S/MIME v3 Freeware Library

Finkelstein Gilad | 1 Jul 2001 09:53

problem with auto_hi and other questions

hi All,

I have few questions regarding the overall use of SFL and the auto_hi test program

I am new to SFL and would like to be able to run the simplest program test that works doing somthing with an allready available configure file (and pri key,pub key certificate what ever etc..)

I was able to compile the auto_hi (without BSAFE which I dont have, I only have crypto++4.1 and a pkcs11 package) test program but run into some problems (which seems to be the inability to login to the free ctil )

my auto_hi program is compiled for use with the free crypto++ only.

I run the following g.cfg file:

output=1

number_of_runs=1

AddressBook=./certs/mabRecips.dat

Logins=./LoginsAllDLLFree2.cfg

hi_tests=auto_hi_g

[auto_hi_g]

LO_TestDN 304a310b300906035504061302555331163014060355040a130d555320474f5645524e4d454e543111300f060355040b130856444120536974653110300e0603550403130756444120504341

Generate_Cert ./certs/config.d/COMMONUser1.cfg COMMONUser1

Validate_Cert ./certs/config.d/BugsDsa2.out

the LoginsAllDLLFree2.cfg is simply:

[Logins]

Description=Logins for this execution!

Login1=DLLLoginFREE_FULL_LOGIN

[DLLLoginFREE_FULL_LOGIN]

LoginType=DLLLogin

BuildArgs=sm_free3DLL ElmoRocks ./free_ab.dat FREE3DLL

DLLFile=./sm_free3DLL

-------------------------------------------------------------------------------------------------

the first test seemd ok (LO_TestDN )

the Generate_Cert test return some error:

the third verify_cert fails and stops every thing what is wrong(itried

CL_SignMsg::Sign ./hilevel/Create/SignedData_NOSIs.cfg

and others with similar resualts)?

The oputput:

E:\smpd\SMIME\test>E:\smpd\SMIME\test\auto_hi.exe E:\smpd\SMIME\test\gCfg.cfg

SM_CfgCheckDN: filling; all DNs should contain data... <<---------first test
SM_CfgCheckDN: Set/Decode smDn=C=US <at> O=US GOVERNMENT <at> OU=VDA Site <at> CN=VDA PCA
CSM_DN Constructor pSmDn=C=US <at> O=US GOVERNMENT <at> OU=VDA Site <at> CN=VDA PCA

SNACC Name Constructor pSmDn2=C=US <at> O=US GOVERNMENT <at> OU=VDA Site <at> CN=VDA PCA

encoded ASN Constructor pSmDn2=C=US <at> O=US GOVERNMENT <at> OU=VDA Site <at> CN=VDA PCA

SM_CfgCheckDN: successfully compared DNs.
SM_CfgCheckDN: successfully compared DNs.
SUCCESS ON 0:auto_hi_g LO_TestDN 304a310b300906035504061302555331163014060355040a130d555320474f5645524e4d454e543111300f0
60355040b130856444120536974653110300e0603550403130756444120504341 ######################
cfg_cert: no public_key= keyword, defaulted=|dummy_pubkey|. <<---------second test
in SM_CfgSetLoginUseThis
sm_CfgCert: FAILED on SM_CfgCertSign call on Common1Login login.
SUCCESS ON 0:auto_hi_g Generate_Cert ./certs/config.d/COMMONUser1.out COMMONUser1 ######################
ERROR INFORMATION AND STACK: <<---------third test

ERROR INFORMATION: MUST HAVE valid Instance from Issuer
        ERROR CODE: 9999        SOURCE LINE NUMBER: 207
        FILE: E:\smpd\SMIME\testsrc\util\sm_Autohif.cpp
        FUNCTION: SM_HiTestValCert

#### auto_hi_g Validate_Cert ./certs/config.d/BugsDsa2.out ###### IN E:\smpd\SMIME\testsrc\util\sm_Autohif.cpp, line 48
7.
SM_Autohi_MAIN IN E:\smpd\SMIME\testsrc\hilevel\sm_Autohi.cpp, line 172.

What I look for now is a simple one time unit test to see my build was OK.(do login encryot decrypt and exit)

I tried a simple C program that executes the SM_CreateCSMIME((SM_OBJECT **)&pCSMIME,

"sm_free3DLL.DLL",

"sm_FREE3DLL E:/sfl/SMIME/test/certs/DaisyRsaExts.out E:/sfl/SMIME/test/certs/certs/private.d/DaisyRsaF3X_8.dat ElmoRocks sm_FREE3") (my installation is in e:/sfl)

It compiles and links but gives the same error I get from the auto_hi program. what am I doing wrong ?

What need i do to integrate the same test for use with the free pkcs11 CTIL (using my pkcs11 vendore package) ?

General question:

1.What is the hi_level function the application programer would use eventually what is the meening of functions prifix SM_,CL_,FREE_SMTI_, LO_ functions are they all just for the test util or used also in the application that i would write?

2. As I understand a typicall program would first login(by way of INIT ?)differently to a certine CTIL and then execute the hi_level functions

3. the connection between the pkcs11 CTIL and the pkcs11 code is done in run timeby way of dinamcly loading the pkcs11 dll ?

Thanks for the help.

Gilad

finkelg <at> arx.com

headers

Pawling, John | 3 Jul 2001 19:44

RE: Réf. : RE: Netscape interoperability


Eric,

That is quite possible.  RFC 2459 (Internet X.509 PKI Certificate and CRL
Profile) states: 

   CAs conforming to this profile MUST always encode certificate
   validity dates through the year 2049 as UTCTime; certificate validity
   dates in 2050 or later MUST be encoded as GeneralizedTime.

By the way, Bob Colestock was able to successfully import your PKCS #12 file
(including GeneralizedTime) into MS Outlook.

===========================================
John Pawling, John.Pawling <at> GetronicsGov.com
Getronics Government Solutions, LLC
===========================================

-----Original Message-----
From: eboudreault <at> motus.com [mailto:eboudreault <at> motus.com]
Sent: Tuesday, July 03, 2001 1:39 PM
To: Pawling, John
Cc: imc-sfl <at> imc.org
Subject: Réf. : RE: Netscape interoperability

Mr. Pawling,

Is it possible that Netscape did not recognize GeneralizedTime ????

My certificate in the PFX file that i have sent to you was generated with
GeneralizedTime.  I have try to generate the same crtificate with UTCTime
and Netscape was able to import my certificates and private key in his data
base.

Thanks.

**************************************************************************
Eric Boudreault
------------------------------------------------
Programmeur
------------------------------------------------
Motus Technologies
390, St-Vallier Est
Bureau 100
Québec, Qc
G1K 3P6
Tél.: 521-2100  ext.#242
Fax.: 521-2101
courriel: eboudreault <at> motus.com
**************************************************************************


                    "Pawling, John"

                    <John.Pawling <at> Getroni        Pour :
"'eboudreault <at> motus.com'" <eboudreault <at> motus.com>,                
                    csGov.com>                   imc-sfl <at> imc.org

                                                 cc :

                    29/06/01 10:09               Objet :      RE: Netscape
interoperability                                

Eric,

Bob Colestock was able to successfully import your PKCS #12 file into MS
Outlook.  We will test it with Netscape.  There are differences in the way
that Microsoft and Netscape implemented PKCS #12 (especially in earlier
releases).  We hope to have more info for you later today.

===========================================
John Pawling, John.Pawling <at> GetronicsGov.com
Getronics Government Solutions, LLC
===========================================

-----Original Message-----
From: eboudreault <at> motus.com [mailto:eboudreault <at> motus.com]
Sent: Thursday, June 28, 2001 5:16 PM
To: imc-sfl <at> imc.org
Subject: Netscape interoperability

Hi,

I am in the interoperability tests with Netscape and i have problems to
import my certificates.  They are all in a PKCS-12 file generated by my
library.  The problem is that the browser always pop this message with
Netscape 6.01:  "The certificate and private key already exist on the
security device.".  With older versions (4.x) it crash every time.

Can you help me with that ????

There is the file that i have problems with :  (the password is "eric")

(See attached file: Test_Netscape_1.p12)

Thanks.

**************************************************************************
Eric Boudreault
------------------------------------------------
Programmeur
------------------------------------------------
Motus Technologies
390, St-Vallier Est
Bureau 100
Québec, Qc
G1K 3P6
Tél.: 521-2100  ext.#242
Fax.: 521-2101
courriel: eboudreault <at> motus.com
**************************************************************************

headers

eboudreault | 3 Jul 2001 19:38

Réf. : RE: Netscape interoperability


Mr. Pawling,

Is it possible that Netscape did not recognize GeneralizedTime ????

My certificate in the PFX file that i have sent to you was generated with
GeneralizedTime.  I have try to generate the same crtificate with UTCTime
and Netscape was able to import my certificates and private key in his data
base.

Thanks.

**************************************************************************
Eric Boudreault
------------------------------------------------
Programmeur
------------------------------------------------
Motus Technologies
390, St-Vallier Est
Bureau 100
Québec, Qc
G1K 3P6
Tél.: 521-2100  ext.#242
Fax.: 521-2101
courriel: eboudreault <at> motus.com
**************************************************************************


                                                                                                                           
                    "Pawling, John"                                                                                        
                    <John.Pawling <at> Getroni        Pour :  "'eboudreault <at> motus.com'" <eboudreault <at> motus.com>,                
                    csGov.com>                   imc-sfl <at> imc.org                                                           
                                                 cc :                                                                      
                    29/06/01 10:09               Objet :      RE: Netscape interoperability                                

Eric,

Bob Colestock was able to successfully import your PKCS #12 file into MS
Outlook.  We will test it with Netscape.  There are differences in the way
that Microsoft and Netscape implemented PKCS #12 (especially in earlier
releases).  We hope to have more info for you later today.

===========================================
John Pawling, John.Pawling <at> GetronicsGov.com
Getronics Government Solutions, LLC
===========================================

-----Original Message-----
From: eboudreault <at> motus.com [mailto:eboudreault <at> motus.com]
Sent: Thursday, June 28, 2001 5:16 PM
To: imc-sfl <at> imc.org
Subject: Netscape interoperability

Hi,

I am in the interoperability tests with Netscape and i have problems to
import my certificates.  They are all in a PKCS-12 file generated by my
library.  The problem is that the browser always pop this message with
Netscape 6.01:  "The certificate and private key already exist on the
security device.".  With older versions (4.x) it crash every time.

Can you help me with that ????

There is the file that i have problems with :  (the password is "eric")

(See attached file: Test_Netscape_1.p12)

Thanks.

**************************************************************************
Eric Boudreault
------------------------------------------------
Programmeur
------------------------------------------------
Motus Technologies
390, St-Vallier Est
Bureau 100
Québec, Qc
G1K 3P6
Tél.: 521-2100  ext.#242
Fax.: 521-2101
courriel: eboudreault <at> motus.com
**************************************************************************

headers

tuzi | 5 Jul 2001 11:40

Problem when verifying a signed message without SignerInfo


imc-sfl，

	When I use the  function CSM_MsgToVerify::Verify(pCSMIME) to verify
a signed mail which doesn't include any SignerInfo ( set SetIncludeOrigCertsFlag(0)
when you generate it) mail, I found some flaw, or say bug, in SFL. As I traced into the 
CSM_DataToVerify::Verify[1] function, I found that the program will only do
some empty loop because the condition "if (tmpSI->AccessCerts())" will never be met.
Does this mean that such a mail will never be actually verified?

	My question is: If user A send me a signed mail wich does not contain
any SignerInfo. And fortunately I can obtain A's public key and Signerinfo
from a earlier mail. How can I use his public key to verify the new mail?

Thank you very much.

[1]There are too many funcitons that named Verify. The prototype of the one that
	I referred to is
CSM_DataToVerify::Verify(
    CSMIME          *pCSMIME,              // IN, logged-on Instance list
    CSM_Buffer      *pOriginalEncapContent,// IN, optional content if not in SD
    CSM_MsgCertCrls *pMsgCertCrls,         // IN, Originator(s) certs+++
    CSM_MsgSignerInfos *pMsgSignerInfos)

sincerely

            tuzi
            tuzi <at> 126.com

headers

Finkelstein Gilad | 5 Jul 2001 16:15

simple C program

Hi every one,

Can some one send me a simple C program demonstrating the use of SM_CreateCSMIME function

which I believe is the start of the program ?

I only have compiled the crypto++4.1 so please send something appropriate.

It seems my own program falls when triing to execute that function.

Thanks.

Gilad

headers

tuzi | 6 Jul 2001 10:48

bugs when decoding tampered signed message


imc-sfl，

	SFL will get core dump when decoding some tampered signed message. To 
perform te test, you should generate a single part message first. Open it
with a text editor, find the base64 encoded body, and modify the first 'M'
as 'N', or anything else. Now you can try to decode this tampered mail.
	This will cause the mimetest program to be core dumped. I checked the
core, and put the backtrace info at the end of the mail. The bug occurs
when it tries to create a buffer for the ContentInfoMsg. Core dump is not
a good behavior, I prefer a exception or a return code. Please check
this problem when you have time.
	Thanks very much.

(gdb) bt
#0  CSM_Buffer::Length (this=0x0) at c++/sm_buffer.cpp:149
#1  0xdfdd43e0 in CSM_Buffer::Get (this=0x0, l= <at> 0x8046a1c) at c++/sm_buffer.cpp:393
#2  0xdfdd4908 in CSM_Buffer::ReSet (this=0x8242828, b=<incomplete type>)
    at c++/sm_buffer.cpp:492
#3  0xdfdd37bf in CSM_Buffer::CSM_Buffer (this=0x8242828, b=<incomplete type>)
    at c++/sm_buffer.cpp:115
#4  0x8143fe1 in CSM_ContentInfoMsg::CSM_ContentInfoMsg () at ../include/sm_Report.h:303
#5  0x80b37cf in SM_mimeSinglePart (lpszSDCfgFileName=0x0, pCsmime=0x82354e8, 
    CIData=<incomplete type>, lpszContentFile=0x8046d08 "./tuzi/aaa.eml.cnt", output_flag=1)
    at sm_mimeTest.cpp:1125
#6  0x80aee3a in sm_mimeDecode_Basicmessage (msg=0x8240ef0, 
    lpszINFileName=0x8047324 "./tuzi/aaa.eml", pCsmime=0x82354e8) at sm_mimeTest.cpp:201
#7  0x80ae72f in sm_mimeDecode (lpszINFileName=0x8047324 "./tuzi/aaa.eml", 
    lpszSDCfgFileName=0x8047228 "./tuzi/tuziSMIME.cfg", pCsmime=0x82354e8, output_flag=1, 
    verify_flag=1) at sm_mimeTest.cpp:135
#8  0x80ba462 in SM_AutoHiFunction (pszTestFile=0x8047aad "mimetest.cfg", pCSMIME=0x82354e8, 
    pszTestSection=0x80477c8 "auto_hi", output_flag=1, verify_flag=true, lCAPI=0)
    at sm_Autohif.cpp:517
#9  0x80b7aaa in main (argc=2, argv=0x8047958) at sm_Autohi.cpp:186

sincerely

            tuzi
            tuzi <at> 126.com

headers

Colestock, Robert | 9 Jul 2001 16:18

RE: Problem when verifying a signed message without SignerInfo


Tuzi:

I am not sure what you are trying to do, but you CANNOT take a SignerInfo
from a previous message and verify the present message.  You can take the
certificate from a previous message and use it on the current message's
SignerInfo.

I will assume you intend to verify an existing SignerInfo, but the signing
certificate was not in the SignedData.  In this case, the SFL code behaves
as intended,  the PreProc(...) operation decodes the message, then the
calling application calls Verify(...).  In this case, it is up to the
application to determine that the public key is missing and provide it.
There in an example of such a check in the CL_MsgToVerify::Check(...) method
(in ./SMIME/testsrc/util/CL_MsgToVerify.cpp).  It is up to the application
to retrieve the key on demand and store it in the appropriate matching
SignerInfo (based on SID).  When this extra step is performed, then the
check you mention below will succeed.  If there are no certificates
available, the verify operation cannot proceed.

If this example code is not clear enough, please e-mail back and I will
extract the few statements necessary to check, then load a certificate to
the appropriate SignerInfo.

Bob Colestock
VDA

-----Original Message-----
From: tuzi [mailto:tuzi <at> 126.com]
Sent: Thursday, July 05, 2001 5:40 AM
To: imc-sfl <at> imc.org
Subject: Problem when verifying a signed message without SignerInfo

imc-sfl，

	When I use the  function CSM_MsgToVerify::Verify(pCSMIME) to verify
a signed mail which doesn't include any SignerInfo ( set
SetIncludeOrigCertsFlag(0)
when you generate it) mail, I found some flaw, or say bug, in SFL. As I
traced into the 
CSM_DataToVerify::Verify[1] function, I found that the program will only do
some empty loop because the condition "if (tmpSI->AccessCerts())" will never
be met.
Does this mean that such a mail will never be actually verified?

	My question is: If user A send me a signed mail wich does not
contain
any SignerInfo. And fortunately I can obtain A's public key and Signerinfo
from a earlier mail. How can I use his public key to verify the new mail?

Thank you very much.

[1]There are too many funcitons that named Verify. The prototype of the one
that
	I referred to is
CSM_DataToVerify::Verify(
    CSMIME          *pCSMIME,              // IN, logged-on Instance list
    CSM_Buffer      *pOriginalEncapContent,// IN, optional content if not in
SD
    CSM_MsgCertCrls *pMsgCertCrls,         // IN, Originator(s) certs+++
    CSM_MsgSignerInfos *pMsgSignerInfos)

sincerely

            tuzi
            tuzi <at> 126.com

headers

eboudreault | 10 Jul 2001 15:58

CSM_Free3::SMTI_DigestData


Hi,

I want to know why we do not use CryptoPP::SHA when we want to do hash with
SHA algorithm ?????   (we use internal function)

/***************************************************************************************/

(line 2134)
//////////////////////////////////////////////////////////////////////////
// SMTI_DigestData uses CSM_Common for SHA1 and Crypto++ for MD5
SM_RET_VAL CSM_Free3::SMTI_DigestData(
            CSM_Buffer *pData, // input
            CSM_Buffer *pDigest) // output
{
   CSM_OID *poidDigest = NULL;
   char *pchData;
   long lBytesRead;

   SME_SETUP("CSM_Free3::SMTI_DigestData");

   // find out what the preferred digest alg is
   if ((poidDigest = GetPrefDigest()) == NULL)
      SME_THROW(SM_FREE_NO_DIGEST_ALG, NULL, NULL);

   if (*poidDigest == sha_1 || *poidDigest == id_dsa_with_sha1 ||
//       *poidDigest == sha_1WithRSAEncryption_ALT ||
       *poidDigest == sha_1WithRSAEncryption)
   {
      // do SHA1 digest using common CTI
      SME(CSM_Common::SMTI_DigestData(pData, pDigest));
   }
   else if (*poidDigest == md5 ||
            *poidDigest == md5WithRSAEncryption)
   {
      bool bLastBlock = false; // set to true when this is the last block
      // do MD5 digest
      MD5 md5;
....
}
/***************************************************************************************/

CSM_Free3 is not supposed to use Crypto++ library ?????

Thanks.

**************************************************************************
Eric Boudreault
------------------------------------------------
Programmeur
------------------------------------------------
Motus Technologies
390, St-Vallier Est
Bureau 100
Québec, Qc
G1K 3P6
Tél.: 521-2100  ext.#242
Fax.: 521-2101
courriel: eboudreault <at> motus.com
**************************************************************************

headers

Colestock, Robert | 10 Jul 2001 20:30

RE: CSM_Free3::SMTI_DigestData


Eric:

This version was already tested with our software; it is un-encumbered (no
licensing issues); it works...

You are certainly welcome to use the internal version if you wish, it should
work the same.  As provided in the SFL, the SHA-1 and SHA-2 hashes are
currently available without a CTIL.

Bob Colestock
VDA.

-----Original Message-----
From: eboudreault <at> motus.com [mailto:eboudreault <at> motus.com]
Sent: Tuesday, July 10, 2001 8:58 AM
To: imc-sfl <at> imc.org
Subject: CSM_Free3::SMTI_DigestData

Hi,

I want to know why we do not use CryptoPP::SHA when we want to do hash with
SHA algorithm ?????   (we use internal function)

/***************************************************************************
************/

(line 2134)
//////////////////////////////////////////////////////////////////////////
// SMTI_DigestData uses CSM_Common for SHA1 and Crypto++ for MD5
SM_RET_VAL CSM_Free3::SMTI_DigestData(
            CSM_Buffer *pData, // input
            CSM_Buffer *pDigest) // output
{
   CSM_OID *poidDigest = NULL;
   char *pchData;
   long lBytesRead;

   SME_SETUP("CSM_Free3::SMTI_DigestData");

   // find out what the preferred digest alg is
   if ((poidDigest = GetPrefDigest()) == NULL)
      SME_THROW(SM_FREE_NO_DIGEST_ALG, NULL, NULL);

   if (*poidDigest == sha_1 || *poidDigest == id_dsa_with_sha1 ||
//       *poidDigest == sha_1WithRSAEncryption_ALT ||
       *poidDigest == sha_1WithRSAEncryption)
   {
      // do SHA1 digest using common CTI
      SME(CSM_Common::SMTI_DigestData(pData, pDigest));
   }
   else if (*poidDigest == md5 ||
            *poidDigest == md5WithRSAEncryption)
   {
      bool bLastBlock = false; // set to true when this is the last block
      // do MD5 digest
      MD5 md5;
....
}
/***************************************************************************
************/

CSM_Free3 is not supposed to use Crypto++ library ?????

Thanks.

**************************************************************************
Eric Boudreault
------------------------------------------------
Programmeur
------------------------------------------------
Motus Technologies
390, St-Vallier Est
Bureau 100
Québec, Qc
G1K 3P6
Tél.: 521-2100  ext.#242
Fax.: 521-2101
courriel: eboudreault <at> motus.com
**************************************************************************

headers

eboudreault | 10 Jul 2001 22:05

CSM_Free3::GeneratePBEKey


Hi,

I want to know if this function is supposed to be compatible with PKCS-5
????

If yes, it have a small bug.

This the code now :

CSM_Buffer* CSM_Free3::GeneratePBEKey(CSM_Buffer *pbufSalt, int nIterCount,
                                     char *pszPassword)
{
.....
   CSM_OID o(md5);
.....
   int temp = strlen(pszPassword);;
   if (temp > (16)) //pbufSalt->Length()))
      temp = 16; //pbufSalt->Length();
   SME(pK->Write(pszPassword, temp));
   if (16-temp > 0)
   {
      SME(pK->Write(pbufSalt->Access(),
         16-temp)); //pbufSalt->Length()))
   }
    //  SME(pK->Write(pbufSalt->Access(),
        // )); //pbufSalt->Length()));

#ifdef NODEF
   SME(pK->Write(pszPassword, strlen(pszPassword)));
   SME(pK->Write(pbufSalt->Access(),
         pbufSalt->Length()));
#endif
.....
   // at this point, pK has the key, delete Temp
   delete (pTemp);
.....
}

There is the correction :

CSM_Buffer* CSM_Free3::GeneratePBEKey(CSM_Buffer *pbufSalt, int nIterCount,
char *pszPassword, AsnOid hashOid, int nKeyLength)
{
     .....
     CSM_OID o(hashOid);
     .....
     if ( o == md5)
          if (nKeyLength > 16)
               SME_THROW(???????????);
     else if (0 = sha1)
          if (nKeyLength > 20)
               SME_THROW(???????????);
     else
          SME_THROW(???????????);

     int temp = strlen(pszPassword);
     SME(pK->Write(pszPassword, temp));
     SME(pK->Write(pbufSalt->Access(), pbufSalt->Length()));
     .....
     if (pTemp)
          delete (pTemp);
     pTemp = new CSM_Buffer();
     pTemp->Set(pK->Access(), nKeyLength);
     pK = pTemp;
     .....
}

Thanks.
**************************************************************************
Eric Boudreault
------------------------------------------------
Programmeur
------------------------------------------------
Motus Technologies
390, St-Vallier Est
Bureau 100
Québec, Qc
G1K 3P6
Tél.: 521-2100  ext.#242
Fax.: 521-2101
courriel: eboudreault <at> motus.com
**************************************************************************

1	January 2010
1	August 2007
4	May 2007
2	October 2006
2	December 2005
1	August 2005
2	April 2005
4	March 2005
2	February 2005
1	November 2004
4	October 2004
3	August 2004
3	July 2004
3	June 2004
11	March 2004
14	November 2003
4	September 2003
3	August 2003
2	June 2003
2	May 2003
9	April 2003
6	February 2003
1	January 2003
1	November 2002
2	October 2002
3	September 2002
7	August 2002
6	July 2002
4	June 2002
11	May 2002
9	April 2002
24	March 2002
3	February 2002
4	January 2002
9	December 2001
14	November 2001
8	October 2001
2	September 2001
15	August 2001
22	July 2001
24	June 2001
20	May 2001
4	April 2001
23	March 2001
1	February 2001
6	December 2000
4	November 2000
5	October 2000
9	September 2000
24	August 2000
15	July 2000
24	June 2000
15	May 2000
17	April 2000
1	March 2000
6	February 2000
6	January 2000
1	December 1999
4	November 1999
3	October 1999
17	September 1999
5	August 1999
6	June 1999
1	April 1999
1	March 1999
7	January 1999
1	December 1998
3	November 1998
3	October 1998
7	September 1998
4	August 1998
4	July 1998
2	May 1998
11	April 1998
13	March 1998

Mon	Tue	Wed	Thu	Fri	Sat	Sun

						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31