import OpenSSL-1.0.0a

29 files changed, 1468 insertions, 9 deletions

diff --git a/lib/libssl/src/demos/cms/cacert.pem b/lib/libssl/src/demos/cms/cacert.pem
new file mode 100644
index 00000000000..75cbb347aaa
--- /dev/null
+++ b/lib/libssl/src/demos/cms/cacert.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6DCCAlGgAwIBAgIJAMfGO3rdo2uUMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
+BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
+dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTc0MzE3
+WhcNMTcwNDEwMTc0MzE3WjBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBD
+aXR5MRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlN
+RSBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqJMal1uC1/1wz
+i5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtdc3rMcRgJaMbP+qaEcDXoIsZfYXGR
+ielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3dbBECq0hZKcbz7wfr+2OeNWm46iT
+jcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQABo4G7MIG4MB0GA1UdDgQWBBRHUypx
+CXFQYqewhGo72lWPQUsjoDCBiAYDVR0jBIGAMH6AFEdTKnEJcVBip7CEajvaVY9B
+SyOgoVukWTBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBDaXR5MRYwFAYD
+VQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlNRSBSb290IENB
+ggkAx8Y7et2ja5QwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQANI+Yc
+G/YDM1WMUGEzEkU9UhsIUqdyBebnK3+OyxZSouDcE/M10jFJzBf/F5b0uUGAKWwo
+u0dzmILfKjdfWe8EyCRafZcm00rVcO09i/63FBYzlHbmfUATIqZdhKzxxQMPs5mF
+1je+pHUpzIY8TSXyh/uD9IkAy04IHwGZQf9akw==
+-----END CERTIFICATE-----
diff --git a/lib/libssl/src/demos/cms/cakey.pem b/lib/libssl/src/demos/cms/cakey.pem
new file mode 100644
index 00000000000..3b53c5e8175
--- /dev/null
+++ b/lib/libssl/src/demos/cms/cakey.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQCqJMal1uC1/1wzi5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtd
+c3rMcRgJaMbP+qaEcDXoIsZfYXGRielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3
+dbBECq0hZKcbz7wfr+2OeNWm46iTjcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQAB
+AoGBAKWOZ2UTc1BkjDjz0XoscmAR8Rj77MdGzfOPkIxPultSW+3yZpkGNyUbnsH5
+HAtf4Avai/m3bMN+s91kDpx9/g/I9ZEHPQLcDICETvwt/EHT7+hwvaQgsM+TgpMs
+tjlGZOWent6wVIuvwwzqOMXZLgK9FvY7upwgtrys4G3Kab5hAkEA2QzFflWyEvKS
+rMSaVtn/IjFilwa7H0IdakkjM34z4peerFTPBr4J47YD4RCR/dAvxyNy3zUxtH18
+9R6dUixI6QJBAMitJD0xOkbGWBX8KVJvRiKOIdf/95ZUAgN/h3bWKy57EB9NYj3u
+jbxXcvdjfSqiITykkjAg7SG7nrlzJsu6CpcCQG6gVsy0auXDY0TRlASuaZ6I40Is
+uRUOgqWYj2uAaHuWYdZeB4LdO3cnX0TISFDAWom6JKNlnmbrCtR4fSDT13kCQQCU
++VQJyV3F5MDHsWbLt6eNR46AV5lpk/vatPXPlrZ/zwPs+PmRmGLICvNiDA2DdNDP
+wCx2Zjsj67CtY3rNitMJAkEAm09BQnjnbBXUb1rd2SjNDWTsu80Z+zLu8pAwXNhW
+8nsvMYqlYMIxuMPwu/QuTnMRhMZ08uhqoD3ukZnBeoMEVg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/libssl/src/demos/cms/cms_comp.c b/lib/libssl/src/demos/cms/cms_comp.c
new file mode 100644
index 00000000000..b7943e813b3
--- /dev/null
+++ b/lib/libssl/src/demos/cms/cms_comp.c
@@ -0,0 +1,61 @@
+/* Simple S/MIME compress example */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+	{
+	BIO *in = NULL, *out = NULL;
+	CMS_ContentInfo *cms = NULL;
+	int ret = 1;
+
+	/*
+	 * On OpenSSL 0.9.9 only:
+	 * for streaming set CMS_STREAM
+	 */
+	int flags = CMS_STREAM;
+
+	OpenSSL_add_all_algorithms();
+	ERR_load_crypto_strings();
+
+	/* Open content being compressed */
+
+	in = BIO_new_file("comp.txt", "r");
+
+	if (!in)
+		goto err;
+
+	/* compress content */
+	cms = CMS_compress(in, NID_zlib_compression, flags);
+
+	if (!cms)
+		goto err;
+
+	out = BIO_new_file("smcomp.txt", "w");
+	if (!out)
+		goto err;
+
+	/* Write out S/MIME message */
+	if (!SMIME_write_CMS(out, cms, in, flags))
+		goto err;
+
+	ret = 0;
+
+	err:
+
+	if (ret)
+		{
+		fprintf(stderr, "Error Compressing Data\n");
+		ERR_print_errors_fp(stderr);
+		}
+
+	if (cms)
+		CMS_ContentInfo_free(cms);
+	if (in)
+		BIO_free(in);
+	if (out)
+		BIO_free(out);
+
+	return ret;
+
+	}
diff --git a/lib/libssl/src/demos/cms/cms_ddec.c b/lib/libssl/src/demos/cms/cms_ddec.c
new file mode 100644
index 00000000000..ba68cfdf764
--- /dev/null
+++ b/lib/libssl/src/demos/cms/cms_ddec.c
@@ -0,0 +1,89 @@
+/* S/MIME detached data decrypt example: rarely done but
+ * should the need arise this is an example....
+ */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+	{
+	BIO *in = NULL, *out = NULL, *tbio = NULL, *dcont = NULL;
+	X509 *rcert = NULL;
+	EVP_PKEY *rkey = NULL;
+	CMS_ContentInfo *cms = NULL;
+	int ret = 1;
+
+	OpenSSL_add_all_algorithms();
+	ERR_load_crypto_strings();
+
+	/* Read in recipient certificate and private key */
+	tbio = BIO_new_file("signer.pem", "r");
+
+	if (!tbio)
+		goto err;
+
+	rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+	BIO_reset(tbio);
+
+	rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+	if (!rcert || !rkey)
+		goto err;
+
+	/* Open PEM file containing enveloped data */
+
+	in = BIO_new_file("smencr.pem", "r");
+
+	if (!in)
+		goto err;
+
+	/* Parse PEM content */
+	cms = PEM_read_bio_CMS(in, NULL, 0, NULL);
+
+	if (!cms)
+		goto err;
+
+	/* Open file containing detached content */
+	dcont = BIO_new_file("smencr.out", "rb");
+
+	if (!in)
+		goto err;
+
+	out = BIO_new_file("encrout.txt", "w");
+	if (!out)
+		goto err;
+
+	/* Decrypt S/MIME message */
+	if (!CMS_decrypt(cms, rkey, rcert, dcont, out, 0))
+		goto err;
+
+	ret = 0;
+
+	err:
+
+	if (ret)
+		{
+		fprintf(stderr, "Error Decrypting Data\n");
+		ERR_print_errors_fp(stderr);
+		}
+
+	if (cms)
+		CMS_ContentInfo_free(cms);
+	if (rcert)
+		X509_free(rcert);
+	if (rkey)
+		EVP_PKEY_free(rkey);
+
+	if (in)
+		BIO_free(in);
+	if (out)
+		BIO_free(out);
+	if (tbio)
+		BIO_free(tbio);
+	if (dcont)
+		BIO_free(dcont);
+
+	return ret;
+
+	}
diff --git a/lib/libssl/src/demos/cms/cms_dec.c b/lib/libssl/src/demos/cms/cms_dec.c
new file mode 100644
index 00000000000..7ddf653269a
--- /dev/null
+++ b/lib/libssl/src/demos/cms/cms_dec.c
@@ -0,0 +1,79 @@
+/* Simple S/MIME decryption example */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+	{
+	BIO *in = NULL, *out = NULL, *tbio = NULL;
+	X509 *rcert = NULL;
+	EVP_PKEY *rkey = NULL;
+	CMS_ContentInfo *cms = NULL;
+	int ret = 1;
+
+	OpenSSL_add_all_algorithms();
+	ERR_load_crypto_strings();
+
+	/* Read in recipient certificate and private key */
+	tbio = BIO_new_file("signer.pem", "r");
+
+	if (!tbio)
+		goto err;
+
+	rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+	BIO_reset(tbio);
+
+	rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+	if (!rcert || !rkey)
+		goto err;
+
+	/* Open S/MIME message to decrypt */
+
+	in = BIO_new_file("smencr.txt", "r");
+
+	if (!in)
+		goto err;
+
+	/* Parse message */
+	cms = SMIME_read_CMS(in, NULL);
+
+	if (!cms)
+		goto err;
+
+	out = BIO_new_file("decout.txt", "w");
+	if (!out)
+		goto err;
+
+	/* Decrypt S/MIME message */
+	if (!CMS_decrypt(cms, rkey, rcert, out, NULL, 0))
+		goto err;
+
+	ret = 0;
+
+	err:
+
+	if (ret)
+		{
+		fprintf(stderr, "Error Decrypting Data\n");
+		ERR_print_errors_fp(stderr);
+		}
+
+	if (cms)
+		CMS_ContentInfo_free(cms);
+	if (rcert)
+		X509_free(rcert);
+	if (rkey)
+		EVP_PKEY_free(rkey);
+
+	if (in)
+		BIO_free(in);
+	if (out)
+		BIO_free(out);
+	if (tbio)
+		BIO_free(tbio);
+
+	return ret;
+
+	}
diff --git a/lib/libssl/src/demos/cms/cms_denc.c b/lib/libssl/src/demos/cms/cms_denc.c
new file mode 100644
index 00000000000..9265e47bf95
--- /dev/null
+++ b/lib/libssl/src/demos/cms/cms_denc.c
@@ -0,0 +1,97 @@
+/* S/MIME detached data encrypt example: rarely done but
+ * should the need arise this is an example....
+ */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+	{
+	BIO *in = NULL, *out = NULL, *tbio = NULL, *dout = NULL;
+	X509 *rcert = NULL;
+	STACK_OF(X509) *recips = NULL;
+	CMS_ContentInfo *cms = NULL;
+	int ret = 1;
+
+	int flags = CMS_STREAM|CMS_DETACHED;
+
+	OpenSSL_add_all_algorithms();
+	ERR_load_crypto_strings();
+
+	/* Read in recipient certificate */
+	tbio = BIO_new_file("signer.pem", "r");
+
+	if (!tbio)
+		goto err;
+
+	rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+	if (!rcert)
+		goto err;
+
+	/* Create recipient STACK and add recipient cert to it */
+	recips = sk_X509_new_null();
+
+	if (!recips || !sk_X509_push(recips, rcert))
+		goto err;
+
+	/* sk_X509_pop_free will free up recipient STACK and its contents
+	 * so set rcert to NULL so it isn't freed up twice.
+	 */
+	rcert = NULL;
+
+	/* Open content being encrypted */
+
+	in = BIO_new_file("encr.txt", "r");
+
+	dout = BIO_new_file("smencr.out", "wb");
+
+	if (!in)
+		goto err;
+
+	/* encrypt content */
+	cms = CMS_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
+
+	if (!cms)
+		goto err;
+
+	out = BIO_new_file("smencr.pem", "w");
+	if (!out)
+		goto err;
+
+	if (!CMS_final(cms, in, dout, flags))
+		goto err;
+
+	/* Write out CMS structure without content */
+	if (!PEM_write_bio_CMS(out, cms))
+		goto err;
+
+	ret = 0;
+
+	err:
+
+	if (ret)
+		{
+		fprintf(stderr, "Error Encrypting Data\n");
+		ERR_print_errors_fp(stderr);
+		}
+
+	if (cms)
+		CMS_ContentInfo_free(cms);
+	if (rcert)
+		X509_free(rcert);
+	if (recips)
+		sk_X509_pop_free(recips, X509_free);
+
+	if (in)
+		BIO_free(in);
+	if (out)
+		BIO_free(out);
+	if (dout)
+		BIO_free(dout);
+	if (tbio)
+		BIO_free(tbio);
+
+	return ret;
+
+	}
diff --git a/lib/libssl/src/demos/cms/cms_enc.c b/lib/libssl/src/demos/cms/cms_enc.c
new file mode 100644
index 00000000000..916b479d3c6
--- /dev/null
+++ b/lib/libssl/src/demos/cms/cms_enc.c
@@ -0,0 +1,92 @@
+/* Simple S/MIME encrypt example */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+	{
+	BIO *in = NULL, *out = NULL, *tbio = NULL;
+	X509 *rcert = NULL;
+	STACK_OF(X509) *recips = NULL;
+	CMS_ContentInfo *cms = NULL;
+	int ret = 1;
+
+	/*
+	 * On OpenSSL 1.0.0 and later only:
+	 * for streaming set CMS_STREAM
+	 */
+	int flags = CMS_STREAM;
+
+	OpenSSL_add_all_algorithms();
+	ERR_load_crypto_strings();
+
+	/* Read in recipient certificate */
+	tbio = BIO_new_file("signer.pem", "r");
+
+	if (!tbio)
+		goto err;
+
+	rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+	if (!rcert)
+		goto err;
+
+	/* Create recipient STACK and add recipient cert to it */
+	recips = sk_X509_new_null();
+
+	if (!recips || !sk_X509_push(recips, rcert))
+		goto err;
+
+	/* sk_X509_pop_free will free up recipient STACK and its contents
+	 * so set rcert to NULL so it isn't freed up twice.
+	 */
+	rcert = NULL;
+
+	/* Open content being encrypted */
+
+	in = BIO_new_file("encr.txt", "r");
+
+	if (!in)
+		goto err;
+
+	/* encrypt content */
+	cms = CMS_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
+
+	if (!cms)
+		goto err;
+
+	out = BIO_new_file("smencr.txt", "w");
+	if (!out)
+		goto err;
+
+	/* Write out S/MIME message */
+	if (!SMIME_write_CMS(out, cms, in, flags))
+		goto err;
+
+	ret = 0;
+
+	err:
+
+	if (ret)
+		{
+		fprintf(stderr, "Error Encrypting Data\n");
+		ERR_print_errors_fp(stderr);
+		}
+
+	if (cms)
+		CMS_ContentInfo_free(cms);
+	if (rcert)
+		X509_free(rcert);
+	if (recips)
+		sk_X509_pop_free(recips, X509_free);
+
+	if (in)
+		BIO_free(in);
+	if (out)
+		BIO_free(out);
+	if (tbio)
+		BIO_free(tbio);
+
+	return ret;
+
+	}
diff --git a/lib/libssl/src/demos/cms/cms_sign.c b/lib/libssl/src/demos/cms/cms_sign.c
new file mode 100644
index 00000000000..42f762034b7
--- /dev/null
+++ b/lib/libssl/src/demos/cms/cms_sign.c
@@ -0,0 +1,89 @@
+/* Simple S/MIME signing example */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+	{
+	BIO *in = NULL, *out = NULL, *tbio = NULL;
+	X509 *scert = NULL;
+	EVP_PKEY *skey = NULL;
+	CMS_ContentInfo *cms = NULL;
+	int ret = 1;
+
+	/* For simple S/MIME signing use CMS_DETACHED.
+	 * On OpenSSL 0.9.9 only:
+	 * for streaming detached set CMS_DETACHED|CMS_STREAM
+	 * for streaming non-detached set CMS_STREAM
+	 */
+	int flags = CMS_DETACHED|CMS_STREAM;
+
+	OpenSSL_add_all_algorithms();
+	ERR_load_crypto_strings();
+
+	/* Read in signer certificate and private key */
+	tbio = BIO_new_file("signer.pem", "r");
+
+	if (!tbio)
+		goto err;
+
+	scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+	BIO_reset(tbio);
+
+	skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+	if (!scert || !skey)
+		goto err;
+
+	/* Open content being signed */
+
+	in = BIO_new_file("sign.txt", "r");
+
+	if (!in)
+		goto err;
+
+	/* Sign content */
+	cms = CMS_sign(scert, skey, NULL, in, flags);
+
+	if (!cms)
+		goto err;
+
+	out = BIO_new_file("smout.txt", "w");
+	if (!out)
+		goto err;
+
+	if (!(flags & CMS_STREAM))
+		BIO_reset(in);
+
+	/* Write out S/MIME message */
+	if (!SMIME_write_CMS(out, cms, in, flags))
+		goto err;
+
+	ret = 0;
+
+	err:
+
+	if (ret)
+		{
+		fprintf(stderr, "Error Signing Data\n");
+		ERR_print_errors_fp(stderr);
+		}
+
+	if (cms)
+		CMS_ContentInfo_free(cms);
+	if (scert)
+		X509_free(scert);
+	if (skey)
+		EVP_PKEY_free(skey);
+
+	if (in)
+		BIO_free(in);
+	if (out)
+		BIO_free(out);
+	if (tbio)
+		BIO_free(tbio);
+
+	return ret;
+
+	}
diff --git a/lib/libssl/src/demos/cms/cms_sign2.c b/lib/libssl/src/demos/cms/cms_sign2.c
new file mode 100644
index 00000000000..36adee73041
--- /dev/null
+++ b/lib/libssl/src/demos/cms/cms_sign2.c
@@ -0,0 +1,103 @@
+/* S/MIME signing example: 2 signers */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+	{
+	BIO *in = NULL, *out = NULL, *tbio = NULL;
+	X509 *scert = NULL, *scert2 = NULL;
+	EVP_PKEY *skey = NULL, *skey2 = NULL;
+	CMS_ContentInfo *cms = NULL;
+	int ret = 1;
+
+	OpenSSL_add_all_algorithms();
+	ERR_load_crypto_strings();
+
+	tbio = BIO_new_file("signer.pem", "r");
+
+	if (!tbio)
+		goto err;
+
+	scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+	BIO_reset(tbio);
+
+	skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+	BIO_free(tbio);
+
+	tbio = BIO_new_file("signer2.pem", "r");
+
+	if (!tbio)
+		goto err;
+
+	scert2 = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+	BIO_reset(tbio);
+
+	skey2 = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+	if (!scert2 || !skey2)
+		goto err;
+
+	in = BIO_new_file("sign.txt", "r");
+
+	if (!in)
+		goto err;
+
+	cms = CMS_sign(NULL, NULL, NULL, in, CMS_STREAM|CMS_PARTIAL);
+
+	if (!cms)
+		goto err;
+
+	/* Add each signer in turn */
+
+	if (!CMS_add1_signer(cms, scert, skey, NULL, 0))
+		goto err;
+
+	if (!CMS_add1_signer(cms, scert2, skey2, NULL, 0))
+		goto err;
+
+	out = BIO_new_file("smout.txt", "w");
+	if (!out)
+		goto err;
+
+	/* NB: content included and finalized by SMIME_write_CMS */
+
+	if (!SMIME_write_CMS(out, cms, in, CMS_STREAM))
+		goto err;
+
+	ret = 0;
+
+	err:
+
+	if (ret)
+		{
+		fprintf(stderr, "Error Signing Data\n");
+		ERR_print_errors_fp(stderr);
+		}
+
+	if (cms)
+		CMS_ContentInfo_free(cms);
+
+	if (scert)
+		X509_free(scert);
+	if (skey)
+		EVP_PKEY_free(skey);
+
+	if (scert2)
+		X509_free(scert2);
+	if (skey)
+		EVP_PKEY_free(skey2);
+
+	if (in)
+		BIO_free(in);
+	if (out)
+		BIO_free(out);
+	if (tbio)
+		BIO_free(tbio);
+
+	return ret;
+
+	}
diff --git a/lib/libssl/src/demos/cms/cms_uncomp.c b/lib/libssl/src/demos/cms/cms_uncomp.c
new file mode 100644
index 00000000000..f15ae2f1327
--- /dev/null
+++ b/lib/libssl/src/demos/cms/cms_uncomp.c
@@ -0,0 +1,56 @@
+/* Simple S/MIME uncompression example */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+	{
+	BIO *in = NULL, *out = NULL;
+	CMS_ContentInfo *cms = NULL;
+	int ret = 1;
+
+	OpenSSL_add_all_algorithms();
+	ERR_load_crypto_strings();
+
+	/* Open compressed content */
+
+	in = BIO_new_file("smcomp.txt", "r");
+
+	if (!in)
+		goto err;
+
+	/* Sign content */
+	cms = SMIME_read_CMS(in, NULL);
+
+	if (!cms)
+		goto err;
+
+	out = BIO_new_file("smuncomp.txt", "w");
+	if (!out)
+		goto err;
+
+	/* Uncompress S/MIME message */
+	if (!CMS_uncompress(cms, out, NULL, 0))
+		goto err;
+
+	ret = 0;
+
+	err:
+
+	if (ret)
+		{
+		fprintf(stderr, "Error Uncompressing Data\n");
+		ERR_print_errors_fp(stderr);
+		}
+
+	if (cms)
+		CMS_ContentInfo_free(cms);
+
+	if (in)
+		BIO_free(in);
+	if (out)
+		BIO_free(out);
+
+	return ret;
+
+	}
diff --git a/lib/libssl/src/demos/cms/cms_ver.c b/lib/libssl/src/demos/cms/cms_ver.c
new file mode 100644
index 00000000000..bf1145ed8be
--- /dev/null
+++ b/lib/libssl/src/demos/cms/cms_ver.c
@@ -0,0 +1,87 @@
+/* Simple S/MIME verification example */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+	{
+	BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL;
+	X509_STORE *st = NULL;
+	X509 *cacert = NULL;
+	CMS_ContentInfo *cms = NULL;
+
+	int ret = 1;
+
+	OpenSSL_add_all_algorithms();
+	ERR_load_crypto_strings();
+
+	/* Set up trusted CA certificate store */
+
+	st = X509_STORE_new();
+
+	/* Read in CA certificate */
+	tbio = BIO_new_file("cacert.pem", "r");
+
+	if (!tbio)
+		goto err;
+
+	cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+	if (!cacert)
+		goto err;
+
+	if (!X509_STORE_add_cert(st, cacert))
+		goto err;
+
+	/* Open message being verified */
+
+	in = BIO_new_file("smout.txt", "r");
+
+	if (!in)
+		goto err;
+
+	/* parse message */
+	cms = SMIME_read_CMS(in, &cont);
+
+	if (!cms)
+		goto err;
+
+	/* File to output verified content to */
+	out = BIO_new_file("smver.txt", "w");
+	if (!out)
+		goto err;
+
+	if (!CMS_verify(cms, NULL, st, cont, out, 0))
+		{
+		fprintf(stderr, "Verification Failure\n");
+		goto err;
+		}
+
+	fprintf(stderr, "Verification Successful\n");
+
+	ret = 0;
+
+	err:
+
+	if (ret)
+		{
+		fprintf(stderr, "Error Verifying Data\n");
+		ERR_print_errors_fp(stderr);
+		}
+
+	if (cms)
+		CMS_ContentInfo_free(cms);
+
+	if (cacert)
+		X509_free(cacert);
+
+	if (in)
+		BIO_free(in);
+	if (out)
+		BIO_free(out);
+	if (tbio)
+		BIO_free(tbio);
+
+	return ret;
+
+	}
diff --git a/lib/libssl/src/demos/cms/comp.txt b/lib/libssl/src/demos/cms/comp.txt
new file mode 100644
index 00000000000..1672328e773
--- /dev/null
+++ b/lib/libssl/src/demos/cms/comp.txt
@@ -0,0 +1,22 @@
+Content-type: text/plain
+
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
diff --git a/lib/libssl/src/demos/cms/encr.txt b/lib/libssl/src/demos/cms/encr.txt
new file mode 100644
index 00000000000..0eceb407b53
--- /dev/null
+++ b/lib/libssl/src/demos/cms/encr.txt
@@ -0,0 +1,3 @@
+Content-type: text/plain
+
+Sample OpenSSL Data for CMS encryption
diff --git a/lib/libssl/src/demos/cms/sign.txt b/lib/libssl/src/demos/cms/sign.txt
new file mode 100644
index 00000000000..c3f9d73d65e
--- /dev/null
+++ b/lib/libssl/src/demos/cms/sign.txt
@@ -0,0 +1,3 @@
+Content-type: text/plain
+
+Test OpenSSL CMS Signed Content
diff --git a/lib/libssl/src/demos/cms/signer.pem b/lib/libssl/src/demos/cms/signer.pem
new file mode 100644
index 00000000000..bac16ba9636
--- /dev/null
+++ b/lib/libssl/src/demos/cms/signer.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
+BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
+dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTI3
+WhcNMTcwNDA5MTgyOTI3WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT
+TCB0ZXN0IFMvTUlNRSBzaWduZXIgMTEgMB4GCSqGSIb3DQEJARYRdGVzdDFAb3Bl
+bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL1ocAQ7ON2pIUXz
+jwKPzpPB9ozB6PFG6F6kARO+i0DiT6Qn8abUjwpHPU+lGys83QlpbkQVUD6Fv/4L
+ytihk6N9Pr/feECVcSZ20dI43WXjfYak14dSVrZkGNMMXqKmnnqtkAdD0oJN7A7y
+gcf8RuViV0kvk9/36eCMwMHrImfhAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBSyKqjvctIsFNBHULBTqr8SHtSxpDAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7
+2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBvdYVoBfd4RV/xWSMXIcgw/i5OiwyX
+MsenQePll51MpglfArd7pUipUalCqlJt/Gs8kD16Ih1z1yuWYVTMlnDZ0PwbIOYn
++Jr8XLF9b1SMJt6PwckZZ0LZdIi2KwGAxVsIW1kjJAqu9o4YH37XW37yYdQRxfvv
+lDiQlgX0JtmLgA==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC9aHAEOzjdqSFF848Cj86TwfaMwejxRuhepAETvotA4k+kJ/Gm
+1I8KRz1PpRsrPN0JaW5EFVA+hb/+C8rYoZOjfT6/33hAlXEmdtHSON1l432GpNeH
+Ula2ZBjTDF6ipp56rZAHQ9KCTewO8oHH/EblYldJL5Pf9+ngjMDB6yJn4QIDAQAB
+AoGACCuYIWaYll80UzslYRvo8lC8nOfEb5v6bBKxBTQD98GLY+5hKywiG3RlPalG
+mb/fXQeSPReaRYgpdwD1OBEIOEMW9kLyqpzokC0xjpZ+MwsuJTlxCesk5GEsMa3o
+wC3QMmiRA7qrZ/SzTtwrs++9mZ/pxp8JZ6pKYUj8SE7/vV0CQQDz8Ix2t40E16hx
+04+XhClnGqydZJyLLSxcTU3ZVhYxL+efo/5hZ8tKpkcDi8wq6T03BOKrKxrlIW55
+qDRNM24rAkEAxsWzu/rJhIouQyNoYygEIEYzFRlTQyZSg59u6dNiewMn27dOAbyc
+YT7B6da7e74QttTXo0lIllsX2S38+XsIIwJBANSRuIU3G66tkr5l4gnhhAaxqtuY
+sgVhvvdL8dvC9aG1Ifzt9hzBSthpHxbK+oYmK07HdhI8hLpIMLHYzoK7n3MCQEy4
+4rccBcxyyYiAkjozp+QNNIpgTBMPJ6pGT7lRLiHtBeV4y1NASdv/LTnk+Fi69Bid
+7t3H24ytfHcHmS1yn6ECQF6Jmh4C7dlvp59zXp+t+VsXxa/8sq41vKNIj0Rx9vh5
+xp9XL0C5ZpgmBnsTydP9pmkiL4ltLbMX0wJU6N2cmFw=
+-----END RSA PRIVATE KEY-----
diff --git a/lib/libssl/src/demos/cms/signer2.pem b/lib/libssl/src/demos/cms/signer2.pem
new file mode 100644
index 00000000000..25e23d131af
--- /dev/null
+++ b/lib/libssl/src/demos/cms/signer2.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRiMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
+BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
+dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTQ0
+WhcNMTcwNDA5MTgyOTQ0WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT
+TCB0ZXN0IFMvTUlNRSBzaWduZXIgMjEgMB4GCSqGSIb3DQEJARYRdGVzdDJAb3Bl
+bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANco7VPgX9vcGwmZ
+jYqjq1JiR7M38dsMNhuJyLRVjJ5/cpFluQydQuG1PhzOJ8zfYVFicOXKvbYuKuXW
+ozZIwzqEqWsNf36KHTLS6yOMG8I13cRInh+fAIKq9Z8Eh65I7FJzVsNsfEQrGfEW
+GMA8us24IaSvP3QkbfHJn/4RaKznAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBRlrLQJUB8uAa4q8B2OqvvTXonF5zAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7
+2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBQbi2juGALg2k9m1hKpzR2lCGmGO3X
+h3Jh/l0vIxDr0RTgP2vBrtITlx655P/o1snoeTIpYG8uUnFnTE/6YakdayAIlxV4
+aZl63AivZMpQB5SPaPH/jEsGJ8UQMfdiy4ORWIULupuPKlKwODNw7tVhQIACS/DR
+2aX6rl2JEuJ5Yg==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDXKO1T4F/b3BsJmY2Ko6tSYkezN/HbDDYbici0VYyef3KRZbkM
+nULhtT4czifM32FRYnDlyr22Lirl1qM2SMM6hKlrDX9+ih0y0usjjBvCNd3ESJ4f
+nwCCqvWfBIeuSOxSc1bDbHxEKxnxFhjAPLrNuCGkrz90JG3xyZ/+EWis5wIDAQAB
+AoGAUTB2bcIrKfGimjrBOGGOUmYXnD8uGnQ/LqENhU8K4vxApTD3ZRUqmbUknQYF
+6r8YH/e/llasw8QkF9qod+F5GTgsnyh/aMidFHKrXXbf1662scz9+S6crSXq9Eb2
+CL57f6Kw61k6edrz8zHdA+rnTK00hzgzKCP4ZL5k8/55ueECQQD+BK+nsKi6CcKf
+m3Mh61Sf2Icm5JlMCKaihlbnh78lBN1imYUAfHJEnQ1ujxXB94R+6o9S+XrWTnTX
+2m/JNIfpAkEA2NaidX7Sv5jnRPkwJ02Srl0urxINLmg4bU0zmM3VoMklYBHWnMyr
+upPZGPh5TzCa+g6FTBmU8XK61wvnEKNcTwJBAM24VdnlBIDGbsx8RJ3vzLU30xz4
+ff5J80okqjUQhwkgC3tTAZgHMTPITZyAXQqdvrxakoCMc6MkHxTBX08AMCECQHHL
+SdyxXrYv7waSY0PtANJCkpJLveEhzqMFxdMmCjtj9BpTojYNbv3uQxtIopj9YAdk
+gW2ray++zvC2DV/86x8CQH4UJwgO6JqU4bSgi6HiRNjDg26tJ0Beu8jjl1vrkIVX
+pHFwSUeLZUsT2/iTUSgYH4uYiZPgYNcKTCT9W6se30A=
+-----END RSA PRIVATE KEY-----
diff --git a/lib/libssl/src/demos/engines/rsaref/build.com b/lib/libssl/src/demos/engines/rsaref/build.com
index b9569129161..72b013d45e6 100644
--- a/lib/libssl/src/demos/engines/rsaref/build.com
+++ b/lib/libssl/src/demos/engines/rsaref/build.com
@@ -7,6 +7,14 @@ $	    write sys$error "RSAref 2.0 hasn't been properly extracted."
 $	    exit
 $	endif
 $
+$	if (f$getsyi("cpu").lt.128)
+$	then
+$	    arch := vax
+$	else
+$	    arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$	    if (arch .eqs. "") then arch = "UNK"
+$	endif
+$
 $	_save_default = f$environment("default")
 $	set default [.install]
 $	files := desc,digit,md2c,md5c,nn,prime,-
@@ -29,14 +37,8 @@ $	set default [-]
 $	define/user openssl [---.include.openssl]
 $	cc/define=ENGINE_DYNAMIC_SUPPORT rsaref.c
 $
-$	if f$getsyi("CPU") .ge. 128
+$	if arch .eqs. "VAX"
 $	then
-$	    link/share=librsaref.exe sys$input:/option
-[]rsaref.obj
-[.install]rsaref.olb/lib
-[---.axp.exe.crypto]libcrypto.olb/lib
-symbol_vector=(bind_engine=procedure,v_check=procedure)
-$	else
 $	    macro/object=rsaref_vec.obj sys$input:
 ;
 ; Transfer vector for VAX shareable image
@@ -80,6 +82,24 @@ PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT
 []rsaref.obj
 [.install]rsaref.olb/lib
 [---.vax.exe.crypto]libcrypto.olb/lib
+$	else
+$	    if arch_name .eqs. "ALPHA"
+$	    then
+$		link/share=librsaref.exe sys$input:/option
+[]rsaref.obj
+[.install]rsaref.olb/lib
+[---.alpha.exe.crypto]libcrypto.olb/lib
+symbol_vector=(bind_engine=procedure,v_check=procedure)
+$	    else
+$		if arch_name .eqs. "IA64"
+$		then
+$		    link /shareable=librsaref.exe sys$input: /options
+[]rsaref.obj
+[.install]rsaref.olb/lib
+[---.ia64.exe.crypto]libcrypto.olb/lib
+symbol_vector=(bind_engine=procedure,v_check=procedure)
+$		endif
+$	    endif
 $	endif
 $
 $	set default '_save_default'
diff --git a/lib/libssl/src/demos/pkcs12/pkread.c b/lib/libssl/src/demos/pkcs12/pkread.c
index 8e1b6863121..fa8f5092378 100644
--- a/lib/libssl/src/demos/pkcs12/pkread.c
+++ b/lib/libssl/src/demos/pkcs12/pkread.c
@@ -20,7 +20,7 @@ int main(int argc, char **argv)
 		fprintf(stderr, "Usage: pkread p12file password opfile\n");
 		exit (1);
 	}
-	SSLeay_add_all_algorithms();
+	OpenSSL_add_all_algorithms();
 	ERR_load_crypto_strings();
 	if (!(fp = fopen(argv[1], "rb"))) {
 		fprintf(stderr, "Error opening file %s\n", argv[1]);
@@ -51,7 +51,7 @@ int main(int argc, char **argv)
 		fprintf(fp, "***User Certificate***\n");
 		PEM_write_X509_AUX(fp, cert);
 	}
-	if (ca && sk_num(ca)) {
+	if (ca && sk_X509_num(ca)) {
 		fprintf(fp, "***Other Certificates***\n");
 		for (i = 0; i < sk_X509_num(ca); i++) 
 		    PEM_write_X509_AUX(fp, sk_X509_value(ca, i));
diff --git a/lib/libssl/src/demos/smime/cacert.pem b/lib/libssl/src/demos/smime/cacert.pem
new file mode 100644
index 00000000000..75cbb347aaa
--- /dev/null
+++ b/lib/libssl/src/demos/smime/cacert.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6DCCAlGgAwIBAgIJAMfGO3rdo2uUMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
+BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
+dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTc0MzE3
+WhcNMTcwNDEwMTc0MzE3WjBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBD
+aXR5MRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlN
+RSBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqJMal1uC1/1wz
+i5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtdc3rMcRgJaMbP+qaEcDXoIsZfYXGR
+ielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3dbBECq0hZKcbz7wfr+2OeNWm46iT
+jcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQABo4G7MIG4MB0GA1UdDgQWBBRHUypx
+CXFQYqewhGo72lWPQUsjoDCBiAYDVR0jBIGAMH6AFEdTKnEJcVBip7CEajvaVY9B
+SyOgoVukWTBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBDaXR5MRYwFAYD
+VQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlNRSBSb290IENB
+ggkAx8Y7et2ja5QwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQANI+Yc
+G/YDM1WMUGEzEkU9UhsIUqdyBebnK3+OyxZSouDcE/M10jFJzBf/F5b0uUGAKWwo
+u0dzmILfKjdfWe8EyCRafZcm00rVcO09i/63FBYzlHbmfUATIqZdhKzxxQMPs5mF
+1je+pHUpzIY8TSXyh/uD9IkAy04IHwGZQf9akw==
+-----END CERTIFICATE-----
diff --git a/lib/libssl/src/demos/smime/cakey.pem b/lib/libssl/src/demos/smime/cakey.pem
new file mode 100644
index 00000000000..3b53c5e8175
--- /dev/null
+++ b/lib/libssl/src/demos/smime/cakey.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQCqJMal1uC1/1wzi5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtd
+c3rMcRgJaMbP+qaEcDXoIsZfYXGRielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3
+dbBECq0hZKcbz7wfr+2OeNWm46iTjcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQAB
+AoGBAKWOZ2UTc1BkjDjz0XoscmAR8Rj77MdGzfOPkIxPultSW+3yZpkGNyUbnsH5
+HAtf4Avai/m3bMN+s91kDpx9/g/I9ZEHPQLcDICETvwt/EHT7+hwvaQgsM+TgpMs
+tjlGZOWent6wVIuvwwzqOMXZLgK9FvY7upwgtrys4G3Kab5hAkEA2QzFflWyEvKS
+rMSaVtn/IjFilwa7H0IdakkjM34z4peerFTPBr4J47YD4RCR/dAvxyNy3zUxtH18
+9R6dUixI6QJBAMitJD0xOkbGWBX8KVJvRiKOIdf/95ZUAgN/h3bWKy57EB9NYj3u
+jbxXcvdjfSqiITykkjAg7SG7nrlzJsu6CpcCQG6gVsy0auXDY0TRlASuaZ6I40Is
+uRUOgqWYj2uAaHuWYdZeB4LdO3cnX0TISFDAWom6JKNlnmbrCtR4fSDT13kCQQCU
++VQJyV3F5MDHsWbLt6eNR46AV5lpk/vatPXPlrZ/zwPs+PmRmGLICvNiDA2DdNDP
+wCx2Zjsj67CtY3rNitMJAkEAm09BQnjnbBXUb1rd2SjNDWTsu80Z+zLu8pAwXNhW
+8nsvMYqlYMIxuMPwu/QuTnMRhMZ08uhqoD3ukZnBeoMEVg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/libssl/src/demos/smime/encr.txt b/lib/libssl/src/demos/smime/encr.txt
new file mode 100644
index 00000000000..f163a326ed2
--- /dev/null
+++ b/lib/libssl/src/demos/smime/encr.txt
@@ -0,0 +1,3 @@
+Content-type: text/plain
+
+Sample OpenSSL Data for PKCS#7 encryption
diff --git a/lib/libssl/src/demos/smime/sign.txt b/lib/libssl/src/demos/smime/sign.txt
new file mode 100644
index 00000000000..af1341d0a85
--- /dev/null
+++ b/lib/libssl/src/demos/smime/sign.txt
@@ -0,0 +1,3 @@
+Content-type: text/plain
+
+Test OpenSSL Signed Content
diff --git a/lib/libssl/src/demos/smime/signer.pem b/lib/libssl/src/demos/smime/signer.pem
new file mode 100644
index 00000000000..bac16ba9636
--- /dev/null
+++ b/lib/libssl/src/demos/smime/signer.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
+BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
+dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTI3
+WhcNMTcwNDA5MTgyOTI3WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT
+TCB0ZXN0IFMvTUlNRSBzaWduZXIgMTEgMB4GCSqGSIb3DQEJARYRdGVzdDFAb3Bl
+bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL1ocAQ7ON2pIUXz
+jwKPzpPB9ozB6PFG6F6kARO+i0DiT6Qn8abUjwpHPU+lGys83QlpbkQVUD6Fv/4L
+ytihk6N9Pr/feECVcSZ20dI43WXjfYak14dSVrZkGNMMXqKmnnqtkAdD0oJN7A7y
+gcf8RuViV0kvk9/36eCMwMHrImfhAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBSyKqjvctIsFNBHULBTqr8SHtSxpDAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7
+2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBvdYVoBfd4RV/xWSMXIcgw/i5OiwyX
+MsenQePll51MpglfArd7pUipUalCqlJt/Gs8kD16Ih1z1yuWYVTMlnDZ0PwbIOYn
++Jr8XLF9b1SMJt6PwckZZ0LZdIi2KwGAxVsIW1kjJAqu9o4YH37XW37yYdQRxfvv
+lDiQlgX0JtmLgA==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC9aHAEOzjdqSFF848Cj86TwfaMwejxRuhepAETvotA4k+kJ/Gm
+1I8KRz1PpRsrPN0JaW5EFVA+hb/+C8rYoZOjfT6/33hAlXEmdtHSON1l432GpNeH
+Ula2ZBjTDF6ipp56rZAHQ9KCTewO8oHH/EblYldJL5Pf9+ngjMDB6yJn4QIDAQAB
+AoGACCuYIWaYll80UzslYRvo8lC8nOfEb5v6bBKxBTQD98GLY+5hKywiG3RlPalG
+mb/fXQeSPReaRYgpdwD1OBEIOEMW9kLyqpzokC0xjpZ+MwsuJTlxCesk5GEsMa3o
+wC3QMmiRA7qrZ/SzTtwrs++9mZ/pxp8JZ6pKYUj8SE7/vV0CQQDz8Ix2t40E16hx
+04+XhClnGqydZJyLLSxcTU3ZVhYxL+efo/5hZ8tKpkcDi8wq6T03BOKrKxrlIW55
+qDRNM24rAkEAxsWzu/rJhIouQyNoYygEIEYzFRlTQyZSg59u6dNiewMn27dOAbyc
+YT7B6da7e74QttTXo0lIllsX2S38+XsIIwJBANSRuIU3G66tkr5l4gnhhAaxqtuY
+sgVhvvdL8dvC9aG1Ifzt9hzBSthpHxbK+oYmK07HdhI8hLpIMLHYzoK7n3MCQEy4
+4rccBcxyyYiAkjozp+QNNIpgTBMPJ6pGT7lRLiHtBeV4y1NASdv/LTnk+Fi69Bid
+7t3H24ytfHcHmS1yn6ECQF6Jmh4C7dlvp59zXp+t+VsXxa/8sq41vKNIj0Rx9vh5
+xp9XL0C5ZpgmBnsTydP9pmkiL4ltLbMX0wJU6N2cmFw=
+-----END RSA PRIVATE KEY-----
diff --git a/lib/libssl/src/demos/smime/signer2.pem b/lib/libssl/src/demos/smime/signer2.pem
new file mode 100644
index 00000000000..25e23d131af
--- /dev/null
+++ b/lib/libssl/src/demos/smime/signer2.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRiMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
+BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
+dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTQ0
+WhcNMTcwNDA5MTgyOTQ0WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT
+TCB0ZXN0IFMvTUlNRSBzaWduZXIgMjEgMB4GCSqGSIb3DQEJARYRdGVzdDJAb3Bl
+bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANco7VPgX9vcGwmZ
+jYqjq1JiR7M38dsMNhuJyLRVjJ5/cpFluQydQuG1PhzOJ8zfYVFicOXKvbYuKuXW
+ozZIwzqEqWsNf36KHTLS6yOMG8I13cRInh+fAIKq9Z8Eh65I7FJzVsNsfEQrGfEW
+GMA8us24IaSvP3QkbfHJn/4RaKznAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBRlrLQJUB8uAa4q8B2OqvvTXonF5zAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7
+2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBQbi2juGALg2k9m1hKpzR2lCGmGO3X
+h3Jh/l0vIxDr0RTgP2vBrtITlx655P/o1snoeTIpYG8uUnFnTE/6YakdayAIlxV4
+aZl63AivZMpQB5SPaPH/jEsGJ8UQMfdiy4ORWIULupuPKlKwODNw7tVhQIACS/DR
+2aX6rl2JEuJ5Yg==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDXKO1T4F/b3BsJmY2Ko6tSYkezN/HbDDYbici0VYyef3KRZbkM
+nULhtT4czifM32FRYnDlyr22Lirl1qM2SMM6hKlrDX9+ih0y0usjjBvCNd3ESJ4f
+nwCCqvWfBIeuSOxSc1bDbHxEKxnxFhjAPLrNuCGkrz90JG3xyZ/+EWis5wIDAQAB
+AoGAUTB2bcIrKfGimjrBOGGOUmYXnD8uGnQ/LqENhU8K4vxApTD3ZRUqmbUknQYF
+6r8YH/e/llasw8QkF9qod+F5GTgsnyh/aMidFHKrXXbf1662scz9+S6crSXq9Eb2
+CL57f6Kw61k6edrz8zHdA+rnTK00hzgzKCP4ZL5k8/55ueECQQD+BK+nsKi6CcKf
+m3Mh61Sf2Icm5JlMCKaihlbnh78lBN1imYUAfHJEnQ1ujxXB94R+6o9S+XrWTnTX
+2m/JNIfpAkEA2NaidX7Sv5jnRPkwJ02Srl0urxINLmg4bU0zmM3VoMklYBHWnMyr
+upPZGPh5TzCa+g6FTBmU8XK61wvnEKNcTwJBAM24VdnlBIDGbsx8RJ3vzLU30xz4
+ff5J80okqjUQhwkgC3tTAZgHMTPITZyAXQqdvrxakoCMc6MkHxTBX08AMCECQHHL
+SdyxXrYv7waSY0PtANJCkpJLveEhzqMFxdMmCjtj9BpTojYNbv3uQxtIopj9YAdk
+gW2ray++zvC2DV/86x8CQH4UJwgO6JqU4bSgi6HiRNjDg26tJ0Beu8jjl1vrkIVX
+pHFwSUeLZUsT2/iTUSgYH4uYiZPgYNcKTCT9W6se30A=
+-----END RSA PRIVATE KEY-----
diff --git a/lib/libssl/src/demos/smime/smdec.c b/lib/libssl/src/demos/smime/smdec.c
new file mode 100644
index 00000000000..8b1a8545a6c
--- /dev/null
+++ b/lib/libssl/src/demos/smime/smdec.c
@@ -0,0 +1,83 @@
+/* Simple S/MIME signing example */
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+	{
+	BIO *in = NULL, *out = NULL, *tbio = NULL;
+	X509 *rcert = NULL;
+	EVP_PKEY *rkey = NULL;
+	PKCS7 *p7 = NULL;
+	int ret = 1;
+
+	OpenSSL_add_all_algorithms();
+	ERR_load_crypto_strings();
+
+	/* Read in recipient certificate and private key */
+	tbio = BIO_new_file("signer.pem", "r");
+
+	if (!tbio)
+		goto err;
+
+	rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+	BIO_reset(tbio);
+
+	rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+	if (!rcert || !rkey)
+		goto err;
+
+	/* Open content being signed */
+
+	in = BIO_new_file("smencr.txt", "r");
+
+	if (!in)
+		goto err;
+
+	/* Sign content */
+	p7 = SMIME_read_PKCS7(in, NULL);
+
+	if (!p7)
+		goto err;
+
+	out = BIO_new_file("encrout.txt", "w");
+	if (!out)
+		goto err;
+
+	/* Decrypt S/MIME message */
+	if (!PKCS7_decrypt(p7, rkey, rcert, out, 0))
+		goto err;
+
+	ret = 0;
+
+	err:
+
+	if (ret)
+		{
+		fprintf(stderr, "Error Signing Data\n");
+		ERR_print_errors_fp(stderr);
+		}
+
+	if (p7)
+		PKCS7_free(p7);
+	if (rcert)
+		X509_free(rcert);
+	if (rkey)
+		EVP_PKEY_free(rkey);
+
+	if (in)
+		BIO_free(in);
+	if (out)
+		BIO_free(out);
+	if (tbio)
+		BIO_free(tbio);
+
+	return ret;
+
+	}
+
+
+
+
diff --git a/lib/libssl/src/demos/smime/smenc.c b/lib/libssl/src/demos/smime/smenc.c
new file mode 100644
index 00000000000..77dd732fc16
--- /dev/null
+++ b/lib/libssl/src/demos/smime/smenc.c
@@ -0,0 +1,92 @@
+/* Simple S/MIME encrypt example */
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+	{
+	BIO *in = NULL, *out = NULL, *tbio = NULL;
+	X509 *rcert = NULL;
+	STACK_OF(X509) *recips = NULL;
+	PKCS7 *p7 = NULL;
+	int ret = 1;
+
+	/*
+	 * On OpenSSL 0.9.9 only:
+	 * for streaming set PKCS7_STREAM
+	 */
+	int flags = PKCS7_STREAM;
+
+	OpenSSL_add_all_algorithms();
+	ERR_load_crypto_strings();
+
+	/* Read in recipient certificate */
+	tbio = BIO_new_file("signer.pem", "r");
+
+	if (!tbio)
+		goto err;
+
+	rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+	if (!rcert)
+		goto err;
+
+	/* Create recipient STACK and add recipient cert to it */
+	recips = sk_X509_new_null();
+
+	if (!recips || !sk_X509_push(recips, rcert))
+		goto err;
+
+	/* sk_X509_pop_free will free up recipient STACK and its contents
+	 * so set rcert to NULL so it isn't freed up twice.
+	 */
+	rcert = NULL;
+
+	/* Open content being encrypted */
+
+	in = BIO_new_file("encr.txt", "r");
+
+	if (!in)
+		goto err;
+
+	/* encrypt content */
+	p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
+
+	if (!p7)
+		goto err;
+
+	out = BIO_new_file("smencr.txt", "w");
+	if (!out)
+		goto err;
+
+	/* Write out S/MIME message */
+	if (!SMIME_write_PKCS7(out, p7, in, flags))
+		goto err;
+
+	ret = 0;
+
+	err:
+
+	if (ret)
+		{
+		fprintf(stderr, "Error Encrypting Data\n");
+		ERR_print_errors_fp(stderr);
+		}
+
+	if (p7)
+		PKCS7_free(p7);
+	if (rcert)
+		X509_free(rcert);
+	if (recips)
+		sk_X509_pop_free(recips, X509_free);
+
+	if (in)
+		BIO_free(in);
+	if (out)
+		BIO_free(out);
+	if (tbio)
+		BIO_free(tbio);
+
+	return ret;
+
+	}
diff --git a/lib/libssl/src/demos/smime/smsign.c b/lib/libssl/src/demos/smime/smsign.c
new file mode 100644
index 00000000000..ba78830cff0
--- /dev/null
+++ b/lib/libssl/src/demos/smime/smsign.c
@@ -0,0 +1,89 @@
+/* Simple S/MIME signing example */
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+	{
+	BIO *in = NULL, *out = NULL, *tbio = NULL;
+	X509 *scert = NULL;
+	EVP_PKEY *skey = NULL;
+	PKCS7 *p7 = NULL;
+	int ret = 1;
+
+	/* For simple S/MIME signing use PKCS7_DETACHED.
+	 * On OpenSSL 0.9.9 only:
+	 * for streaming detached set PKCS7_DETACHED|PKCS7_STREAM
+	 * for streaming non-detached set PKCS7_STREAM
+	 */
+	int flags = PKCS7_DETACHED|PKCS7_STREAM;
+
+	OpenSSL_add_all_algorithms();
+	ERR_load_crypto_strings();
+
+	/* Read in signer certificate and private key */
+	tbio = BIO_new_file("signer.pem", "r");
+
+	if (!tbio)
+		goto err;
+
+	scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+	BIO_reset(tbio);
+
+	skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+	if (!scert || !skey)
+		goto err;
+
+	/* Open content being signed */
+
+	in = BIO_new_file("sign.txt", "r");
+
+	if (!in)
+		goto err;
+
+	/* Sign content */
+	p7 = PKCS7_sign(scert, skey, NULL, in, flags);
+
+	if (!p7)
+		goto err;
+
+	out = BIO_new_file("smout.txt", "w");
+	if (!out)
+		goto err;
+
+	if (!(flags & PKCS7_STREAM))
+		BIO_reset(in);
+
+	/* Write out S/MIME message */
+	if (!SMIME_write_PKCS7(out, p7, in, flags))
+		goto err;
+
+	ret = 0;
+
+	err:
+
+	if (ret)
+		{
+		fprintf(stderr, "Error Signing Data\n");
+		ERR_print_errors_fp(stderr);
+		}
+
+	if (p7)
+		PKCS7_free(p7);
+	if (scert)
+		X509_free(scert);
+	if (skey)
+		EVP_PKEY_free(skey);
+
+	if (in)
+		BIO_free(in);
+	if (out)
+		BIO_free(out);
+	if (tbio)
+		BIO_free(tbio);
+
+	return ret;
+
+	}
diff --git a/lib/libssl/src/demos/smime/smsign2.c b/lib/libssl/src/demos/smime/smsign2.c
new file mode 100644
index 00000000000..ff835c568c8
--- /dev/null
+++ b/lib/libssl/src/demos/smime/smsign2.c
@@ -0,0 +1,107 @@
+/* S/MIME signing example: 2 signers. OpenSSL 0.9.9 only */
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+	{
+	BIO *in = NULL, *out = NULL, *tbio = NULL;
+	X509 *scert = NULL, *scert2 = NULL;
+	EVP_PKEY *skey = NULL, *skey2 = NULL;
+	PKCS7 *p7 = NULL;
+	int ret = 1;
+
+	OpenSSL_add_all_algorithms();
+	ERR_load_crypto_strings();
+
+	tbio = BIO_new_file("signer.pem", "r");
+
+	if (!tbio)
+		goto err;
+
+	scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+	BIO_reset(tbio);
+
+	skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+	BIO_free(tbio);
+
+	tbio = BIO_new_file("signer2.pem", "r");
+
+	if (!tbio)
+		goto err;
+
+	scert2 = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+	BIO_reset(tbio);
+
+	skey2 = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+	if (!scert2 || !skey2)
+		goto err;
+
+	in = BIO_new_file("sign.txt", "r");
+
+	if (!in)
+		goto err;
+
+	p7 = PKCS7_sign(NULL, NULL, NULL, in, PKCS7_STREAM|PKCS7_PARTIAL);
+
+	if (!p7)
+		goto err;
+
+	/* Add each signer in turn */
+
+	if (!PKCS7_sign_add_signer(p7, scert, skey, NULL, 0))
+		goto err;
+
+	if (!PKCS7_sign_add_signer(p7, scert2, skey2, NULL, 0))
+		goto err;
+
+	out = BIO_new_file("smout.txt", "w");
+	if (!out)
+		goto err;
+
+	/* NB: content included and finalized by SMIME_write_PKCS7 */
+
+	if (!SMIME_write_PKCS7(out, p7, in, PKCS7_STREAM))
+		goto err;
+
+	ret = 0;
+
+	err:
+
+	if (ret)
+		{
+		fprintf(stderr, "Error Signing Data\n");
+		ERR_print_errors_fp(stderr);
+		}
+
+	if (p7)
+		PKCS7_free(p7);
+
+	if (scert)
+		X509_free(scert);
+	if (skey)
+		EVP_PKEY_free(skey);
+
+	if (scert2)
+		X509_free(scert2);
+	if (skey)
+		EVP_PKEY_free(skey2);
+
+	if (in)
+		BIO_free(in);
+	if (out)
+		BIO_free(out);
+	if (tbio)
+		BIO_free(tbio);
+
+	return ret;
+
+	}
+
+
+
+
diff --git a/lib/libssl/src/demos/smime/smver.c b/lib/libssl/src/demos/smime/smver.c
new file mode 100644
index 00000000000..9d360c273a3
--- /dev/null
+++ b/lib/libssl/src/demos/smime/smver.c
@@ -0,0 +1,87 @@
+/* Simple S/MIME verification example */
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+	{
+	BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL;
+	X509_STORE *st = NULL;
+	X509 *cacert = NULL;
+	PKCS7 *p7 = NULL;
+
+	int ret = 1;
+
+	OpenSSL_add_all_algorithms();
+	ERR_load_crypto_strings();
+
+	/* Set up trusted CA certificate store */
+
+	st = X509_STORE_new();
+
+	/* Read in signer certificate and private key */
+	tbio = BIO_new_file("cacert.pem", "r");
+
+	if (!tbio)
+		goto err;
+
+	cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+	if (!cacert)
+		goto err;
+
+	if (!X509_STORE_add_cert(st, cacert))
+		goto err;
+
+	/* Open content being signed */
+
+	in = BIO_new_file("smout.txt", "r");
+
+	if (!in)
+		goto err;
+
+	/* Sign content */
+	p7 = SMIME_read_PKCS7(in, &cont);
+
+	if (!p7)
+		goto err;
+
+	/* File to output verified content to */
+	out = BIO_new_file("smver.txt", "w");
+	if (!out)
+		goto err;
+
+	if (!PKCS7_verify(p7, NULL, st, cont, out, 0))
+		{
+		fprintf(stderr, "Verification Failure\n");
+		goto err;
+		}
+
+	fprintf(stderr, "Verification Successful\n");
+
+	ret = 0;
+
+	err:
+
+	if (ret)
+		{
+		fprintf(stderr, "Error Verifying Data\n");
+		ERR_print_errors_fp(stderr);
+		}
+
+	if (p7)
+		PKCS7_free(p7);
+
+	if (cacert)
+		X509_free(cacert);
+
+	if (in)
+		BIO_free(in);
+	if (out)
+		BIO_free(out);
+	if (tbio)
+		BIO_free(tbio);
+
+	return ret;
+
+	}