsigned char *to, RSA *rsa, int padding);
+static int capi_rsa_free(RSA *rsa);
+
+static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
+                                                       DSA *dsa);
+static int capi_dsa_free(DSA *dsa);
+
+static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
+       STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
+       STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
+
+static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
+#ifdef OPENSSL_CAPIENG_DIALOG
+static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
+#endif
+
+typedef PCCERT_CONTEXT (WINAPI *CERTDLG)(HCERTSTORE, HWND, LPCWSTR,
+                                               LPCWSTR, DWORD, DWORD,
+                                               void *);
+typedef HWND (WINAPI *GETCONSWIN)(void);
+
+/* This structure contains CAPI ENGINE specific data:
+ * it contains various global options and affects how
+ * other functions behave.
+ */
+
+#define CAPI_DBG_TRACE 2
+#define CAPI_DBG_ERROR 1
+
+struct CAPI_CTX_st {
+       int debug_level;
+       char *debug_file;
+       /* Parameters to use for container lookup */
+       DWORD keytype;
+       LPTSTR cspname;
+       DWORD csptype;
+       /* Certificate store name to use */
+       LPTSTR storename;
+       LPTSTR ssl_client_store;
+
+/* Lookup string meanings in load_private_key */
+/* Substring of subject: uses "storename" */
+#define CAPI_LU_SUBSTR         0
+/* Friendly name: uses storename */
+#define CAPI_LU_FNAME          1
+/* Container name: uses cspname, keytype */
+#define CAPI_LU_CONTNAME       2
+       int lookup_method;
+/* Info to dump with dumpcerts option */
+/* Issuer and serial name strings */
+#define CAPI_DMP_SUMMARY       0x1
+/* Friendly name */
+#define CAPI_DMP_FNAME         0x2
+/* Full X509_print dump */
+#define CAPI_DMP_FULL          0x4
+/* Dump PEM format certificate */
+#define CAPI_DMP_PEM           0x8
+/* Dump pseudo key (if possible) */
+#define CAPI_DMP_PSKEY         0x10
+/* Dump key info (if possible) */
+#define CAPI_DMP_PKEYINFO      0x20
+
+       DWORD dump_flags;
+       int (*client_cert_select)(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
+
+       CERTDLG certselectdlg;
+       GETCONSWIN getconswindow;
+};
+
+
+static CAPI_CTX *capi_ctx_new();
+static void capi_ctx_free(CAPI_CTX *ctx);
+static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int check);
+static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx);
+
+#define CAPI_CMD_LIST_CERTS            ENGINE_CMD_BASE
+#define CAPI_CMD_LOOKUP_CERT           (ENGINE_CMD_BASE + 1)
+#define CAPI_CMD_DEBUG_LEVEL           (ENGINE_CMD_BASE + 2)
+#define CAPI_CMD_DEBUG_FILE            (ENGINE_CMD_BASE + 3)
+#define CAPI_CMD_KEYTYPE               (ENGINE_CMD_BASE + 4)
+#define CAPI_CMD_LIST_CSPS             (ENGINE_CMD_BASE + 5)
+#define CAPI_CMD_SET_CSP_IDX           (ENGINE_CMD_BASE + 6)
+#define CAPI_CMD_SET_CSP_NAME          (ENGINE_CMD_BASE + 7)
+#define CAPI_CMD_SET_CSP_TYPE          (ENGINE_CMD_BASE + 8)
+#define CAPI_CMD_LIST_CONTAINERS       (ENGINE_CMD_BASE + 9)
+#define CAPI_CMD_LIST_OPTIONS          (ENGINE_CMD_BASE + 10)
+#define CAPI_CMD_LOOKUP_METHOD         (ENGINE_CMD_BASE + 11)
+#define CAPI_CMD_STORE_NAME            (ENGINE_CMD_BASE + 12)
+
+static const ENGINE_CMD_DEFN capi_cmd_defns[] = {
+       {CAPI_CMD_LIST_CERTS,
+               "list_certs",
+               "List all certificates in store",
+               ENGINE_CMD_FLAG_NO_INPUT},
+       {CAPI_CMD_LOOKUP_CERT,
+               "lookup_cert",
+               "Lookup and output certificates",
+               ENGINE_CMD_FLAG_STRING},
+       {CAPI_CMD_DEBUG_LEVEL,
+               "debug_level",
+               "debug level (1=errors, 2=trace)",
+               ENGINE_CMD_FLAG_NUMERIC},
+       {CAPI_CMD_DEBUG_FILE,
+               "debug_file",
+               "debugging filename)",
+               ENGINE_CMD_FLAG_STRING},
+       {CAPI_CMD_KEYTYPE,
+               "key_type",
+               "Key type: 1=AT_KEYEXCHANGE (default), 2=AT_SIGNATURE",
+               ENGINE_CMD_FLAG_NUMERIC},
+       {CAPI_CMD_LIST_CSPS,
+               "list_csps",
+               "List all CSPs",
+               ENGINE_CMD_FLAG_NO_INPUT},
+       {CAPI_CMD_SET_CSP_IDX,
+               "csp_idx",
+               "Set CSP by index",
+               ENGINE_CMD_FLAG_NUMERIC},
+       {CAPI_CMD_SET_CSP_NAME,
+               "csp_name",
+               "Set CSP name, (default CSP used if not specified)",
+               ENGINE_CMD_FLAG_STRING},
+       {CAPI_CMD_SET_CSP_TYPE,
+               "csp_type",
+               "Set CSP type, (default RSA_PROV_FULL)",
+               ENGINE_CMD_FLAG_NUMERIC},
+       {CAPI_CMD_LIST_CONTAINERS,
+               "list_containers",
+               "list container names",
+               ENGINE_CMD_FLAG_NO_INPUT},
+       {CAPI_CMD_LIST_OPTIONS,
+               "list_options",
+               "Set list options (1=summary,2=friendly name, 4=full printout, 8=PEM output, 16=XXX, "
+               "32=private key info)",
+               ENGINE_CMD_FLAG_NUMERIC},
+       {CAPI_CMD_LOOKUP_METHOD,
+               "lookup_method",
+               "Set key lookup method (1=substring, 2=friendlyname, 3=container name)",
+               ENGINE_CMD_FLAG_NUMERIC},
+       {CAPI_CMD_STORE_NAME,
+               "store_name",
+               "certificate store name, default \"MY\"",
+               ENGINE_CMD_FLAG_STRING},
+
+       {0, NULL, NULL, 0}
+       };
+
+static int capi_idx = -1;
+static int rsa_capi_idx = -1;
+static int dsa_capi_idx = -1;
+static int cert_capi_idx = -1;
+
+static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
+       {
+       int ret = 1;
+       CAPI_CTX *ctx;
+       BIO *out;
+       if (capi_idx == -1)
+               {
+               CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_ENGINE_NOT_INITIALIZED);
+               return 0;
+               }
+       ctx = ENGINE_get_ex_data(e, capi_idx);
+       out = BIO_new_fp(stdout, BIO_NOCLOSE);
+       switch (cmd)
+               {
+               case CAPI_CMD_LIST_CSPS:
+               ret = capi_list_providers(ctx, out);
+               break;
+
+               case CAPI_CMD_LIST_CERTS:
+               ret = capi_list_certs(ctx, out, NULL);
+               break;
+
+               case CAPI_CMD_LOOKUP_CERT:
+               ret = capi_list_certs(ctx, out, p);
+               break;
+
+               case CAPI_CMD_LIST_CONTAINERS:
+               ret = capi_list_containers(ctx, out);
+               break;
+
+               case CAPI_CMD_STORE_NAME:
+               if (ctx->storename)
+                       OPENSSL_free(ctx->storename);
+               ctx->storename = BUF_strdup(p);
+               CAPI_trace(ctx, "Setting store name to %s\n", p);
+               break;
+
+               case CAPI_CMD_DEBUG_LEVEL:
+               ctx->debug_level = (int)i;
+               CAPI_trace(ctx, "Setting debug level to %d\n", ctx->debug_level);
+               break;
+
+               case CAPI_CMD_DEBUG_FILE:
+               ctx->debug_file = BUF_strdup(p);
+               CAPI_trace(ctx, "Setting debug file to %s\n", ctx->debug_file);
+               break;
+
+               case CAPI_CMD_KEYTYPE:
+               ctx->keytype = i;
+               CAPI_trace(ctx, "Setting key type to %d\n", ctx->keytype);
+               break;
+
+               case CAPI_CMD_SET_CSP_IDX:
+               ret = capi_ctx_set_provname_idx(ctx, i);
+               break;
+
+               case CAPI_CMD_LIST_OPTIONS:
+               ctx->dump_flags = i;
+               break;
+
+               case CAPI_CMD_LOOKUP_METHOD:
+               if (i < 1 || i > 3)
+                       {
+                       CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_INVALID_LOOKUP_METHOD);
+                       return 0;
+                       }
+               ctx->lookup_method = i;
+               break;
+
+               case CAPI_CMD_SET_CSP_NAME:
+               ret = capi_ctx_set_provname(ctx, p, ctx->csptype, 1);
+               break;
+
+               case CAPI_CMD_SET_CSP_TYPE:
+               ctx->csptype = i;
+               break;
+
+               default:
+               CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_UNKNOWN_COMMAND);
+               ret = 0;
+       }
+
+       BIO_free(out);
+       return ret;
+
+       }
+
+static RSA_METHOD capi_rsa_method =
+       {
+       "CryptoAPI RSA method",
+       0,                              /* pub_enc */
+       0,                              /* pub_dec */
+       capi_rsa_priv_enc,              /* priv_enc */
+       capi_rsa_priv_dec,              /* priv_dec */
+       0,                              /* rsa_mod_exp */
+       0,                              /* bn_mod_exp */
+       0,                              /* init */
+       capi_rsa_free,                  /* finish */
+       RSA_FLAG_SIGN_VER,              /* flags */
+       NULL,                           /* app_data */
+       capi_rsa_sign,                  /* rsa_sign */
+       0                               /* rsa_verify */
+       };
+
+static DSA_METHOD capi_dsa_method =
+       {
+       "CryptoAPI DSA method",
+       capi_dsa_do_sign,               /* dsa_do_sign */
+       0,                              /* dsa_sign_setup */
+       0,                              /* dsa_do_verify */
+       0,                              /* dsa_mod_exp */
+       0,                              /* bn_mod_exp */
+       0,                              /* init */
+       capi_dsa_free,                  /* finish */
+       0,                              /* flags */
+       NULL,                           /* app_data */
+       0,                              /* dsa_paramgen */
+       0                               /* dsa_keygen */
+       };
+
+static int capi_init(ENGINE *e)
+       {
+       CAPI_CTX *ctx;
+       const RSA_METHOD *ossl_rsa_meth;
+       const DSA_METHOD *ossl_dsa_meth;
+       capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
+       cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
+
+       ctx = capi_ctx_new();
+       if (!ctx || (capi_idx < 0))
+               goto memerr;
+
+       ENGINE_set_ex_data(e, capi_idx, ctx);
+       /* Setup RSA_METHOD */
+       rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
+       ossl_rsa_meth = RSA_PKCS1_SSLeay();
+       capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
+       capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
+       capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
+       capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;
+
+       /* Setup DSA Method */
+       dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
+       ossl_dsa_meth = DSA_OpenSSL();
+       capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
+       capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
+       capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
+
+#ifdef OPENSSL_CAPIENG_DIALOG
+       {
+       HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL"));
+       HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL"));
+       if (cryptui)
+               ctx->certselectdlg = (CERTDLG)GetProcAddress(cryptui, "CryptUIDlgSelectCertificateFromStore");
+       if (kernel)
+               ctx->getconswindow = (GETCONSWIN)GetProcAddress(kernel, "GetConsoleWindow");
+       if (cryptui && !OPENSSL_isservice())
+               ctx->client_cert_select = cert_select_dialog;
+       }
+#endif
+               
+
+       return 1;
+
+       memerr:
+       CAPIerr(CAPI_F_CAPI_INIT, ERR_R_MALLOC_FAILURE);
+       return 0;
+
+       return 1;
+       }
+
+static int capi_destroy(ENGINE *e)
+       {
+       ERR_unload_CAPI_strings();
+       return 1;
+       }
+
+static int capi_finish(ENGINE *e)
+       {
+       CAPI_CTX *ctx;
+       ctx = ENGINE_get_ex_data(e, capi_idx);
+       capi_ctx_free(ctx);
+       ENGINE_set_ex_data(e, capi_idx, NULL);
+       return 1;
+       }
+
+
+/* CryptoAPI key application data. This contains
+ * a handle to the private key container (for sign operations)
+ * and a handle to the key (for decrypt operations).
+ */
+
+struct CAPI_KEY_st
+       {
+       /* Associated certificate context (if any) */
+       PCCERT_CONTEXT pcert;
+       HCRYPTPROV hprov;
+       HCRYPTKEY key;
+       DWORD keyspec;
+       };
+
+static int bind_capi(ENGINE *e)
+       {
+       if (!ENGINE_set_id(e, engine_capi_id)
+               || !ENGINE_set_name(e, engine_capi_name)
+               || !ENGINE_set_init_function(e, capi_init)
+               || !ENGINE_set_finish_function(e, capi_finish)
+               || !ENGINE_set_destroy_function(e, capi_destroy)
+               || !ENGINE_set_RSA(e, &capi_rsa_method)
+               || !ENGINE_set_DSA(e, &capi_dsa_method)
+               || !ENGINE_set_load_privkey_function(e, capi_load_privkey)
+               || !ENGINE_set_load_ssl_client_cert_function(e,
+                                               capi_load_ssl_client_cert)
+               || !ENGINE_set_cmd_defns(e, capi_cmd_defns)
+               || !ENGINE_set_ctrl_function(e, capi_ctrl))
+                       return 0;
+       ERR_load_CAPI_strings();
+
+       return 1;
+
+       }
+
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_helper(ENGINE *e, const char *id)
+       {
+       if(id && (strcmp(id, engine_capi_id) != 0))
+               return 0;
+       if(!bind_capi(e))
+               return 0;
+       return 1;
+       }       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+#else
+static ENGINE *engine_capi(void)
+       {
+       ENGINE *ret = ENGINE_new();
+       if(!ret)
+               return NULL;
+       if(!bind_capi(ret))
+               {
+               ENGINE_free(ret);
+               return NULL;
+               }
+       return ret;
+       }
+
+void ENGINE_load_capi(void)
+       {
+       /* Copied from eng_[openssl|dyn].c */
+       ENGINE *toadd = engine_capi();
+       if(!toadd) return;
+       ENGINE_add(toadd);
+       ENGINE_free(toadd);
+       ERR_clear_error();
+       }
+#endif
+
+
+static int lend_tobn(BIGNUM *bn, unsigned char *bin, int binlen)
+       {
+       int i;
+       /* Reverse buffer in place: since this is a keyblob structure
+        * that will be freed up after conversion anyway it doesn't 
+        * matter if we change it.
+        */
+       for(i = 0; i < binlen / 2; i++)
+               {
+               unsigned char c;
+               c = bin[i];
+               bin[i] = bin[binlen - i - 1];
+               bin[binlen - i - 1] = c;
+               }
+
+       if (!BN_bin2bn(bin, binlen, bn))
+               return 0;
+       return 1;
+       }
+
+/* Given a CAPI_KEY get an EVP_PKEY structure */
+
+static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY *key)
+       {
+       unsigned char *pubkey = NULL;
+       DWORD len;
+       BLOBHEADER *bh;
+       RSA *rkey = NULL;
+       DSA *dkey = NULL;
+       EVP_PKEY *ret = NULL;
+       if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, NULL, &len))
+               {
+               CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR);
+               capi_addlasterror();
+               return NULL;
+               }
+
+       pubkey = OPENSSL_malloc(len);
+
+       if (!pubkey)
+               goto memerr;
+
+       if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, pubkey, &len))
+               {
+               CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_ERROR);
+               capi_addlasterror();
+               goto err;
+               }
+
+       bh = (BLOBHEADER *)pubkey;
+       if (bh->bType != PUBLICKEYBLOB)
+               {
+               CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_PUBLIC_KEY_BLOB);
+               goto err;
+               }
+       if (bh->aiKeyAlg == CALG_RSA_SIGN || bh->aiKeyAlg == CALG_RSA_KEYX)
+               {
+               RSAPUBKEY *rp;
+               DWORD rsa_modlen;
+               unsigned char *rsa_modulus;
+               rp = (RSAPUBKEY *)(bh + 1);
+               if (rp->magic != 0x31415352)
+                       {
+                       char magstr[10];
+                       BIO_snprintf(magstr, 10, "%lx", rp->magic);
+                       CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
+                       ERR_add_error_data(2, "magic=0x", magstr);
+                       goto err;
+                       }
+               rsa_modulus = (unsigned char *)(rp + 1);
+               rkey = RSA_new_method(eng);
+               if (!rkey)
+                       goto memerr;
+
+               rkey->e = BN_new();
+               rkey->n = BN_new();
+
+               if (!rkey->e || !rkey->n)
+                       goto memerr;
+
+               if (!BN_set_word(rkey->e, rp->pubexp))
+                       goto memerr;
+
+               rsa_modlen = rp->bitlen / 8;
+               if (!lend_tobn(rkey->n, rsa_modulus, rsa_modlen))
+                       goto memerr;
+
+               RSA_set_ex_data(rkey, rsa_capi_idx, key);
+
+               if (!(ret = EVP_PKEY_new()))
+                       goto memerr;
+
+               EVP_PKEY_assign_RSA(ret, rkey);
+               rkey = NULL;
+
+               }
+       else if (bh->aiKeyAlg == CALG_DSS_SIGN)
+               {
+               DSSPUBKEY *dp;
+               DWORD dsa_plen;
+               unsigned char *btmp;
+               dp = (DSSPUBKEY *)(bh + 1);
+               if (dp->magic != 0x31535344)
+                       {
+                       char magstr[10];
+                       BIO_snprintf(magstr, 10, "%lx", dp->magic);
+                       CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
+                       ERR_add_error_data(2, "magic=0x", magstr);
+                       goto err;
+                       }
+               dsa_plen = dp->bitlen / 8;
+               btmp = (unsigned char *)(dp + 1);
+               dkey = DSA_new_method(eng);
+               if (!dkey)
+                       goto memerr;
+               dkey->p = BN_new();
+               dkey->q = BN_new();
+               dkey->g = BN_new();
+               dkey->pub_key = BN_new();
+               if (!dkey->p || !dkey->q || !dkey->g || !dkey->pub_key)
+                       goto memerr;
+               if (!lend_tobn(dkey->p, btmp, dsa_plen))
+                       goto memerr;
+               btmp += dsa_plen;
+               if (!lend_tobn(dkey->q, btmp, 20))
+                       goto memerr;
+               btmp += 20;
+               if (!lend_tobn(dkey->g, btmp, dsa_plen))
+                       goto memerr;
+               btmp += dsa_plen;
+               if (!lend_tobn(dkey->pub_key, btmp, dsa_plen))
+                       goto memerr;
+               btmp += dsa_plen;
+
+               DSA_set_ex_data(dkey, dsa_capi_idx, key);
+
+               if (!(ret = EVP_PKEY_new()))
+                       goto memerr;
+
+               EVP_PKEY_assign_DSA(ret, dkey);
+               dkey = NULL;
+               }
+       else
+               {
+               char algstr[10];
+               BIO_snprintf(algstr, 10, "%lx", bh->aiKeyAlg);
+               CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM);
+               ERR_add_error_data(2, "aiKeyAlg=0x", algstr);
+               goto err;
+               }
+
+
+       err:
+       if (pubkey)
+               OPENSSL_free(pubkey);
+       if (!ret)
+               {
+               if (rkey)
+                       RSA_free(rkey);
+               if (dkey)
+                       DSA_free(dkey);
+               }
+
+       return ret;
+
+memerr:
+       CAPIerr(CAPI_F_CAPI_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
+       goto err;
+
+       }
+
+static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id,
+       UI_METHOD *ui_method, void *callback_data)
+       {
+       CAPI_CTX *ctx;
+       CAPI_KEY *key;
+       EVP_PKEY *ret;
+       ctx = ENGINE_get_ex_data(eng, capi_idx);
+
+       if (!ctx)
+               {
+               CAPIerr(CAPI_F_CAPI_LOAD_PRIVKEY, CAPI_R_CANT_FIND_CAPI_CONTEXT);
+               return NULL;
+               }
+
+       key = capi_find_key(ctx, key_id);
+
+       if (!key)
+               return NULL;
+
+       ret = capi_get_pkey(eng, key);
+
+       if (!ret)
+               capi_free_key(key);
+       return ret;
+
+       }
+
+/* CryptoAPI RSA operations */
+
+int capi_rsa_priv_enc(int flen, const unsigned char *from,
+                unsigned char *to, RSA *rsa, int padding)
+       {
+       CAPIerr(CAPI_F_CAPI_RSA_PRIV_ENC, CAPI_R_FUNCTION_NOT_SUPPORTED);
+       return -1;
+       }
+
+int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
+             unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
+       {
+       ALG_ID alg;
+       HCRYPTHASH hash;
+       DWORD slen;
+       unsigned int i;
+       int ret = -1;
+       CAPI_KEY *capi_key;
+       CAPI_CTX *ctx;
+
+       ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);
+
+       CAPI_trace(ctx, "Called CAPI_rsa_sign()\n");
+
+       capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
+       if (!capi_key)
+               {
+               CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_GET_KEY);
+               return -1;
+               }
+/* Convert the signature type to a CryptoAPI algorithm ID */
+       switch(dtype)
+               {
+       case NID_sha1:
+               alg = CALG_SHA1;
+               break;
+
+       case NID_md5:
+               alg = CALG_MD5;
+               break;
+
+       case NID_md5_sha1:
+               alg = CALG_SSL3_SHAMD5;
+               break;
+       default:
+               {
+               char algstr[10];
+               BIO_snprintf(algstr, 10, "%lx", dtype);
+               CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_UNSUPPORTED_ALGORITHM_NID);
+               ERR_add_error_data(2, "NID=0x", algstr);
+               return -1;
+               }
+       }
+
+
+
+/* Create the hash object */
+       if(!CryptCreateHash(capi_key->hprov, alg, 0, 0, &hash))
+               {
+               CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);
+               capi_addlasterror();
+               return -1;
+               }
+/* Set the hash value to the value passed */
+
+       if(!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)m, 0))
+               {
+               CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_SET_HASH_VALUE);
+               capi_addlasterror();
+               goto err;
+               }
+
+
+/* Finally sign it */
+       slen = RSA_size(rsa);
+       if(!CryptSignHash(hash, capi_key->keyspec, NULL, 0, sigret, &slen))
+               {
+               CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_ERROR_SIGNING_HASH);
+               capi_addlasterror();
+               goto err;
+               }
+       else
+               {
+               ret = 1;
+               /* Inplace byte reversal of signature */
+               for(i = 0; i < slen / 2; i++)
+                       {
+                       unsigned char c;
+                       c = sigret[i];
+                       sigret[i] = sigret[slen - i - 1];
+                       sigret[slen - i - 1] = c;
+                       }
+               *siglen = slen;
+               }
+
+       /* Now cleanup */
+
+err:
+       CryptDestroyHash(hash);
+
+       return ret;
+       }
+
+int capi_rsa_priv_dec(int flen, const unsigned char *from,
+                unsigned char *to, RSA *rsa, int padding)
+       {
+       int i;
+       unsigned char *tmpbuf;
+       CAPI_KEY *capi_key;
+       CAPI_CTX *ctx;
+       ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);
+
+       CAPI_trace(ctx, "Called capi_rsa_priv_dec()\n");
+
+
+       capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
+       if (!capi_key)
+               {
+               CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_CANT_GET_KEY);
+               return -1;
+               }
+
+       if(padding != RSA_PKCS1_PADDING)
+               {
+               char errstr[10];
+               BIO_snprintf(errstr, 10, "%d", padding);
+               CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING);
+               ERR_add_error_data(2, "padding=", errstr);
+               return -1;
+               }
+
+       /* Create temp reverse order version of input */
+       if(!(tmpbuf = OPENSSL_malloc(flen)) ) 
+               {
+               CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, ERR_R_MALLOC_FAILURE);
+               return -1;
+               }
+       for(i = 0; i < flen; i++)
+               tmpbuf[flen - i - 1] = from[i];
+       
+       /* Finally decrypt it */
+       if(!CryptDecrypt(capi_key->key, 0, TRUE, 0, tmpbuf, &flen))
+               {
+               CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_DECRYPT_ERROR);
+               capi_addlasterror();
+               OPENSSL_free(tmpbuf);
+               return -1;
+               } 
+       else memcpy(to, tmpbuf, flen);
+
+       OPENSSL_free(tmpbuf);
+
+       return flen;
+       }
+
+static int capi_rsa_free(RSA *rsa)
+       {
+       CAPI_KEY *capi_key;
+       capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
+       capi_free_key(capi_key);
+       RSA_set_ex_data(rsa, rsa_capi_idx, 0);
+       return 1;
+       }
+
+/* CryptoAPI DSA operations */
+
+static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
+                                                               DSA *dsa)
+       {
+       HCRYPTHASH hash;
+       DWORD slen;
+       DSA_SIG *ret = NULL;
+       CAPI_KEY *capi_key;
+       CAPI_CTX *ctx;
+       unsigned char csigbuf[40];
+
+       ctx = ENGINE_get_ex_data(dsa->engine, capi_idx);
+
+       CAPI_trace(ctx, "Called CAPI_dsa_do_sign()\n");
+
+       capi_key = DSA_get_ex_data(dsa, dsa_capi_idx);
+
+       if (!capi_key)
+               {
+               CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_GET_KEY);
+               return NULL;
+               }
+
+       if (dlen != 20)
+               {
+               CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_INVALID_DIGEST_LENGTH);
+               return NULL;
+               }
+
+       /* Create the hash object */
+       if(!CryptCreateHash(capi_key->hprov, CALG_SHA1, 0, 0, &hash))
+               {
+               CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);
+               capi_addlasterror();
+               return NULL;
+               }
+
+       /* Set the hash value to the value passed */
+       if(!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)digest, 0))
+               {
+               CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_SET_HASH_VALUE);
+               capi_addlasterror();
+               goto err;
+               }
+
+
+       /* Finally sign it */
+       slen = sizeof(csigbuf);
+       if(!CryptSignHash(hash, capi_key->keyspec, NULL, 0, csigbuf, &slen))
+               {
+               CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_ERROR_SIGNING_HASH);
+               capi_addlasterror();
+               goto err;
+               }
+       else
+               {
+               ret = DSA_SIG_new();
+               if (!ret)
+                       goto err;
+               ret->r = BN_new();
+               ret->s = BN_new();
+               if (!ret->r || !ret->s)
+                       goto err;
+               if (!lend_tobn(ret->r, csigbuf, 20)
+                       || !lend_tobn(ret->s, csigbuf + 20, 20))
+                       {
+                       DSA_SIG_free(ret);
+                       ret = NULL;
+                       goto err;
+                       }
+               }
+
+       /* Now cleanup */
+
+err:
+       OPENSSL_cleanse(csigbuf, 40);
+       CryptDestroyHash(hash);
+       return ret;
+       }
+
+static int capi_dsa_free(DSA *dsa)
+       {
+       CAPI_KEY *capi_key;
+       capi_key = DSA_get_ex_data(dsa, dsa_capi_idx);
+       capi_free_key(capi_key);
+       DSA_set_ex_data(dsa, dsa_capi_idx, 0);
+       return 1;
+       }
+
+static void capi_vtrace(CAPI_CTX *ctx, int level, char *format, va_list argptr)
+       {
+       BIO *out;
+
+       if (!ctx || (ctx->debug_level < level) || (!ctx->debug_file))
+               return;
+       out = BIO_new_file(ctx->debug_file, "a+");
+       BIO_vprintf(out, format, argptr);
+       BIO_free(out);
+       }
+
+static void CAPI_trace(CAPI_CTX *ctx, char *format, ...)
+       {
+       va_list args;
+       va_start(args, format);
+       capi_vtrace(ctx, CAPI_DBG_TRACE, format, args);
+       va_end(args);
+       }
+
+static void capi_addlasterror(void)
+       {
+       capi_adderror(GetLastError());
+       }
+
+static void capi_adderror(DWORD err)
+       {
+       char errstr[10];
+       BIO_snprintf(errstr, 10, "%lX", err);
+       ERR_add_error_data(2, "Error code= 0x", errstr);
+       }
+
+static char *wide_to_asc(LPWSTR wstr)
+       {
+       char *str;
+       if (!wstr)
+               return NULL;
+       str = OPENSSL_malloc(wcslen(wstr) + 1);
+       if (!str)
+               {
+               CAPIerr(CAPI_F_WIDE_TO_ASC, ERR_R_MALLOC_FAILURE);
+               return NULL;
+               }
+       sprintf(str, "%S", wstr);
+       return str;
+       }
+
+static int capi_get_provname(CAPI_CTX *ctx, LPSTR *pname, DWORD *ptype, DWORD idx)
+       {
+       LPSTR name;
+       DWORD len, err;
+       CAPI_trace(ctx, "capi_get_provname, index=%d\n", idx);
+       if (!CryptEnumProviders(idx, NULL, 0, ptype, NULL, &len))
+               {
+               err = GetLastError();
+               if (err == ERROR_NO_MORE_ITEMS)
+                       return 2;
+               CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
+               capi_adderror(err);
+               return 0;
+               }
+       name = OPENSSL_malloc(len);
+               if (!CryptEnumProviders(idx, NULL, 0, ptype, name, &len))
+               {
+               err = GetLastError();
+               if (err == ERROR_NO_MORE_ITEMS)
+                       return 2;
+               CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
+               capi_adderror(err);
+               return 0;
+               }
+       *pname = name;
+       CAPI_trace(ctx, "capi_get_provname, returned name=%s, type=%d\n", name, *ptype);
+
+       return 1;
+       }
+
+static int capi_list_providers(CAPI_CTX *ctx, BIO *out)
+       {
+       DWORD idx, ptype;
+       int ret;
+       LPTSTR provname = NULL;
+       CAPI_trace(ctx, "capi_list_providers\n");
+       BIO_printf(out, "Available CSPs:\n");
+       for(idx = 0; ; idx++)
+               {
+               ret = capi_get_provname(ctx, &provname, &ptype, idx);
+               if (ret == 2)
+                       break;
+               if (ret == 0)
+                       break;
+               BIO_printf(out, "%d. %s, type %d\n", idx, provname, ptype);
+               OPENSSL_free(provname);
+               }
+       return 1;
+       }
+
+static int capi_list_containers(CAPI_CTX *ctx, BIO *out)
+       {
+       int ret = 1;
+       HCRYPTPROV hprov;
+       DWORD err, idx, flags, buflen = 0, clen;
+       LPSTR cname;
+       CAPI_trace(ctx, "Listing containers CSP=%s, type = %d\n", ctx->cspname, ctx->csptype);
+       if (!CryptAcquireContext(&hprov, NULL, ctx->cspname, ctx->csptype, CRYPT_VERIFYCONTEXT))
+               {
+               CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+               capi_addlasterror();
+               return 0;
+               }
+       if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, NULL, &buflen, CRYPT_FIRST))
+               {
+               CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
+               capi_addlasterror();
+               return 0;
+               }
+       CAPI_trace(ctx, "Got max container len %d\n", buflen);
+       if (buflen == 0)
+               buflen = 1024;
+       cname = OPENSSL_malloc(buflen);
+       if (!cname)
+               {
+               CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE);
+               goto err;
+               }
+
+       for (idx = 0;;idx++)
+               {
+               clen = buflen;
+               cname[0] = 0;
+
+               if (idx == 0)
+                       flags = CRYPT_FIRST;
+               else
+                       flags = 0;
+               if(!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, cname, &clen, flags))
+                       {
+                       err = GetLastError();
+                       if (err == ERROR_NO_MORE_ITEMS)
+                               goto done;
+                       CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
+                       capi_adderror(err);
+                       goto err;
+                       }
+               CAPI_trace(ctx, "Container name %s, len=%d, index=%d, flags=%d\n", cname, clen, idx, flags);
+               if (!cname[0] && (clen == buflen))
+                       {
+                       CAPI_trace(ctx, "Enumerate bug: using workaround\n");
+                       goto done;
+                       }
+               BIO_printf(out, "%d. %s\n", idx, cname);
+               }
+       err:
+
+       ret = 0;
+
+       done:
+       if (cname)
+               OPENSSL_free(cname);
+       CryptReleaseContext(hprov, 0);
+
+       return ret;
+       }
+
+CRYPT_KEY_PROV_INFO *capi_get_prov_info(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
+       {
+       DWORD len;
+       CRYPT_KEY_PROV_INFO *pinfo;
+       
+       if(!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, NULL, &len))
+               return NULL;
+       pinfo = OPENSSL_malloc(len);
+       if (!pinfo)
+               {
+               CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, ERR_R_MALLOC_FAILURE);
+               return NULL;
+               }
+       if(!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, pinfo, &len))
+               {
+               CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO);
+               capi_addlasterror();
+               OPENSSL_free(pinfo);
+               return NULL;
+               }
+       return pinfo;
+       }
+
+static void capi_dump_prov_info(CAPI_CTX *ctx, BIO *out, CRYPT_KEY_PROV_INFO *pinfo)
+       {
+       char *provname = NULL, *contname = NULL;
+       if (!pinfo)
+               {
+               BIO_printf(out, "  No Private Key\n");
+               return;
+               }
+       provname = wide_to_asc(pinfo->pwszProvName);
+       contname = wide_to_asc(pinfo->pwszContainerName);
+       if (!provname || !contname)
+               goto err;
+
+       BIO_printf(out, "  Private Key Info:\n");
+       BIO_printf(out, "    Provider Name:  %s, Provider Type %d\n", provname, pinfo->dwProvType);
+       BIO_printf(out, "    Container Name: %s, Key Type %d\n", contname, pinfo->dwKeySpec);
+       err:
+       if (provname)
+               OPENSSL_free(provname);
+       if (contname)
+               OPENSSL_free(contname);
+       }
+
+char * capi_cert_get_fname(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
+       {
+       LPWSTR wfname;
+       DWORD dlen;
+
+       CAPI_trace(ctx, "capi_cert_get_fname\n");
+       if (!CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, NULL, &dlen))
+               return NULL;
+       wfname = OPENSSL_malloc(dlen);
+       if (CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, wfname, &dlen))
+               {
+               char *fname = wide_to_asc(wfname);
+               OPENSSL_free(wfname);
+               return fname;
+               }
+       CAPIerr(CAPI_F_CAPI_CERT_GET_FNAME, CAPI_R_ERROR_GETTING_FRIENDLY_NAME);
+       capi_addlasterror();
+
+       OPENSSL_free(wfname);
+       return NULL;
+       }
+
+
+void capi_dump_cert(CAPI_CTX *ctx, BIO *out, PCCERT_CONTEXT cert)
+       {
+       X509 *x;
+       unsigned char *p;
+       unsigned long flags = ctx->dump_flags;
+       if (flags & CAPI_DMP_FNAME)
+               {
+               char *fname;
+               fname = capi_cert_get_fname(ctx, cert);
+               if (fname)
+                       {
+                       BIO_printf(out, "  Friendly Name \"%s\"\n", fname);
+                       OPENSSL_free(fname);
+                       }
+               else
+                       BIO_printf(out, "  <No Friendly Name>\n");
+               }
+
+       p = cert->pbCertEncoded;
+       x = d2i_X509(NULL, &p, cert->cbCertEncoded);
+       if (!x)
+               BIO_printf(out, "  <Can't parse certificate>\n");
+       if (flags & CAPI_DMP_SUMMARY)
+               {
+               BIO_printf(out, "  Subject: ");
+               X509_NAME_print_ex(out, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
+               BIO_printf(out, "\n  Issuer: ");
+               X509_NAME_print_ex(out, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE);
+               BIO_printf(out, "\n");
+               }
+       if (flags & CAPI_DMP_FULL)
+               X509_print_ex(out, x, XN_FLAG_ONELINE,0);
+
+       if (flags & CAPI_DMP_PKEYINFO)
+               {
+               CRYPT_KEY_PROV_INFO *pinfo;
+               pinfo = capi_get_prov_info(ctx, cert);
+               capi_dump_prov_info(ctx, out, pinfo);
+               if (pinfo)
+                       OPENSSL_free(pinfo);
+               }
+
+       if (flags & CAPI_DMP_PEM)
+               PEM_write_bio_X509(out, x);
+       X509_free(x);
+       }
+
+HCERTSTORE capi_open_store(CAPI_CTX *ctx, char *storename)
+       {
+       HCERTSTORE hstore;
+
+       if (!storename)
+               storename = ctx->storename;
+       if (!storename)
+               storename = "MY";
+       CAPI_trace(ctx, "Opening certificate store %s\n", storename);
+
+       hstore = CertOpenSystemStore(0, storename);
+       if (!hstore)
+               {
+               CAPIerr(CAPI_F_CAPI_OPEN_STORE, CAPI_R_ERROR_OPENING_STORE);
+               capi_addlasterror();
+               }
+       return hstore;
+       }
+
+int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *id)
+       {
+       char *storename;
+       int idx;
+       int ret = 1;
+       HCERTSTORE hstore;
+       PCCERT_CONTEXT cert = NULL;
+
+       storename = ctx->storename;
+       if (!storename)
+               storename = "MY";
+       CAPI_trace(ctx, "Listing certs for store %s\n", storename);
+
+       hstore = capi_open_store(ctx, storename);
+       if (!hstore)
+               return 0;
+       if (id)
+               {
+               cert = capi_find_cert(ctx, id, hstore);
+               if (!cert)
+                       {
+                       ret = 0;
+                       goto err;
+                       }
+               capi_dump_cert(ctx, out, cert);
+               CertFreeCertificateContext(cert);
+               }
+       else
+               {
+               for(idx = 0;;idx++)
+                       {
+                       LPWSTR fname = NULL;
+                       cert = CertEnumCertificatesInStore(hstore, cert);
+                       if (!cert)
+                               break;
+                       BIO_printf(out, "Certificate %d\n", idx);
+                       capi_dump_cert(ctx, out, cert);
+                       }
+               }
+       err:
+       CertCloseStore(hstore, 0);
+       return ret;
+       }
+
+static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE hstore)
+       {
+       PCCERT_CONTEXT cert = NULL;
+       char *fname = NULL;
+       int match;
+       switch(ctx->lookup_method)
+               {
+               case CAPI_LU_SUBSTR:
+                       return CertFindCertificateInStore(hstore,
+                                       X509_ASN_ENCODING, 0,
+                                       CERT_FIND_SUBJECT_STR_A, id, NULL);
+               case CAPI_LU_FNAME:
+                       for(;;)
+                               {
+                               cert = CertEnumCertificatesInStore(hstore, cert);
+                               if (!cert)
+                                       return NULL;
+                               fname = capi_cert_get_fname(ctx, cert);
+                               if (fname)
+                                       {
+                                       if (strcmp(fname, id))
+                                               match = 0;
+                                       else
+                                               match = 1;
+                                       OPENSSL_free(fname);
+                                       if (match)
+                                               return cert;
+                                       }
+                               }
+               default:
+                       return NULL;
+               }
+       }
+
+static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provname, DWORD ptype, DWORD keyspec)
+       {
+       CAPI_KEY *key;
+       key = OPENSSL_malloc(sizeof(CAPI_KEY));
+       CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n", 
+                                               contname, provname, ptype);
+       if (!CryptAcquireContext(&key->hprov, contname, provname, ptype, 0))
+               {
+               CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+               capi_addlasterror();
+               goto err;
+               }
+       if (!CryptGetUserKey(key->hprov, keyspec, &key->key))
+               {
+               CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_GETUSERKEY_ERROR);
+               capi_addlasterror();
+               CryptReleaseContext(key->hprov, 0);
+               goto err;
+               }
+       key->keyspec = keyspec;
+       key->pcert = NULL;
+       return key;
+
+       err:
+       OPENSSL_free(key);
+       return NULL;
+       }
+
+static CAPI_KEY *capi_get_cert_key(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
+       {
+       CAPI_KEY *key;
+       CRYPT_KEY_PROV_INFO *pinfo = NULL;
+       char *provname = NULL, *contname = NULL;
+       pinfo = capi_get_prov_info(ctx, cert);
+       if (!pinfo)
+               goto err;
+       provname = wide_to_asc(pinfo->pwszProvName);
+       contname = wide_to_asc(pinfo->pwszContainerName);
+       if (!provname || !contname)
+               return 0;
+
+       key = capi_get_key(ctx, contname, provname,
+                               pinfo->dwProvType, pinfo->dwKeySpec);
+
+       err:
+       if (pinfo)
+               OPENSSL_free(pinfo);
+       if (provname)
+               OPENSSL_free(provname);
+       if (contname)
+               OPENSSL_free(contname);
+       return key;
+       }
+
+CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id)
+       {
+       PCCERT_CONTEXT cert;
+       HCERTSTORE hstore;
+       CAPI_KEY *key = NULL;
+       switch (ctx->lookup_method)
+               {
+               case CAPI_LU_SUBSTR:
+               case CAPI_LU_FNAME:
+               hstore = capi_open_store(ctx, NULL);
+               if (!hstore)
+                       return NULL;
+               cert = capi_find_cert(ctx, id, hstore);
+               if (cert)
+                       {
+                       key = capi_get_cert_key(ctx, cert);
+                       CertFreeCertificateContext(cert);
+                       }
+               CertCloseStore(hstore, 0);
+               break;
+
+               case CAPI_LU_CONTNAME:
+               key = capi_get_key(ctx, id, ctx->cspname, ctx->csptype,
+                                                       ctx->keytype);
+               break;
+               }
+
+       return key;
+       }
+
+void capi_free_key(CAPI_KEY *key)
+       {
+       if (!key)
+               return;
+       CryptDestroyKey(key->key);
+       CryptReleaseContext(key->hprov, 0);
+       if (key->pcert)
+               CertFreeCertificateContext(key->pcert);
+       OPENSSL_free(key);
+       }
+
+
+/* Initialize a CAPI_CTX structure */
+
+static CAPI_CTX *capi_ctx_new()
+       {
+       CAPI_CTX *ctx;
+       ctx = OPENSSL_malloc(sizeof(CAPI_CTX));
+       if (!ctx)
+               {
+               CAPIerr(CAPI_F_CAPI_CTX_NEW, ERR_R_MALLOC_FAILURE);
+               return NULL;
+               }
+       ctx->cspname = NULL;
+       ctx->csptype = PROV_RSA_FULL;
+       ctx->dump_flags = CAPI_DMP_SUMMARY|CAPI_DMP_FNAME;
+       ctx->keytype = AT_KEYEXCHANGE;
+       ctx->storename = NULL;
+       ctx->ssl_client_store = NULL;
+       ctx->lookup_method = CAPI_LU_SUBSTR;
+       ctx->debug_level = 0;
+       ctx->debug_file = NULL;
+       ctx->client_cert_select = cert_select_simple;
+       return ctx;
+       }
+
+static void capi_ctx_free(CAPI_CTX *ctx)
+       {
+       CAPI_trace(ctx, "Calling capi_ctx_free with %lx\n", ctx);
+       if (!ctx)
+               return;
+       if (ctx->cspname)
+               OPENSSL_free(ctx->cspname);
+       if (ctx->debug_file)
+               OPENSSL_free(ctx->debug_file);
+       if (ctx->storename)
+               OPENSSL_free(ctx->storename);
+       if (ctx->ssl_client_store)
+               OPENSSL_free(ctx->ssl_client_store);
+       OPENSSL_free(ctx);
+       }
+
+static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int check)
+       {
+       CAPI_trace(ctx, "capi_ctx_set_provname, name=%s, type=%d\n", pname, type);
+       if (check)
+               {
+               HCRYPTPROV hprov;
+               if (!CryptAcquireContext(&hprov, NULL, pname, type,
+                                               CRYPT_VERIFYCONTEXT))
+                       {
+                       CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+                       capi_addlasterror();
+                       return 0;
+                       }
+               CryptReleaseContext(hprov, 0);
+               }
+       ctx->cspname = BUF_strdup(pname);
+       ctx->csptype = type;
+       return 1;
+       }
+
+static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx)
+       {
+       LPSTR pname;
+       DWORD type;
+       if (capi_get_provname(ctx, &pname, &type, idx) != 1)
+               return 0;
+       return capi_ctx_set_provname(ctx, pname, type, 0);
+       }
+
+static int cert_issuer_match(STACK_OF(X509_NAME) *ca_dn, X509 *x)
+       {
+       int i;
+       X509_NAME *nm;
+       /* Special case: empty list: match anything */
+       if (sk_X509_NAME_num(ca_dn) <= 0)
+               return 1;
+       for (i = 0; i < sk_X509_NAME_num(ca_dn); i++)
+               {
+               nm = sk_X509_NAME_value(ca_dn, i);
+               if (!X509_NAME_cmp(nm, X509_get_issuer_name(x)))
+                               return 1;
+               }
+       return 0;
+       }
+
+
+
+static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
+       STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
+       STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data)
+       {
+       STACK_OF(X509) *certs = NULL;
+       X509 *x;
+       char *storename;
+       const char *p;
+       int i, client_cert_idx;
+       HCERTSTORE hstore;
+       PCCERT_CONTEXT cert = NULL, excert = NULL;
+       CAPI_CTX *ctx;
+       CAPI_KEY *key;
+       ctx = ENGINE_get_ex_data(e, capi_idx);
+
+       *pcert = NULL;
+       *pkey = NULL;
+
+       storename = ctx->ssl_client_store;
+       if (!storename)
+               storename = "MY";
+
+       hstore = capi_open_store(ctx, storename);
+       if (!hstore)
+               return 0;
+       /* Enumerate all certificates collect any matches */
+       for(i = 0;;i++)
+               {
+               cert = CertEnumCertificatesInStore(hstore, cert);
+               if (!cert)
+                       break;
+               p = cert->pbCertEncoded;
+               x = d2i_X509(NULL, &p, cert->cbCertEncoded);
+               if (!x)
+                       {
+                       CAPI_trace(ctx, "Can't Parse Certificate %d\n", i);
+                       continue;
+                       }
+               if (cert_issuer_match(ca_dn, x))
+                       {
+                       key = capi_get_cert_key(ctx, cert);
+                       if (!key)
+                               continue;
+                       /* Match found: attach extra data to it so
+                        * we can retrieve the key later.
+                        */
+                       excert = CertDuplicateCertificateContext(cert);
+                       key->pcert = excert;
+                       X509_set_ex_data(x, cert_capi_idx, key);
+
+                       if (!certs)
+                               certs = sk_X509_new_null();
+
+                       sk_X509_push(certs, x);
+                       }
+               else
+                       X509_free(x);
+
+               }
+
+       if (cert)
+               CertFreeCertificateContext(cert);
+       if (hstore)
+               CertCloseStore(hstore, 0);
+
+       if (!certs)
+               return 0;
+
+
+       /* Select the appropriate certificate */
+
+       client_cert_idx = ctx->client_cert_select(e, ssl, certs);
+
+       /* Set the selected certificate and free the rest */
+
+       for(i = 0; i < sk_X509_num(certs); i++)
+               {
+               x = sk_X509_value(certs, i);
+               if (i == client_cert_idx)
+                       *pcert = x;
+               else
+                       {
+                       key = X509_get_ex_data(x, cert_capi_idx);
+                       capi_free_key(key);
+                       X509_free(x);
+                       }
+               }
+
+       sk_X509_free(certs);
+
+       if (!*pcert)
+               return 0;
+
+       /* Setup key for selected certificate */
+
+       key = X509_get_ex_data(*pcert, cert_capi_idx);
+       *pkey = capi_get_pkey(e, key);
+       X509_set_ex_data(*pcert, cert_capi_idx, NULL);
+
+       return 1;
+
+       }
+
+
+/* Simple client cert selection function: always select first */
+
+static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
+       {
+       return 0;
+       }
+
+#ifdef OPENSSL_CAPIENG_DIALOG
+
+/* More complex cert selection function, using standard function
+ * CryptUIDlgSelectCertificateFromStore() to produce a dialog box.
+ */
+
+#include <PrSht.h>
+#include <cryptuiapi.h>
+
+#define dlg_title L"OpenSSL Application SSL Client Certificate Selection"
+#define dlg_prompt L"Select a certificate to use for authentication"
+#define dlg_columns     CRYPTUI_SELECT_LOCATION_COLUMN \
+                       |CRYPTUI_SELECT_INTENDEDUSE_COLUMN
+
+static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
+       {
+       X509 *x;
+       HCERTSTORE dstore;
+       PCCERT_CONTEXT cert;
+       CAPI_CTX *ctx;
+       CAPI_KEY *key;
+       HWND hwnd;
+       int i, idx = -1;
+       if (sk_X509_num(certs) == 1)
+               return 0;
+       ctx = ENGINE_get_ex_data(e, capi_idx);
+       /* Create an in memory store of certificates */
+       dstore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
+                                       CERT_STORE_CREATE_NEW_FLAG, NULL);
+       if (!dstore)
+               {
+               CAPIerr(CAPI_F_CLIENT_CERT_SELECT, CAPI_R_ERROR_CREATING_STORE);
+               capi_addlasterror();
+               goto err;
+               }
+       /* Add all certificates to store */
+       for(i = 0; i < sk_X509_num(certs); i++)
+               {
+               x = sk_X509_value(certs, i);
+               key = X509_get_ex_data(x, cert_capi_idx);
+
+               if (!CertAddCertificateContextToStore(dstore, key->pcert,
+                                               CERT_STORE_ADD_NEW, NULL))
+                       {
+                       CAPIerr(CAPI_F_CLIENT_CERT_SELECT, CAPI_R_ERROR_ADDING_CERT);
+                       capi_addlasterror();
+                       goto err;
+                       }
+
+               }
+       hwnd = GetActiveWindow();
+       if (!hwnd && ctx->getconswindow)
+               hwnd = ctx->getconswindow();
+       /* Call dialog to select one */
+       cert = ctx->certselectdlg(dstore, hwnd, dlg_title, dlg_prompt,
+                                               dlg_columns, 0, NULL);
+
+       /* Find matching cert from list */
+       if (cert)
+               {
+               for(i = 0; i < sk_X509_num(certs); i++)
+                       {
+                       x = sk_X509_value(certs, i);
+                       key = X509_get_ex_data(x, cert_capi_idx);
+                       if (CertCompareCertificate(
+                               X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+                                       cert->pCertInfo,
+                                       key->pcert->pCertInfo))
+                               {
+                               idx = i;
+                               break;
+                               }
+                       }
+               }
+
+       err:
+       if (dstore)
+               CertCloseStore(dstore, 0);
+       return idx;
+
+       }
+#endif
+
+#endif
+#endif
index 482086e3b51a95f81db5217d11acc88229b2d55b..051854950a1d02eb7093d80f9776ca1ea48fadbe 100644 (file)
 #ifndef HEADER_HWCRHK_ERR_H
 #define HEADER_HWCRHK_ERR_H
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
index 9072cbe616e46310438794128626f43807a41b69..69c2a9f874455f3af14fdfde456ca2ff1156153c 100644 (file)
 #ifndef HEADER_CSWIFT_ERR_H
 #define HEADER_CSWIFT_ERR_H
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
index f7126d8621182422109c11d0ebe5711c0f01f784..e62e6fcd072dea81e5b890b908a29626f8ce7f06 100644 (file)
@@ -85,6 +85,8 @@
 #include <openssl/crypto.h>
 #include <openssl/buffer.h>
 #include <openssl/engine.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
 
 #ifndef OPENSSL_NO_HW
 #ifndef OPENSSL_NO_GMP
@@ -251,27 +253,61 @@ static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
        return to_return;
        }
 
-/* HACK - use text I/O functions in openssl and GMP to handle conversions. This
- * is vile. */
+
+/* Most often limb sizes will be the same. If not, we use hex conversion
+ * which is neat, but extremely inefficient. */
 static int bn2gmp(const BIGNUM *bn, mpz_t g)
        {
-       int toret;
-       char *tmpchar = BN_bn2hex(bn);
-       if(!tmpchar) return 0;
-       toret = (mpz_set_str(g, tmpchar, 16) == 0 ? 1 : 0);
-       OPENSSL_free(tmpchar);
-       return toret;
+       bn_check_top(bn);
+       if(((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) &&
+                       (BN_BITS2 == GMP_NUMB_BITS)) 
+               {
+               /* The common case */
+               if(!_mpz_realloc (g, bn->top))
+                       return 0;
+               memcpy(&g->_mp_d[0], &bn->d[0], bn->top * sizeof(bn->d[0]));
+               g->_mp_size = bn->top;
+               if(bn->neg)
+                       g->_mp_size = -g->_mp_size;
+               return 1;
+               }
+       else
+               {
+               int toret;
+               char *tmpchar = BN_bn2hex(bn);
+               if(!tmpchar) return 0;
+               toret = (mpz_set_str(g, tmpchar, 16) == 0 ? 1 : 0);
+               OPENSSL_free(tmpchar);
+               return toret;
+               }
        }
 
 static int gmp2bn(mpz_t g, BIGNUM *bn)
        {
-       int toret;
-       char *tmpchar = OPENSSL_malloc(mpz_sizeinbase(g, 16) + 10);
-       if(!tmpchar) return 0;
-       mpz_get_str(tmpchar, 16, g);
-       toret = BN_hex2bn(&bn, tmpchar);
-       OPENSSL_free(tmpchar);
-       return toret;
+       if(((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) &&
+                       (BN_BITS2 == GMP_NUMB_BITS))
+               {
+               /* The common case */
+               int s = (g->_mp_size >= 0) ? g->_mp_size : -g->_mp_size;
+               BN_zero(bn);
+               if(bn_expand2 (bn, s) == NULL)
+                       return 0;
+               bn->top = s;
+               memcpy(&bn->d[0], &g->_mp_d[0], s * sizeof(bn->d[0]));
+               bn_correct_top(bn);
+               bn->neg = g->_mp_size >= 0 ? 0 : 1;
+               return 1;
+               }
+       else
+               {
+               int toret;
+               char *tmpchar = OPENSSL_malloc(mpz_sizeinbase(g, 16) + 10);
+               if(!tmpchar) return 0;
+               mpz_get_str(tmpchar, 16, g);
+               toret = BN_hex2bn(&bn, tmpchar);
+               OPENSSL_free(tmpchar);
+               return toret;
+               }
        }
 
 #ifndef OPENSSL_NO_RSA 
index cf46f0ec742af98e3157af3ae97dd0c99bfe2698..dd05dfd800ce2ae1e0c5fbcfc22a09bd7a3a8414 100644 (file)
 #ifndef HEADER_GMP_ERR_H
 #define HEADER_GMP_ERR_H
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
index a56bfdf30398b3ec9d7b5d8aa94095df81e11795..219babbb457ee8f5d81bc5151668a5407d4d9f55 100644 (file)
 #ifndef HEADER_NURON_ERR_H
 #define HEADER_NURON_ERR_H
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
index 82af229bec7b2616f3ce1533789fad7bce59cf9d..ec8ed0c59bf3b6ad2334f148cceab384d2104cea 100644 (file)
 #ifndef HEADER_SUREWARE_ERR_H
 #define HEADER_SUREWARE_ERR_H
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
index 3229eca5cf3d932de382d21a6bcd1e3ac201921b..b10b2387f28140283205d941bccd42c112a45502 100644 (file)
 #ifndef HEADER_UBSEC_ERR_H
 #define HEADER_UBSEC_ERR_H
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
index a7002e1c1aa87c35346c69ba962915a039e47009..ff7478044a0b63c59645ea07ae64d641fe003069 100644 (file)
 #include <errno.h>
 #include <assert.h>
 #include <ctype.h>
-
 #include <openssl/aes.h>
 #include <openssl/evp.h>
-#include <openssl/fips.h>
+
 #include <openssl/err.h>
 #include "e_os.h"
 
@@ -80,6 +79,7 @@ int main(int argc, char *argv[])
 
 #else
 
+#include <openssl/fips.h>
 #include "fips_utl.h"
 
 #define AES_BLOCK_SIZE 16
index 60edc60d080792eeb8c0161bd28be5ffe3390a39..c0de11bd7b1b39998c5c24bd7f89b1ac58c842ac 100644 (file)
 #include <errno.h>
 #include <assert.h>
 #include <ctype.h>
-
 #include <openssl/des.h>
 #include <openssl/evp.h>
-#include <openssl/fips.h>
+
 #include <openssl/err.h>
 #include "e_os.h"
 
@@ -81,6 +80,7 @@ int main(int argc, char *argv[])
 
 #else
 
+#include <openssl/fips.h>
 #include "fips_utl.h"
 
 #define DES_BLOCK_SIZE 8
index a29d90b5a912eb8e68624f26384150f43ad9c4b2..2729a98f17a368f68a3e704896572fb9bffa3554 100644 (file)
@@ -72,8 +72,6 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
 
 
 #if defined(OPENSSL_NO_DSA) || !defined(OPENSSL_FIPS)
@@ -83,6 +81,8 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
 #include <openssl/dsa.h>
 
 #ifdef OPENSSL_SYS_WIN16
index 2fe800a9cc0ed530b6dff15eaff665ab54ac250e..7dcc34403f397b71f09c865c4963e37dd173f39a 100644 (file)
@@ -47,7 +47,7 @@
  *
  */
 
-#include <openssl/fips.h>
+
 #include <openssl/rand.h>
 #include <openssl/fips_rand.h>
 #include <openssl/err.h>
@@ -60,6 +60,8 @@
 
 #ifdef OPENSSL_FIPS
 
+#include <openssl/fips.h>
+
 #ifndef PATH_MAX
 #define PATH_MAX 1024
 #endif
index 4db9e6e2a77f0fc072f0a6a94b0544accb48ee5a..bf17f03339d42e8d55353d75647dc4a6df98f0a1 100644 (file)
 
 #include <openssl/opensslconf.h>
 
+#ifndef OPENSSL_NO_FIPS
+#error FIPS is disabled.
+#endif
+
 #ifdef OPENSSL_FIPS
 
 #ifdef  __cplusplus
index 055ef182afa16b01d2adb5e4806c46eccb17896f..2d9de5f6a6a9dd363617d16e80bc3a1524b34fea 100644 (file)
@@ -22,7 +22,7 @@
 #include <openssl/dsa.h>
 #include <openssl/hmac.h>
 #include <openssl/err.h>
-#include <openssl/fips.h>
+
 #include <openssl/bn.h>
 #include <openssl/rand.h>
 #include <openssl/sha.h>
@@ -36,6 +36,7 @@ int main(int argc, char *argv[])
     }
 #else
 
+#include <openssl/fips.h>
 #include "fips_utl.h"
 
 /* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
index 59299f4cfa7754e78809dae2263fe1113ab17bf7..d02a38f82652ea2fffa64ce151e9bd5893bfb65a 100644 (file)
@@ -63,7 +63,7 @@
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/err.h>
-#include <openssl/fips.h>
+
 #include <openssl/x509v3.h>
 
 #ifndef OPENSSL_FIPS
@@ -76,6 +76,7 @@ int main(int argc, char *argv[])
 
 #else
 
+#include <openssl/fips.h>
 #include "fips_utl.h"
 
 static int hmac_test(const EVP_MD *md, FILE *out, FILE *in);
index 5e59dc845ac0d50ef578e4b8338d7960dc989690..49c6760d19a76c2a16ba7738c1465160e778743e 100644 (file)
@@ -1095,8 +1095,7 @@ int dtls1_send_client_certificate(SSL *s)
                 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
                 * We then get retied later */
                i=0;
-               if (s->ctx->client_cert_cb != NULL)
-                       i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
+               i = ssl_do_client_cert_cb(s, &x509, &pkey);
                if (i < 0)
                        {
                        s->rwstate=SSL_X509_LOOKUP;
index f41336a4287f7b2e043ce6f4f03b0682e687bc75..6da75e64162995e60e95467b4ccad788e5e5e473 100644 (file)
@@ -68,8 +68,6 @@
 
 #include <openssl/opensslconf.h>
 
-#ifndef OPENSSL_NO_KRB5
-
 #define _XOPEN_SOURCE 500 /* glibc2 needs this to declare strptime() */
 #include <time.h>
 #if 0 /* experimental */
@@ -84,6 +82,8 @@
 #include <openssl/objects.h>
 #include <openssl/krb5_asn.h>
 
+#ifndef OPENSSL_NO_KRB5
+
 #ifndef ENOMEM
 #define ENOMEM KRB5KRB_ERR_GENERIC
 #endif
@@ -2196,7 +2196,7 @@ krb5_error_code  kssl_build_principal_2(
 #else /* !OPENSSL_NO_KRB5 */
 
 #if defined(PEDANTIC) || defined(OPENSSL_SYS_VMS)
-static int dummy=(int)&dummy;
+static void *dummy=&dummy;
 #endif
 
 #endif /* !OPENSSL_NO_KRB5     */
index a04d60f90c84aa322068f8371a4900a006c71d1e..d583ebcc802d8a50115ae36aba225eb74ce2a28c 100644 (file)
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
+#ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#endif
+
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
 #include <openssl/bn.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
 
 static SSL_METHOD *ssl3_get_client_method(int ver);
 static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
@@ -2064,6 +2070,13 @@ int ssl3_send_client_key_exchange(SSL *s)
                        {
                        DH *dh_srvr,*dh_clnt;
 
+                       if (s->session->sess_cert == NULL) 
+                               {
+                               ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+                               SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+                               goto err;
+                               }
+
                        if (s->session->sess_cert->peer_dh_tmp != NULL)
                                dh_srvr=s->session->sess_cert->peer_dh_tmp;
                        else
@@ -2444,8 +2457,7 @@ int ssl3_send_client_certificate(SSL *s)
                 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
                 * We then get retied later */
                i=0;
-               if (s->ctx->client_cert_cb != NULL)
-                       i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
+               i = ssl_do_client_cert_cb(s, &x509, &pkey);
                if (i < 0)
                        {
                        s->rwstate=SSL_X509_LOOKUP;
@@ -2689,7 +2701,11 @@ static int ssl3_check_finished(SSL *s)
        {
        int ok;
        long n;
-       if (!s->session->tlsext_tick)
+       /* If we have no ticket or session ID is non-zero length (a match of
+        * a non-zero session length would never reach here) it cannot be a
+        * resumed session.
+        */
+       if (!s->session->tlsext_tick || s->session->session_id_length)
                return 1;
        /* this function is called when we really expect a Certificate
         * message, so permit appropriate message length */
@@ -2708,3 +2724,21 @@ static int ssl3_check_finished(SSL *s)
        return 1;
        }
 #endif
+
+int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
+       {
+       int i = 0;
+#ifndef OPENSSL_NO_ENGINE
+       if (s->ctx->client_cert_engine)
+               {
+               i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
+                                               SSL_get_client_CA_list(s),
+                                               px509, ppkey, NULL, NULL, NULL);
+               if (i != 0)
+                       return i;
+               }
+#endif
+       if (s->ctx->client_cert_cb)
+               i = s->ctx->client_cert_cb(s,px509,ppkey);
+       return i;
+       }
index cbb7b9745ae4615888c6514d2b80595889654595..8916a0b1b3c718b7fd9fd4be273ff3630c070f71 100644 (file)
@@ -2255,6 +2255,13 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
                ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
                break;
 
+       case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
+               ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char  *,
+                                               unsigned char *,
+                                               EVP_CIPHER_CTX *,
+                                               HMAC_CTX *, int))fp;
+               break;
+
 #endif
        default:
                return(0);
index 827a8c567392cb675fd01b22fb4ecb39a8683dcb..d5d3c4ad5883fcd3708a3f3ef4a5e196550c7ad6 100644 (file)
@@ -290,9 +290,18 @@ int ssl3_accept(SSL *s)
                case SSL3_ST_SW_SRVR_HELLO_B:
                        ret=ssl3_send_server_hello(s);
                        if (ret <= 0) goto end;
-
+#ifndef OPENSSL_NO_TLSEXT
                        if (s->hit)
-                               s->state=SSL3_ST_SW_CHANGE_A;
+                               {
+                               if (s->tlsext_ticket_expected)
+                                       s->state=SSL3_ST_SW_SESSION_TICKET_A;
+                               else
+                                       s->state=SSL3_ST_SW_CHANGE_A;
+                               }
+#else
+                       if (s->hit)
+                                       s->state=SSL3_ST_SW_CHANGE_A;
+#endif
                        else
                                s->state=SSL3_ST_SW_CERT_A;
                        s->init_num=0;
@@ -1115,8 +1124,16 @@ int ssl3_send_server_hello(SSL *s)
                 * session-id if we want it to be single use.
                 * Currently I will not implement the '0' length session-id
                 * 12-Jan-98 - I'll now support the '0' length stuff.
+                *
+                * We also have an additional case where stateless session
+                * resumption is successful: we always send back the old
+                * session id. In this case s->hit is non zero: this can
+                * only happen if stateless session resumption is succesful
+                * if session caching is disabled so existing functionality
+                * is unaffected.
                 */
-               if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
+               if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
+                       && !s->hit)
                        s->session->session_id_length=0;
 
                sl=s->session->session_id_length;
@@ -2688,6 +2705,8 @@ int ssl3_send_newsession_ticket(SSL *s)
                unsigned int hlen;
                EVP_CIPHER_CTX ctx;
                HMAC_CTX hctx;
+               unsigned char iv[EVP_MAX_IV_LENGTH];
+               unsigned char key_name[16];
 
                /* get session encoding length */
                slen = i2d_SSL_SESSION(s->session, NULL);
@@ -2718,29 +2737,47 @@ int ssl3_send_newsession_ticket(SSL *s)
                *(p++)=SSL3_MT_NEWSESSION_TICKET;
                /* Skip message length for now */
                p += 3;
+               EVP_CIPHER_CTX_init(&ctx);
+               HMAC_CTX_init(&hctx);
+               /* Initialize HMAC and cipher contexts. If callback present
+                * it does all the work otherwise use generated values
+                * from parent ctx.
+                */
+               if (s->ctx->tlsext_ticket_key_cb)
+                       {
+                       if (s->ctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
+                                                        &hctx, 1) < 0)
+                               {
+                               OPENSSL_free(senc);
+                               return -1;
+                               }
+                       }
+               else
+                       {
+                       RAND_pseudo_bytes(iv, 16);
+                       EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
+                                       s->ctx->tlsext_tick_aes_key, iv);
+                       HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
+                                       tlsext_tick_md(), NULL);
+                       memcpy(key_name, s->ctx->tlsext_tick_key_name, 16);
+                       }
                l2n(s->session->tlsext_tick_lifetime_hint, p);
                /* Skip ticket length for now */
                p += 2;
                /* Output key name */
                macstart = p;
-               memcpy(p, s->ctx->tlsext_tick_key_name, 16);
+               memcpy(p, key_name, 16);
                p += 16;
-               /* Generate and output IV */
-               RAND_pseudo_bytes(p, 16);
-               EVP_CIPHER_CTX_init(&ctx);
+               /* output IV */
+               memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
+               p += EVP_CIPHER_CTX_iv_length(&ctx);
                /* Encrypt session data */
-               EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
-                                       s->ctx->tlsext_tick_aes_key, p);
-               p += 16;
                EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
                p += len;
                EVP_EncryptFinal(&ctx, p, &len);
                p += len;
                EVP_CIPHER_CTX_cleanup(&ctx);
 
-               HMAC_CTX_init(&hctx);
-               HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
-                               tlsext_tick_md(), NULL);
                HMAC_Update(&hctx, macstart, p - macstart);
                HMAC_Final(&hctx, p, &hlen);
                HMAC_CTX_cleanup(&hctx);
index 439a16b4bb99e7039f1f0d1ee2bf8d4904f45faf..6360521fd58eada4f940879e82cc7ccbc9ee9a23 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
 #include <openssl/buffer.h>
 #endif
 #include <openssl/pem.h>
+#include <openssl/hmac.h>
 
 #include <openssl/kssl.h>
 #include <openssl/safestack.h>
@@ -361,9 +362,6 @@ typedef struct ssl_cipher_st
 
 DECLARE_STACK_OF(SSL_CIPHER)
 
-typedef struct ssl_st SSL;
-typedef struct ssl_ctx_st SSL_CTX;
-
 /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
 typedef struct ssl_method_st
        {
@@ -760,6 +758,12 @@ struct ssl_ctx_st
 
        int quiet_shutdown;
 
+#ifndef OPENSSL_ENGINE
+       /* Engine to pass requests for client certs to
+        */
+       ENGINE *client_cert_engine;
+#endif
+
 #ifndef OPENSSL_NO_TLSEXT
        /* TLS extensions servername callback */
        int (*tlsext_servername_callback)(SSL*, int *, void *);
@@ -768,7 +772,12 @@ struct ssl_ctx_st
        unsigned char tlsext_tick_key_name[16];
        unsigned char tlsext_tick_hmac_key[16];
        unsigned char tlsext_tick_aes_key[16];
-  
+       /* Callback to support customisation of ticket key setting */
+       int (*tlsext_ticket_key_cb)(SSL *ssl,
+                                       unsigned char *name, unsigned char *iv,
+                                       EVP_CIPHER_CTX *ectx,
+                                       HMAC_CTX *hctx, int enc);
+
        /* certificate status request info */
        /* Callback for status request */
        int (*tlsext_status_cb)(SSL *ssl, void *arg);
@@ -824,6 +833,9 @@ void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,
 void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
 void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
 int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+#ifndef OPENSSL_NO_ENGINE
+int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
+#endif
 void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
 void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
 
@@ -1253,6 +1265,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS     69
 #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP       70
 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP       71
+
+#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB      72
 #endif
 
 #define SSL_session_reused(ssl) \
@@ -1748,6 +1762,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                         168
 #define SSL_F_SSL_CTX_NEW                               169
 #define SSL_F_SSL_CTX_SET_CIPHER_LIST                   269
+#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE            278
 #define SSL_F_SSL_CTX_SET_PURPOSE                       226
 #define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT            219
 #define SSL_F_SSL_CTX_SET_SSL_VERSION                   170
@@ -1928,6 +1943,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_NO_CIPHERS_SPECIFIED                      183
 #define SSL_R_NO_CIPHER_LIST                            184
 #define SSL_R_NO_CIPHER_MATCH                           185
+#define SSL_R_NO_CLIENT_CERT_METHOD                     317
 #define SSL_R_NO_CLIENT_CERT_RECEIVED                   186
 #define SSL_R_NO_COMPRESSION_SPECIFIED                  187
 #define SSL_R_NO_METHOD_SPECIFIED                       188
index 50779c16325b9ce64be20441371b44963825111b..2937ca58337fcf8ebcd188a01eea9d4f068a1825 100644 (file)
@@ -191,6 +191,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY),    "SSL_CTX_check_private_key"},
 {ERR_FUNC(SSL_F_SSL_CTX_NEW),  "SSL_CTX_new"},
 {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST),      "SSL_CTX_set_cipher_list"},
+{ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE),       "SSL_CTX_set_client_cert_engine"},
 {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE),  "SSL_CTX_set_purpose"},
 {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT),       "SSL_CTX_set_session_id_context"},
 {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION),      "SSL_CTX_set_ssl_version"},
@@ -374,6 +375,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED)  ,"no ciphers specified"},
 {ERR_REASON(SSL_R_NO_CIPHER_LIST)        ,"no cipher list"},
 {ERR_REASON(SSL_R_NO_CIPHER_MATCH)       ,"no cipher match"},
+{ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) ,"no client cert method"},
 {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"},
 {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
 {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED)   ,"no method specified"},
index 3715224531dcf7037784ebc99a81c1262b064b26..68eee77e6f01b25f1b3ce80d02b9c5e614e22990 100644 (file)
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
 
 const char *SSL_version_str=OPENSSL_VERSION_TEXT;
 
@@ -1519,6 +1522,27 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
        ret->tlsext_status_cb = 0;
        ret->tlsext_status_arg = NULL;
 
+#endif
+
+#ifndef OPENSSL_NO_ENGINE
+       ret->client_cert_engine = NULL;
+#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
+#define eng_strx(x)    #x
+#define eng_str(x)     eng_strx(x)
+       /* Use specific client engine automatically... ignore errors */
+       {
+       ENGINE *eng;
+       eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
+       if (!eng)
+               {
+               ERR_clear_error();
+               ENGINE_load_builtin_engines();
+               eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
+               }
+       if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
+               ERR_clear_error();
+       }
+#endif
 #endif
 
        return(ret);
@@ -1590,6 +1614,10 @@ void SSL_CTX_free(SSL_CTX *a)
                sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
 #else
        a->comp_methods = NULL;
+#endif
+#ifndef OPENSSL_NO_ENGINE
+       if (a->client_cert_engine)
+               ENGINE_finish(a->client_cert_engine);
 #endif
        OPENSSL_free(a);
        }
index f66fd7df9405b4ef87133111bb91ddd65ef30b1e..6cfccce9fa4b4f288e250c20e3ebb7e67b071f5f 100644 (file)
@@ -875,6 +875,7 @@ int ssl3_get_new_session_ticket(SSL *s);
 int ssl3_get_cert_status(SSL *s);
 int ssl3_get_server_done(SSL *s);
 int ssl3_send_client_verify(SSL *s);
+int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
 int ssl3_send_client_certificate(SSL *s);
 int ssl3_send_client_key_exchange(SSL *s);
 int ssl3_get_key_exchange(SSL *s);
index fc42dfa1ec6643fe0e73a1440b8b92c994c84bc0..27113eba5088cfb196a56dca250c2ed7f12572fc 100644 (file)
@@ -708,6 +708,8 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
        int ret=0;
        X509 *x=NULL;
 
+       ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
+
        in=BIO_new(BIO_s_file_internal());
        if (in == NULL)
                {
index ee88be2b88ac98df1466b129f4299f2457e884f3..8391d62212ad2f2045660922fd94b76e6dc7a493 100644 (file)
@@ -59,6 +59,9 @@
 #include <stdio.h>
 #include <openssl/lhash.h>
 #include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
 #include "ssl_locl.h"
 
 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
@@ -870,6 +873,25 @@ int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PK
        return ctx->client_cert_cb;
        }
 
+#ifndef OPENSSL_NO_ENGINE
+int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
+       {
+       if (!ENGINE_init(e))
+               {
+               SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB);
+               return 0;
+               }
+       if(!ENGINE_get_ssl_client_cert_function(e))
+               {
+               SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD);
+               ENGINE_finish(e);
+               return 0;
+               }
+       ctx->client_cert_engine = e;
+       return 1;
+       }
+#endif
+
 void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
        int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len))
        {
index b16d25308105f6bf8acc0271c3b8c26ae8320ce3..73b02509d448b3b138d73236f1c058ea832b659d 100644 (file)
@@ -127,6 +127,8 @@ case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break;
 case SSL3_ST_CR_KEY_EXCH_B:    str="SSLv3 read server key exchange B"; break;
 case SSL3_ST_CR_CERT_REQ_A:    str="SSLv3 read server certificate request A"; break;
 case SSL3_ST_CR_CERT_REQ_B:    str="SSLv3 read server certificate request B"; break;
+case SSL3_ST_CR_SESSION_TICKET_A: str="SSLv3 read server session ticket A";break;
+case SSL3_ST_CR_SESSION_TICKET_B: str="SSLv3 read server session ticket B";break;
 case SSL3_ST_CR_SRVR_DONE_A:   str="SSLv3 read server done A"; break;
 case SSL3_ST_CR_SRVR_DONE_B:   str="SSLv3 read server done B"; break;
 case SSL3_ST_CW_CERT_A:                str="SSLv3 write client certificate A"; break;
@@ -172,6 +174,8 @@ case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break;
 case SSL3_ST_SW_KEY_EXCH_B:    str="SSLv3 write key exchange B"; break;
 case SSL3_ST_SW_CERT_REQ_A:    str="SSLv3 write certificate request A"; break;
 case SSL3_ST_SW_CERT_REQ_B:    str="SSLv3 write certificate request B"; break;
+case SSL3_ST_SW_SESSION_TICKET_A: str="SSLv3 write session ticket A"; break;
+case SSL3_ST_SW_SESSION_TICKET_B: str="SSLv3 write session ticket B"; break;
 case SSL3_ST_SW_SRVR_DONE_A:   str="SSLv3 write server done A"; break;
 case SSL3_ST_SW_SRVR_DONE_B:   str="SSLv3 write server done B"; break;
 case SSL3_ST_SR_CERT_A:                str="SSLv3 read client certificate A"; break;
index 8ff1734dabab7fb87129016d948f721faafb0c0f..35f04afa4a72dc5ffc152b57adb7371ace33cfe3 100644 (file)
@@ -381,6 +381,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                                                s->session->tlsext_hostname[len]='\0';
                                                if (strlen(s->session->tlsext_hostname) != len) {
                                                        OPENSSL_free(s->session->tlsext_hostname);
+                                                       s->session->tlsext_hostname = NULL;
                                                        *al = TLS1_AD_UNRECOGNIZED_NAME;
                                                        return 0;
                                                }
@@ -788,39 +789,53 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
        SSL_SESSION *sess;
        unsigned char *sdec;
        const unsigned char *p;
-       int slen, mlen;
+       int slen, mlen, renew_ticket = 0;
        unsigned char tick_hmac[EVP_MAX_MD_SIZE];
        HMAC_CTX hctx;
        EVP_CIPHER_CTX ctx;
+       /* Need at least keyname + iv + some encrypted data */
+       if (eticklen < 48)
+               goto tickerr;
+       /* Initialize session ticket encryption and HMAC contexts */
+       HMAC_CTX_init(&hctx);
+       EVP_CIPHER_CTX_init(&ctx);
+       if (s->ctx->tlsext_ticket_key_cb)
+               {
+               unsigned char *nctick = (unsigned char *)etick;
+               int rv = s->ctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
+                                                       &ctx, &hctx, 0);
+               if (rv < 0)
+                       return -1;
+               if (rv == 0)
+                       goto tickerr;
+               if (rv == 2)
+                       renew_ticket = 1;
+               }
+       else
+               {
+               /* Check key name matches */
+               if (memcmp(etick, s->ctx->tlsext_tick_key_name, 16))
+                       goto tickerr;
+               HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
+                                       tlsext_tick_md(), NULL);
+               EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
+                               s->ctx->tlsext_tick_aes_key, etick + 16);
+               }
        /* Attempt to process session ticket, first conduct sanity and
         * integrity checks on ticket.
         */
-       mlen = EVP_MD_size(tlsext_tick_md());
+       mlen = HMAC_size(&hctx);
        eticklen -= mlen;
-       /* Need at least keyname + iv + some encrypted data */
-       if (eticklen < 48)
-               goto tickerr;
-       /* Check key name matches */
-       if (memcmp(etick, s->ctx->tlsext_tick_key_name, 16))
-               goto tickerr;
        /* Check HMAC of encrypted ticket */
-       HMAC_CTX_init(&hctx);
-       HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
-                               tlsext_tick_md(), NULL);
        HMAC_Update(&hctx, etick, eticklen);
        HMAC_Final(&hctx, tick_hmac, NULL);
        HMAC_CTX_cleanup(&hctx);
        if (memcmp(tick_hmac, etick + eticklen, mlen))
                goto tickerr;
-       /* Set p to start of IV */
-       p = etick + 16;
-       EVP_CIPHER_CTX_init(&ctx);
        /* Attempt to decrypt session data */
-       EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
-                                       s->ctx->tlsext_tick_aes_key, p);
        /* Move p after IV to start of encrypted ticket, update length */
-       p += 16;
-       eticklen -= 32;
+       p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
+       eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
        sdec = OPENSSL_malloc(eticklen);
        if (!sdec)
                {
@@ -847,7 +862,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
                        memcpy(sess->session_id, sess_id, sesslen);
                sess->session_id_length = sesslen;
                *psess = sess;
-               s->tlsext_ticket_expected = 0;
+               s->tlsext_ticket_expected = renew_ticket;
                return 1;
                }
        /* If session decrypt failure indicate a cache miss and set state to
index 7c3b6a8a85e64b334ad2c9e9e449589d0c8b578a..2d1d293e1a43c3c9995bc97bb5a109033a344bd9 100644 (file)
@@ -179,6 +179,9 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
 #define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
 SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
 
+#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
+SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
+
 #endif
 
 /* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
index 78a1dd21d03b3a7ef19a95ebee606f237a07444a..3718ea26251fc440938adb09106958bb47ae81f9 100755 (executable)
@@ -54,6 +54,7 @@ $infile="MINFO";
        "FreeBSD","FreeBSD distribution",
        "OS2-EMX", "EMX GCC OS/2",
        "netware-clib", "CodeWarrior for NetWare - CLib - with WinSock Sockets",
+       "netware-clib-bsdsock", "CodeWarrior for NetWare - CLib - with BSD Sockets",
        "netware-libc", "CodeWarrior for NetWare - LibC - with WinSock Sockets",
        "netware-libc-bsdsock", "CodeWarrior for NetWare - LibC - with BSD Sockets",
        "default","cc under unix",
@@ -88,7 +89,7 @@ and [options] can be one of
        no-hw                                   - No hw
        nasm                                    - Use NASM for x86 asm
        nw-nasm                                 - Use NASM x86 asm for NetWare
-       nw-mwasm                                        - Use Metrowerks x86 asm for NetWare
+       nw-mwasm                                - Use Metrowerks x86 asm for NetWare
        gaswin                                  - Use GNU as with Mingw32
        no-socks                                - No socket code
        no-err                                  - No error strings
@@ -186,10 +187,10 @@ elsif ($platform eq "OS2-EMX")
        require 'OS2-EMX.pl';
        }
 elsif (($platform eq "netware-clib") || ($platform eq "netware-libc") ||
-       ($platform eq "netware-libc-bsdsock"))
+       ($platform eq "netware-clib-bsdsock") || ($platform eq "netware-libc-bsdsock"))
        {
        $LIBC=1 if $platform eq "netware-libc" || $platform eq "netware-libc-bsdsock";
-       $BSDSOCK=1 if $platform eq "netware-libc-bsdsock";
+       $BSDSOCK=1 if ($platform eq "netware-libc-bsdsock") || ($platform eq "netware-clib-bsdsock");
        require 'netware.pl';
        }
 else
@@ -231,7 +232,9 @@ $cflags.=" -DOPENSSL_NO_DH"   if $no_dh;
 $cflags.=" -DOPENSSL_NO_SOCK" if $no_sock;
 $cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2;
 $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;
-$cflags.=" -DOPENSSL_NO_TLSEXT"  if $no_tlsext;
+$cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext;
+$cflags.=" -DOPENSSL_NO_CMS" if $no_cms;
+$cflags.=" -DOPENSSL_NO_CAPIENG" if $no_capieng;
 $cflags.=" -DOPENSSL_NO_ERR"  if $no_err;
 $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
 $cflags.=" -DOPENSSL_NO_EC"   if $no_ec;
@@ -1019,6 +1022,7 @@ sub var_add
        return("") if $no_dsa  && $dir =~ /\/dsa/;
        return("") if $no_dh   && $dir =~ /\/dh/;
        return("") if $no_ec   && $dir =~ /\/ec/;
+       return("") if $no_cms  && $dir =~ /\/cms/;
        if ($no_des && $dir =~ /\/des/)
                {
                if ($val =~ /read_pwd/)
@@ -1285,6 +1289,8 @@ sub read_options
                "no-ssl2" => \$no_ssl2,
                "no-ssl3" => \$no_ssl3,
                "no-tlsext" => \$no_tlsext,
+               "no-cms" => \$no_cms,
+               "no-capieng" => \$no_capieng,
                "no-err" => \$no_err,
                "no-sock" => \$no_sock,
                "no-krb5" => \$no_krb5,
index fd42083f1a1c201cfbe4a43e5299e89faa47bd26..26155b887a4fdae82b1963eb6f03ae7fd5d38a2c 100755 (executable)
@@ -79,7 +79,7 @@ my $OS2=0;
 my $safe_stack_def = 0;
 
 my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
-                       "EXPORT_VAR_AS_FUNCTION", "OPENSSL_FIPS" );
+                       "EXPORT_VAR_AS_FUNCTION", "ZLIB", "OPENSSL_FIPS" );
 my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
 my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
                         "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
@@ -98,6 +98,10 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
                         "RFC3779",
                         # TLS extension support
                         "TLSEXT",
+                        # CMS
+                        "CMS",
+                        # CryptoAPI Engine
+                        "CAPIENG",
                         # Deprecated functions
                         "DEPRECATED" );
 
@@ -118,7 +122,7 @@ my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
 my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_camellia;
 my $no_seed;
 my $no_fp_api; my $no_static_engine; my $no_gmp; my $no_deprecated;
-my $no_rfc3779; my $no_tlsext;
+my $no_rfc3779; my $no_tlsext; my $no_cms; my $no_capieng;
 my $fips;
 
 
@@ -143,6 +147,12 @@ foreach (@ARGV, split(/ /, $options))
        $OS2=1 if $_ eq "OS2";
        $fips=1 if /^fips/;
 
+       if ($_ eq "zlib" || $_ eq "zlib-dynamic"
+                        || $_ eq "enable-zlib-dynamic") {
+               $zlib = 1;
+       }
+
        $do_ssl=1 if $_ eq "ssleay";
        if ($_ eq "ssl") {
                $do_ssl=1; 
@@ -198,8 +208,10 @@ foreach (@ARGV, split(/ /, $options))
        elsif (/^no-engine$/)   { $no_engine=1; }
        elsif (/^no-hw$/)       { $no_hw=1; }
        elsif (/^no-gmp$/)      { $no_gmp=1; }
-       elsif (/^no-tlsext$/)   { $no_tlsext=1; }
        elsif (/^no-rfc3779$/)  { $no_rfc3779=1; }
+       elsif (/^no-tlsext$/)   { $no_tlsext=1; }
+       elsif (/^no-cms$/)      { $no_cms=1; }
+       elsif (/^no-capieng$/)  { $no_capieng=1; }
        }
 
 
@@ -295,6 +307,7 @@ $crypto.=" crypto/krb5/krb5_asn.h";
 $crypto.=" crypto/tmdiff.h";
 $crypto.=" crypto/store/store.h";
 $crypto.=" crypto/pqueue/pqueue.h";
+$crypto.=" crypto/cms/cms.h";
 $crypto.=" fips/fips.h fips/rand/fips_rand.h";
 
 my $symhacks="crypto/symhacks.h";
@@ -1084,6 +1097,7 @@ sub is_valid
                        if ($keyword eq "OPENSSL_FIPS" && $fips) {
                                return 1;
                        }
+                       if ($keyword eq "ZLIB" && $zlib) { return 1; }
                        return 0;
                } else {
                        # algorithms
@@ -1126,6 +1140,8 @@ sub is_valid
                        if ($keyword eq "GMP" && $no_gmp) { return 0; }
                        if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
                        if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
+                       if ($keyword eq "CMS" && $no_cms) { return 0; }
+                       if ($keyword eq "CAPIENG" && $no_capieng) { return 0; }
                        if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }
 
                        # Nothing recognise as true