Import of old SSLeay release: SSLeay 0.8.1b

29 files changed, 2541 insertions, 0 deletions

diff --git a/demos/README b/demos/README
new file mode 100644
index 0000000000..769965ab83
--- /dev/null
+++ b/demos/README
@@ -0,0 +1,3 @@
+Some demo programs sent to me by various people
+
+eric
diff --git a/demos/b64.c b/demos/b64.c
new file mode 100644
index 0000000000..5e3d20e321
--- /dev/null
+++ b/demos/b64.c
@@ -0,0 +1,270 @@
+/* demos/b64.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "buffer.h"
+#include "err.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+#include "pem.h"
+
+#undef SIZE
+#undef BSIZE
+#undef PROG
+
+#define SIZE	(512)
+#define BSIZE	(8*1024)
+#define	PROG	enc_main
+
+int main(argc,argv)
+int argc;
+char **argv;
+	{
+	char *strbuf=NULL;
+	unsigned char *buff=NULL,*bufsize=NULL;
+	int bsize=BSIZE,verbose=0;
+	int ret=1,inl;
+	unsigned char key[24],iv[MD5_DIGEST_LENGTH];
+	char *str=NULL;
+	char *hkey=NULL,*hiv=NULL;
+	int enc=1,printkey=0,i,base64=0;
+	int debug=0;
+	EVP_CIPHER *cipher=NULL,*c;
+	char *inf=NULL,*outf=NULL;
+	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
+#define PROG_NAME_SIZE  16
+        char pname[PROG_NAME_SIZE];
+
+
+	apps_startup();
+
+	if (bio_err == NULL)
+		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+	base64=1;
+
+	argc--;
+	argv++;
+	while (argc >= 1)
+		{
+		if	(strcmp(*argv,"-e") == 0)
+			enc=1;
+		if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
+			inf= *(++argv);
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outf= *(++argv);
+			}
+		else if	(strcmp(*argv,"-d") == 0)
+			enc=0;
+		else if	(strcmp(*argv,"-v") == 0)
+			verbose=1;
+		else if	(strcmp(*argv,"-debug") == 0)
+			debug=1;
+		else if (strcmp(*argv,"-bufsize") == 0)
+			{
+			if (--argc < 1) goto bad;
+			bufsize=(unsigned char *)*(++argv);
+			}
+		else
+			{
+			BIO_printf(bio_err,"unknown option '%s'\n",*argv);
+bad:
+			BIO_printf(bio_err,"options are\n");
+			BIO_printf(bio_err,"%-14s input file\n","-in <file>");
+			BIO_printf(bio_err,"%-14s output file\n","-out <file>");
+			BIO_printf(bio_err,"%-14s encode\n","-e");
+			BIO_printf(bio_err,"%-14s decode\n","-d");
+			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
+
+			goto end;
+			}
+		argc--;
+		argv++;
+		}
+
+	if (bufsize != NULL)
+		{
+		int i;
+		unsigned long n;
+
+		for (n=0; *bufsize; bufsize++)
+			{
+			i= *bufsize;
+			if ((i <= '9') && (i >= '0'))
+				n=n*10+i-'0';
+			else if (i == 'k')
+				{
+				n*=1024;
+				bufsize++;
+				break;
+				}
+			}
+		if (*bufsize != '\0')
+			{
+			BIO_printf(bio_err,"invalid 'bufsize' specified.\n");
+			goto end;
+			}
+
+		/* It must be large enough for a base64 encoded line */
+		if (n < 80) n=80;
+
+		bsize=(int)n;
+		if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
+		}
+
+	strbuf=Malloc(SIZE);
+	buff=(unsigned char *)Malloc(EVP_ENCODE_LENGTH(bsize));
+	if ((buff == NULL) || (strbuf == NULL))
+		{
+		BIO_printf(bio_err,"Malloc failure\n");
+		goto end;
+		}
+
+	in=BIO_new(BIO_s_file());
+	out=BIO_new(BIO_s_file());
+	if ((in == NULL) || (out == NULL))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+	if (debug)
+		{
+		BIO_set_callback(in,BIO_debug_callback);
+		BIO_set_callback(out,BIO_debug_callback);
+		BIO_set_callback_arg(in,bio_err);
+		BIO_set_callback_arg(out,bio_err);
+		}
+
+	if (inf == NULL)
+		BIO_set_fp(in,stdin,BIO_NOCLOSE);
+	else
+		{
+		if (BIO_read_filename(in,inf) <= 0)
+			{
+			perror(inf);
+			goto end;
+			}
+		}
+
+	if (outf == NULL)
+		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+	else
+		{
+		if (BIO_write_filename(out,outf) <= 0)
+			{
+			perror(outf);
+			goto end;
+			}
+		}
+
+	rbio=in;
+	wbio=out;
+
+	if (base64)
+		{
+		if ((b64=BIO_new(BIO_f_base64())) == NULL)
+			goto end;
+		if (debug)
+			{
+			BIO_set_callback(b64,BIO_debug_callback);
+			BIO_set_callback_arg(b64,bio_err);
+			}
+		if (enc)
+			wbio=BIO_push(b64,wbio);
+		else
+			rbio=BIO_push(b64,rbio);
+		}
+
+	for (;;)
+		{
+		inl=BIO_read(rbio,(char *)buff,bsize);
+		if (inl <= 0) break;
+		if (BIO_write(wbio,(char *)buff,inl) != inl)
+			{
+			BIO_printf(bio_err,"error writing output file\n");
+			goto end;
+			}
+		}
+	BIO_flush(wbio);
+
+	ret=0;
+	if (verbose)
+		{
+		BIO_printf(bio_err,"bytes read   :%8ld\n",BIO_number_read(in));
+		BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
+		}
+end:
+	if (strbuf != NULL) Free(strbuf);
+	if (buff != NULL) Free(buff);
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free(out);
+	if (benc != NULL) BIO_free(benc);
+	if (b64 != NULL) BIO_free(b64);
+	EXIT(ret);
+	}
+
diff --git a/demos/b64.pl b/demos/b64.pl
new file mode 100644
index 0000000000..8aa5fb464d
--- /dev/null
+++ b/demos/b64.pl
@@ -0,0 +1,20 @@
+#!/usr/local/bin/perl
+
+#
+# Make PEM encoded data have lines of 64 bytes of data
+#
+
+while (<>)
+	{
+	if (/^-----BEGIN/ .. /^-----END/)
+		{
+		if (/^-----BEGIN/) { $first=$_; next; }
+		if (/^-----END/) { $last=$_; next; }
+		$out.=$_;
+		}
+	}
+$out =~ s/\s//g;
+$out =~ s/(.{64})/$1\n/g;
+print "$first$out\n$last\n";
+
+
diff --git a/demos/bio/README b/demos/bio/README
new file mode 100644
index 0000000000..0b24e5b80c
--- /dev/null
+++ b/demos/bio/README
@@ -0,0 +1,3 @@
+This directory contains some simple examples of the use of BIO's
+to simplify socket programming.
+
diff --git a/demos/bio/saccept.c b/demos/bio/saccept.c
new file mode 100644
index 0000000000..81bf353750
--- /dev/null
+++ b/demos/bio/saccept.c
@@ -0,0 +1,107 @@
+/* NOCW */
+/* demos/bio/saccept.c */
+
+/* A minimal program to server an SSL connection.
+ * It uses blocking.
+ * saccept host:port
+ * host is the interface IP to use.  If any interface, use *:port
+ * The default it *:4433
+ *
+ * cc -I../../include saccept.c -L../.. -lssl -lcrypto
+ */
+
+#include <stdio.h>
+#include <signal.h>
+#include "err.h"
+#include "ssl.h"
+
+#define CERT_FILE	"server.pem"
+
+BIO *in=NULL;
+
+void close_up()
+	{
+	if (in != NULL)
+		BIO_free(in);
+	}
+
+int main(argc,argv)
+int argc;
+char *argv[];
+	{
+	char *port=NULL;
+	BIO *ssl_bio,*tmp;
+	SSL_CTX *ctx;
+	SSL *ssl;
+	char buf[512];
+	int ret=1,i;
+
+        if (argc <= 1)
+		port="*:4433";
+	else
+		port=argv[1];
+
+	signal(SIGINT,close_up);
+
+	SSL_load_error_strings();
+
+	/* Add ciphers and message digests */
+	SSLeay_add_ssl_algorithms();
+
+	ctx=SSL_CTX_new(SSLv23_server_method());
+	if (!SSL_CTX_use_certificate_file(ctx,CERT_FILE,SSL_FILETYPE_PEM))
+		goto err;
+	if (!SSL_CTX_use_PrivateKey_file(ctx,CERT_FILE,SSL_FILETYPE_PEM))
+		goto err;
+	if (!SSL_CTX_check_private_key(ctx))
+		goto err;
+
+	/* Setup server side SSL bio */
+	ssl=SSL_new(ctx);
+	ssl_bio=BIO_new_ssl(ctx,0);
+
+	if ((in=BIO_new_accept(port)) == NULL) goto err;
+
+	/* This means that when a new connection is acceptede on 'in',
+	 * The ssl_bio will be 'dupilcated' and have the new socket
+	 * BIO push into it.  Basically it means the SSL BIO will be
+	 * automatically setup */
+	BIO_set_accept_bios(in,ssl_bio);
+
+again:
+	/* The first call will setup the accept socket, and the second
+	 * will get a socket.  In this loop, the first actuall accept
+	 * will occur in the BIO_read() function. */
+
+	if (BIO_do_accept(in) <= 0) goto err;
+
+	for (;;)
+		{
+		i=BIO_read(in,buf,512);
+		if (i == 0)
+			{
+			/* If we have finished, remove the underlying
+			 * BIO stack so the next time we call any function
+			 * for this BIO, it will attempt to do an
+			 * accept */
+			printf("Done\n");
+			tmp=BIO_pop(in);
+			BIO_free_all(tmp);
+			goto again;
+			}
+		if (i < 0) goto err;
+		fwrite(buf,1,i,stdout);
+		fflush(stdout);
+		}
+
+	ret=0;
+err:
+	if (ret)
+		{
+		ERR_print_errors_fp(stderr);
+		}
+	if (in != NULL) BIO_free(in);
+	exit(ret);
+	return(!ret);
+	}
+
diff --git a/demos/bio/sconnect.c b/demos/bio/sconnect.c
new file mode 100644
index 0000000000..8a667f5911
--- /dev/null
+++ b/demos/bio/sconnect.c
@@ -0,0 +1,115 @@
+/* NOCW */
+/* demos/bio/sconnect.c */
+
+/* A minimal program to do SSL to a passed host and port.
+ * It is actually using non-blocking IO but in a very simple manner
+ * sconnect host:port - it does a 'GET / HTTP/1.0'
+ *
+ * cc -I../../include sconnect.c -L../.. -lssl -lcrypto
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "err.h"
+#include "ssl.h"
+
+extern int errno;
+
+int main(argc,argv)
+int argc;
+char *argv[];
+	{
+	char *host;
+	BIO *out;
+	char buf[1024*10],*p;
+	SSL_CTX *ssl_ctx=NULL;
+	SSL *ssl;
+	BIO *ssl_bio;
+	int i,len,off,ret=1;
+
+	if (argc <= 1)
+		host="localhost:4433";
+	else
+		host=argv[1];
+
+	/* Lets get nice error messages */
+	SSL_load_error_strings();
+
+	/* Setup all the global SSL stuff */
+	SSLeay_add_ssl_algorithms();
+	ssl_ctx=SSL_CTX_new(SSLv23_client_method());
+
+	/* Lets make a SSL structure */
+	ssl=SSL_new(ssl_ctx);
+	SSL_set_connect_state(ssl);
+
+	/* Use it inside an SSL BIO */
+	ssl_bio=BIO_new(BIO_f_ssl());
+	BIO_set_ssl(ssl_bio,ssl,BIO_CLOSE);
+
+	/* Lets use a connect BIO under the SSL BIO */
+	out=BIO_new(BIO_s_connect());
+	BIO_set_hostname(out,host);
+	BIO_set_nbio(out,1);
+	out=BIO_push(ssl_bio,out);
+
+	p="GET / HTTP/1.0\r\n\r\n";
+	len=strlen(p);
+
+	off=0;
+	for (;;)
+		{
+		i=BIO_write(out,&(p[off]),len);
+		if (i <= 0)
+			{
+			if (BIO_should_retry(out))
+				{
+				fprintf(stderr,"write DELAY\n");
+				sleep(1);
+				continue;
+				}
+			else
+				{
+				goto err;
+				}
+			}
+		off+=i;
+		len-=i;
+		if (len <= 0) break;
+		}
+
+	for (;;)
+		{
+		i=BIO_read(out,buf,sizeof(buf));
+		if (i == 0) break;
+		if (i < 0)
+			{
+			if (BIO_should_retry(out))
+				{
+				fprintf(stderr,"read DELAY\n");
+				sleep(1);
+				continue;
+				}
+			goto err;
+			}
+		fwrite(buf,1,i,stdout);
+		}
+
+	ret=1;
+
+	if (0)
+		{
+err:
+		if (ERR_peek_error() == 0) /* system call error */
+			{
+			fprintf(stderr,"errno=%d ",errno);
+			perror("error");
+			}
+		else
+			ERR_print_errors_fp(stderr);
+		}
+	BIO_free_all(out);
+	if (ssl_ctx != NULL) SSL_CTX_free(ssl_ctx);
+	exit(!ret);
+	return(ret);
+	}
+
diff --git a/demos/bio/server.pem b/demos/bio/server.pem
new file mode 100644
index 0000000000..5cf1387d65
--- /dev/null
+++ b/demos/bio/server.pem
@@ -0,0 +1,30 @@
+subject=/C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+issuer= /C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+-----BEGIN X509 CERTIFICATE-----
+
+MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
+BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz
+MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
+RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV
+BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3
+LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb
+/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0
+DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn
+IMs6ZOZB
+-----END X509 CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+
+MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe
+Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ
+hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG
+sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw
+tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq
+agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA
+g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI=
+-----END RSA PRIVATE KEY-----
+
+-----BEGIN DH PARAMETERS-----
+MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn
+a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC
+-----END DH PARAMETERS-----
+
diff --git a/demos/maurice/Makefile b/demos/maurice/Makefile
new file mode 100644
index 0000000000..fa67dcca81
--- /dev/null
+++ b/demos/maurice/Makefile
@@ -0,0 +1,23 @@
+CC=cc
+CFLAGS= -g -I../../include
+LIBS= -L/usr/local/ssl/lib -L../.. -lcrypto
+EXAMPLES=example1 example2 example3 example4
+
+all: $(EXAMPLES) 
+
+example1: example1.o loadkeys.o 
+	$(CC) -o example1 example1.o loadkeys.o $(LIBS)
+
+example2: example2.o loadkeys.o
+	$(CC) -o example2 example2.o loadkeys.o $(LIBS)
+
+example3: example3.o 
+	$(CC) -o example3 example3.o $(LIBS)
+
+example4: example4.o
+	$(CC) -o example4 example4.o $(LIBS)
+
+	
+clean:	
+	rm -f $(EXAMPLES) *.o
+
diff --git a/demos/maurice/README b/demos/maurice/README
new file mode 100644
index 0000000000..29778d55cb
--- /dev/null
+++ b/demos/maurice/README
@@ -0,0 +1,34 @@
+From Maurice Gittens <mgittens@gits.nl>
+--
+	Example programs, demonstrating some basic SSLeay crypto library
+	operations, to help you not to make the same mistakes I did. 
+
+	The following files are present.
+	- loadkeys.c 	Demonstrates the loading and of public and 
+			private keys.
+	- loadkeys.h   	The interface for loadkeys.c
+	- example1.c    Demonstrates the sealing and opening API's
+	- example2.c  	Demonstrates rsa encryption and decryption
+	- example3.c    Demonstrates the use of symmetric block ciphers
+	- example4.c	Demonstrates base64 and decoding 		
+	- Makefile	A makefile you probably will have to adjust for
+			your environment
+	- README	this file
+
+
+	The programs were written by Maurice Gittens <mgittens@gits.nl>
+	with the necesary help from Eric Young <eay@cryptsoft.com> 
+	
+	You may do as you please with these programs, but please don't
+	pretend that you wrote them. 
+
+	To be complete: If you use these programs you acknowlegde that
+	you are aware that there is NO warranty of any kind associated
+	with these programs. I don't even claim that the programs work,
+	they are provided AS-IS.
+
+ 	January 1997
+
+	Maurice	
+
+
diff --git a/demos/maurice/cert.pem b/demos/maurice/cert.pem
new file mode 100644
index 0000000000..e31a9ae05f
--- /dev/null
+++ b/demos/maurice/cert.pem
@@ -0,0 +1,77 @@
+issuer :/C=NL/SP=Brabant/L=Eindhoven/O=Gittens Information Systems B.V./OU=Certification Services/CN=ca.gits.nl/Email=mgittens@gits.nl
+subject:/C=NL/SP=Brabant/O=Gittens Information Systems B.V./OU=Certification Services/CN=caleb.gits.nl/Email=mgittens@gits.nl
+serial :01
+
+Certificate:
+    Data:
+        Version: 0 (0x0)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5withRSAEncryption
+        Issuer: C=NL, SP=Brabant, L=Eindhoven, O=Gittens Information Systems B.V., OU=Certification Services, CN=ca.gits.nl/Email=mgittens@gits.nl
+        Validity
+            Not Before: Jan  5 13:21:16 1997 GMT
+            Not After : Jul 24 13:21:16 1997 GMT
+        Subject: C=NL, SP=Brabant, O=Gittens Information Systems B.V., OU=Certification Services, CN=caleb.gits.nl/Email=mgittens@gits.nl
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Modulus:
+                    00:dd:82:a0:fe:a9:8d:6a:02:7e:78:d6:33:75:9b:
+                    82:01:4b:12:80:ea:6b:9b:83:9e:e3:ae:dc:f3:d0:
+                    71:7c:4b:ea:03:57:b4:cc:ba:44:5b:b8:4b:49:d3:
+                    f6:39:cc:3d:12:1f:da:58:26:27:bc:bc:ab:a4:6d:
+                    62:d1:91:5a:47:9f:80:40:c1:b9:fa:e3:1e:ef:52:
+                    78:46:26:43:65:1d:f2:6b:bf:ff:c0:81:66:14:cd:
+                    81:32:91:f1:f8:51:7d:0e:17:1f:27:fc:c7:51:fd:
+                    1c:73:41:e5:66:43:3c:67:a3:09:b9:5e:36:50:50:
+                    b1:e8:42:bd:5c:c6:2b:ec:a9:2c:fe:6a:fe:40:26:
+                    64:9e:b9:bf:2d:1d:fb:d0:48:5b:82:2a:8e:ab:a4:
+                    d5:7b:5f:26:84:8a:9a:69:5e:c1:71:e2:a9:59:4c:
+                    2a:76:f7:fd:f4:cf:3f:d3:ce:30:72:62:65:1c:e9:
+                    e9:ee:d2:fc:44:00:1e:e0:80:57:e9:41:b3:f0:44:
+                    e5:0f:77:3b:1a:1f:57:5e:94:1d:c3:a5:fa:af:41:
+                    8c:4c:30:6b:2b:00:84:52:0c:64:0c:a8:5b:17:16:
+                    d1:1e:f8:ea:72:01:47:9a:b9:21:95:f9:71:ed:7c:
+                    d2:93:54:0c:c5:9c:e8:e5:40:28:c5:a0:ca:b1:a9:
+                    20:f9
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5withRSAEncryption
+        93:08:f9:e0:d4:c5:ca:95:de:4e:38:3b:28:87:e9:d3:b6:ce:
+        4f:69:2e:c9:09:57:2f:fa:e2:50:9f:39:ec:f3:84:e8:3a:8f:
+        9b:c3:06:62:90:49:93:6d:23:7a:2b:3d:7b:f9:46:32:18:d3:
+        87:44:49:f7:29:2f:f3:58:97:70:c3:45:5b:90:52:1c:df:fb:
+        a8:a3:a1:29:53:a3:4c:ed:d2:51:d0:44:98:a4:14:6f:76:9d:
+        0d:03:76:e5:d3:13:21:ce:a3:4d:2a:77:fe:ad:b3:47:6d:42:
+        b9:4a:0e:ff:61:f4:ec:62:b2:3b:00:9c:ac:16:a2:ec:19:c8:
+        c7:3d:d7:7d:97:cd:4d:1a:d2:00:07:4e:40:3d:b9:ba:1e:e2:
+        fe:81:28:57:b9:ad:2b:74:59:b0:9f:8b:a5:98:d3:75:06:67:
+        4a:04:11:b2:ea:1a:8c:e0:d4:be:c8:0c:46:76:7f:5f:5a:7b:
+        72:09:dd:b6:d3:6b:97:70:e8:7e:17:74:1c:f7:3a:5f:e3:fa:
+        c2:f7:95:bd:74:5e:44:4b:9b:bd:27:de:02:7f:87:1f:68:68:
+        60:b9:f4:1d:2b:7b:ce:ef:b1:7f:3a:be:b9:66:60:54:6f:0c:
+        a0:dd:8c:03:a7:f1:9f:f8:0e:8d:bb:c6:ba:77:61:f7:8e:be:
+        28:ba:d8:4f
+
+-----BEGIN CERTIFICATE-----
+MIIDzzCCArcCAQEwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAk5MMRAwDgYD
+VQQIEwdCcmFiYW50MRIwEAYDVQQHEwlFaW5kaG92ZW4xKTAnBgNVBAoTIEdpdHRl
+bnMgSW5mb3JtYXRpb24gU3lzdGVtcyBCLlYuMR8wHQYDVQQLExZDZXJ0aWZpY2F0
+aW9uIFNlcnZpY2VzMRMwEQYDVQQDEwpjYS5naXRzLm5sMR8wHQYJKoZIhvcNAQkB
+FhBtZ2l0dGVuc0BnaXRzLm5sMB4XDTk3MDEwNTEzMjExNloXDTk3MDcyNDEzMjEx
+NlowgaQxCzAJBgNVBAYTAk5MMRAwDgYDVQQIEwdCcmFiYW50MSkwJwYDVQQKEyBH
+aXR0ZW5zIEluZm9ybWF0aW9uIFN5c3RlbXMgQi5WLjEfMB0GA1UECxMWQ2VydGlm
+aWNhdGlvbiBTZXJ2aWNlczEWMBQGA1UEAxMNY2FsZWIuZ2l0cy5ubDEfMB0GCSqG
+SIb3DQEJARYQbWdpdHRlbnNAZ2l0cy5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAN2CoP6pjWoCfnjWM3WbggFLEoDqa5uDnuOu3PPQcXxL6gNXtMy6
+RFu4S0nT9jnMPRIf2lgmJ7y8q6RtYtGRWkefgEDBufrjHu9SeEYmQ2Ud8mu//8CB
+ZhTNgTKR8fhRfQ4XHyf8x1H9HHNB5WZDPGejCbleNlBQsehCvVzGK+ypLP5q/kAm
+ZJ65vy0d+9BIW4Iqjquk1XtfJoSKmmlewXHiqVlMKnb3/fTPP9POMHJiZRzp6e7S
+/EQAHuCAV+lBs/BE5Q93OxofV16UHcOl+q9BjEwwaysAhFIMZAyoWxcW0R746nIB
+R5q5IZX5ce180pNUDMWc6OVAKMWgyrGpIPkCAwEAATANBgkqhkiG9w0BAQQFAAOC
+AQEAkwj54NTFypXeTjg7KIfp07bOT2kuyQlXL/riUJ857POE6DqPm8MGYpBJk20j
+eis9e/lGMhjTh0RJ9ykv81iXcMNFW5BSHN/7qKOhKVOjTO3SUdBEmKQUb3adDQN2
+5dMTIc6jTSp3/q2zR21CuUoO/2H07GKyOwCcrBai7BnIxz3XfZfNTRrSAAdOQD25
+uh7i/oEoV7mtK3RZsJ+LpZjTdQZnSgQRsuoajODUvsgMRnZ/X1p7cgndttNrl3Do
+fhd0HPc6X+P6wveVvXReREubvSfeAn+HH2hoYLn0HSt7zu+xfzq+uWZgVG8MoN2M
+A6fxn/gOjbvGundh946+KLrYTw==
+-----END CERTIFICATE-----
+
diff --git a/demos/maurice/example1.c b/demos/maurice/example1.c
new file mode 100644
index 0000000000..77730d3232
--- /dev/null
+++ b/demos/maurice/example1.c
@@ -0,0 +1,200 @@
+/* NOCW */
+/*
+	Please read the README file for condition of use, before
+	using this software.
+	
+	Maurice Gittens  <mgittens@gits.nl>   January 1997
+*/
+
+#include <unistd.h>
+#include <stdio.h>
+#include <netinet/in.h>
+#include <fcntl.h>
+#include <strings.h>
+#include <stdlib.h>
+
+#include "rsa.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+#include "err.h"
+#include "pem.h"
+#include "ssl.h"
+
+#include "loadkeys.h"
+
+#define PUBFILE   "cert.pem"
+#define PRIVFILE  "privkey.pem"
+
+#define STDIN     0
+#define STDOUT    1 
+
+void main_encrypt(void);
+void main_decrypt(void);
+
+static const char *usage = "Usage: example1 [-d]\n";
+
+int main(int argc, char *argv[])
+{
+
+        ERR_load_crypto_strings();
+
+	if ((argc == 1))	
+	{
+		main_encrypt();
+	}	
+	else if ((argc == 2) && !strcmp(argv[1],"-d"))
+	{
+		main_decrypt();
+	}
+	else
+	{
+		printf("%s",usage);
+		exit(1);
+	}
+
+	return 0;		
+}
+
+void main_encrypt(void)
+{
+	unsigned int ebuflen;
+        EVP_CIPHER_CTX ectx;
+        unsigned char iv[EVP_MAX_IV_LENGTH];
+	unsigned char *ekey[1]; 
+	int readlen;
+	int ekeylen, net_ekeylen; 
+	EVP_PKEY *pubKey[1];
+	char buf[512];
+	char ebuf[512];
+	
+ 	memset(iv, '\0', sizeof(iv));
+
+        pubKey[0] = ReadPublicKey(PUBFILE);
+
+	if(!pubKey)
+	{
+           fprintf(stderr,"Error: can't load public key");
+           exit(1);
+        }      
+
+        ekey[0] = malloc(EVP_PKEY_size(pubKey[0]));  
+        if (!ekey[0])
+	{
+	   EVP_PKEY_free(pubKey[0]); 
+	   perror("malloc");
+	   exit(1);
+	}
+
+	EVP_SealInit(&ectx,
+                   EVP_des_ede3_cbc(),
+		   ekey,
+		   &ekeylen,
+		   iv,
+		   pubKey,
+		   1); 
+
+	net_ekeylen = htonl(ekeylen);	
+	write(STDOUT, (char*)&net_ekeylen, sizeof(net_ekeylen));
+        write(STDOUT, ekey[0], ekeylen);
+        write(STDOUT, iv, sizeof(iv));
+
+	while(1)
+	{
+		readlen = read(STDIN, buf, sizeof(buf));
+
+		if (readlen <= 0)
+		{
+		   if (readlen < 0)
+			perror("read");
+
+		   break;
+		}
+
+		EVP_SealUpdate(&ectx, ebuf, &ebuflen, buf, readlen);
+
+		write(STDOUT, ebuf, ebuflen);
+	}
+
+        EVP_SealFinal(&ectx, ebuf, &ebuflen);
+        
+	write(STDOUT, ebuf, ebuflen);
+
+        EVP_PKEY_free(pubKey[0]);
+	free(ekey[0]);
+}
+
+void main_decrypt(void)
+{
+	char buf[512];
+	char ebuf[512];
+	unsigned int buflen;
+        EVP_CIPHER_CTX ectx;
+        unsigned char iv[8];
+	unsigned char *encryptKey; 
+	unsigned int ekeylen; 
+	EVP_PKEY *privateKey;
+
+	memset(iv, '\0', sizeof(iv));
+
+	privateKey = ReadPrivateKey(PRIVFILE);
+	if (!privateKey)
+	{
+		fprintf(stderr, "Error: can't load private key");
+		exit(1);	
+	}
+
+     	read(STDIN, &ekeylen, sizeof(ekeylen));
+	ekeylen = ntohl(ekeylen);
+
+	if (ekeylen != EVP_PKEY_size(privateKey))
+	{
+        	EVP_PKEY_free(privateKey);
+		fprintf(stderr, "keylength mismatch");
+		exit(1);	
+	}
+
+	encryptKey = malloc(sizeof(char) * ekeylen);
+	if (!encryptKey)
+	{
+        	EVP_PKEY_free(privateKey);
+		perror("malloc");
+		exit(1);
+	}
+
+	read(STDIN, encryptKey, ekeylen);
+	read(STDIN, iv, sizeof(iv));
+
+	EVP_OpenInit(&ectx,
+		   EVP_des_ede3_cbc(), 
+		   encryptKey,
+		   ekeylen,
+		   iv,
+		   privateKey); 	
+
+	while(1)
+	{
+		int readlen = read(STDIN, ebuf, sizeof(ebuf));
+
+		if (readlen <= 0)
+		{
+			if (readlen < 0)
+				perror("read");
+
+			break;
+		}
+
+		EVP_OpenUpdate(&ectx, buf, &buflen, ebuf, readlen);
+
+		write(STDOUT, buf, buflen);
+	}
+
+        EVP_OpenFinal(&ectx, buf, &buflen);
+
+	write(STDOUT, buf, buflen);
+
+        EVP_PKEY_free(privateKey);
+	free(encryptKey);
+}
+
+
diff --git a/demos/maurice/example2.c b/demos/maurice/example2.c
new file mode 100644
index 0000000000..99f7b22440
--- /dev/null
+++ b/