Update yaSSL to version 1.3.0

extra/yassl/README

-yaSSL Release notes, version 1.2.2 (03/27/06)
+yaSSL Release notes, version 1.3.0 (04/26/06)
+
+
+    This release of yaSSL contains minor bug fixes, portability enhancements,
+    and libcurl support.
+
+See normal build instructions below under 1.0.6.
+
+
+--To build for libcurl on Linux, Solaris, *BSD, Mac OS X, or Cygwin:
+
+  To build for libcurl the library needs to be built without C++ globals since
+  the linker will be called in a C context, also libcurl configure will expect
+  OpenSSL library names so some symbolic links are created.
+
+    ./configure --enable-pure-c
+    make
+    make openssl-links
+
+    (then go to your libcurl home and tell libcurl about yaSSL)
+    ./configure --with-ssl=/yaSSL-HomeDir
+    make
+
+
+--To build for libcurl on Win32:
+
+    Simply add the yaSSL project as a dependency to libcurl, add 
+    yaSSL-Home\include and yaSSL-Home\include\openssl to the include list, and
+    define USE_SSLEAY and USE_OPENSSL
+
+    please email todd@yassl.com if you have any questions.
+    
+
+*******************yaSSL Release notes, version 1.2.2 (03/27/06)
 
 
     This release of yaSSL contains minor bug fixes and portability enhancements.

extra/yassl/certs/ca-cert.pem

+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+        Validity
+            Not Before: Jan 18 20:12:32 2005 GMT
+            Not After : Oct 15 20:12:32 2007 GMT
+        Subject: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:cf:2b:14:00:b0:3c:df:6f:9e:91:40:ec:c8:f6:
+                    90:b2:5b:b4:70:80:a5:a4:0a:73:c7:44:f3:2a:26:
+                    c4:2f:f1:3a:f1:c3:c4:ac:fc:c3:d2:c3:bf:f5:d7:
+                    6a:38:42:ad:22:ab:c8:c4:4b:4c:1d:16:af:05:34:
+                    7d:79:97:5e:e1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                CB:0F:1F:E9:A2:76:71:C9:E6:E8:23:A6:C1:18:B7:CC:44:CF:B9:84
+            X509v3 Authority Key Identifier: 
+                keyid:CB:0F:1F:E9:A2:76:71:C9:E6:E8:23:A6:C1:18:B7:CC:44:CF:B9:84
+                DirName:/C=US/ST=Oregon/L=Portland/O=sawtooth/CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+                serial:00
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        27:f7:3d:fb:39:6f:73:a4:86:f3:a0:48:22:60:84:e9:5c:3d:
+        28:36:05:16:44:98:07:87:e1:5d:b5:f3:a7:bc:33:5f:f4:29:
+        a9:5f:87:33:df:e6:8e:bd:e2:f3:0a:c8:00:69:ae:3d:41:47:
+        03:ea:0b:4c:67:45:4b:ab:f3:39
+-----BEGIN CERTIFICATE-----
+MIIC7zCCApmgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBiTELMAkGA1UEBhMCVVMx
+DzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxETAPBgNVBAoTCHNh
+d3Rvb3RoMSQwIgYDVQQDExt3d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAb
+BgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTA1MDExODIwMTIzMloXDTA3
+MTAxNTIwMTIzMlowgYkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24xETAP
+BgNVBAcTCFBvcnRsYW5kMREwDwYDVQQKEwhzYXd0b290aDEkMCIGA1UEAxMbd3d3
+LnNhd3Rvb3RoLWNvbnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlh
+c3NsLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDPKxQAsDzfb56RQOzI9pCy
+W7RwgKWkCnPHRPMqJsQv8Trxw8Ss/MPSw7/112o4Qq0iq8jES0wdFq8FNH15l17h
+AgMBAAGjgekwgeYwHQYDVR0OBBYEFMsPH+midnHJ5ugjpsEYt8xEz7mEMIG2BgNV
+HSMEga4wgauAFMsPH+midnHJ5ugjpsEYt8xEz7mEoYGPpIGMMIGJMQswCQYDVQQG
+EwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDERMA8GA1UE
+ChMIc2F3dG9vdGgxJDAiBgNVBAMTG3d3dy5zYXd0b290aC1jb25zdWx0aW5nLmNv
+bTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb22CAQAwDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQQFAANBACf3Pfs5b3OkhvOgSCJghOlcPSg2BRZEmAeH4V21
+86e8M1/0KalfhzPf5o694vMKyABprj1BRwPqC0xnRUur8zk=
+-----END CERTIFICATE-----

extra/yassl/certs/client-cert.pem

+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, CN=www.yassl.com/emailAddress=info@yassl.com
+        Validity
+            Not Before: Jan 18 19:33:15 2005 GMT
+            Not After : Oct 15 19:33:15 2007 GMT
+        Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, CN=www.yassl.com/emailAddress=info@yassl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:cd:1f:78:47:f8:b8:d6:08:bf:bd:7c:23:61:86:
+                    36:28:ac:ee:3c:a8:9a:94:e6:d5:26:e8:71:50:b2:
+                    26:8b:1c:1e:3f:75:b2:d3:b3:67:95:0c:fd:76:28:
+                    65:d5:ce:12:82:9e:06:00:a2:09:dd:ce:3a:26:dd:
+                    46:2a:a0:45:71
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                AE:25:5E:FA:4D:A3:5B:2B:87:DE:F1:2A:F5:42:C0:FF:CE:B5:B4:AD
+            X509v3 Authority Key Identifier: 
+                keyid:AE:25:5E:FA:4D:A3:5B:2B:87:DE:F1:2A:F5:42:C0:FF:CE:B5:B4:AD
+                DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/CN=www.yassl.com/emailAddress=info@yassl.com
+                serial:00
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        c5:82:26:0c:1f:61:01:14:b0:ce:18:99:64:91:0e:f1:f8:90:
+        3e:a3:0e:be:38:7c:97:ba:05:c9:2a:dc:dd:62:2d:12:61:79:
+        7a:86:b1:97:5d:1e:e8:f7:e8:32:34:f7:8f:b1:08:3d:13:71:
+        a6:3c:15:91:85:12:35:6e:78:87
+-----BEGIN CERTIFICATE-----
+MIICtzCCAmGgAwIBAgIBADANBgkqhkiG9w0BAQQFADB4MQswCQYDVQQGEwJVUzEP
+MA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwGA1UEChMFeWFT
+U0wxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
+eWFzc2wuY29tMB4XDTA1MDExODE5MzMxNVoXDTA3MTAxNTE5MzMxNVoweDELMAkG
+A1UEBhMCVVMxDzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxDjAM
+BgNVBAoTBXlhU1NMMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcN
+AQkBFg5pbmZvQHlhc3NsLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDNH3hH
++LjWCL+9fCNhhjYorO48qJqU5tUm6HFQsiaLHB4/dbLTs2eVDP12KGXVzhKCngYA
+ogndzjom3UYqoEVxAgMBAAGjgdUwgdIwHQYDVR0OBBYEFK4lXvpNo1srh97xKvVC
+wP/OtbStMIGiBgNVHSMEgZowgZeAFK4lXvpNo1srh97xKvVCwP/OtbStoXykejB4
+MQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFu
+ZDEOMAwGA1UEChMFeWFTU0wxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkq
+hkiG9w0BCQEWDmluZm9AeWFzc2wuY29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQEEBQADQQDFgiYMH2EBFLDOGJlkkQ7x+JA+ow6+OHyXugXJKtzdYi0SYXl6
+hrGXXR7o9+gyNPePsQg9E3GmPBWRhRI1bniH
+-----END CERTIFICATE-----

extra/yassl/certs/client-key.pem

+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAM0feEf4uNYIv718I2GGNiis7jyompTm1SbocVCyJoscHj91stOz
+Z5UM/XYoZdXOEoKeBgCiCd3OOibdRiqgRXECAwEAAQJAXwa6OVVvg7Bv63+MAI0l
+n/hlMfLGEj9R9gFvJXwywPSEQhijOZmedpHALufFPNHtwba9dmbqMkBAw9JDaAgg
+QQIhAO+mBaSmoG5AYVKYQZiASe/2wMZjaQSN+zFLyF97OX8ZAiEA2x5iRmXUkbOT
+8Td/vx8R9mq9W5CJu+cN+SWGwTYhPBkCIGZFM6NQeKaUUvQshdHO7b66Twpa4jZP
+YSNoc9pLe/4BAiB+jIvBkKo2A/rbg2waG32qTXdTXKTPiuA9Fnk/OV30cQIhANuA
+uMdo+T+rYcNGJ1hCYKDe9JWBpNfSQ+H/A7sWuW8L
+-----END RSA PRIVATE KEY-----

extra/yassl/certs/dsa-cert.pem

+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: dsaWithSHA1
+        Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL DSA, CN=yaSSL DSA/emailAddress=info@yassl.com
+        Validity
+            Not Before: Jan 23 22:54:51 2005 GMT
+            Not After : Oct 20 22:54:51 2007 GMT
+        Subject: C=US, ST=Oregon, L=Portland, O=yaSSL DSA, CN=yaSSL DSA/emailAddress=info@yassl.com
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+            DSA Public Key:
+                pub: 
+                    04:84:a0:26:31:72:0c:e8:4f:5d:53:17:62:b1:80:
+                    ca:c0:16:5f:c3:1e:ea:c5:d9:98:38:f9:be:56:53:
+                    47:68:ce:08:22:57:1c:bb:0d:77:91:cf:5b:36:ed:
+                    f3:24:82:90:8a:cd:90:7c:db:77:f9:17:2d:73:73:
+                    ef:bb:b9:82
+                P:   
+                    00:99:29:69:80:c9:3c:98:68:45:a9:82:fe:67:eb:
+                    95:88:c5:b4:0c:d6:26:45:95:19:2c:a0:20:5b:7e:
+                    df:69:e9:dc:c3:0f:f3:61:0a:25:9b:f2:21:01:6a:
+                    cd:aa:8c:37:e7:ca:66:db:56:f4:0f:7d:7a:d1:18:
+                    b9:42:fd:1b:11
+                Q:   
+                    00:ad:25:29:ab:0a:9f:09:1c:c1:ad:03:20:76:7f:
+                    a6:b7:dd:4d:03:09
+                G:   
+                    12:88:99:da:e7:d0:0b:93:9b:e6:ee:3c:21:7f:9c:
+                    b3:b4:8d:a5:8c:e2:37:80:3f:17:d1:81:4f:bd:f0:
+                    71:b6:32:08:54:dd:bf:01:e2:b3:77:06:64:75:8a:
+                    04:d6:79:39:b1:02:03:03:c6:06:74:e5:90:05:0a:
+                    10:46:19:31
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                BE:F9:8C:5D:D6:1C:B4:EE:81:DD:36:56:0A:21:E4:61:44:73:E9:E2
+            X509v3 Authority Key Identifier: 
+                keyid:BE:F9:8C:5D:D6:1C:B4:EE:81:DD:36:56:0A:21:E4:61:44:73:E9:E2
+                DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL DSA/CN=yaSSL DSA/emailAddress=info@yassl.com
+                serial:00
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: dsaWithSHA1
+        30:2b:02:14:74:46:9f:91:7b:24:17:3b:ee:0f:10:e3:76:62:
+        f4:dc:81:e6:fd:fe:02:13:08:f4:87:0a:ab:ba:9c:de:3a:69:
+        72:59:b8:ec:e9:57:f4:bf:37
+-----BEGIN CERTIFICATE-----
+MIIDMTCCAvKgAwIBAgIBADAJBgcqhkjOOAQDMHgxCzAJBgNVBAYTAlVTMQ8wDQYD
+VQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5kMRIwEAYDVQQKEwl5YVNTTCBE
+U0ExEjAQBgNVBAMTCXlhU1NMIERTQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNz
+bC5jb20wHhcNMDUwMTIzMjI1NDUxWhcNMDcxMDIwMjI1NDUxWjB4MQswCQYDVQQG
+EwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDESMBAGA1UE
+ChMJeWFTU0wgRFNBMRIwEAYDVQQDEwl5YVNTTCBEU0ExHTAbBgkqhkiG9w0BCQEW
+DmluZm9AeWFzc2wuY29tMIHwMIGoBgcqhkjOOAQBMIGcAkEAmSlpgMk8mGhFqYL+
+Z+uViMW0DNYmRZUZLKAgW37faencww/zYQolm/IhAWrNqow358pm21b0D3160Ri5
+Qv0bEQIVAK0lKasKnwkcwa0DIHZ/prfdTQMJAkASiJna59ALk5vm7jwhf5yztI2l
+jOI3gD8X0YFPvfBxtjIIVN2/AeKzdwZkdYoE1nk5sQIDA8YGdOWQBQoQRhkxA0MA
+AkAEhKAmMXIM6E9dUxdisYDKwBZfwx7qxdmYOPm+VlNHaM4IIlccuw13kc9bNu3z
+JIKQis2QfNt3+Rctc3Pvu7mCo4HVMIHSMB0GA1UdDgQWBBS++Yxd1hy07oHdNlYK
+IeRhRHPp4jCBogYDVR0jBIGaMIGXgBS++Yxd1hy07oHdNlYKIeRhRHPp4qF8pHow
+eDELMAkGA1UEBhMCVVMxDzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxh
+bmQxEjAQBgNVBAoTCXlhU1NMIERTQTESMBAGA1UEAxMJeWFTU0wgRFNBMR0wGwYJ
+KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbYIBADAMBgNVHRMEBTADAQH/MAkGByqG
+SM44BAMDLgAwKwIUdEafkXskFzvuDxDjdmL03IHm/f4CEwj0hwqrupzeOmlyWbjs
+6Vf0vzc=
+-----END CERTIFICATE-----

extra/yassl/certs/dsa512.pem

+-----BEGIN DSA PRIVATE KEY-----
+MIH3AgEAAkEAmSlpgMk8mGhFqYL+Z+uViMW0DNYmRZUZLKAgW37faencww/zYQol
+m/IhAWrNqow358pm21b0D3160Ri5Qv0bEQIVAK0lKasKnwkcwa0DIHZ/prfdTQMJ
+AkASiJna59ALk5vm7jwhf5yztI2ljOI3gD8X0YFPvfBxtjIIVN2/AeKzdwZkdYoE
+1nk5sQIDA8YGdOWQBQoQRhkxAkAEhKAmMXIM6E9dUxdisYDKwBZfwx7qxdmYOPm+
+VlNHaM4IIlccuw13kc9bNu3zJIKQis2QfNt3+Rctc3Pvu7mCAhQjg+e+aqykxwwc
+E2V27tjDFY02uA==
+-----END DSA PRIVATE KEY-----

extra/yassl/certs/server-cert.pem

+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+        Validity
+            Not Before: Jan 18 20:50:59 2005 GMT
+            Not After : Oct 15 20:50:59 2007 GMT
+        Subject: C=US, ST=Oregon, L=Portland, O=taoSoftDev, CN=www.taosoftdev.com/emailAddress=info@yassl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:a4:68:bb:bc:b7:27:5f:3c:f5:78:c6:1a:af:b9:
+                    95:fc:7e:61:1f:a8:81:0a:ca:43:88:9a:03:e0:d0:
+                    a6:79:70:16:34:b9:7c:75:54:ca:70:19:66:38:be:
+                    6e:28:7e:a5:ff:6b:3c:83:2f:39:42:c3:15:f3:bd:
+                    f2:25:93:22:e7
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+        08:36:07:8c:3a:7f:f9:91:0a:82:d1:6a:c1:34:be:bc:2d:b2:
+        20:98:dc:45:50:53:9c:66:e6:26:71:bd:fa:d2:b4:91:d3:53:
+        c0:20:05:c0:b6:84:9a:5f:3f:61:75:f5:fd:c6:ec:e2:f6:9f:
+        a2:13:17:a9:b7:83:60:cc:cb:eb
+-----BEGIN CERTIFICATE-----
+MIIB9zCCAaECAQEwDQYJKoZIhvcNAQEEBQAwgYkxCzAJBgNVBAYTAlVTMQ8wDQYD
+VQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5kMREwDwYDVQQKEwhzYXd0b290
+aDEkMCIGA1UEAxMbd3d3LnNhd3Rvb3RoLWNvbnN1bHRpbmcuY29tMR0wGwYJKoZI
+hvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0wNTAxMTgyMDUwNTlaFw0wNzEwMTUy
+MDUwNTlaMIGCMQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQH
+EwhQb3J0bGFuZDETMBEGA1UEChMKdGFvU29mdERldjEbMBkGA1UEAxMSd3d3LnRh
+b3NvZnRkZXYuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTBcMA0G
+CSqGSIb3DQEBAQUAA0sAMEgCQQCkaLu8tydfPPV4xhqvuZX8fmEfqIEKykOImgPg
+0KZ5cBY0uXx1VMpwGWY4vm4ofqX/azyDLzlCwxXzvfIlkyLnAgMBAAEwDQYJKoZI
+hvcNAQEEBQADQQAINgeMOn/5kQqC0WrBNL68LbIgmNxFUFOcZuYmcb360rSR01PA
+IAXAtoSaXz9hdfX9xuzi9p+iExept4NgzMvr
+-----END CERTIFICATE-----

extra/yassl/certs/server-key.pem

+-----BEGIN RSA PRIVATE KEY-----
+MIIBOQIBAAJBAKRou7y3J1889XjGGq+5lfx+YR+ogQrKQ4iaA+DQpnlwFjS5fHVU
+ynAZZji+bih+pf9rPIMvOULDFfO98iWTIucCAwEAAQJABLVvMw931DV1vljGKORC
+1HF2LKbx0zJJzt7CX6z6J54vcE79K3NYXdU6o7/j1WTtfD47tFG+4ljGvSYPmrCI
+2QIhANfiY6is6JUJGGgeMxyWeQRPXfaE9Yrk6OhxHhpYf5CTAiEAwvWraeLPy/NE
+B+0w80mh8tCv2tpuKaYMOG53XpYX3N0CIDy/Bj3rUZLGOWjqvoUXzjupPY5lgVYw
+7Vyin87YAiUjAiAgM8X5em5KSMc+6+2+8bWfTtsNMjEqDfRMyepLpE0SvQIgTSYL
+WWfcZoRUPDM9GEuQ40nifVNjobzvjTW4aYyHCEI=
+-----END RSA PRIVATE KEY-----

extra/yassl/certs/taoCert.txt

+
+***** Create a self signed cert ************
+
+1) openssl genrsa 512 > client-key.pem
+
+2) openssl req -new -x509 -nodes -md5 -days 1000 -key client-key.pem > client-cert.pem
+
+-- adding metadata to beginning
+
+3) openssl x509 -in client-cert.pem -text > tmp.pem
+
+4) mv tmp.pem client-cert.pem
+
+
+***** Create a CA, signing authority **********
+
+same as self signed, use ca prefix instead of client
+
+
+***** Create a cert signed by CA **************
+
+1) openssl req -newkey rsa:512 -md5 -days 1000 -nodes -keyout server-key.pem > server-req.pem
+
+2) copy ca-key.pem ca-cert.srl   (why ????)
+
+3) openssl x509 -req -in server-req.pem -days 1000 -md5 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
+
+
+
+***** To create a dsa cert ********************
+
+1) openssl dsaparam 512 > dsa512.param       # creates group params
+
+2) openssl gendsa dsa512.param > dsa512.pem  # creates private key
+
+3) openssl req -new -x509 -nodes -days 1000 -key dsa512.pem > dsa-cert.pem 
+
+
+
+
+***** To convert from PEM to DER **************
+
+a) openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
+
+to convert rsa private PEM to DER :
+
+b) openssl rsa -in key.pem -outform DER -out key.der
+
+
+

extra/yassl/examples/client/client.cpp

@@ -33,10 +33,10 @@ void client_test(void* args)
     const char* cipher = 0;
     int index = 0;
     char list[1024];
-    strcpy(list, "cipherlist");
+    strncpy(list, "cipherlist", 11);
     while ( (cipher = SSL_get_cipher_list(ssl, index++)) ) {
-        strcat(list, ":");
-        strcat(list, cipher);
+        strncat(list, ":", 2);
+        strncat(list, cipher, strlen(cipher) + 1);
     }
     printf("%s\n", list);
     printf("Using Cipher Suite %s\n", SSL_get_cipher(ssl));

extra/yassl/include/openssl/err.h

 /* err.h for openssl */
 
-#ifndef ysSSL_err_h__
+#ifndef yaSSL_err_h__
 #define yaSSL_err_h__
 
 

extra/yassl/include/openssl/md4.h

+/* md4.h for libcurl */

extra/yassl/include/openssl/md5.h

 /* md5.h for openssl */
+
+#include "ssl.h"   /* in there for now */
+

extra/yassl/include/openssl/pem.h

+/* pem.h  for libcurl */

extra/yassl/include/openssl/ssl.h

@@ -29,6 +29,7 @@
 #define yaSSL_openssl_h__
 
 #include <stdio.h>   /* ERR_print fp */
+#include "opensslv.h" /* for version number */
 #include "rsa.h"
 
 #if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE)
@@ -102,7 +103,6 @@ void X509_free(X509*);
 typedef struct BIO BIO;
 
 /* ASN stuff */
-typedef struct ASN1_TIME ASN1_TIME;
 
 
 
@@ -345,8 +345,8 @@ long SSL_CTX_sess_set_cache_size(SSL_CTX*, long);
 long SSL_CTX_set_tmp_dh(SSL_CTX*, DH*);
 
 void OpenSSL_add_all_algorithms(void);
-void SSL_library_init();
-void SSLeay_add_ssl_algorithms(void);
+int  SSL_library_init();
+int  SSLeay_add_ssl_algorithms(void);
 
 
 SSL_CIPHER* SSL_get_current_cipher(SSL*);
@@ -371,6 +371,10 @@ typedef unsigned char DES_cblock[8];
 typedef const  DES_cblock const_DES_cblock;
 typedef DES_cblock DES_key_schedule;
                                                           
+enum {
+    DES_ENCRYPT = 1,
+    DES_DECRYPT = 0
+};
                                                              
 const EVP_MD*     EVP_md5(void);
 const EVP_CIPHER* EVP_des_ede3_cbc(void);
@@ -392,6 +396,108 @@ int         RAND_write_file(const char*);
 int         RAND_load_file(const char*, long);
 
 
+/* for libcurl */
+int  RAND_status(void);
+
+int  DES_set_key(const_DES_cblock*, DES_key_schedule*);
+void DES_set_odd_parity(DES_cblock*);
+void DES_ecb_encrypt(DES_cblock*, DES_cblock*, DES_key_schedule*, int);
+
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*, void* userdata);
+void SSL_SESSION_free(SSL_SESSION* session);
+
+X509*     SSL_get_certificate(SSL* ssl);
+EVP_PKEY* SSL_get_privatekey(SSL* ssl);
+EVP_PKEY* X509_get_pubkey(X509* x);
+
+int  EVP_PKEY_copy_parameters(EVP_PKEY* to, const EVP_PKEY* from);
+void EVP_PKEY_free(EVP_PKEY* pkey);
+void ERR_error_string_n(unsigned long e, char *buf, size_t len);
+void ERR_free_strings(void);
+void EVP_cleanup(void);
+
+void* X509_get_ext_d2i(X509* x, int nid, int* crit, int* idx);
+
+#define GEN_IPADD 7
+#define NID_subject_alt_name 85
+#define STACK_OF(x) x
+
+
+/* defined here because libcurl dereferences */
+typedef struct ASN1_STRING {
+    int type;
+    int length;
+    unsigned char* data;
+} ASN1_STRING;
+
+
+typedef struct GENERAL_NAME {
+    int type;
+    union {
+        ASN1_STRING* ia5;
+    } d;
+} GENERAL_NAME;
+
+void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *x);
+
+int           sk_GENERAL_NAME_num(STACK_OF(GENERAL_NAME) *x);
+GENERAL_NAME* sk_GENERAL_NAME_value(STACK_OF(GENERAL_NAME) *x, int i);
+
+
+unsigned char* ASN1_STRING_data(ASN1_STRING* x);
+int            ASN1_STRING_length(ASN1_STRING* x);
+int            ASN1_STRING_type(ASN1_STRING *x);
+
+typedef ASN1_STRING X509_NAME_ENTRY;
+
+int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos);
+
+ASN1_STRING* X509_NAME_ENTRY_get_data(X509_NAME_ENTRY* ne);
+X509_NAME_ENTRY* X509_NAME_get_entry(X509_NAME* name, int loc);
+
+#define OPENSSL_malloc(x) malloc(x)
+#define OPENSSL_free(x)   free(x)
+
+int ASN1_STRING_to_UTF8(unsigned char** out, ASN1_STRING* in);
+
+SSL_METHOD* SSLv23_client_method(void);  /* doesn't actually roll back */
+SSL_METHOD* SSLv2_client_method(void);   /* will never work, no v 2    */
+
+
+SSL_SESSION* SSL_get1_session(SSL* ssl);  /* what's ref count */
+
+
+#define CRYPTO_free(x) free(x)
+#define ASN1_TIME ASN1_STRING
+
+ASN1_TIME* X509_get_notBefore(X509* x);
+ASN1_TIME* X509_get_notAfter(X509* x);
+
+
+#define ASN1_UTCTIME ASN1_STRING
+#define NID_commonName    13
+#define V_ASN1_UTF8STRING 12
+#define GEN_DNS            2
+
+
+typedef struct MD4_CTX {
+    void* ptr;
+} MD4_CTX;
+
+void MD4_Init(MD4_CTX*);
+void MD4_Update(MD4_CTX*, const void*, unsigned long);
+void MD4_Final(unsigned char*, MD4_CTX*);
+
+
+typedef struct MD5_CTX {
+    int buffer[32];       /* big enough to hold, check size in Init */
+} MD5_CTX;
+
+void MD5_Init(MD5_CTX*);
+void MD5_Update(MD5_CTX*, const void*, unsigned long);
+void MD5_Final(unsigned char*, MD5_CTX*);
+
+
 #define SSL_DEFAULT_CIPHER_LIST ""   /* default all */
 
 

extra/yassl/include/openssl/x509.h

+/* x509.h  for libcurl */

extra/yassl/include/openssl/x509v3.h

+/* x509v3.h  for libcurl */

extra/yassl/include/yassl_int.hpp

@@ -34,6 +34,7 @@
 #include "cert_wrapper.hpp"
 #include "log.hpp"
 #include "lock.hpp"
+#include "openssl/ssl.h"  // ASN1_STRING and DH
 
 
 namespace yaSSL {
@@ -126,32 +127,70 @@ private:
 };
 
 
+// hold add crypt references provided to callers
+class CryptProvider {
+    mySTL::list<Digest*>     digestList_;
+    mySTL::list<BulkCipher*> cipherList_;
+    CryptProvider() {}                         // only GetCryptProvider creates
+public:
+    ~CryptProvider();
+
+    Digest*     NewMd5();
+    BulkCipher* NewDesEde();
+
+    friend CryptProvider& GetCryptProvider();
+private:
+    CryptProvider(const CryptProvider&);            // hide copy
+    CryptProvider& operator=(const CryptProvider&); // and assign
+};
+
+CryptProvider& GetCryptProvider();
+
 #undef X509_NAME  // wincrypt.h clash
 
 // openSSL X509 names
 class X509_NAME {
     char* name_;
+    size_t      sz_;
+    ASN1_STRING entry_;
 public:
     X509_NAME(const char*, size_t sz);
     ~X509_NAME();
 
     char* GetName();
+    ASN1_STRING* GetEntry(int i);
 private:
     X509_NAME(const X509_NAME&);                // hide copy
     X509_NAME& operator=(const X509_NAME&);     // and assign
 };
 
 
+class StringHolder {
+    ASN1_STRING  asnString_;
+public:
+    StringHolder(const char* str, int sz);
+    ~StringHolder();
+
+    ASN1_STRING* GetString();
+};
+
+
 // openSSL X509
 class X509 {
     X509_NAME issuer_;
     X509_NAME subject_;
+    StringHolder beforeDate_;   // not valid before
+    StringHolder afterDate_;    // not valid after
 public:
-    X509(const char* i, size_t, const char* s, size_t);
+    X509(const char* i, size_t, const char* s, size_t,
+         const char* b, int, const char* a, int);
     ~X509() {}
 
     X509_NAME* GetIssuer();
     X509_NAME* GetSubject();
+
+    ASN1_STRING* GetBefore();
+    ASN1_STRING* GetAfter();
 private:
     X509(const X509&);              // hide copy
     X509& operator=(const X509&);   // and assign

extra/yassl/lib/dummy

+// this is a dummy file

extra/yassl/mySTL/helpers.hpp

@@ -44,6 +44,11 @@
         return static_cast<void*>(d);
     }
 
+    // for compilers that want matching delete
+    inline void operator delete(void* ptr, Dummy* d) 
+    { 
+    }
+
     typedef Dummy* yassl_pointer;
 
 namespace mySTL {

extra/yassl/src/cert_wrapper.cpp

@@ -271,10 +271,13 @@ int CertManager::Validate()
         else
             peerKeyType_ = dsa_sa_algo;
 
-        int iSz = cert.GetIssuer() ? strlen(cert.GetIssuer()) + 1 : 0;
-        int sSz = cert.GetCommonName() ? strlen(cert.GetCommonName()) + 1 : 0;
+        int iSz = strlen(cert.GetIssuer()) + 1;
+        int sSz = strlen(cert.GetCommonName()) + 1;
+        int bSz = strlen(cert.GetBeforeDate()) + 1;
+        int aSz = strlen(cert.GetAfterDate()) + 1;
         peerX509_ = NEW_YS X509(cert.GetIssuer(), iSz, cert.GetCommonName(),
-                                  sSz);
+                                sSz, cert.GetBeforeDate(), bSz,
+                                cert.GetAfterDate(), aSz);
     }
     return 0;
 }

extra/yassl/src/ssl.cpp

-/* ssl.cpp                                
+ /* ssl.cpp                                
  *
  * Copyright (C) 2003 Sawtooth Consulting Ltd.
  *
@@ -36,6 +36,7 @@
 #include "openssl/ssl.h"
 #include "handshake.hpp"
 #include "yassl_int.hpp"
+#include "md5.hpp"              // for TaoCrypt MD5 size assert
 #include <stdio.h>
 
 #ifdef _WIN32
@@ -723,8 +724,10 @@ void OpenSSL_add_all_algorithms()  // compatibility only
 {}
 
 
-void SSL_library_init()  // compatiblity only
-{}
+int SSL_library_init()  // compatiblity only
+{
+    return 1;
+}
 
 
 DH* DH_new(void)
@@ -804,15 +807,13 @@ const char* X509_verify_cert_error_string(long /* error */)
 
 const EVP_MD* EVP_md5(void)
 {
-    // TODO: FIX add to some list for destruction
-    return NEW_YS MD5;
+    return GetCryptProvider().NewMd5();
 }
 
 
 const EVP_CIPHER* EVP_des_ede3_cbc(void)
 {
-    // TODO: FIX add to some list for destruction
-    return NEW_YS DES_EDE;
+    return GetCryptProvider().NewDesEde();
 }
 
 
@@ -897,6 +898,275 @@ void DES_ede3_cbc_encrypt(const byte* input, byte* output, long sz,
 }
 
 
+// functions for libcurl
+int RAND_status()
+{
+    return 1;  /* TaoCrypt provides enough seed */
+}
+
+
+int DES_set_key(const_DES_cblock* key, DES_key_schedule* schedule)
+{
+    memcpy(schedule, key, sizeof(const_DES_cblock));
+    return 1;
+}
+
+
+void DES_set_odd_parity(DES_cblock* key)
+{
+    // not needed now for TaoCrypt
+}
+
+
+void DES_ecb_encrypt(DES_cblock* input, DES_cblock* output,
+                     DES_key_schedule* key, int enc)
+{
+    DES  des;
+
+    if (enc) {
+        des.set_encryptKey(*key, 0);
+        des.encrypt(*output, *input, DES_BLOCK);
+    }
+    else {
+        des.set_decryptKey(*key, 0);
+        des.decrypt(*output, *input, DES_BLOCK);
+    }
+}
+
+
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*, void* userdata)
+{
+    // yaSSL doesn't support yet, unencrypt your PEM file with userdata
+    // before handing off to yaSSL
+}
+
+
+X509* SSL_get_certificate(SSL* ssl)
+{
+    // only used to pass to get_privatekey which isn't used
+    return 0;
+}
+
+
+EVP_PKEY* SSL_get_privatekey(SSL* ssl)
+{
+    // only called, not used
+    return 0;
+}
+
+
+void SSL_SESSION_free(SSL_SESSION* session)
+{
+    // managed by singleton
+}
+
+
+
+EVP_PKEY* X509_get_pubkey(X509* x)
+{
+    // called, not used though
+    return 0;
+}
+
+
+int EVP_PKEY_copy_parameters(EVP_PKEY* to, const EVP_PKEY* from)
+{
+    // called, not used though
+    return 0;
+}
+
+
+void EVP_PKEY_free(EVP_PKEY* pkey)
+{
+    // never allocated from above
+}
+
+
+void ERR_error_string_n(unsigned long e, char *buf, size_t len)
+{
+    if (len) ERR_error_string(e, buf);
+}
+
+
+void ERR_free_strings(void)
+{
+    // handled internally
+}
+
+
+void EVP_cleanup(void)
+{
+    // nothing to do yet
+}
+
+
+ASN1_TIME* X509_get_notBefore(X509* x)
+{
+    if (x) return x->GetBefore();
+    return 0;
+}
+
+
+ASN1_TIME* X509_get_notAfter(X509* x)
+{
+    if (x) return x->GetAfter();
+    return 0;
+}
+
+
+SSL_METHOD* SSLv23_client_method(void)  /* doesn't actually roll back */
+{
+    return SSLv3_client_method();
+}
+
+
+SSL_METHOD* SSLv2_client_method(void)   /* will never work, no v 2    */
+{
+    return 0;
+}
+
+
+SSL_SESSION* SSL_get1_session(SSL* ssl)  /* what's ref count */
+{
+    return SSL_get_session(ssl);
+}
+
+
+void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *x)
+{
+    // no extension names supported yet
+}
+
+
+int sk_GENERAL_NAME_num(STACK_OF(GENERAL_NAME) *x)
+{
+    // no extension names supported yet
+    return 0;
+}
+
+
+GENERAL_NAME* sk_GENERAL_NAME_value(STACK_OF(GENERAL_NAME) *x, int i)
+{
+    // no extension names supported yet
+    return 0;
+}
+
+
+unsigned char* ASN1_STRING_data(ASN1_STRING* x)
+{
+    if (x) return x->data;
+    return 0;
+}
+
+
+int ASN1_STRING_length(ASN1_STRING* x)
+{
+    if (x) return x->length;
+    return 0;
+}
+
+
+int ASN1_STRING_type(ASN1_STRING *x)
+{
+    if (x) return x->type;
+    return 0;
+}
+
+
+int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos)
+{
+    int idx = -1;  // not found
+    const char* start = &name->GetName()[lastpos + 1];
+
+    switch (nid) {
+    case NID_commonName:
+        char* found = strstr(start, "/CN=");
+        if (found) {
+            found += 4;  // advance to str
+            idx = found - start + lastpos + 1;
+        }
+        break;
+    }
+
+    return idx;
+}
+
+
+ASN1_STRING* X509_NAME_ENTRY_get_data(X509_NAME_ENTRY* ne)
+{
+    // the same in yaSSL
+    return ne;
+}
+
+
+X509_NAME_ENTRY* X509_NAME_get_entry(X509_NAME* name, int loc)
+{
+    return name->GetEntry(loc);
+}
+
+
+// already formatted, caller responsible for freeing *out
+int ASN1_STRING_to_UTF8(unsigned char** out, ASN1_STRING* in)
+{
+    if (!in) return 0;
+
+    *out = (unsigned char*)malloc(in->length + 1);
+    if (*out) {
+        memcpy(*out, in->data, in->length);
+        (*out)[in->length] = 0;
+    }
+    return in->length;
+}
+
+
+void* X509_get_ext_d2i(X509* x, int nid, int* crit, int* idx)
+{
+    // no extensions supported yet
+    return 0;
+}
+
+
+void MD4_Init(MD4_CTX* md4)
+{
+    assert(0);  // not yet supported, build compat. only
+}
+
+
+void MD4_Update(MD4_CTX* md4, const void* data, unsigned long sz)
+{
+}
+
+
+void MD4_Final(unsigned char* hash, MD4_CTX* md4)
+{
+}
+
+
+void MD5_Init(MD5_CTX* md5)
+{
+    // make sure we have a big enough buffer
+    typedef char ok[sizeof(md5->buffer) >= sizeof(TaoCrypt::MD5) ? 1 : -1];
+    (void) sizeof(ok);
+
+    // using TaoCrypt since no dynamic memory allocated
+    // and no destructor will be called
+    new (reinterpret_cast<yassl_pointer>(md5->buffer)) TaoCrypt::MD5();
+}
+
+
+void MD5_Update(MD5_CTX* md5, const void* data, unsigned long sz)
+{
+    reinterpret_cast<TaoCrypt::MD5*>(md5->buffer)->Update(
+                static_cast<const byte*>(data), static_cast<unsigned int>(sz));
+}
+
+
+void MD5_Final(unsigned char* hash, MD5_CTX* md5)
+{
+    reinterpret_cast<TaoCrypt::MD5*>(md5->buffer)->Final(hash);
+}
+
+
     // functions for stunnel
 
     void RAND_screen()
@@ -1098,8 +1368,10 @@ void DES_ede3_cbc_encrypt(const byte* input, byte* output, long sz,
     }
 
 
-    void SSLeay_add_ssl_algorithms()  // compatibility only
-    {}
+    int SSLeay_add_ssl_algorithms()  // compatibility only
+    {
+        return 1;
+    }
 
 
     void ERR_remove_state(unsigned long)

extra/yassl/src/template_instnt.cpp

@@ -51,12 +51,16 @@ template class list<yaSSL::SSL_SESSION*>;
 template class list<yaSSL::input_buffer*>;
 template class list<yaSSL::output_buffer*>;
 template class list<yaSSL::x509*>;
+template class list<yaSSL::Digest*>;
+template class list<yaSSL::BulkCipher*>;
 template void destroy<mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*>(mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*, mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*);
 template yaSSL::del_ptr_zero for_each<mySTL::list<TaoCrypt::Signer*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<TaoCrypt::Signer*>::iterator, mySTL::list<TaoCrypt::Signer*>::iterator, yaSSL::del_ptr_zero);
 template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::SSL_SESSION*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::SSL_SESSION*>::iterator, mySTL::list<yaSSL::SSL_SESSION*>::iterator, yaSSL::del_ptr_zero);
 template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::input_buffer*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::input_buffer*>::iterator, mySTL::list<yaSSL::input_buffer*>::iterator, yaSSL::del_ptr_zero);
 template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::output_buffer*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::output_buffer*>::iterator, mySTL::list<yaSSL::output_buffer*>::iterator, yaSSL::del_ptr_zero);
 template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::x509*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::x509*>::iterator, mySTL::list<yaSSL::x509*>::iterator, yaSSL::del_ptr_zero);
+template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::Digest*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::Digest*>::iterator, mySTL::list<yaSSL::Digest*>::iterator, yaSSL::del_ptr_zero);
+template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::BulkCipher*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::BulkCipher*>::iterator, mySTL::list<yaSSL::BulkCipher*>::iterator, yaSSL::del_ptr_zero);
 }
 
 namespace yaSSL {
@@ -82,6 +86,7 @@ template void ysDelete<X509>(X509*);
 template void ysDelete<Message>(Message*);
 template void ysDelete<sslFactory>(sslFactory*);
 template void ysDelete<Sessions>(Sessions*);
+template void ysDelete<CryptProvider>(CryptProvider*);
 template void ysArrayDelete<unsigned char>(unsigned char*);
 template void ysArrayDelete<char>(char*);
 }

extra/yassl/src/yassl_int.cpp

@@ -28,7 +28,6 @@
 #include "yassl_int.hpp"
 #include "handshake.hpp"
 #include "timer.hpp"
-#include "openssl/ssl.h"  // for DH
 
 
 #ifdef YASSL_PURE_C
@@ -1375,16 +1374,51 @@ Sessions& GetSessions()
 
 static sslFactory* sslFactoryInstance = 0;
 
-sslFactory& GetSSL_Factory(){
+sslFactory& GetSSL_Factory()
+{  
     if (!sslFactoryInstance)
         sslFactoryInstance = NEW_YS sslFactory;
     return *sslFactoryInstance;
 }
 
 
+static CryptProvider* cryptProviderInstance = 0;
+
+CryptProvider& GetCryptProvider()
+{
+    if (!cryptProviderInstance)
+        cryptProviderInstance = NEW_YS CryptProvider;
+    return *cryptProviderInstance;
+}
+
+
+CryptProvider::~CryptProvider()
+{
+    mySTL::for_each(digestList_.begin(), digestList_.end(), del_ptr_zero());
+    mySTL::for_each(cipherList_.begin(), cipherList_.end(), del_ptr_zero());
+}
+
+
+Digest* CryptProvider::NewMd5()
+{
+    Digest* ptr = NEW_YS MD5();
+    digestList_.push_back(ptr);
+    return ptr;
+}
+
+
+BulkCipher* CryptProvider::NewDesEde()
+{
+    BulkCipher* ptr = NEW_YS DES_EDE();
+    cipherList_.push_back(ptr);
+    return ptr;
+}
+
+
 void CleanUp()
 {
     TaoCrypt::CleanUp();
+    ysDelete(cryptProviderInstance);
     ysDelete(sslFactoryInstance);
     ysDelete(sessionsInstance);
 }
@@ -1978,18 +2012,20 @@ void Security::set_resuming(bool b)
 
 
 X509_NAME::X509_NAME(const char* n, size_t sz)
-    : name_(0)
+    : name_(0), sz_(sz)
 {
     if (sz) {
         name_ = NEW_YS char[sz];
         memcpy(name_, n, sz);
     }
+    entry_.data = 0;
 }
 
 
 X509_NAME::~X509_NAME()
 {
     ysArrayDelete(name_);
+    ysArrayDelete(entry_.data);
 }
 
 
@@ -1999,8 +2035,10 @@ char* X509_NAME::GetName()
 }
 
 
-X509::X509(const char* i, size_t iSz, const char* s, size_t sSz)
-    : issuer_(i, iSz), subject_(s, sSz)
+X509::X509(const char* i, size_t iSz, const char* s, size_t sSz,
+           const char* b, int bSz, const char* a, int aSz)
+    : issuer_(i, iSz), subject_(s, sSz),
+      beforeDate_(b, bSz), afterDate_(a, aSz)
 {}
    
 
@@ -2016,6 +2054,61 @@ X509_NAME* X509::GetSubject()
 }
 
 
+ASN1_STRING* X509::GetBefore()
+{
+    return beforeDate_.GetString();
+}
+
+
+ASN1_STRING* X509::GetAfter()
+{
+    return afterDate_.GetString();
+}
+
+
+ASN1_STRING* X509_NAME::GetEntry(int i)
+{
+    if (i < 0 || i >= int(sz_))
+        return 0;
+
+    if (entry_.data)
+        ysArrayDelete(entry_.data);
+    entry_.data = NEW_YS byte[sz_];       // max size;
+
+    memcpy(entry_.data, &name_[i], sz_ - i);
+    if (entry_.data[sz_ -i - 1]) {
+        entry_.data[sz_ - i] = 0;
+        entry_.length = sz_ - i;
+    }
+    else
+        entry_.length = sz_ - i - 1;
+    entry_.type = 0;
+
+    return &entry_;
+}
+
+
+StringHolder::StringHolder(const char* str, int sz)
+{
+    asnString_.length = sz;
+    asnString_.data = NEW_YS byte[sz + 1];
+    memcpy(asnString_.data, str, sz);
+    asnString_.type = 0;  // not used for now
+}
+
+
+StringHolder::~StringHolder()
+{
+    ysArrayDelete(asnString_.data);
+}
+
+
+ASN1_STRING* StringHolder::GetString()
+{
+    return &asnString_;
+}
+
+
 
 } // namespace
 

extra/yassl/taocrypt/include/asn.hpp

@@ -79,20 +79,27 @@ enum ASNIdFlag
 
 enum DNTags
 {
-    COMMON_NAME         = 0x03
+    COMMON_NAME         = 0x03,  // CN
+    SUR_NAME            = 0x04,  // SN
+    COUNTRY_NAME        = 0x06,  // C
+    LOCALITY_NAME       = 0x07,  // L
+    STATE_NAME          = 0x08,  // ST
+    ORG_NAME            = 0x0a,  // O
+    ORGUNIT_NAME        = 0x0b   // OU
 };
 
 
 enum Constants
 {
     MIN_DATE_SZ   = 13,
-    MAX_DATE_SZ   = 15,
+    MAX_DATE_SZ   = 16,
     MAX_ALGO_SZ   = 16,
     MAX_LENGTH_SZ =  5,    
     MAX_SEQ_SZ    =  5,    // enum(seq|con) + length(4)
     MAX_ALGO_SIZE =  9,
     MAX_DIGEST_SZ = 25,    // SHA + enum(Bit or Octet) + length(4)
-    DSA_SIG_SZ    = 40
+    DSA_SIG_SZ    = 40,
+    NAME_MAX      = 512    // max total of all included names
 };
 
 
@@ -205,14 +212,14 @@ enum { SHA_SIZE = 20 };
 // A Signing Authority
 class Signer {
     PublicKey key_;
-    char*     name_;
+    char      name_[NAME_MAX];
     byte      hash_[SHA_SIZE];
 public:
     Signer(const byte* k, word32 kSz, const char* n, const byte* h);
     ~Signer();
 
     const PublicKey& GetPublicKey()  const { return key_; }
-    const char*      GetCommonName() const { return name_; }
+    const char*      GetName()       const { return name_; }
     const byte*      GetHash()       const { return hash_; }
 
 private:
@@ -245,6 +252,8 @@ public:
     const char*      GetIssuer()     const { return issuer_; }
     const char*      GetCommonName() const { return subject_; }
     const byte*      GetHash()       const { return subjectHash_; }
+    const char*      GetBeforeDate() const { return beforeDate_; }
+    const char*      GetAfterDate()  const { return afterDate_; }
 
     void DecodeToKey();
 private:
@@ -257,8 +266,10 @@ private:
     byte      subjectHash_[SHA_SIZE];   // hash of all Names
     byte      issuerHash_[SHA_SIZE];    // hash of all Names
     byte*     signature_;
-    char*     issuer_;                  // CommonName
-    char*     subject_;                 // CommonName
+    char      issuer_[NAME_MAX];        // Names
+    char      subject_[NAME_MAX];       // Names
+    char      beforeDate_[MAX_DATE_SZ]; // valid before date
+    char      afterDate_[MAX_DATE_SZ];  // valid after date
     bool      verify_;                  // Default to yes, but could be off
 
     void   ReadHeader();

extra/yassl/taocrypt/src/asn.cpp

@@ -213,21 +213,17 @@ void PublicKey::AddToEnd(const byte* data, word32 len)
 
 
 Signer::Signer(const byte* k, word32 kSz, const char* n, const byte* h)
-    : key_(k, kSz), name_(0)
+    : key_(k, kSz)
 {
-    if (n) {
         int sz = strlen(n);
-        name_ = NEW_TC char[sz + 1];
         memcpy(name_, n, sz);
         name_[sz] = 0;
-    }
 
     memcpy(hash_, h, SHA::DIGEST_SIZE);
 }
 
 Signer::~Signer()
 {
-    tcArrayDelete(name_);
 }
 
 
@@ -424,17 +420,19 @@ void DH_Decoder::Decode(DH& key)
 CertDecoder::CertDecoder(Source& s, bool decode, SignerList* signers,
                          bool noVerify, CertType ct)
     : BER_Decoder(s), certBegin_(0), sigIndex_(0), sigLength_(0),
-      signature_(0), issuer_(0), subject_(0), verify_(!noVerify)
+      signature_(0), verify_(!noVerify)
 { 
+    issuer_[0] = 0;
+    subject_[0] = 0;
+
     if (decode)
         Decode(signers, ct); 
+
 }
 
 
 CertDecoder::~CertDecoder()
 {
-    tcArrayDelete(subject_);
-    tcArrayDelete(issuer_);
     tcArrayDelete(signature_);
 }
 
@@ -672,8 +670,12 @@ void CertDecoder::GetName(NameType nt)
 
     SHA    sha;
     word32 length = GetSequence();  // length of all distinguished names
+    assert (length < NAME_MAX);
     length += source_.get_index();
 
+    char*  ptr = (nt == ISSUER) ? issuer_ : subject_;
+    word32 idx = 0;
+
     while (source_.get_index() < length) {
         GetSet();
         GetSequence();
@@ -694,13 +696,49 @@ void CertDecoder::GetName(NameType nt)
             byte   id      = source_.next();  
             b              = source_.next();    // strType
             word32 strLen  = GetLength(source_);
+            bool   copy    = false;
 
             if (id == COMMON_NAME) {
-                char*& ptr = (nt == ISSUER) ? issuer_ : subject_;
-                ptr = NEW_TC char[strLen + 1];
-                memcpy(ptr, source_.get_current(), strLen);
-                ptr[strLen] = 0;
+                memcpy(&ptr[idx], "/CN=", 4);
+                idx += 4;
+                copy = true;
+            }
+            else if (id == SUR_NAME) {
+                memcpy(&ptr[idx], "/SN=", 4);
+                idx += 4;
+                copy = true;
+            }
+            else if (id == COUNTRY_NAME) {
+                memcpy(&ptr[idx], "/C=", 3);
+                idx += 3;
+                copy = true;
+            }
+            else if (id == LOCALITY_NAME) {
+                memcpy(&ptr[idx], "/L=", 3);
+                idx += 3;
+                copy = true;
+            }
+            else if (id == STATE_NAME) {
+                memcpy(&ptr[idx], "/ST=", 4);
+                idx += 4;
+                copy = true;
             }
+            else if (id == ORG_NAME) {
+                memcpy(&ptr[idx], "/O=", 3);
+                idx += 3;
+                copy = true;
+            }
+            else if (id == ORGUNIT_NAME) {
+                memcpy(&ptr[idx], "/OU=", 4);
+                idx += 4;
+                copy = true;
+            }
+
+            if (copy) {
+                memcpy(&ptr[idx], source_.get_current(), strLen);
+                idx += strLen;
+            }
+
             sha.Update(source_.get_current(), strLen);
             source_.advance(strLen);
         }
@@ -711,6 +749,8 @@ void CertDecoder::GetName(NameType nt)
             source_.advance(length);
         }
     }
+    ptr[idx++] = 0;
+
     if (nt == ISSUER)
         sha.Final(issuerHash_);
     else
@@ -744,6 +784,16 @@ void CertDecoder::GetDate(DateType dt)
             source_.SetError(BEFORE_DATE_E);
         else
             source_.SetError(AFTER_DATE_E);
+
+    // save for later use
+    if (dt == BEFORE) {
+        memcpy(beforeDate_, date, length);
+        beforeDate_[length] = 0;
+    }
+    else {  // after
+        memcpy(afterDate_, date, length);
+        afterDate_[length] = 0;
+    }       
 }
 
 

extra/yassl/taocrypt/src/integer.cpp

@@ -2428,7 +2428,7 @@ void PositiveMultiply(Integer& product, const Integer& a, const Integer& b)
     product.reg_.CleanNew(RoundupSize(aSize + bSize));
     product.sign_ = Integer::POSITIVE;
 
-    WordBlock workspace(aSize + bSize);
+    AlignedWordBlock workspace(aSize + bSize);
     AsymmetricMultiply(product.reg_.get_buffer(), workspace.get_buffer(),
                        a.reg_.get_buffer(), aSize, b.reg_.get_buffer(), bSize);
 }
@@ -3375,7 +3375,7 @@ void PositiveDivide(Integer& remainder, Integer& quotient,
     quotient.reg_.CleanNew(RoundupSize(aSize-bSize+2));
     quotient.sign_ = Integer::POSITIVE;
 
-    WordBlock T(aSize+2*bSize+4);
+    AlignedWordBlock T(aSize+2*bSize+4);
     Divide(remainder.reg_.get_buffer(), quotient.reg_.get_buffer(),
            T.get_buffer(), a.reg_.get_buffer(), aSize, b.reg_.get_buffer(),
            bSize);
@@ -3595,7 +3595,7 @@ Integer Integer::InverseMod(const Integer &m) const
         return !u ? Zero() : (m*(*this-u)+1)/(*this);
     }
 
-    WordBlock T(m.reg_.size() * 4);
+    AlignedWordBlock T(m.reg_.size() * 4);
     Integer r((word)0, m.reg_.size());
     unsigned k = AlmostInverse(r.reg_.get_buffer(), T.get_buffer(),
                                reg_.get_buffer(), reg_.size(),

extra/yassl/taocrypt/src/make.bat

-# quick and dirty build file for testing different MSDEVs
+REM quick and dirty build file for testing different MSDEVs
 setlocal 
 
 set myFLAGS= /I../include /I../../mySTL /c /W3 /G6 /O2 

extra/yassl/taocrypt/src/misc.cpp

@@ -25,6 +25,15 @@
 #include "runtime.hpp"
 #include "misc.hpp"
 
+
+extern "C" {
+
+    // for libcurl configure test, these are the signatures they use
+    // locking handled internally by library
+    char CRYPTO_lock() { return 0;}
+    char CRYPTO_add_lock() { return 0;}
+}  // extern "C"
+
 #ifdef YASSL_PURE_C
 
     void* operator new(size_t sz, TaoCrypt::new_t)

extra/yassl/taocrypt/taocrypt.dsp

@@ -64,7 +64,8 @@ LIB32=link.exe -lib
 # PROP Intermediate_Dir "Debug"
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c
-# ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "include" /I "..\mySTL" /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "_LIB" /FR /YX /FD /GZ /c
+# ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "include" /I "..\mySTL" /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c
+# SUBTRACT CPP /Fr
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"
 BSC32=bscmake.exe

extra/yassl/testsuite/test.hpp

@@ -305,8 +305,8 @@ inline void showPeer(SSL* ssl)
         char* subject = X509_NAME_oneline(X509_get_subject_name(peer), 0, 0);
 
         printf("peer's cert info:\n");
-        printf("issuer  is: %s\n", issuer);
-        printf("subject is: %s\n", subject);
+        printf("issuer : %s\n", issuer);
+        printf("subject: %s\n", subject);
 
         free(subject);
         free(issuer);

extra/yassl/testsuite/testsuite.cpp

@@ -146,10 +146,10 @@ int test_openSSL_des()
                    (byte*)key, iv);
 
     byte cipher[16];
-    DES_ede3_cbc_encrypt((byte*)data, cipher, dataSz, &key[0], &key[8],
-                         &key[16], &iv, true);
+    DES_ede3_cbc_encrypt((byte*)data, cipher, dataSz, &key[0], &key[1],
+                         &key[2], &iv, true);
     byte plain[16];
-    DES_ede3_cbc_encrypt(cipher, plain, 16, &key[0], &key[8], &key[16],
+    DES_ede3_cbc_encrypt(cipher, plain, 16, &key[0], &key[1], &key[2],
                          &iv, false);
     return 0;
 }

extra/yassl/testsuite/testsuite.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MT /W3 /GX- /O2 /I "../taocrypt/include" /I "../include" /I "../mySTL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "NO_MAIN_DRIVER" /YX /FD /c
+# ADD CPP /nologo /MT /W3 /O2 /I "../taocrypt/include" /I "../include" /I "../mySTL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "NO_MAIN_DRIVER" /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -67,7 +67,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MTd /W3 /Gm /GX- /ZI /Od /I "../taocrypt/include" /I "../include" /I "../mySTL" /D "_DEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "NO_MAIN_DRIVER" /FR /YX /FD /GZ /c
+# ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "../taocrypt/include" /I "../include" /I "../mySTL" /D "_DEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "NO_MAIN_DRIVER" /FR /YX /FD /GZ /c
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"
 BSC32=bscmake.exe