import of OpenSSL 0.9.8h

47 files changed, 10938 insertions, 0 deletions

diff --git a/src/lib/libcrypto/LPdir_nyi.c b/src/lib/libcrypto/LPdir_nyi.c
new file mode 100644
index 0000000000..6c1a50e6a8
--- /dev/null
+++ b/src/lib/libcrypto/LPdir_nyi.c
@@ -0,0 +1,42 @@
+/* $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef LPDIR_H
+#include "LPdir.h"
+#endif
+
+struct LP_dir_context_st { void *dummy; };
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+        {
+        errno = EINVAL;
+        return 0;
+        }
+int LP_find_file_end(LP_DIR_CTX **ctx)
+        {
+        errno = EINVAL;
+        return 0;
+        }
diff --git a/src/lib/libcrypto/LPdir_unix.c b/src/lib/libcrypto/LPdir_unix.c
new file mode 100644
index 0000000000..b004cd99e8
--- /dev/null
+++ b/src/lib/libcrypto/LPdir_unix.c
@@ -0,0 +1,127 @@
+/* $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <string.h>
+#include <sys/types.h>
+#include <dirent.h>
+#include <errno.h>
+#ifndef LPDIR_H
+#include "LPdir.h"
+#endif
+
+/* The POSIXly macro for the maximum number of characters in a file path
+   is NAME_MAX.  However, some operating systems use PATH_MAX instead.
+   Therefore, it seems natural to first check for PATH_MAX and use that,
+   and if it doesn't exist, use NAME_MAX. */
+#if defined(PATH_MAX)
+# define LP_ENTRY_SIZE PATH_MAX
+#elif defined(NAME_MAX)
+# define LP_ENTRY_SIZE NAME_MAX
+#endif
+
+/* Of course, there's the possibility that neither PATH_MAX nor NAME_MAX
+   exist.  It's also possible that NAME_MAX exists but is define to a
+   very small value (HP-UX offers 14), so we need to check if we got a
+   result, and if it meets a minimum standard, and create or change it
+   if not. */
+#if !defined(LP_ENTRY_SIZE) || LP_ENTRY_SIZE<255
+# undef LP_ENTRY_SIZE
+# define LP_ENTRY_SIZE 255
+#endif
+
+struct LP_dir_context_st
+{
+  DIR *dir;
+  char entry_name[LP_ENTRY_SIZE+1];
+};
+
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+  struct dirent *direntry = NULL;
+
+  if (ctx == NULL || directory == NULL)
+    {
+      errno = EINVAL;
+      return 0;
+    }
+
+  errno = 0;
+  if (*ctx == NULL)
+    {
+      *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
+      if (*ctx == NULL)
+        {
+          errno = ENOMEM;
+          return 0;
+        }
+      memset(*ctx, '\0', sizeof(LP_DIR_CTX));
+
+      (*ctx)->dir = opendir(directory);
+      if ((*ctx)->dir == NULL)
+        {
+          int save_errno = errno; /* Probably not needed, but I'm paranoid */
+          free(*ctx);
+          *ctx = NULL;
+          errno = save_errno;
+          return 0;
+        }
+    }
+
+  direntry = readdir((*ctx)->dir);
+  if (direntry == NULL)
+    {
+      return 0;
+    }
+
+  strncpy((*ctx)->entry_name, direntry->d_name, sizeof((*ctx)->entry_name) - 1);
+  (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
+  return (*ctx)->entry_name;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+  if (ctx != NULL && *ctx != NULL)
+    {
+      int ret = closedir((*ctx)->dir);
+
+      free(*ctx);
+      switch (ret)
+        {
+        case 0:
+          return 1;
+        case -1:
+          return 0;
+        default:
+          break;
+        }
+    }
+  errno = EINVAL;
+  return 0;
+}
diff --git a/src/lib/libcrypto/LPdir_vms.c b/src/lib/libcrypto/LPdir_vms.c
new file mode 100644
index 0000000000..85b427a623
--- /dev/null
+++ b/src/lib/libcrypto/LPdir_vms.c
@@ -0,0 +1,199 @@
+/* $LP: LPlib/source/LPdir_vms.c,v 1.20 2004/08/26 13:36:05 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <descrip.h>
+#include <namdef.h>
+#include <rmsdef.h>
+#include <libfildef.h>
+#include <lib$routines.h>
+#include <strdef.h>
+#include <str$routines.h>
+#include <stsdef.h>
+#ifndef LPDIR_H
+#include "LPdir.h"
+#endif
+
+/* Because some compiler options hide this macor */
+#ifndef EVMSERR
+#define EVMSERR         65535  /* error for non-translatable VMS errors */
+#endif
+
+struct LP_dir_context_st
+{
+  unsigned long VMS_context;
+#ifdef NAML$C_MAXRSS
+  char filespec[NAML$C_MAXRSS+1];
+  char result[NAML$C_MAXRSS+1];
+#else
+  char filespec[256];
+  char result[256];
+#endif
+  struct dsc$descriptor_d filespec_dsc;
+  struct dsc$descriptor_d result_dsc;
+};
+
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+  int status;
+  char *p, *r;
+  size_t l;
+  unsigned long flags = 0;
+#ifdef NAML$C_MAXRSS
+  flags |= LIB$M_FIL_LONG_NAMES;
+#endif
+
+  if (ctx == NULL || directory == NULL)
+    {
+      errno = EINVAL;
+      return 0;
+    }
+
+  errno = 0;
+  if (*ctx == NULL)
+    {
+      size_t filespeclen = strlen(directory);
+      char *filespec = NULL;
+
+      /* MUST be a VMS directory specification!  Let's estimate if it is. */
+      if (directory[filespeclen-1] != ']'
+          && directory[filespeclen-1] != '>'
+          && directory[filespeclen-1] != ':')
+        {
+          errno = EINVAL;
+          return 0;
+        }
+
+      filespeclen += 4;         /* "*.*;" */
+
+      if (filespeclen >
+#ifdef NAML$C_MAXRSS
+          NAML$C_MAXRSS
+#else
+          255
+#endif
+          )
+        {
+          errno = ENAMETOOLONG;
+          return 0;
+        }
+
+      *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
+      if (*ctx == NULL)
+        {
+          errno = ENOMEM;
+          return 0;
+        }
+      memset(*ctx, '\0', sizeof(LP_DIR_CTX));
+
+      strcpy((*ctx)->filespec,directory);
+      strcat((*ctx)->filespec,"*.*;");
+      (*ctx)->filespec_dsc.dsc$w_length = filespeclen;
+      (*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+      (*ctx)->filespec_dsc.dsc$b_class = DSC$K_CLASS_S;
+      (*ctx)->filespec_dsc.dsc$a_pointer = (*ctx)->filespec;
+      (*ctx)->result_dsc.dsc$w_length = 0;
+      (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+      (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;
+      (*ctx)->result_dsc.dsc$a_pointer = 0;
+    }
+
+  (*ctx)->result_dsc.dsc$w_length = 0;
+  (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+  (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;
+  (*ctx)->result_dsc.dsc$a_pointer = 0;
+
+  status = lib$find_file(&(*ctx)->filespec_dsc, &(*ctx)->result_dsc,
+                         &(*ctx)->VMS_context, 0, 0, 0, &flags);
+
+  if (status == RMS$_NMF)
+    {
+      errno = 0;
+      vaxc$errno = status;
+      return NULL;
+    }
+
+  if(!$VMS_STATUS_SUCCESS(status))
+    {
+      errno = EVMSERR;
+      vaxc$errno = status;
+      return NULL;
+    }
+
+  /* Quick, cheap and dirty way to discard any device and directory,
+     since we only want file names */
+  l = (*ctx)->result_dsc.dsc$w_length;
+  p = (*ctx)->result_dsc.dsc$a_pointer;
+  r = p;
+  for (; *p; p++)
+    {
+      if (*p == '^' && p[1] != '\0') /* Take care of ODS-5 escapes */
+        {
+          p++;
+        }
+      else if (*p == ':' || *p == '>' || *p == ']')
+        {
+          l -= p + 1 - r;
+          r = p + 1;
+        }
+      else if (*p == ';')
+        {
+          l = p - r;
+          break;
+        }
+    }
+
+  strncpy((*ctx)->result, r, l);
+  (*ctx)->result[l] = '\0';
+  str$free1_dx(&(*ctx)->result_dsc);
+
+  return (*ctx)->result;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+  if (ctx != NULL && *ctx != NULL)
+    {
+      int status = lib$find_file_end(&(*ctx)->VMS_context);
+
+      free(*ctx);
+
+      if(!$VMS_STATUS_SUCCESS(status))
+        {
+          errno = EVMSERR;
+          vaxc$errno = status;
+          return 0;
+        }
+      return 1;
+    }
+  errno = EINVAL;
+  return 0;
+}
+
diff --git a/src/lib/libcrypto/LPdir_win.c b/src/lib/libcrypto/LPdir_win.c
new file mode 100644
index 0000000000..09b475beed
--- /dev/null
+++ b/src/lib/libcrypto/LPdir_win.c
@@ -0,0 +1,155 @@
+/* $LP: LPlib/source/LPdir_win.c,v 1.10 2004/08/26 13:36:05 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <windows.h>
+#include <tchar.h>
+#ifndef LPDIR_H
+#include "LPdir.h"
+#endif
+
+/* We're most likely overcautious here, but let's reserve for
+    broken WinCE headers and explicitly opt for UNICODE call.
+    Keep in mind that our WinCE builds are compiled with -DUNICODE
+    [as well as -D_UNICODE]. */
+#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
+# define FindFirstFile FindFirstFileW
+#endif
+#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
+# define FindNextFile FindNextFileW
+#endif
+
+#ifndef NAME_MAX
+#define NAME_MAX 255
+#endif
+
+struct LP_dir_context_st
+{
+  WIN32_FIND_DATA ctx;
+  HANDLE handle;
+  char entry_name[NAME_MAX+1];
+};
+
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+  struct dirent *direntry = NULL;
+
+  if (ctx == NULL || directory == NULL)
+    {
+      errno = EINVAL;
+      return 0;
+    }
+
+  errno = 0;
+  if (*ctx == NULL)
+    {
+      *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
+      if (*ctx == NULL)
+        {
+          errno = ENOMEM;
+          return 0;
+        }
+      memset(*ctx, '\0', sizeof(LP_DIR_CTX));
+
+      if (sizeof(TCHAR) != sizeof(char))
+        {
+          TCHAR *wdir = NULL;
+          /* len_0 denotes string length *with* trailing 0 */ 
+          size_t index = 0,len_0 = strlen(directory) + 1;
+
+          wdir = (TCHAR *)malloc(len_0 * sizeof(TCHAR));
+          if (wdir == NULL)
+            {
+              free(*ctx);
+              *ctx = NULL;
+              errno = ENOMEM;
+              return 0;
+            }
+
+#ifdef LP_MULTIBYTE_AVAILABLE
+          if (!MultiByteToWideChar(CP_ACP, 0, directory, len_0, (WCHAR *)wdir, len_0))
+#endif
+            for (index = 0; index < len_0; index++)
+              wdir[index] = (TCHAR)directory[index];
+
+          (*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx);
+
+          free(wdir);
+        }
+      else
+        (*ctx)->handle = FindFirstFile((TCHAR *)directory, &(*ctx)->ctx);
+
+      if ((*ctx)->handle == INVALID_HANDLE_VALUE)
+        {
+          free(*ctx);
+          *ctx = NULL;
+          errno = EINVAL;
+          return 0;
+        }
+    }
+  else
+    {
+      if (FindNextFile((*ctx)->handle, &(*ctx)->ctx) == FALSE)
+        {
+          return 0;
+        }
+    }
+
+  if (sizeof(TCHAR) != sizeof(char))
+    {
+      TCHAR *wdir = (*ctx)->ctx.cFileName;
+      size_t index, len_0 = 0;
+
+      while (wdir[len_0] && len_0 < (sizeof((*ctx)->entry_name) - 1)) len_0++;
+      len_0++;
+
+#ifdef LP_MULTIBYTE_AVAILABLE
+      if (!WideCharToMultiByte(CP_ACP, 0, (WCHAR *)wdir, len_0, (*ctx)->entry_name,
+                               sizeof((*ctx)->entry_name), NULL, 0))
+#endif
+        for (index = 0; index < len_0; index++)
+          (*ctx)->entry_name[index] = (char)wdir[index];
+    }
+  else
+    strncpy((*ctx)->entry_name, (const char *)(*ctx)->ctx.cFileName,
+            sizeof((*ctx)->entry_name)-1);
+
+  (*ctx)->entry_name[sizeof((*ctx)->entry_name)-1] = '\0';
+
+  return (*ctx)->entry_name;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+  if (ctx != NULL && *ctx != NULL)
+    {
+      FindClose((*ctx)->handle);
+      free(*ctx);
+      *ctx = NULL;
+      return 1;
+    }
+  errno = EINVAL;
+  return 0;
+}
diff --git a/src/lib/libcrypto/LPdir_win32.c b/src/lib/libcrypto/LPdir_win32.c
new file mode 100644
index 0000000000..e39872da52
--- /dev/null
+++ b/src/lib/libcrypto/LPdir_win32.c
@@ -0,0 +1,30 @@
+/* $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#define LP_SYS_WIN32
+#define LP_MULTIBYTE_AVAILABLE
+#include "LPdir_win.c"
diff --git a/src/lib/libcrypto/LPdir_wince.c b/src/lib/libcrypto/LPdir_wince.c
new file mode 100644
index 0000000000..ab0e1e6f4f
--- /dev/null
+++ b/src/lib/libcrypto/LPdir_wince.c
@@ -0,0 +1,31 @@
+/* $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#define LP_SYS_WINCE
+/* We might want to define LP_MULTIBYTE_AVAILABLE here.  It's currently
+   under investigation what the exact conditions would be */
+#include "LPdir_win.c"
diff --git a/src/lib/libcrypto/bio/bio_lcl.h b/src/lib/libcrypto/bio/bio_lcl.h
new file mode 100644
index 0000000000..dba2919d43
--- /dev/null
+++ b/src/lib/libcrypto/bio/bio_lcl.h
@@ -0,0 +1,28 @@
+#include <openssl/bio.h>
+
+#if BIO_FLAGS_UPLINK==0
+/* Shortcut UPLINK calls on most platforms... */
+#define UP_stdin        stdin
+#define UP_stdout       stdout
+#define UP_stderr       stderr
+#define UP_fprintf      fprintf
+#define UP_fgets        fgets
+#define UP_fread        fread
+#define UP_fwrite       fwrite
+#undef  UP_fsetmod
+#define UP_feof         feof
+#define UP_fclose       fclose
+
+#define UP_fopen        fopen
+#define UP_fseek        fseek
+#define UP_ftell        ftell
+#define UP_fflush       fflush
+#define UP_ferror       ferror
+#define UP_fileno       fileno
+
+#define UP_open         open
+#define UP_read         read
+#define UP_write        write
+#define UP_lseek        lseek
+#define UP_close        close
+#endif
diff --git a/src/lib/libcrypto/camellia/Makefile b/src/lib/libcrypto/camellia/Makefile
new file mode 100644
index 0000000000..1579de5ce5
--- /dev/null
+++ b/src/lib/libcrypto/camellia/Makefile
@@ -0,0 +1,103 @@
+#
+# crypto/camellia/Makefile
+#
+
+DIR= camellia
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CAMELLIA_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+GENERAL=Makefile
+#TEST=camelliatest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=camellia.c cmll_misc.c cmll_ecb.c cmll_cbc.c cmll_ofb.c \
+           cmll_cfb.c cmll_ctr.c 
+
+LIBOBJ= camellia.o cmll_misc.o cmll_ecb.o cmll_cbc.o cmll_ofb.o \
+                cmll_cfb.o cmll_ctr.o $(CAMELLIA_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= camellia.h
+HEADER= cmll_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+$(LIBOBJ): $(LIBSRC)
+
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+camellia.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+camellia.o: camellia.c camellia.h cmll_locl.h
+cmll_cbc.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h
+cmll_cbc.o: ../../include/openssl/opensslconf.h cmll_cbc.c cmll_locl.h
+cmll_cfb.o: ../../e_os.h ../../include/openssl/camellia.h
+cmll_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+cmll_cfb.o: cmll_cfb.c cmll_locl.h
+cmll_ctr.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h
+cmll_ctr.o: ../../include/openssl/opensslconf.h cmll_ctr.c cmll_locl.h
+cmll_ecb.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h
+cmll_ecb.o: ../../include/openssl/opensslconf.h cmll_ecb.c cmll_locl.h
+cmll_misc.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h
+cmll_misc.o: ../../include/openssl/opensslconf.h
+cmll_misc.o: ../../include/openssl/opensslv.h cmll_locl.h cmll_misc.c
+cmll_ofb.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h
+cmll_ofb.o: ../../include/openssl/opensslconf.h cmll_locl.h cmll_ofb.c
diff --git a/src/lib/libcrypto/cms/Makefile b/src/lib/libcrypto/cms/Makefile
new file mode 100644
index 0000000000..e39c310b6c
--- /dev/null
+++ b/src/lib/libcrypto/cms/Makefile
@@ -0,0 +1,183 @@
+#
+# OpenSSL/crypto/cms/Makefile
+#
+
+DIR=    cms
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \
+        cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c
+LIBOBJ= cms_lib.o cms_asn1.o cms_att.o cms_io.o cms_smime.o cms_err.o \
+        cms_sd.o cms_dd.o cms_cd.o cms_env.o cms_enc.o cms_ess.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=  cms.h
+HEADER= cms_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+cms_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_asn1.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_asn1.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_asn1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_asn1.o: ../../include/openssl/opensslconf.h
+cms_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_asn1.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+cms_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_asn1.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_asn1.o: cms.h cms_asn1.c cms_lcl.h
+cms_att.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+cms_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+cms_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_att.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+cms_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_att.o: cms.h cms_att.c cms_lcl.h
+cms_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+cms_err.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+cms_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cms_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+cms_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+cms_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cms_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+cms_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+cms_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cms_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+cms_err.o: cms_err.c
+cms_io.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_io.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_io.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cms_io.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+cms_io.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+cms_io.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_io.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_io.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cms_io.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+cms_io.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+cms_io.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+cms_io.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cms_io.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h cms.h
+cms_io.o: cms_io.c cms_lcl.h
+cms_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cms_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+cms_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+cms_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cms_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+cms_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+cms_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+cms_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cms_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h cms.h
+cms_lib.o: cms_lcl.h cms_lib.c
+cms_sd.o: ../../e_os.h ../../include/openssl/asn1.h
+cms_sd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+cms_sd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+cms_sd.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_sd.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_sd.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_sd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+cms_sd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_sd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+cms_sd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_sd.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+cms_sd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_sd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_sd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_sd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_sd.o: ../cryptlib.h cms_lcl.h cms_sd.c
+cms_smime.o: ../../e_os.h ../../include/openssl/asn1.h
+cms_smime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+cms_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+cms_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+cms_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_smime.o: ../../include/openssl/objects.h
+cms_smime.o: ../../include/openssl/opensslconf.h
+cms_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_smime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_smime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_smime.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_smime.o: ../cryptlib.h cms_lcl.h cms_smime.c
diff --git a/src/lib/libcrypto/ecdh/Makefile b/src/lib/libcrypto/ecdh/Makefile
new file mode 100644
index 0000000000..95aa69fea5
--- /dev/null
+++ b/src/lib/libcrypto/ecdh/Makefile
@@ -0,0 +1,111 @@
+#
+# crypto/ecdh/Makefile
+#
+
+DIR=    ecdh
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g -Wall
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=ecdhtest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ech_lib.c ech_ossl.c ech_key.c ech_err.c
+
+LIBOBJ= ech_lib.o ech_ossl.o ech_key.o ech_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ecdh.h
+HEADER= ech_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ech_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ech_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ech_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ech_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ech_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ech_err.o: ech_err.c
+ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ech_key.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h
+ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ech_key.o: ../../include/openssl/symhacks.h ech_key.c ech_locl.h
+ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ech_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ech_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ech_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ech_lib.o: ../../include/openssl/symhacks.h ech_lib.c ech_locl.h
+ech_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
+ech_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ech_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ech_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ech_ossl.o: ../../include/openssl/ecdh.h ../../include/openssl/err.h
+ech_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ech_ossl.o: ../../include/openssl/opensslconf.h
+ech_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ech_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ech_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ech_ossl.o: ../cryptlib.h ech_locl.h ech_ossl.c
diff --git a/src/lib/libcrypto/ecdh/ecdhtest.c b/src/lib/libcrypto/ecdh/ecdhtest.c
new file mode 100644
index 0000000000..1575006b51
--- /dev/null
+++ b/src/lib/libcrypto/ecdh/ecdhtest.c
@@ -0,0 +1,368 @@
+/* crypto/ecdh/ecdhtest.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#include <openssl/opensslconf.h>        /* for OPENSSL_NO_ECDH */
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+#include <openssl/err.h>
+
+#ifdef OPENSSL_NO_ECDH
+int main(int argc, char *argv[])
+{
+    printf("No ECDH support\n");
+    return(0);
+}
+#else
+#include <openssl/ec.h>
+#include <openssl/ecdh.h>
+
+#ifdef OPENSSL_SYS_WIN16
+#define MS_CALLBACK     _far _loadds
+#else
+#define MS_CALLBACK
+#endif
+
+#if 0
+static void MS_CALLBACK cb(int p, int n, void *arg);
+#endif
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+
+static const int KDF1_SHA1_len = 20;
+static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
+        {
+#ifndef OPENSSL_NO_SHA
+        if (*outlen < SHA_DIGEST_LENGTH)
+                return NULL;
+        else
+                *outlen = SHA_DIGEST_LENGTH;
+        return SHA1(in, inlen, out);
+#else
+        return NULL;
+#endif
+        }
+
+
+static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out)
+        {
+        EC_KEY *a=NULL;
+        EC_KEY *b=NULL;
+        BIGNUM *x_a=NULL, *y_a=NULL,
+               *x_b=NULL, *y_b=NULL;
+        char buf[12];
+        unsigned char *abuf=NULL,*bbuf=NULL;
+        int i,alen,blen,aout,bout,ret=0;
+        const EC_GROUP *group;
+
+        a = EC_KEY_new_by_curve_name(nid);
+        b = EC_KEY_new_by_curve_name(nid);
+        if (a == NULL || b == NULL)
+                goto err;
+
+        group = EC_KEY_get0_group(a);
+
+        if ((x_a=BN_new()) == NULL) goto err;
+        if ((y_a=BN_new()) == NULL) goto err;
+        if ((x_b=BN_new()) == NULL) goto err;
+        if ((y_b=BN_new()) == NULL) goto err;
+
+        BIO_puts(out,"Testing key generation with ");
+        BIO_puts(out,text);
+#ifdef NOISY
+        BIO_puts(out,"\n");
+#else
+        (void)BIO_flush(out);
+#endif
+
+        if (!EC_KEY_generate_key(a)) goto err;
+        
+        if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 
+                {
+                if (!EC_POINT_get_affine_coordinates_GFp(group,
+                        EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
+                }
+        else
+                {
+                if (!EC_POINT_get_affine_coordinates_GF2m(group,
+                        EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
+                }
+#ifdef NOISY
+        BIO_puts(out,"  pri 1=");
+        BN_print(out,a->priv_key);
+        BIO_puts(out,"\n  pub 1=");
+        BN_print(out,x_a);
+        BIO_puts(out,",");
+        BN_print(out,y_a);
+        BIO_puts(out,"\n");
+#else
+        BIO_printf(out," .");
+        (void)BIO_flush(out);
+#endif
+
+        if (!EC_KEY_generate_key(b)) goto err;
+
+        if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 
+                {
+                if (!EC_POINT_get_affine_coordinates_GFp(group, 
+                        EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
+                }
+        else
+                {
+                if (!EC_POINT_get_affine_coordinates_GF2m(group, 
+                        EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
+                }
+
+#ifdef NOISY
+        BIO_puts(out,"  pri 2=");
+        BN_print(out,b->priv_key);
+        BIO_puts(out,"\n  pub 2=");
+        BN_print(out,x_b);
+        BIO_puts(out,",");
+        BN_print(out,y_b);
+        BIO_puts(out,"\n");
+#else
+        BIO_printf(out,".");
+        (void)BIO_flush(out);
+#endif
+
+        alen=KDF1_SHA1_len;
+        abuf=(unsigned char *)OPENSSL_malloc(alen);
+        aout=ECDH_compute_key(abuf,alen,EC_KEY_get0_public_key(b),a,KDF1_SHA1);
+
+#ifdef NOISY
+        BIO_puts(out,"  key1 =");
+        for (i=0; i<aout; i++)
+                {
+                sprintf(buf,"%02X",abuf[i]);
+                BIO_puts(out,buf);
+                }
+        BIO_puts(out,"\n");
+#else
+        BIO_printf(out,".");
+        (void)BIO_flush(out);
+#endif
+
+        blen=KDF1_SHA1_len;
+        bbuf=(unsigned char *)OPENSSL_malloc(blen);
+        bout=ECDH_compute_key(bbuf,blen,EC_KEY_get0_public_key(a),b,KDF1_SHA1);
+
+#ifdef NOISY
+        BIO_puts(out,"  key2 =");
+        for (i=0; i<bout; i++)
+                {
+                sprintf(buf,"%02X",bbuf[i]);
+                BIO_puts(out,buf);
+                }
+        BIO_puts(out,"\n");
+#else
+        BIO_printf(out,".");
+        (void)BIO_flush(out);
+#endif
+
+        if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
+                {
+#ifndef NOISY
+                BIO_printf(out, " failed\n\n");
+                BIO_printf(out, "key a:\n");
+                BIO_printf(out, "private key: ");
+                BN_print(out, EC_KEY_get0_private_key(a));
+                BIO_printf(out, "\n");
+                BIO_printf(out, "public key (x,y): ");
+                BN_print(out, x_a);
+                BIO_printf(out, ",");
+                BN_print(out, y_a);
+                BIO_printf(out, "\nkey b:\n");
+                BIO_printf(out, "private key: ");
+                BN_print(out, EC_KEY_get0_private_key(b));
+                BIO_printf(out, "\n");
+                BIO_printf(out, "public key (x,y): ");
+                BN_print(out, x_b);
+                BIO_printf(out, ",");
+                BN_print(out, y_b);
+                BIO_printf(out, "\n");
+                BIO_printf(out, "generated key a: ");
+                for (i=0; i<bout; i++)
+                        {
+                        sprintf(buf, "%02X", bbuf[i]);
+                        BIO_puts(out, buf);
+                        }
+                BIO_printf(out, "\n");
+                BIO_printf(out, "generated key b: ");
+                for (i=0; i<aout; i++)
+                        {
+                        sprintf(buf, "%02X", abuf[i]);
+                        BIO_puts(out,buf);
+                        }
+                BIO_printf(out, "\n");
+#endif
+                fprintf(stderr,"Error in ECDH routines\n");
+                ret=0;
+                }
+        else
+                {
+#ifndef NOISY
+                BIO_printf(out, " ok\n");
+#endif
+                ret=1;
+                }
+err:
+        ERR_print_errors_fp(stderr);
+
+        if (abuf != NULL) OPENSSL_free(abuf);
+        if (bbuf != NULL) OPENSSL_free(bbuf);
+        if (x_a) BN_free(x_a);
+        if (y_a) BN_free(y_a);
+        if (x_b) BN_free(x_b);
+        if (y_b) BN_free(y_b);
+        if (b) EC_KEY_free(b);
+        if (a) EC_KEY_free(a);
+        return(ret);
+        }
+
+int main(int argc, char *argv[])
+        {
+        BN_CTX *ctx=NULL;
+        int ret=1;
+        BIO *out;
+
+        CRYPTO_malloc_debug_init();
+        CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+#ifdef OPENSSL_SYS_WIN32
+        CRYPTO_malloc_init();
+#endif
+
+        RAND_seed(rnd_seed, sizeof rnd_seed);
+
+        out=BIO_new(BIO_s_file());
+        if (out == NULL) EXIT(1);
+        BIO_set_fp(out,stdout,BIO_NOCLOSE);
+
+        if ((ctx=BN_CTX_new()) == NULL) goto err;
+
+        /* NIST PRIME CURVES TESTS */
+        if (!test_ecdh_curve(NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) goto err;
+        /* NIST BINARY CURVES TESTS */
+        if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect163r2, "NIST Binary-Curve B-163", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect233k1, "NIST Binary-Curve K-233", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect233r1, "NIST Binary-Curve B-233", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect283k1, "NIST Binary-Curve K-283", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect283r1, "NIST Binary-Curve B-283", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect409k1, "NIST Binary-Curve K-409", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect409r1, "NIST Binary-Curve B-409", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) goto err;
+
+        ret = 0;
+
+err:
+        ERR_print_errors_fp(stderr);
+        if (ctx) BN_CTX_free(ctx);
+        BIO_free(out);
+        CRYPTO_cleanup_all_ex_data();
+        ERR_remove_state(0);
+        CRYPTO_mem_leaks_fp(stderr);
+        EXIT(ret);
+        return(ret);
+        }
+
+#if 0
+static void MS_CALLBACK cb(int p, int n, void *arg)
+        {
+        char c='*';
+
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        BIO_write((BIO *)arg,&c,1);
+        (void)BIO_flush((BIO *)arg);
+#ifdef LINT
+        p=n;
+#endif
+        }
+#endif
+#endif
diff --git a/src/lib/libcrypto/ecdh/ech_ossl.c b/src/lib/libcrypto/ecdh/ech_ossl.c
new file mode 100644
index 0000000000..2a40ff12df
--- /dev/null
+++ b/src/lib/libcrypto/ecdh/ech_ossl.c
@@ -0,0 +1,213 @@
+/* crypto/ecdh/ech_ossl.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <string.h>
+#include <limits.h>
+
+#include "cryptlib.h"
+
+#include "ech_locl.h"
+#include <openssl/err.h>
+#include <openssl/sha.h>
+#include <openssl/obj_mac.h>
+#include <openssl/bn.h>
+
+static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key,
+        EC_KEY *ecdh, 
+        void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
+
+static ECDH_METHOD openssl_ecdh_meth = {
+        "OpenSSL ECDH method",
+        ecdh_compute_key,
+#if 0
+        NULL, /* init     */
+        NULL, /* finish   */
+#endif
+        0,    /* flags    */
+        NULL  /* app_data */
+};
+
+const ECDH_METHOD *ECDH_OpenSSL(void)
+        {
+        return &openssl_ecdh_meth;
+        }
+
+
+/* This implementation is based on the following primitives in the IEEE 1363 standard:
+ *  - ECKAS-DH1
+ *  - ECSVDP-DH
+ * Finally an optional KDF is applied.
+ */
+static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+        EC_KEY *ecdh,
+        void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
+        {
+        BN_CTX *ctx;
+        EC_POINT *tmp=NULL;
+        BIGNUM *x=NULL, *y=NULL;
+        const BIGNUM *priv_key;
+        const EC_GROUP* group;
+        int ret= -1;
+        size_t buflen, len;
+        unsigned char *buf=NULL;
+
+        if (outlen > INT_MAX)
+                {
+                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); /* sort of, anyway */
+                return -1;
+                }
+
+        if ((ctx = BN_CTX_new()) == NULL) goto err;
+        BN_CTX_start(ctx);
+        x = BN_CTX_get(ctx);
+        y = BN_CTX_get(ctx);
+        
+        priv_key = EC_KEY_get0_private_key(ecdh);
+        if (priv_key == NULL)
+                {
+                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
+                goto err;
+                }
+
+        group = EC_KEY_get0_group(ecdh);
+        if ((tmp=EC_POINT_new(group)) == NULL)
+                {
+                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) 
+                {
+                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
+                goto err;
+                }
+                
+        if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 
+                {
+                if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) 
+                        {
+                        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
+                        goto err;
+                        }
+                }
+        else
+                {
+                if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) 
+                        {
+                        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
+                        goto err;
+                        }
+                }
+
+        buflen = (EC_GROUP_get_degree(group) + 7)/8;
+        len = BN_num_bytes(x);
+        if (len > buflen)
+                {
+                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR);
+                goto err;
+                }
+        if ((buf = OPENSSL_malloc(buflen)) == NULL)
+                {
+                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        
+        memset(buf, 0, buflen - len);
+        if (len != (size_t)BN_bn2bin(x, buf + buflen - len))
+                {
+                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
+                goto err;
+                }
+
+        if (KDF != 0)
+                {
+                if (KDF(buf, buflen, out, &outlen) == NULL)
+                        {
+                        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_KDF_FAILED);
+                        goto err;
+                        }
+                ret = outlen;
+                }
+        else
+                {
+                /* no KDF, just copy as much as we can */
+                if (outlen > buflen)
+                        outlen = buflen;
+                memcpy(out, buf, outlen);
+                ret = outlen;
+                }
+        
+err:
+        if (tmp) EC_POINT_free(tmp);
+        if (ctx) BN_CTX_end(ctx);
+        if (ctx) BN_CTX_free(ctx);
+        if (buf) OPENSSL_free(buf);
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/ecdsa/Makefile b/src/lib/libcrypto/ecdsa/Makefile
new file mode 100644
index 0000000000..16a93cd3ae
--- /dev/null
+++ b/src/lib/libcrypto/ecdsa/Makefile
@@ -0,0 +1,125 @@
+#
+# crypto/ecdsa/Makefile
+#
+
+DIR=    ecdsa
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g -Wall
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=ecdsatest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ecs_lib.c ecs_asn1.c ecs_ossl.c ecs_sign.c ecs_vrf.c ecs_err.c
+
+LIBOBJ= ecs_lib.o ecs_asn1.o ecs_ossl.o ecs_sign.o ecs_vrf.o ecs_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ecdsa.h
+HEADER= ecs_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ecs_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+ecs_asn1.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+ecs_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecs_asn1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ecs_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ecs_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecs_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecs_asn1.o: ../../include/openssl/symhacks.h ecs_asn1.c ecs_locl.h
+ecs_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecs_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ecs_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
+ecs_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ecs_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ecs_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ecs_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecs_err.o: ecs_err.c
+ecs_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ecs_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecs_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ecs_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ecs_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ecs_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecs_lib.o: ecs_lib.c ecs_locl.h
+ecs_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecs_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ecs_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecs_ossl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ecs_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ecs_ossl.o: ../../include/openssl/opensslconf.h
+ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecs_ossl.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_ossl.c
+ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecs_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ecs_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
+ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h
+ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecs_sign.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_sign.c
+ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
+ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h
+ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecs_vrf.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_vrf.c
diff --git a/src/lib/libcrypto/ecdsa/ecdsatest.c b/src/lib/libcrypto/ecdsa/ecdsatest.c
new file mode 100644
index 0000000000..b07e31252b
--- /dev/null
+++ b/src/lib/libcrypto/ecdsa/ecdsatest.c
@@ -0,0 +1,500 @@
+/* crypto/ecdsa/ecdsatest.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by 
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_ECDSA is defined */
+
+#ifdef OPENSSL_NO_ECDSA
+int main(int argc, char * argv[])
+        {
+        puts("Elliptic curves are disabled.");
+        return 0;
+        }
+#else
+
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/ecdsa.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+static const char rnd_seed[] = "string to make the random number generator "
+        "think it has entropy";
+
+/* declaration of the test functions */
+int x9_62_tests(BIO *);
+int x9_62_test_internal(BIO *out, int nid, const char *r, const char *s);
+int test_builtin(BIO *);
+
+/* functions to change the RAND_METHOD */
+int change_rand(void);
+int restore_rand(void);
+int fbytes(unsigned char *buf, int num);
+
+RAND_METHOD     fake_rand;
+const RAND_METHOD *old_rand;
+
+int change_rand(void)
+        {
+        /* save old rand method */
+        if ((old_rand = RAND_get_rand_method()) == NULL)
+                return 0;
+
+        fake_rand.seed    = old_rand->seed;
+        fake_rand.cleanup = old_rand->cleanup;
+        fake_rand.add     = old_rand->add;
+        fake_rand.status  = old_rand->status;
+        /* use own random function */
+        fake_rand.bytes      = fbytes;
+        fake_rand.pseudorand = old_rand->bytes;
+        /* set new RAND_METHOD */
+        if (!RAND_set_rand_method(&fake_rand))
+                return 0;
+        return 1;
+        }
+
+int restore_rand(void)
+        {
+        if (!RAND_set_rand_method(old_rand))
+                return 0;
+        else
+                return 1;
+        }
+
+static int fbytes_counter = 0;
+static const char *numbers[8] = {
+        "651056770906015076056810763456358567190100156695615665659",
+        "6140507067065001063065065565667405560006161556565665656654",
+        "8763001015071075675010661307616710783570106710677817767166"
+        "71676178726717",
+        "7000000175690566466555057817571571075705015757757057795755"
+        "55657156756655",
+        "1275552191113212300012030439187146164646146646466749494799",
+        "1542725565216523985789236956265265265235675811949404040041",
+        "1456427555219115346513212300075341203043918714616464614664"
+        "64667494947990",
+        "1712787255652165239672857892369562652652652356758119494040"
+        "40041670216363"};
+
+int fbytes(unsigned char *buf, int num)
+        {
+        int     ret;
+        BIGNUM  *tmp = NULL;
+
+        if (fbytes_counter >= 8)
+                return 0;
+        tmp = BN_new();
+        if (!tmp)
+                return 0;
+        if (!BN_dec2bn(&tmp, numbers[fbytes_counter]))
+                {
+                BN_free(tmp);
+                return 0;
+                }
+        fbytes_counter ++;
+        ret = BN_bn2bin(tmp, buf);      
+        if (ret == 0 || ret != num)
+                ret = 0;
+        else
+                ret = 1;
+        if (tmp)
+                BN_free(tmp);
+        return ret;
+        }
+
+/* some tests from the X9.62 draft */
+int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
+        {
+        int     ret = 0;
+        const char message[] = "abc";
+        unsigned char digest[20];
+        unsigned int  dgst_len = 0;
+        EVP_MD_CTX md_ctx;
+        EC_KEY    *key = NULL;
+        ECDSA_SIG *signature = NULL;
+        BIGNUM    *r = NULL, *s = NULL;
+
+        EVP_MD_CTX_init(&md_ctx);
+        /* get the message digest */
+        EVP_DigestInit(&md_ctx, EVP_ecdsa());
+        EVP_DigestUpdate(&md_ctx, (const void*)message, 3);
+        EVP_DigestFinal(&md_ctx, digest, &dgst_len);
+
+        BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid));
+        /* create the key */
+        if ((key = EC_KEY_new_by_curve_name(nid)) == NULL)
+                goto x962_int_err;
+        if (!EC_KEY_generate_key(key))
+                goto x962_int_err;
+        BIO_printf(out, ".");
+        (void)BIO_flush(out);
+        /* create the signature */
+        signature = ECDSA_do_sign(digest, 20, key);
+        if (signature == NULL)
+                goto x962_int_err;
+        BIO_printf(out, ".");
+        (void)BIO_flush(out);
+        /* compare the created signature with the expected signature */
+        if ((r = BN_new()) == NULL || (s = BN_new()) == NULL)
+                goto x962_int_err;
+        if (!BN_dec2bn(&r, r_in) ||
+            !BN_dec2bn(&s, s_in))
+                goto x962_int_err;
+        if (BN_cmp(signature->r ,r) || BN_cmp(signature->s, s))
+                goto x962_int_err;
+        BIO_printf(out, ".");
+        (void)BIO_flush(out);
+        /* verify the signature */
+        if (ECDSA_do_verify(digest, 20, signature, key) != 1)
+                goto x962_int_err;
+        BIO_printf(out, ".");
+        (void)BIO_flush(out);
+
+        BIO_printf(out, " ok\n");
+        ret = 1;
+x962_int_err:
+        if (!ret)
+                BIO_printf(out, " failed\n");
+        if (key)
+                EC_KEY_free(key);
+        if (signature)
+                ECDSA_SIG_free(signature);
+        if (r)
+                BN_free(r);
+        if (s)
+                BN_free(s);
+        EVP_MD_CTX_cleanup(&md_ctx);
+        return ret;
+        }
+
+int x9_62_tests(BIO *out)
+        {
+        int ret = 0;
+
+        BIO_printf(out, "some tests from X9.62:\n");
+
+        /* set own rand method */
+        if (!change_rand())
+                goto x962_err;
+
+        if (!x9_62_test_internal(out, NID_X9_62_prime192v1,
+                "3342403536405981729393488334694600415596881826869351677613",
+                "5735822328888155254683894997897571951568553642892029982342"))
+                goto x962_err;
+        if (!x9_62_test_internal(out, NID_X9_62_prime239v1,
+                "3086361431751678114926225473006680188549593787585317781474"
+                "62058306432176",
+                "3238135532097973577080787768312505059318910517550078427819"
+                "78505179448783"))
+                goto x962_err;
+        if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1,
+                "87194383164871543355722284926904419997237591535066528048",
+                "308992691965804947361541664549085895292153777025772063598"))
+                goto x962_err;
+        if (!x9_62_test_internal(out, NID_X9_62_c2tnb239v1,
+                "2159633321041961198501834003903461262881815148684178964245"
+                "5876922391552",
+                "1970303740007316867383349976549972270528498040721988191026"
+                "49413465737174"))
+                goto x962_err;
+
+        ret = 1;
+x962_err:
+        if (!restore_rand())
+                ret = 0;
+        return ret;
+        }
+
+int test_builtin(BIO *out)
+        {
+        EC_builtin_curve *curves = NULL;
+        size_t          crv_len = 0, n = 0;
+        EC_KEY          *eckey = NULL, *wrong_eckey = NULL;
+        EC_GROUP        *group;
+        unsigned char   digest[20], wrong_digest[20];
+        unsigned char   *signature = NULL; 
+        unsigned int    sig_len;
+        int             nid, ret =  0;
+        
+        /* fill digest values with some random data */
+        if (!RAND_pseudo_bytes(digest, 20) ||
+            !RAND_pseudo_bytes(wrong_digest, 20))
+                {
+                BIO_printf(out, "ERROR: unable to get random data\n");
+                goto builtin_err;
+                }
+
+        /* create and verify a ecdsa signature with every availble curve
+         * (with ) */
+        BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() "
+                "with some internal curves:\n");
+
+        /* get a list of all internal curves */
+        crv_len = EC_get_builtin_curves(NULL, 0);
+
+        curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
+
+        if (curves == NULL)
+                {
+                BIO_printf(out, "malloc error\n");
+                goto builtin_err;
+                }
+        
+        if (!EC_get_builtin_curves(curves, crv_len))
+                {
+                BIO_printf(out, "unable to get internal curves\n");
+                goto builtin_err;
+                }
+
+        /* now create and verify a signature for every curve */
+        for (n = 0; n < crv_len; n++)
+                {
+                unsigned char dirt, offset;
+
+                nid = curves[n].nid;
+                if (nid == NID_ipsec4)
+                        continue;
+                /* create new ecdsa key (== EC_KEY) */
+                if ((eckey = EC_KEY_new()) == NULL)
+                        goto builtin_err;
+                group = EC_GROUP_new_by_curve_name(nid);
+                if (group == NULL)
+                        goto builtin_err;
+                if (EC_KEY_set_group(eckey, group) == 0)
+                        goto builtin_err;
+                EC_GROUP_free(group);
+                if (EC_GROUP_get_degree(EC_KEY_get0_group(eckey)) < 160)
+                        /* drop the curve */ 
+                        {
+                        EC_KEY_free(eckey);
+                        eckey = NULL;
+                        continue;
+                        }
+                BIO_printf(out, "%s: ", OBJ_nid2sn(nid));
+                /* create key */
+                if (!EC_KEY_generate_key(eckey))
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                /* create second key */
+                if ((wrong_eckey = EC_KEY_new()) == NULL)
+                        goto builtin_err;
+                group = EC_GROUP_new_by_curve_name(nid);
+                if (group == NULL)
+                        goto builtin_err;
+                if (EC_KEY_set_group(wrong_eckey, group) == 0)
+                        goto builtin_err;
+                EC_GROUP_free(group);
+                if (!EC_KEY_generate_key(wrong_eckey))
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+
+                BIO_printf(out, ".");
+                (void)BIO_flush(out);
+                /* check key */
+                if (!EC_KEY_check_key(eckey))
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                BIO_printf(out, ".");
+                (void)BIO_flush(out);
+                /* create signature */
+                sig_len = ECDSA_size(eckey);
+                if ((signature = OPENSSL_malloc(sig_len)) == NULL)
+                        goto builtin_err;
+                if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey))
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                BIO_printf(out, ".");
+                (void)BIO_flush(out);
+                /* verify signature */
+                if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                BIO_printf(out, ".");
+                (void)BIO_flush(out);
+                /* verify signature with the wrong key */
+                if (ECDSA_verify(0, digest, 20, signature, sig_len, 
+                        wrong_eckey) == 1)
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                BIO_printf(out, ".");
+                (void)BIO_flush(out);
+                /* wrong digest */
+                if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len,
+                        eckey) == 1)
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                BIO_printf(out, ".");
+                (void)BIO_flush(out);
+                /* modify a single byte of the signature */
+                offset = signature[10] % sig_len;
+                dirt   = signature[11];
+                signature[offset] ^= dirt ? dirt : 1; 
+                if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1)
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                BIO_printf(out, ".");
+                (void)BIO_flush(out);
+                
+                BIO_printf(out, " ok\n");
+                /* cleanup */
+                OPENSSL_free(signature);
+                signature = NULL;
+                EC_KEY_free(eckey);
+                eckey = NULL;
+                EC_KEY_free(wrong_eckey);
+                wrong_eckey = NULL;
+                }
+
+        ret = 1;        
+builtin_err:
+        if (eckey)
+                EC_KEY_free(eckey);
+        if (wrong_eckey)
+                EC_KEY_free(wrong_eckey);
+        if (signature)
+                OPENSSL_free(signature);
+        if (curves)
+                OPENSSL_free(curves);
+
+        return ret;
+        }
+
+int main(void)
+        {
+        int     ret = 1;
+        BIO     *out;
+
+        out = BIO_new_fp(stdout, BIO_NOCLOSE);
+        
+        /* enable memory leak checking unless explicitly disabled */
+        if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && 
+                (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
+                {
+                CRYPTO_malloc_debug_init();
+                CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+                }
+        else
+                {
+                /* OPENSSL_DEBUG_MEMORY=off */
+                CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+                }
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+        ERR_load_crypto_strings();
+
+        /* initialize the prng */
+        RAND_seed(rnd_seed, sizeof(rnd_seed));
+
+        /* the tests */
+        if (!x9_62_tests(out))  goto err;
+        if (!test_builtin(out)) goto err;
+        
+        ret = 0;
+err:    
+        if (ret)        
+                BIO_printf(out, "\nECDSA test failed\n");
+        else 
+                BIO_printf(out, "\nECDSA test passed\n");
+        if (ret)
+                ERR_print_errors(out);
+        CRYPTO_cleanup_all_ex_data();
+        ERR_remove_state(0);
+        ERR_free_strings();
+        CRYPTO_mem_leaks(out);
+        if (out != NULL)
+                BIO_free(out);
+        return ret;
+        }       
+#endif
diff --git a/src/lib/libcrypto/evp/e_seed.c b/src/lib/libcrypto/evp/e_seed.c
new file mode 100644
index 0000000000..8c1ec0d43a
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_seed.c
@@ -0,0 +1,83 @@
+/* crypto/evp/e_seed.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/opensslconf.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <string.h>
+#include <assert.h>
+#ifndef OPENSSL_NO_SEED
+#include <openssl/seed.h>
+#include "evp_locl.h"
+
+static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc);
+
+typedef struct
+        {
+        SEED_KEY_SCHEDULE ks;
+        } EVP_SEED_KEY;
+
+IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed,
+                       16, 16, 16, 128,
+                       0, seed_init_key, 0, 0, 0, 0)
+
+static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc)
+        {
+        SEED_set_key(key, ctx->cipher_data);
+        return 1;
+        }
+
+#endif
diff --git a/src/lib/libcrypto/o_dir.c b/src/lib/libcrypto/o_dir.c
new file mode 100644
index 0000000000..42891ea459
--- /dev/null
+++ b/src/lib/libcrypto/o_dir.c
@@ -0,0 +1,83 @@
+/* crypto/o_dir.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <errno.h>
+#include <e_os.h>
+
+/* The routines really come from the Levitte Programming, so to make
+   life simple, let's just use the raw files and hack the symbols to
+   fit our namespace.  */
+#define LP_DIR_CTX OPENSSL_DIR_CTX
+#define LP_dir_context_st OPENSSL_dir_context_st
+#define LP_find_file OPENSSL_DIR_read
+#define LP_find_file_end OPENSSL_DIR_end
+
+#include "o_dir.h"
+
+#define LPDIR_H
+#if defined OPENSSL_SYS_UNIX || defined DJGPP
+#include "LPdir_unix.c"
+#elif defined OPENSSL_SYS_VMS
+#include "LPdir_vms.c"
+#elif defined OPENSSL_SYS_WIN32
+#include "LPdir_win32.c"
+#elif defined OPENSSL_SYS_WINCE
+#include "LPdir_wince.c"
+#else
+#include "LPdir_nyi.c"
+#endif
diff --git a/src/lib/libcrypto/o_dir.h b/src/lib/libcrypto/o_dir.h
new file mode 100644
index 0000000000..4b725c0312
--- /dev/null
+++ b/src/lib/libcrypto/o_dir.h
@@ -0,0 +1,53 @@
+/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
+/* Copied from Richard Levitte's (richard@levitte.org) LP library.  All
+ * symbol names have been changed, with permission from the author.
+ */
+
+/* $LP: LPlib/source/LPdir.h,v 1.1 2004/06/14 08:56:04 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+
+#ifndef O_DIR_H
+#define O_DIR_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+  typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX;
+
+  /* returns NULL on error or end-of-directory.
+     If it is end-of-directory, errno will be zero */
+  const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory);
+  /* returns 1 on success, 0 on error */
+  int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LPDIR_H */
diff --git a/src/lib/libcrypto/o_dir_test.c b/src/lib/libcrypto/o_dir_test.c
new file mode 100644
index 0000000000..3d75ecb005
--- /dev/null
+++ b/src/lib/libcrypto/o_dir_test.c
@@ -0,0 +1,70 @@
+/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
+/* Copied from Richard Levitte's (richard@levitte.org) LP library.  All
+ * symbol names have been changed, with permission from the author.
+ */
+
+/* $LP: LPlib/test/test_dir.c,v 1.1 2004/06/16 22:59:47 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include "e_os2.h"
+#include "o_dir.h"
+
+#if defined OPENSSL_SYS_UNIX || defined OPENSSL_SYS_WIN32 || defined OPENSSL_SYS_WINCE
+#define CURRDIR "."
+#elif defined OPENSSL_SYS_VMS
+#define CURRDIR "SYS$DISK:[]"
+#else
+#error "No supported platform defined!"
+#endif
+
+int main()
+{
+  OPENSSL_DIR_CTX *ctx = NULL;
+  const char *result;
+
+  while((result = OPENSSL_DIR_read(&ctx, CURRDIR)) != NULL)
+    {
+      printf("%s\n", result);
+    }
+
+  if (errno)
+    {
+      perror("test_dir");
+      exit(1);
+    }
+
+  if (!OPENSSL_DIR_end(&ctx))
+    {
+      perror("test_dir");
+      exit(2);
+    }
+  exit(0);
+}
diff --git a/src/lib/libcrypto/pqueue/Makefile b/src/lib/libcrypto/pqueue/Makefile
new file mode 100644
index 0000000000..d0c39d25ce
--- /dev/null
+++ b/src/lib/libcrypto/pqueue/Makefile
@@ -0,0 +1,84 @@
+#
+# OpenSSL/crypto/pqueue/Makefile
+#
+
+DIR=    pqueue
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=pqueue.c
+LIBOBJ=pqueue.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= pqueue.h pq_compat.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+pqueue.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+pqueue.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+pqueue.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pqueue.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+pqueue.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pqueue.o: ../../include/openssl/pq_compat.h ../../include/openssl/safestack.h
+pqueue.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pqueue.o: ../cryptlib.h pqueue.c pqueue.h
diff --git a/src/lib/libcrypto/pqueue/pq_test.c b/src/lib/libcrypto/pqueue/pq_test.c
new file mode 100644
index 0000000000..8d496dfc65
--- /dev/null
+++ b/src/lib/libcrypto/pqueue/pq_test.c
@@ -0,0 +1,95 @@
+/* crypto/pqueue/pq_test.c */
+/* 
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "pqueue.h"
+
+int
+main(void)
+        {
+        pitem *item;
+        pqueue pq;
+
+        pq = pqueue_new();
+
+        item = pitem_new(3, NULL);
+        pqueue_insert(pq, item);
+
+        item = pitem_new(1, NULL);
+        pqueue_insert(pq, item);
+
+        item = pitem_new(2, NULL);
+        pqueue_insert(pq, item);
+
+        item = pqueue_find(pq, 1);
+        fprintf(stderr, "found %ld\n", item->priority);
+
+        item = pqueue_find(pq, 2);
+        fprintf(stderr, "found %ld\n", item->priority);
+
+        item = pqueue_find(pq, 3);
+        fprintf(stderr, "found %ld\n", item ? item->priority: 0);
+
+        pqueue_print(pq);
+
+        for(item = pqueue_pop(pq); item != NULL; item = pqueue_pop(pq))
+                pitem_free(item);
+
+        pqueue_free(pq);
+        return 0;
+        }
diff --git a/src/lib/libcrypto/pqueue/pqueue.c b/src/lib/libcrypto/pqueue/pqueue.c
new file mode 100644
index 0000000000..5cc18527f8
--- /dev/null
+++ b/src/lib/libcrypto/pqueue/pqueue.c
@@ -0,0 +1,236 @@
+/* crypto/pqueue/pqueue.c */
+/* 
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include "pqueue.h"
+
+typedef struct _pqueue
+        {
+        pitem *items;
+        int count;
+        } pqueue_s;
+
+pitem *
+pitem_new(PQ_64BIT priority, void *data)
+        {
+        pitem *item = (pitem *) OPENSSL_malloc(sizeof(pitem));
+        if (item == NULL) return NULL;
+
+        pq_64bit_init(&(item->priority));
+        pq_64bit_assign(&item->priority, &priority);
+
+        item->data = data;
+        item->next = NULL;
+
+        return item;
+        }
+
+void
+pitem_free(pitem *item)
+        {
+        if (item == NULL) return;
+
+        pq_64bit_free(&(item->priority));
+        OPENSSL_free(item);
+        }
+
+pqueue_s *
+pqueue_new()
+        {
+        pqueue_s *pq = (pqueue_s *) OPENSSL_malloc(sizeof(pqueue_s));
+        if (pq == NULL) return NULL;
+
+        memset(pq, 0x00, sizeof(pqueue_s));
+        return pq;
+        }
+
+void
+pqueue_free(pqueue_s *pq)
+        {
+        if (pq == NULL) return;
+
+        OPENSSL_free(pq);
+        }
+
+pitem *
+pqueue_insert(pqueue_s *pq, pitem *item)
+        {
+        pitem *curr, *next;
+
+        if (pq->items == NULL)
+                {
+                pq->items = item;
+                return item;
+                }
+
+        for(curr = NULL, next = pq->items; 
+                next != NULL;
+                curr = next, next = next->next)
+                {
+                if (pq_64bit_gt(&(next->priority), &(item->priority)))
+                        {
+                        item->next = next;
+
+                        if (curr == NULL) 
+                                pq->items = item;
+                        else  
+                                curr->next = item;
+
+                        return item;
+                        }
+                /* duplicates not allowed */
+                if (pq_64bit_eq(&(item->priority), &(next->priority)))
+                        return NULL;
+                }
+
+        item->next = NULL;
+        curr->next = item;
+
+        return item;
+        }
+
+pitem *
+pqueue_peek(pqueue_s *pq)
+        {
+        return pq->items;
+        }
+
+pitem *
+pqueue_pop(pqueue_s *pq)
+        {
+        pitem *item = pq->items;
+
+        if (pq->items != NULL)
+                pq->items = pq->items->next;
+
+        return item;
+        }
+
+pitem *
+pqueue_find(pqueue_s *pq, PQ_64BIT priority)
+        {
+        pitem *next, *prev = NULL;
+        pitem *found = NULL;
+
+        if ( pq->items == NULL)
+                return NULL;
+
+        for ( next = pq->items; next->next != NULL; 
+                  prev = next, next = next->next)
+                {
+                if ( pq_64bit_eq(&(next->priority), &priority))
+                        {
+                        found = next;
+                        break;
+                        }
+                }
+        
+        /* check the one last node */
+        if ( pq_64bit_eq(&(next->priority), &priority))
+                found = next;
+
+        if ( ! found)
+                return NULL;
+
+#if 0 /* find works in peek mode */
+        if ( prev == NULL)
+                pq->items = next->next;
+        else
+                prev->next = next->next;
+#endif
+
+        return found;
+        }
+
+#if PQ_64BIT_IS_INTEGER
+void
+pqueue_print(pqueue_s *pq)
+        {
+        pitem *item = pq->items;
+
+        while(item != NULL)
+                {
+                printf("item\t" PQ_64BIT_PRINT "\n", item->priority);
+                item = item->next;
+                }
+        }
+#endif
+
+pitem *
+pqueue_iterator(pqueue_s *pq)
+        {
+        return pqueue_peek(pq);
+        }
+
+pitem *
+pqueue_next(pitem **item)
+        {
+        pitem *ret;
+
+        if ( item == NULL || *item == NULL)
+                return NULL;
+
+
+        /* *item != NULL */
+        ret = *item;
+        *item = (*item)->next;
+
+        return ret;
+        }
diff --git a/src/lib/libcrypto/pqueue/pqueue.h b/src/lib/libcrypto/pqueue/pqueue.h
new file mode 100644
index 0000000000..02386d130e
--- /dev/null
+++ b/src/lib/libcrypto/pqueue/pqueue.h
@@ -0,0 +1,95 @@
+/* crypto/pqueue/pqueue.h */
+/* 
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_PQUEUE_H
+#define HEADER_PQUEUE_H
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/pq_compat.h>
+
+typedef struct _pqueue *pqueue;
+
+typedef struct _pitem
+        {
+        PQ_64BIT priority;
+        void *data;
+        struct _pitem *next;
+        } pitem;
+
+typedef struct _pitem *piterator;
+
+pitem *pitem_new(PQ_64BIT priority, void *data);
+void   pitem_free(pitem *item);
+
+pqueue pqueue_new(void);
+void   pqueue_free(pqueue pq);
+
+pitem *pqueue_insert(pqueue pq, pitem *item);
+pitem *pqueue_peek(pqueue pq);
+pitem *pqueue_pop(pqueue pq);
+pitem *pqueue_find(pqueue pq, PQ_64BIT priority);
+pitem *pqueue_iterator(pqueue pq);
+pitem *pqueue_next(piterator *iter);
+
+void   pqueue_print(pqueue pq);
+
+#endif /* ! HEADER_PQUEUE_H */
diff --git a/src/lib/libcrypto/rand/rand_nw.c b/src/lib/libcrypto/rand/rand_nw.c
new file mode 100644
index 0000000000..f177ffbe82
--- /dev/null
+++ b/src/lib/libcrypto/rand/rand_nw.c
@@ -0,0 +1,183 @@
+/* crypto/rand/rand_nw.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#if defined (OPENSSL_SYS_NETWARE)
+
+#if defined(NETWARE_LIBC)
+#include <nks/thread.h>
+#else
+#include <nwthread.h>
+#endif
+
+extern int GetProcessSwitchCount(void);
+#if !defined(NETWARE_LIBC) || (CURRENT_NDK_THRESHOLD < 509220000)
+extern void *RunningProcess; /* declare here same as found in newer NDKs */
+extern unsigned long GetSuperHighResolutionTimer(void);
+#endif
+
+   /* the FAQ indicates we need to provide at least 20 bytes (160 bits) of seed
+   */
+int RAND_poll(void)
+{
+   unsigned long l;
+   unsigned long tsc;
+   int i; 
+
+      /* There are several options to gather miscellaneous data
+       * but for now we will loop checking the time stamp counter (rdtsc) and
+       * the SuperHighResolutionTimer.  Each iteration will collect 8 bytes
+       * of data but it is treated as only 1 byte of entropy.  The call to
+       * ThreadSwitchWithDelay() will introduce additional variability into
+       * the data returned by rdtsc.
+       *
+       * Applications can agument the seed material by adding additional
+       * stuff with RAND_add() and should probably do so.
+      */
+   l = GetProcessSwitchCount();
+   RAND_add(&l,sizeof(l),1);
+   
+   /* need to cast the void* to unsigned long here */
+   l = (unsigned long)RunningProcess;
+   RAND_add(&l,sizeof(l),1);
+
+   for( i=2; i<ENTROPY_NEEDED; i++)
+   {
+#ifdef __MWERKS__
+      asm 
+      {
+         rdtsc
+         mov tsc, eax        
+      }
+#else
+      asm volatile("rdtsc":"=A" (tsc));
+#endif
+
+      RAND_add(&tsc, sizeof(tsc), 1);
+
+      l = GetSuperHighResolutionTimer();
+      RAND_add(&l, sizeof(l), 0);
+
+# if defined(NETWARE_LIBC)
+      NXThreadYield();
+# else /* NETWARE_CLIB */
+      ThreadSwitchWithDelay();
+# endif
+   }
+
+   return 1;
+}
+
+#endif 
+
diff --git a/src/lib/libcrypto/seed/Makefile b/src/lib/libcrypto/seed/Makefile
new file mode 100644
index 0000000000..f9de27b288
--- /dev/null
+++ b/src/lib/libcrypto/seed/Makefile
@@ -0,0 +1,87 @@
+#
+# crypto/seed/Makefile
+#
+
+DIR=    seed
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=seed.c seed_ecb.c seed_cbc.c seed_cfb.c seed_ofb.c
+LIBOBJ=seed.o seed_ecb.o seed_cbc.o seed_cfb.o seed_ofb.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= seed.h
+HEADER= seed_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+seed.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+seed.o: ../../include/openssl/seed.h seed.c seed_locl.h
+seed_cbc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+seed_cbc.o: ../../include/openssl/seed.h seed_cbc.c seed_locl.h
+seed_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+seed_cfb.o: ../../include/openssl/seed.h seed_cfb.c seed_locl.h
+seed_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/seed.h
+seed_ecb.o: seed_ecb.c
+seed_ofb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+seed_ofb.o: ../../include/openssl/seed.h seed_locl.h seed_ofb.c
diff --git a/src/lib/libcrypto/seed/seed.c b/src/lib/libcrypto/seed/seed.c
new file mode 100644
index 0000000000..125dd7d66f
--- /dev/null
+++ b/src/lib/libcrypto/seed/seed.c
@@ -0,0 +1,286 @@
+/*
+ * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.  
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Neither the name of author nor the names of its contributors may
+ *    be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+#ifndef OPENSSL_NO_SEED
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef WIN32
+#include <memory.h>
+#endif
+
+#include <openssl/seed.h>
+#include "seed_locl.h"
+
+static seed_word SS[4][256] = { {
+        0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0, 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,
+        0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c, 0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360,
+        0x28082028, 0x04444044, 0x20002020, 0x1d8d919c, 0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314,
+        0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378, 0x3b8bb3b8, 0x13031310, 0x12c2d2d0, 0x2ecee2ec,
+        0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8, 0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074,
+        0x2ccce0ec, 0x15859194, 0x0b0b0308, 0x17475354, 0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100,
+        0x24042024, 0x1c0c101c, 0x33437370, 0x18889098, 0x10001010, 0x0cccc0cc, 0x32c2f2f0, 0x19c9d1d8,
+        0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380, 0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8,
+        0x20406060, 0x10405050, 0x2383a3a0, 0x2bcbe3e8, 0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c,
+        0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078, 0x2686a2a4, 0x12021210, 0x2f8fa3ac, 0x15c5d1d4,
+        0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140, 0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008,
+        0x1f0f131c, 0x19899198, 0x00000000, 0x19091118, 0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0,
+        0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324, 0x3080b0b0, 0x0b8b8388, 0x0e0e020c, 0x2b8ba3a8,
+        0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c, 0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208,
+        0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0, 0x05c5c1c4, 0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064,
+        0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218, 0x06060204, 0x21012120, 0x2b4b6368, 0x26466264,
+        0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288, 0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0,
+        0x3a4a7278, 0x07474344, 0x16869294, 0x25c5e1e4, 0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc,
+        0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac, 0x36063234, 0x15051114, 0x22022220, 0x38083038,
+        0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c, 0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394,
+        0x35053134, 0x0bcbc3c8, 0x0ecec2cc, 0x3c0c303c, 0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188,
+        0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8, 0x14849094, 0x19495158, 0x02828280, 0x04c4c0c4,
+        0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364, 0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8,
+        0x0f0f030c, 0x0e8e828c, 0x02424240, 0x23032320, 0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4,
+        0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0, 0x2f4f636c, 0x3d0d313c, 0x2d0d212c, 0x00404040,
+        0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0, 0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154,
+        0x3b0b3338, 0x1cccd0dc, 0x28486068, 0x3f4f737c, 0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254,
+        0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244, 0x3585b1b4, 0x2b0b2328, 0x25456164, 0x3acaf2f8,
+        0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c, 0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0,
+        0x31013130, 0x2acae2e8, 0x2d4d616c, 0x1f4f535c, 0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088,
+        0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4, 0x22426260, 0x29092128, 0x07070304, 0x33033330,
+        0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178, 0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298
+},      {
+        0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2, 0xcc0fcfc3, 0xdc1eced2, 0xb03383b3, 0xb83888b0,
+        0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3, 0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53,
+        0xc003c3c3, 0x60224262, 0x30330333, 0xb43585b1, 0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3,
+        0xd013c3d3, 0x90118191, 0x10110111, 0x04060602, 0x1c1c0c10, 0xbc3c8cb0, 0x34360632, 0x480b4b43,
+        0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0, 0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0,
+        0xc002c2c2, 0x44054541, 0xe021c1e1, 0xd416c6d2, 0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890,
+        0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32, 0xa42585a1, 0xf839c9f1, 0x0c0d0d01, 0xdc1fcfd3,
+        0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72, 0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272,
+        0x40024242, 0xd414c4d0, 0x40014141, 0xc000c0c0, 0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83,
+        0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13, 0xc80acac2, 0x2c2c0c20, 0xa82a8aa2, 0x34340430,
+        0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1, 0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0,
+        0x54174753, 0xac2e8ea2, 0x08080800, 0xc405c5c1, 0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1,
+        0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131, 0xf435c5f1, 0x880a8a82, 0x682a4a62, 0xb03181b1,
+        0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202, 0x20220222, 0x04040400, 0x68284860, 0x70314171,
+        0x04070703, 0xd81bcbd3, 0x9c1d8d91, 0x98198991, 0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951,
+        0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0, 0x981a8a92, 0xa02383a3, 0xa82b8ba3, 0xd010c0d0,
+        0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12, 0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3,
+        0x94168692, 0x783b4b73, 0x5c1c4c50, 0xa02282a2, 0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41,
+        0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32, 0x0c0c0c00, 0x2c2e0e22, 0xb83a8ab2, 0x6c2e4e62,
+        0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292, 0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0,
+        0x14150511, 0xf83bcbf3, 0x70304070, 0x74354571, 0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303,
+        0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470, 0xd415c5d1, 0xb43484b0, 0xe82acae2, 0x08090901,
+        0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040, 0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501,
+        0xf83acaf2, 0x00010101, 0xf030c0f0, 0x282a0a22, 0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343,
+        0x84058581, 0x14140410, 0x88098981, 0x981b8b93, 0xb03080b0, 0xe425c5e1, 0x48084840, 0x78394971,
+        0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282, 0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53,
+        0x74374773, 0x54144450, 0xb03282b2, 0x1c1d0d11, 0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642,
+        0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3, 0x7c3e4e72, 0xd81acad2, 0xc809c9c1, 0xfc3dcdf1,
+        0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30, 0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70,
+        0x0c0e0e02, 0x50104050, 0x38390931, 0x24260622, 0x30320232, 0x84048480, 0x68294961, 0x90138393,
+        0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0, 0xc80bcbc3, 0x50134353, 0x080a0a02, 0x84078783,
+        0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83, 0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3
+},      {
+        0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3, 0x50541444, 0x111c1d0d, 0xa0ac2c8c, 0x21242505,
+        0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e, 0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343,
+        0x20282808, 0x40440444, 0x20202000, 0x919c1d8d, 0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707,
+        0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b, 0xb3b83b8b, 0x13101303, 0xd2d012c2, 0xe2ec2ece,
+        0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888, 0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444,
+        0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747, 0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101,
+        0x20242404, 0x101c1c0c, 0x73703343, 0x90981888, 0x10101000, 0xc0cc0ccc, 0xf2f032c2, 0xd1d819c9,
+        0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383, 0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9,
+        0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb, 0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f,
+        0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848, 0xa2a42686, 0x12101202, 0xa3ac2f8f, 0xd1d415c5,
+        0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141, 0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808,
+        0x131c1f0f, 0x91981989, 0x00000000, 0x11181909, 0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1,
+        0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707, 0xb0b03080, 0x83880b8b, 0x020c0e0e, 0xa3a82b8b,
+        0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d, 0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a,
+        0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5, 0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444,
+        0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a, 0x02040606, 0x21202101, 0x63682b4b, 0x62642646,
+        0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a, 0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0,
+        0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5, 0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf,
+        0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e, 0x32343606, 0x11141505, 0x22202202, 0x30383808,
+        0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c, 0x81800181, 0xe1e829c9, 0x80840484, 0x93941787,
+        0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c, 0x71703141, 0x11101101, 0xc3c407c7, 0x81880989,
+        0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8, 0x90941484, 0x51581949, 0x82800282, 0xc0c404c4,
+        0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747, 0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888,
+        0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303, 0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484,
+        0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2, 0x636c2f4f, 0x313c3d0d, 0x212c2d0d, 0x40400040,
+        0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1, 0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545,
+        0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f, 0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646,
+        0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646, 0xb1b43585, 0x23282b0b, 0x61642545, 0xf2f83aca,
+        0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f, 0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282,
+        0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f, 0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888,
+        0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4, 0x62602242, 0x21282909, 0x03040707, 0x33303303,
+        0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949, 0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a
+},      {
+        0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426, 0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838,
+        0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407, 0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b,
+        0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435, 0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427,
+        0xc3d3d013, 0x81919011, 0x01111011, 0x06020406, 0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b,
+        0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828, 0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434,
+        0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416, 0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818,
+        0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e, 0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f,
+        0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a, 0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032,
+        0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000, 0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b,
+        0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f, 0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434,
+        0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829, 0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838,
+        0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405, 0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839,
+        0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031, 0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031,
+        0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002, 0x02222022, 0x04000404, 0x48606828, 0x41717031,
+        0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819, 0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819,
+        0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c, 0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010,
+        0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a, 0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f,
+        0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022, 0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d,
+        0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a, 0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e,
+        0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012, 0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c,
+        0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435, 0x4f737c3f, 0x05313435, 0x00101010, 0x03030003,
+        0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434, 0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809,
+        0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000, 0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405,
+        0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a, 0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003,
+        0x85818405, 0x04101414, 0x89818809, 0x8b93981b, 0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839,
+        0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002, 0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f,
+        0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d, 0x05212425, 0x4f434c0f, 0x00000000, 0x46424406,
+        0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b, 0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d,
+        0x00303030, 0x85919415, 0x45616425, 0x0c303c3c, 0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c,
+        0x0e020c0e, 0x40505010, 0x09313839, 0x06222426, 0x02323032, 0x84808404, 0x49616829, 0x83939013,
+        0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424, 0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407,
+        0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f, 0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437
+}       };
+
+/* key schedule constants - golden ratio */
+#define KC0     0x9e3779b9
+#define KC1     0x3c6ef373
+#define KC2     0x78dde6e6
+#define KC3     0xf1bbcdcc
+#define KC4     0xe3779b99
+#define KC5     0xc6ef3733
+#define KC6     0x8dde6e67
+#define KC7     0x1bbcdccf
+#define KC8     0x3779b99e
+#define KC9     0x6ef3733c
+#define KC10    0xdde6e678
+#define KC11    0xbbcdccf1
+#define KC12    0x779b99e3
+#define KC13    0xef3733c6
+#define KC14    0xde6e678d
+#define KC15    0xbcdccf1b
+
+
+void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks)
+{
+        seed_word x1, x2, x3, x4;
+        seed_word t0, t1;
+
+        char2word(rawkey   , x1);
+        char2word(rawkey+4 , x2);
+        char2word(rawkey+8 , x3);
+        char2word(rawkey+12, x4);
+
+        t0 = (x1 + x3 - KC0) & 0xffffffff;
+        t1 = (x2 - x4 + KC0) & 0xffffffff;                     KEYUPDATE_TEMP(t0, t1, &ks->data[0]);
+        KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC1);      KEYUPDATE_TEMP(t0, t1, &ks->data[2]);
+        KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC2);      KEYUPDATE_TEMP(t0, t1, &ks->data[4]);
+        KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC3);      KEYUPDATE_TEMP(t0, t1, &ks->data[6]);
+        KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC4);      KEYUPDATE_TEMP(t0, t1, &ks->data[8]);
+        KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC5);      KEYUPDATE_TEMP(t0, t1, &ks->data[10]);
+        KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC6);      KEYUPDATE_TEMP(t0, t1, &ks->data[12]);
+        KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC7);      KEYUPDATE_TEMP(t0, t1, &ks->data[14]);
+        KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC8);      KEYUPDATE_TEMP(t0, t1, &ks->data[16]);
+        KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC9);      KEYUPDATE_TEMP(t0, t1, &ks->data[18]);
+        KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC10);     KEYUPDATE_TEMP(t0, t1, &ks->data[20]);
+        KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC11);     KEYUPDATE_TEMP(t0, t1, &ks->data[22]);
+        KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC12);     KEYUPDATE_TEMP(t0, t1, &ks->data[24]);
+        KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC13);     KEYUPDATE_TEMP(t0, t1, &ks->data[26]);
+        KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC14);     KEYUPDATE_TEMP(t0, t1, &ks->data[28]);
+        KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC15);     KEYUPDATE_TEMP(t0, t1, &ks->data[30]);
+}
+
+void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks)
+{
+        seed_word x1, x2, x3, x4;
+        seed_word t0, t1;
+
+        char2word(s,    x1);
+        char2word(s+4,  x2);
+        char2word(s+8,  x3);
+        char2word(s+12, x4);
+        
+        E_SEED(t0, t1, x1, x2, x3, x4, 0);
+        E_SEED(t0, t1, x3, x4, x1, x2, 2);
+        E_SEED(t0, t1, x1, x2, x3, x4, 4);
+        E_SEED(t0, t1, x3, x4, x1, x2, 6);
+        E_SEED(t0, t1, x1, x2, x3, x4, 8);
+        E_SEED(t0, t1, x3, x4, x1, x2, 10);
+        E_SEED(t0, t1, x1, x2, x3, x4, 12);
+        E_SEED(t0, t1, x3, x4, x1, x2, 14);
+        E_SEED(t0, t1, x1, x2, x3, x4, 16);
+        E_SEED(t0, t1, x3, x4, x1, x2, 18);
+        E_SEED(t0, t1, x1, x2, x3, x4, 20);
+        E_SEED(t0, t1, x3, x4, x1, x2, 22);
+        E_SEED(t0, t1, x1, x2, x3, x4, 24);
+        E_SEED(t0, t1, x3, x4, x1, x2, 26);
+        E_SEED(t0, t1, x1, x2, x3, x4, 28);
+        E_SEED(t0, t1, x3, x4, x1, x2, 30);
+
+        word2char(x3, d);
+        word2char(x4, d+4);
+        word2char(x1, d+8);
+        word2char(x2, d+12);
+}
+
+void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks)
+{
+        seed_word x1, x2, x3, x4;
+        seed_word t0, t1;
+
+        char2word(s,    x1);
+        char2word(s+4,  x2);
+        char2word(s+8,  x3);
+        char2word(s+12, x4);
+        
+        E_SEED(t0, t1, x1, x2, x3, x4, 30);
+        E_SEED(t0, t1, x3, x4, x1, x2, 28);
+        E_SEED(t0, t1, x1, x2, x3, x4, 26);
+        E_SEED(t0, t1, x3, x4, x1, x2, 24);
+        E_SEED(t0, t1, x1, x2, x3, x4, 22);
+        E_SEED(t0, t1, x3, x4, x1, x2, 20);
+        E_SEED(t0, t1, x1, x2, x3, x4, 18);
+        E_SEED(t0, t1, x3, x4, x1, x2, 16);
+        E_SEED(t0, t1, x1, x2, x3, x4, 14);
+        E_SEED(t0, t1, x3, x4, x1, x2, 12);
+        E_SEED(t0, t1, x1, x2, x3, x4, 10);
+        E_SEED(t0, t1, x3, x4, x1, x2, 8);
+        E_SEED(t0, t1, x1, x2, x3, x4, 6);
+        E_SEED(t0, t1, x3, x4, x1, x2, 4);
+        E_SEED(t0, t1, x1, x2, x3, x4, 2);
+        E_SEED(t0, t1, x3, x4, x1, x2, 0);
+
+        word2char(x3, d);
+        word2char(x4, d+4);
+        word2char(x1, d+8);
+        word2char(x2, d+12);
+}
+
+#endif /* OPENSSL_NO_SEED */
diff --git a/src/lib/libcrypto/seed/seed.h b/src/lib/libcrypto/seed/seed.h
new file mode 100644
index 0000000000..427915ed9a
--- /dev/null
+++ b/src/lib/libcrypto/seed/seed.h
@@ -0,0 +1,135 @@
+/*
+ * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.  
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Neither the name of author nor the names of its contributors may
+ *    be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#ifndef HEADER_SEED_H
+#define HEADER_SEED_H
+
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_NO_SEED
+#error SEED is disabled.
+#endif
+
+#ifdef AES_LONG /* look whether we need 'long' to get 32 bits */
+# ifndef SEED_LONG
+#  define SEED_LONG 1
+# endif
+#endif
+
+#if !defined(NO_SYS_TYPES_H)
+# include <sys/types.h>
+#endif
+
+#define SEED_BLOCK_SIZE 16
+#define SEED_KEY_LENGTH 16
+
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+typedef struct seed_key_st {
+#ifdef SEED_LONG
+    unsigned long data[32];
+#else
+    unsigned int data[32];
+#endif
+} SEED_KEY_SCHEDULE;
+
+
+void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks);
+
+void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks);
+void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks);
+
+void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, const SEED_KEY_SCHEDULE *ks, int enc);
+void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
+        size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int enc);
+void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+        size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int *num, int enc);
+void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+        size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int *num);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* HEADER_SEED_H */
diff --git a/src/lib/libcrypto/seed/seed_cbc.c b/src/lib/libcrypto/seed/seed_cbc.c
new file mode 100644
index 0000000000..4f718ccb44
--- /dev/null
+++ b/src/lib/libcrypto/seed/seed_cbc.c
@@ -0,0 +1,129 @@
+/* crypto/seed/seed_cbc.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include "seed_locl.h"
+#include <string.h>
+
+void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t len, const SEED_KEY_SCHEDULE *ks,
+                      unsigned char ivec[SEED_BLOCK_SIZE], int enc)
+        {
+        size_t n;
+        unsigned char tmp[SEED_BLOCK_SIZE];
+        const unsigned char *iv = ivec;
+
+        if (enc)
+                {
+                while (len >= SEED_BLOCK_SIZE)
+                        {
+                        for (n = 0; n < SEED_BLOCK_SIZE; ++n)
+                                out[n] = in[n] ^ iv[n];
+                        SEED_encrypt(out, out, ks);
+                        iv = out;
+                        len -= SEED_BLOCK_SIZE;
+                        in  += SEED_BLOCK_SIZE;
+                        out += SEED_BLOCK_SIZE;
+                        }
+                if (len)
+                        {
+                        for (n = 0; n < len; ++n)
+                                out[n] = in[n] ^ iv[n];
+                        for (n = len; n < SEED_BLOCK_SIZE; ++n)
+                                out[n] = iv[n];
+                        SEED_encrypt(out, out, ks);
+                        iv = out;
+                        }
+                memcpy(ivec, iv, SEED_BLOCK_SIZE);
+                }
+        else if (in != out) /* decrypt */
+                {
+                while (len >= SEED_BLOCK_SIZE)
+                        {
+                        SEED_decrypt(in, out, ks);
+                        for (n = 0; n < SEED_BLOCK_SIZE; ++n)
+                                out[n] ^= iv[n];
+                        iv = in;
+                        len -= SEED_BLOCK_SIZE;
+                        in  += SEED_BLOCK_SIZE;
+                        out += SEED_BLOCK_SIZE;
+                        }
+                if (len)
+                        {
+                        SEED_decrypt(in, tmp, ks);
+                        for (n = 0; n < len; ++n)
+                                out[n] = tmp[n] ^ iv[n];
+                        iv = in;
+                        }
+                memcpy(ivec, iv, SEED_BLOCK_SIZE);
+                }
+        else /* decrypt, overlap */
+                {
+                while (len >= SEED_BLOCK_SIZE)
+                        {
+                        memcpy(tmp, in, SEED_BLOCK_SIZE);
+                        SEED_decrypt(in, out, ks);
+                        for (n = 0; n < SEED_BLOCK_SIZE; ++n)
+                                out[n] ^= ivec[n];
+                        memcpy(ivec, tmp, SEED_BLOCK_SIZE);
+                        len -= SEED_BLOCK_SIZE;
+                        in  += SEED_BLOCK_SIZE;
+                        out += SEED_BLOCK_SIZE;
+                        }
+                if (len)
+                        {
+                        memcpy(tmp, in, SEED_BLOCK_SIZE);
+                        SEED_decrypt(tmp, tmp, ks);
+                        for (n = 0; n < len; ++n)
+                                out[n] = tmp[n] ^ ivec[n];
+                        memcpy(ivec, tmp, SEED_BLOCK_SIZE);
+                        }
+                }
+        }
diff --git a/src/lib/libcrypto/seed/seed_cfb.c b/src/lib/libcrypto/seed/seed_cfb.c
new file mode 100644
index 0000000000..07d878a788
--- /dev/null
+++ b/src/lib/libcrypto/seed/seed_cfb.c
@@ -0,0 +1,144 @@
+/* crypto/seed/seed_cfb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "seed_locl.h"
+#include <string.h>
+
+void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                         size_t len, const SEED_KEY_SCHEDULE *ks,
+                         unsigned char ivec[SEED_BLOCK_SIZE], int *num, int enc)
+        {
+        int n;
+        unsigned char c;
+
+        n = *num;
+
+        if (enc)
+                {
+                while (len--)
+                        {
+                        if (n == 0)
+                                SEED_encrypt(ivec, ivec, ks);
+                        ivec[n] = *(out++) = *(in++) ^ ivec[n];
+                        n = (n+1) % SEED_BLOCK_SIZE;
+                        }
+                }
+        else
+                {
+                while (len--)
+                        {
+                        if (n == 0)
+                                SEED_encrypt(ivec, ivec, ks);
+                        c = *(in);
+                        *(out++) = *(in++) ^ ivec[n];
+                        ivec[n] = c;
+                        n = (n+1) % SEED_BLOCK_SIZE;
+                        }
+                }
+
+        *num = n;
+        }
diff --git a/src/lib/libcrypto/seed/seed_ecb.c b/src/lib/libcrypto/seed/seed_ecb.c
new file mode 100644
index 0000000000..e63f5ae14e
--- /dev/null
+++ b/src/lib/libcrypto/seed/seed_ecb.c
@@ -0,0 +1,60 @@
+/* crypto/seed/seed_ecb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/seed.h>
+
+void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, const SEED_KEY_SCHEDULE *ks, int enc) 
+        {
+        if (enc)
+                SEED_encrypt(in, out, ks);
+        else
+                SEED_decrypt(in, out, ks);
+        }
diff --git a/src/lib/libcrypto/seed/seed_locl.h b/src/lib/libcrypto/seed/seed_locl.h
new file mode 100644
index 0000000000..fd456b6422
--- /dev/null
+++ b/src/lib/libcrypto/seed/seed_locl.h
@@ -0,0 +1,116 @@
+/*
+ * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.  
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Neither the name of author nor the names of its contributors may
+ *    be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+#ifndef HEADER_SEED_LOCL_H
+#define HEADER_SEED_LOCL_H
+
+#include "openssl/e_os2.h"
+#include <openssl/seed.h>
+
+
+#ifdef SEED_LONG /* need 32-bit type */
+typedef unsigned long seed_word;
+#else
+typedef unsigned int seed_word;
+#endif
+
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#define G_FUNC(v)       \
+        SS[0][(unsigned char)      (v) & 0xff] ^ SS[1][(unsigned char) ((v)>>8) & 0xff] ^ \
+        SS[2][(unsigned char)((v)>>16) & 0xff] ^ SS[3][(unsigned char)((v)>>24) & 0xff]
+
+#define char2word(c, i)  \
+        (i) = ((((seed_word)(c)[0]) << 24) | (((seed_word)(c)[1]) << 16) | (((seed_word)(c)[2]) << 8) | ((seed_word)(c)[3]))
+
+#define word2char(l, c)  \
+        *((c)+0) = (unsigned char)((l)>>24) & 0xff; \
+        *((c)+1) = (unsigned char)((l)>>16) & 0xff; \
+        *((c)+2) = (unsigned char)((l)>> 8) & 0xff; \
+        *((c)+3) = (unsigned char)((l))     & 0xff
+
+#define KEYSCHEDULE_UPDATE0(T0, T1, X1, X2, X3, X4, KC)  \
+        (T0) = (X3);                                     \
+        (X3) = (((X3)<<8) ^ ((X4)>>24)) & 0xffffffff;    \
+        (X4) = (((X4)<<8) ^ ((T0)>>24)) & 0xffffffff;    \
+        (T0) = ((X1) + (X3) - (KC))     & 0xffffffff;    \
+        (T1) = ((X2) + (KC) - (X4))     & 0xffffffff
+
+#define KEYSCHEDULE_UPDATE1(T0, T1, X1, X2, X3, X4, KC)  \
+        (T0) = (X1);                                     \
+        (X1) = (((X1)>>8) ^ ((X2)<<24)) & 0xffffffff;    \
+        (X2) = (((X2)>>8) ^ ((T0)<<24)) & 0xffffffff;    \
+        (T0) = ((X1) + (X3) - (KC))     & 0xffffffff;     \
+        (T1) = ((X2) + (KC) - (X4))     & 0xffffffff
+
+#define KEYUPDATE_TEMP(T0, T1, K)   \
+        (K)[0] = G_FUNC((T0));      \
+        (K)[1] = G_FUNC((T1))
+
+#define XOR_SEEDBLOCK(DST, SRC)      \
+        ((DST))[0] ^= ((SRC))[0];    \
+        ((DST))[1] ^= ((SRC))[1];    \
+        ((DST))[2] ^= ((SRC))[2];    \
+        ((DST))[3] ^= ((SRC))[3]
+
+#define MOV_SEEDBLOCK(DST, SRC)      \
+        ((DST))[0] = ((SRC))[0];     \
+        ((DST))[1] = ((SRC))[1];     \
+        ((DST))[2] = ((SRC))[2];     \
+        ((DST))[3] = ((SRC))[3]
+
+# define CHAR2WORD(C, I)              \
+        char2word((C),    (I)[0]);    \
+        char2word((C+4),  (I)[1]);    \
+        char2word((C+8),  (I)[2]);    \
+        char2word((C+12), (I)[3])
+
+# define WORD2CHAR(I, C)              \
+        word2char((I)[0], (C));       \
+        word2char((I)[1], (C+4));     \
+        word2char((I)[2], (C+8));     \
+        word2char((I)[3], (C+12))
+
+# define E_SEED(T0, T1, X1, X2, X3, X4, rbase)   \
+        (T0) = (X3) ^ (ks->data)[(rbase)];       \
+        (T1) = (X4) ^ (ks->data)[(rbase)+1];     \
+        (T1) ^= (T0);                            \
+        (T1) = G_FUNC((T1));                     \
+        (T0) = ((T0) + (T1)) & 0xffffffff;       \
+        (T0) = G_FUNC((T0));                     \
+        (T1) = ((T1) + (T0)) & 0xffffffff;       \
+        (T1) = G_FUNC((T1));                     \
+        (T0) = ((T0) + (T1)) & 0xffffffff;       \
+        (X1) ^= (T0);                            \
+        (X2) ^= (T1)
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* HEADER_SEED_LOCL_H */
diff --git a/src/lib/libcrypto/seed/seed_ofb.c b/src/lib/libcrypto/seed/seed_ofb.c
new file mode 100644
index 0000000000..e2f3f57a38
--- /dev/null
+++ b/src/lib/libcrypto/seed/seed_ofb.c
@@ -0,0 +1,128 @@
+/* crypto/seed/seed_ofb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "seed_locl.h"
+#include <string.h>
+
+void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                         size_t len, const SEED_KEY_SCHEDULE *ks,
+                         unsigned char ivec[SEED_BLOCK_SIZE], int *num)
+        {
+        int n;
+
+        n = *num;
+        
+        while (len--)
+                {
+                if (n == 0)
+                        SEED_encrypt(ivec, ivec, ks);
+                *(out++) = *(in++) ^ ivec[n];
+                n = (n+1) % SEED_BLOCK_SIZE;
+                }
+
+        *num = n;
+        }
diff --git a/src/lib/libcrypto/sha/sha256t.c b/src/lib/libcrypto/sha/sha256t.c
new file mode 100644
index 0000000000..6b4a3bd001
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha256t.c
@@ -0,0 +1,147 @@
+/* crypto/sha/sha256t.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ * ====================================================================
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <openssl/sha.h>
+#include <openssl/evp.h>
+
+#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA256)
+int main(int argc, char *argv[])
+{
+    printf("No SHA256 support\n");
+    return(0);
+}
+#else
+
+unsigned char app_b1[SHA256_DIGEST_LENGTH] = {
+        0xba,0x78,0x16,0xbf,0x8f,0x01,0xcf,0xea,
+        0x41,0x41,0x40,0xde,0x5d,0xae,0x22,0x23,
+        0xb0,0x03,0x61,0xa3,0x96,0x17,0x7a,0x9c,
+        0xb4,0x10,0xff,0x61,0xf2,0x00,0x15,0xad };
+
+unsigned char app_b2[SHA256_DIGEST_LENGTH] = {
+        0x24,0x8d,0x6a,0x61,0xd2,0x06,0x38,0xb8,
+        0xe5,0xc0,0x26,0x93,0x0c,0x3e,0x60,0x39,
+        0xa3,0x3c,0xe4,0x59,0x64,0xff,0x21,0x67,
+        0xf6,0xec,0xed,0xd4,0x19,0xdb,0x06,0xc1 };
+
+unsigned char app_b3[SHA256_DIGEST_LENGTH] = {
+        0xcd,0xc7,0x6e,0x5c,0x99,0x14,0xfb,0x92,
+        0x81,0xa1,0xc7,0xe2,0x84,0xd7,0x3e,0x67,
+        0xf1,0x80,0x9a,0x48,0xa4,0x97,0x20,0x0e,
+        0x04,0x6d,0x39,0xcc,0xc7,0x11,0x2c,0xd0 };
+
+unsigned char addenum_1[SHA224_DIGEST_LENGTH] = {
+        0x23,0x09,0x7d,0x22,0x34,0x05,0xd8,0x22,
+        0x86,0x42,0xa4,0x77,0xbd,0xa2,0x55,0xb3,
+        0x2a,0xad,0xbc,0xe4,0xbd,0xa0,0xb3,0xf7,
+        0xe3,0x6c,0x9d,0xa7 };
+
+unsigned char addenum_2[SHA224_DIGEST_LENGTH] = {
+        0x75,0x38,0x8b,0x16,0x51,0x27,0x76,0xcc,
+        0x5d,0xba,0x5d,0xa1,0xfd,0x89,0x01,0x50,
+        0xb0,0xc6,0x45,0x5c,0xb4,0xf5,0x8b,0x19,
+        0x52,0x52,0x25,0x25 };
+
+unsigned char addenum_3[SHA224_DIGEST_LENGTH] = {
+        0x20,0x79,0x46,0x55,0x98,0x0c,0x91,0xd8,
+        0xbb,0xb4,0xc1,0xea,0x97,0x61,0x8a,0x4b,
+        0xf0,0x3f,0x42,0x58,0x19,0x48,0xb2,0xee,
+        0x4e,0xe7,0xad,0x67 };
+
+int main (int argc,char **argv)
+{ unsigned char md[SHA256_DIGEST_LENGTH];
+  int           i;
+  EVP_MD_CTX    evp;
+
+    fprintf(stdout,"Testing SHA-256 ");
+
+    EVP_Digest ("abc",3,md,NULL,EVP_sha256(),NULL);
+    if (memcmp(md,app_b1,sizeof(app_b1)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 1 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    EVP_Digest ("abcdbcde""cdefdefg""efghfghi""ghijhijk"
+                "ijkljklm""klmnlmno""mnopnopq",56,md,NULL,EVP_sha256(),NULL);
+    if (memcmp(md,app_b2,sizeof(app_b2)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 2 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    EVP_MD_CTX_init (&evp);
+    EVP_DigestInit_ex (&evp,EVP_sha256(),NULL);
+    for (i=0;i<1000000;i+=160)
+        EVP_DigestUpdate (&evp, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
+                                (1000000-i)<160?1000000-i:160);
+    EVP_DigestFinal_ex (&evp,md,NULL);
+    EVP_MD_CTX_cleanup (&evp);
+
+    if (memcmp(md,app_b3,sizeof(app_b3)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 3 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    fprintf(stdout," passed.\n"); fflush(stdout);
+
+    fprintf(stdout,"Testing SHA-224 ");
+
+    EVP_Digest ("abc",3,md,NULL,EVP_sha224(),NULL);
+    if (memcmp(md,addenum_1,sizeof(addenum_1)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 1 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    EVP_Digest ("abcdbcde""cdefdefg""efghfghi""ghijhijk"
+                "ijkljklm""klmnlmno""mnopnopq",56,md,NULL,EVP_sha224(),NULL);
+    if (memcmp(md,addenum_2,sizeof(addenum_2)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 2 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    EVP_MD_CTX_init (&evp);
+    EVP_DigestInit_ex (&evp,EVP_sha224(),NULL);
+    for (i=0;i<1000000;i+=64)
+        EVP_DigestUpdate (&evp, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
+                                (1000000-i)<64?1000000-i:64);
+    EVP_DigestFinal_ex (&evp,md,NULL);
+    EVP_MD_CTX_cleanup (&evp);
+
+    if (memcmp(md,addenum_3,sizeof(addenum_3)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 3 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    fprintf(stdout," passed.\n"); fflush(stdout);
+
+  return 0;
+}
+#endif
diff --git a/src/lib/libcrypto/sha/sha512t.c b/src/lib/libcrypto/sha/sha512t.c
new file mode 100644
index 0000000000..210041d435
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha512t.c
@@ -0,0 +1,184 @@
+/* crypto/sha/sha512t.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ * ====================================================================
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <openssl/sha.h>
+#include <openssl/evp.h>
+#include <openssl/crypto.h>
+
+#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA512)
+int main(int argc, char *argv[])
+{
+    printf("No SHA512 support\n");
+    return(0);
+}
+#else
+
+unsigned char app_c1[SHA512_DIGEST_LENGTH] = {
+        0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba,
+        0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31,
+        0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2,
+        0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a,
+        0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8,
+        0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd,
+        0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e,
+        0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f };
+
+unsigned char app_c2[SHA512_DIGEST_LENGTH] = {
+        0x8e,0x95,0x9b,0x75,0xda,0xe3,0x13,0xda,
+        0x8c,0xf4,0xf7,0x28,0x14,0xfc,0x14,0x3f,
+        0x8f,0x77,0x79,0xc6,0xeb,0x9f,0x7f,0xa1,
+        0x72,0x99,0xae,0xad,0xb6,0x88,0x90,0x18,
+        0x50,0x1d,0x28,0x9e,0x49,0x00,0xf7,0xe4,
+        0x33,0x1b,0x99,0xde,0xc4,0xb5,0x43,0x3a,
+        0xc7,0xd3,0x29,0xee,0xb6,0xdd,0x26,0x54,
+        0x5e,0x96,0xe5,0x5b,0x87,0x4b,0xe9,0x09 };
+
+unsigned char app_c3[SHA512_DIGEST_LENGTH] = {
+        0xe7,0x18,0x48,0x3d,0x0c,0xe7,0x69,0x64,
+        0x4e,0x2e,0x42,0xc7,0xbc,0x15,0xb4,0x63,
+        0x8e,0x1f,0x98,0xb1,0x3b,0x20,0x44,0x28,
+        0x56,0x32,0xa8,0x03,0xaf,0xa9,0x73,0xeb,
+        0xde,0x0f,0xf2,0x44,0x87,0x7e,0xa6,0x0a,
+        0x4c,0xb0,0x43,0x2c,0xe5,0x77,0xc3,0x1b,
+        0xeb,0x00,0x9c,0x5c,0x2c,0x49,0xaa,0x2e,
+        0x4e,0xad,0xb2,0x17,0xad,0x8c,0xc0,0x9b };
+
+unsigned char app_d1[SHA384_DIGEST_LENGTH] = {
+        0xcb,0x00,0x75,0x3f,0x45,0xa3,0x5e,0x8b,
+        0xb5,0xa0,0x3d,0x69,0x9a,0xc6,0x50,0x07,
+        0x27,0x2c,0x32,0xab,0x0e,0xde,0xd1,0x63,
+        0x1a,0x8b,0x60,0x5a,0x43,0xff,0x5b,0xed,
+        0x80,0x86,0x07,0x2b,0xa1,0xe7,0xcc,0x23,
+        0x58,0xba,0xec,0xa1,0x34,0xc8,0x25,0xa7 };
+
+unsigned char app_d2[SHA384_DIGEST_LENGTH] = {
+        0x09,0x33,0x0c,0x33,0xf7,0x11,0x47,0xe8,
+        0x3d,0x19,0x2f,0xc7,0x82,0xcd,0x1b,0x47,
+        0x53,0x11,0x1b,0x17,0x3b,0x3b,0x05,0xd2,
+        0x2f,0xa0,0x80,0x86,0xe3,0xb0,0xf7,0x12,
+        0xfc,0xc7,0xc7,0x1a,0x55,0x7e,0x2d,0xb9,
+        0x66,0xc3,0xe9,0xfa,0x91,0x74,0x60,0x39 };
+
+unsigned char app_d3[SHA384_DIGEST_LENGTH] = {
+        0x9d,0x0e,0x18,0x09,0x71,0x64,0x74,0xcb,
+        0x08,0x6e,0x83,0x4e,0x31,0x0a,0x4a,0x1c,
+        0xed,0x14,0x9e,0x9c,0x00,0xf2,0x48,0x52,
+        0x79,0x72,0xce,0xc5,0x70,0x4c,0x2a,0x5b,
+        0x07,0xb8,0xb3,0xdc,0x38,0xec,0xc4,0xeb,
+        0xae,0x97,0xdd,0xd8,0x7f,0x3d,0x89,0x85 };
+
+int main (int argc,char **argv)
+{ unsigned char md[SHA512_DIGEST_LENGTH];
+  int           i;
+  EVP_MD_CTX    evp;
+
+#ifdef OPENSSL_IA32_SSE2
+    /* Alternative to this is to call OpenSSL_add_all_algorithms...
+     * The below code is retained exclusively for debugging purposes. */
+    { char      *env;
+
+        if ((env=getenv("OPENSSL_ia32cap")))
+            OPENSSL_ia32cap = strtoul (env,NULL,0);
+    }
+#endif
+
+    fprintf(stdout,"Testing SHA-512 ");
+
+    EVP_Digest ("abc",3,md,NULL,EVP_sha512(),NULL);
+    if (memcmp(md,app_c1,sizeof(app_c1)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 1 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    EVP_Digest ("abcdefgh""bcdefghi""cdefghij""defghijk"
+                "efghijkl""fghijklm""ghijklmn""hijklmno"
+                "ijklmnop""jklmnopq""klmnopqr""lmnopqrs"
+                "mnopqrst""nopqrstu",112,md,NULL,EVP_sha512(),NULL);
+    if (memcmp(md,app_c2,sizeof(app_c2)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 2 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    EVP_MD_CTX_init (&evp);
+    EVP_DigestInit_ex (&evp,EVP_sha512(),NULL);
+    for (i=0;i<1000000;i+=288)
+        EVP_DigestUpdate (&evp, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
+                                (1000000-i)<288?1000000-i:288);
+    EVP_DigestFinal_ex (&evp,md,NULL);
+    EVP_MD_CTX_cleanup (&evp);
+
+    if (memcmp(md,app_c3,sizeof(app_c3)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 3 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    fprintf(stdout," passed.\n"); fflush(stdout);
+
+    fprintf(stdout,"Testing SHA-384 ");
+
+    EVP_Digest ("abc",3,md,NULL,EVP_sha384(),NULL);
+    if (memcmp(md,app_d1,sizeof(app_d1)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 1 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    EVP_Digest ("abcdefgh""bcdefghi""cdefghij""defghijk"
+                "efghijkl""fghijklm""ghijklmn""hijklmno"
+                "ijklmnop""jklmnopq""klmnopqr""lmnopqrs"
+                "mnopqrst""nopqrstu",112,md,NULL,EVP_sha384(),NULL);
+    if (memcmp(md,app_d2,sizeof(app_d2)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 2 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    EVP_MD_CTX_init (&evp);
+    EVP_DigestInit_ex (&evp,EVP_sha384(),NULL);
+    for (i=0;i<1000000;i+=64)
+        EVP_DigestUpdate (&evp, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
+                                (1000000-i)<64?1000000-i:64);
+    EVP_DigestFinal_ex (&evp,md,NULL);
+    EVP_MD_CTX_cleanup (&evp);
+
+    if (memcmp(md,app_d3,sizeof(app_d3)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 3 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    fprintf(stdout," passed.\n"); fflush(stdout);
+
+  return 0;
+}
+#endif
diff --git a/src/lib/libcrypto/store/Makefile b/src/lib/libcrypto/store/Makefile
new file mode 100644
index 0000000000..0dcfd7857a
--- /dev/null
+++ b/src/lib/libcrypto/store/Makefile
@@ -0,0 +1,112 @@
+#
+# OpenSSL/crypto/store/Makefile
+#
+
+DIR=    store
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+#TEST= storetest.c
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= str_err.c str_lib.c str_meth.c str_mem.c
+LIBOBJ= str_err.o str_lib.o str_meth.o str_mem.o
+
+SRC= $(LIBSRC)
+
+#EXHEADER= store.h str_compat.h
+EXHEADER= store.h
+HEADER= $(EXHEADER) str_locl.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+str_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+str_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+str_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+str_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+str_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+str_err.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h
+str_err.o: str_err.c
+str_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+str_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+str_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+str_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+str_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+str_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+str_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+str_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+str_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+str_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+str_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+str_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h
+str_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+str_lib.o: str_lib.c str_locl.h
+str_mem.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+str_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+str_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+str_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+str_mem.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+str_mem.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h
+str_mem.o: str_locl.h str_mem.c
+str_meth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+str_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+str_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+str_meth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+str_meth.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h
+str_meth.o: str_locl.h str_meth.c
diff --git a/src/lib/libcrypto/store/README b/src/lib/libcrypto/store/README
new file mode 100644
index 0000000000..966168f6a5
--- /dev/null
+++ b/src/lib/libcrypto/store/README
@@ -0,0 +1,95 @@
+The STORE type
+==============
+
+A STORE, as defined in this code section, is really a rather simple
+thing which stores objects and per-object associations to a number
+of attributes.  What attributes are supported entirely depends on
+the particular implementation of a STORE.  It has some support for
+generation of certain objects (for example, keys and CRLs).
+
+
+Supported object types
+----------------------
+
+For now, the objects that are supported are the following:
+
+X.509 certificate
+X.509 CRL
+private key
+public key
+number
+arbitrary (application) data
+
+The intention is that a STORE should be able to store everything
+needed by an application that wants a cert/key store, as well as
+the data a CA might need to store (this includes the serial number
+counter, which explains the support for numbers).
+
+
+Supported attribute types
+-------------------------
+
+For now, the following attributes are supported:
+
+Friendly Name           - the value is a normal C string
+Key ID                  - the value is a 160 bit SHA1 hash
+Issuer Key ID           - the value is a 160 bit SHA1 hash
+Subject Key ID          - the value is a 160 bit SHA1 hash
+Issuer/Serial Hash      - the value is a 160 bit SHA1 hash
+Issuer                  - the value is a X509_NAME
+Serial                  - the value is a BIGNUM
+Subject                 - the value is a X509_NAME
+Certificate Hash        - the value is a 160 bit SHA1 hash
+Email                   - the value is a normal C string
+Filename                - the value is a normal C string
+
+It is expected that these attributes should be enough to support
+the need from most, if not all, current applications.  Applications
+that need to do certificate verification would typically use Subject
+Key ID, Issuer/Serial Hash or Subject to look up issuer certificates.
+S/MIME applications would typically use Email to look up recipient
+and signer certificates.
+
+There's added support for combined sets of attributes to search for,
+with the special OR attribute.
+
+
+Supported basic functionality
+-----------------------------
+
+The functions that are supported through the STORE type are these:
+
+generate_object         - for example to generate keys and CRLs
+get_object              - to look up one object
+                          NOTE: this function is really rather
+                          redundant and probably of lesser usage
+                          than the list functions
+store_object            - store an object and the attributes
+                          associated with it
+modify_object           - modify the attributes associated with
+                          a specific object
+revoke_object           - revoke an object
+                          NOTE: this only marks an object as
+                          invalid, it doesn't remove the object
+                          from the database
+delete_object           - remove an object from the database
+list_object             - list objects associated with a given
+                          set of attributes
+                          NOTE: this is really four functions:
+                          list_start, list_next, list_end and
+                          list_endp
+update_store            - update the internal data of the store
+lock_store              - lock the store
+unlock_store            - unlock the store
+
+The list functions need some extra explanation: list_start is
+used to set up a lookup.  That's where the attributes to use in
+the search are set up.  It returns a search context.  list_next
+returns the next object searched for.  list_end closes the search.
+list_endp is used to check if we have reached the end.
+
+A few words on the store functions as well: update_store is
+typically used by a CA application to update the internal
+structure of a database.  This may for example involve automatic
+removal of expired certificates.  lock_store and unlock_store
+are used for locking a store to allow exclusive writes.
diff --git a/src/lib/libcrypto/store/store.h b/src/lib/libcrypto/store/store.h
new file mode 100644
index 0000000000..64583377a9
--- /dev/null
+++ b/src/lib/libcrypto/store/store.h
@@ -0,0 +1,554 @@
+/* crypto/store/store.h -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_STORE_H
+#define HEADER_STORE_H
+
+#include <openssl/ossl_typ.h>
+#ifndef OPENSSL_NO_DEPRECATED
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Already defined in ossl_typ.h */
+/* typedef struct store_st STORE; */
+/* typedef struct store_method_st STORE_METHOD; */
+
+
+/* All the following functions return 0, a negative number or NULL on error.
+   When everything is fine, they return a positive value or a non-NULL
+   pointer, all depending on their purpose. */
+
+/* Creators and destructor.   */
+STORE *STORE_new_method(const STORE_METHOD *method);
+STORE *STORE_new_engine(ENGINE *engine);
+void STORE_free(STORE *ui);
+
+
+/* Give a user interface parametrised control commands.  This can be used to
+   send down an integer, a data pointer or a function pointer, as well as
+   be used to get information from a STORE. */
+int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void));
+
+/* A control to set the directory with keys and certificates.  Used by the
+   built-in directory level method. */
+#define STORE_CTRL_SET_DIRECTORY        0x0001
+/* A control to set a file to load.  Used by the built-in file level method. */
+#define STORE_CTRL_SET_FILE             0x0002
+/* A control to set a configuration file to load.  Can be used by any method
+   that wishes to load a configuration file. */
+#define STORE_CTRL_SET_CONF_FILE        0x0003
+/* A control to set a the section of the loaded configuration file.  Can be
+   used by any method that wishes to load a configuration file. */
+#define STORE_CTRL_SET_CONF_SECTION     0x0004
+
+
+/* Some methods may use extra data */
+#define STORE_set_app_data(s,arg)       STORE_set_ex_data(s,0,arg)
+#define STORE_get_app_data(s)           STORE_get_ex_data(s,0)
+int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int STORE_set_ex_data(STORE *r,int idx,void *arg);
+void *STORE_get_ex_data(STORE *r, int idx);
+
+/* Use specific methods instead of the built-in one */
+const STORE_METHOD *STORE_get_method(STORE *store);
+const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth);
+
+/* The standard OpenSSL methods. */
+/* This is the in-memory method.  It does everything except revoking and updating,
+   and is of course volatile.  It's used by other methods that have an in-memory
+   cache. */
+const STORE_METHOD *STORE_Memory(void);
+#if 0 /* Not yet implemented */
+/* This is the directory store.  It does everything except revoking and updating,
+   and uses STORE_Memory() to cache things in memory. */
+const STORE_METHOD *STORE_Directory(void);
+/* This is the file store.  It does everything except revoking and updating,
+   and uses STORE_Memory() to cache things in memory.  Certificates are added
+   to it with the store operation, and it will only get cached certificates. */
+const STORE_METHOD *STORE_File(void);
+#endif
+
+/* Store functions take a type code for the type of data they should store
+   or fetch */
+typedef enum STORE_object_types
+        {
+        STORE_OBJECT_TYPE_X509_CERTIFICATE=     0x01, /* X509 * */
+        STORE_OBJECT_TYPE_X509_CRL=             0x02, /* X509_CRL * */
+        STORE_OBJECT_TYPE_PRIVATE_KEY=          0x03, /* EVP_PKEY * */
+        STORE_OBJECT_TYPE_PUBLIC_KEY=           0x04, /* EVP_PKEY * */
+        STORE_OBJECT_TYPE_NUMBER=               0x05, /* BIGNUM * */
+        STORE_OBJECT_TYPE_ARBITRARY=            0x06, /* BUF_MEM * */
+        STORE_OBJECT_TYPE_NUM=                  0x06  /* The amount of known
+                                                         object types */
+        } STORE_OBJECT_TYPES;
+/* List of text strings corresponding to the object types. */
+extern const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1];
+
+/* Some store functions take a parameter list.  Those parameters come with
+   one of the following codes. The comments following the codes below indicate
+   what type the value should be a pointer to. */
+typedef enum STORE_params
+        {
+        STORE_PARAM_EVP_TYPE=                   0x01, /* int */
+        STORE_PARAM_BITS=                       0x02, /* size_t */
+        STORE_PARAM_KEY_PARAMETERS=             0x03, /* ??? */
+        STORE_PARAM_KEY_NO_PARAMETERS=          0x04, /* N/A */
+        STORE_PARAM_AUTH_PASSPHRASE=            0x05, /* char * */
+        STORE_PARAM_AUTH_KRB5_TICKET=           0x06, /* void * */
+        STORE_PARAM_TYPE_NUM=                   0x06  /* The amount of known
+                                                         parameter types */
+        } STORE_PARAM_TYPES;
+/* Parameter value sizes.  -1 means unknown, anything else is the required size. */
+extern const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1];
+
+/* Store functions take attribute lists.  Those attributes come with codes.
+   The comments following the codes below indicate what type the value should
+   be a pointer to. */
+typedef enum STORE_attribs
+        {
+        STORE_ATTR_END=                         0x00,
+        STORE_ATTR_FRIENDLYNAME=                0x01, /* C string */
+        STORE_ATTR_KEYID=                       0x02, /* 160 bit string (SHA1) */
+        STORE_ATTR_ISSUERKEYID=                 0x03, /* 160 bit string (SHA1) */
+        STORE_ATTR_SUBJECTKEYID=                0x04, /* 160 bit string (SHA1) */
+        STORE_ATTR_ISSUERSERIALHASH=            0x05, /* 160 bit string (SHA1) */
+        STORE_ATTR_ISSUER=                      0x06, /* X509_NAME * */
+        STORE_ATTR_SERIAL=                      0x07, /* BIGNUM * */
+        STORE_ATTR_SUBJECT=                     0x08, /* X509_NAME * */
+        STORE_ATTR_CERTHASH=                    0x09, /* 160 bit string (SHA1) */
+        STORE_ATTR_EMAIL=                       0x0a, /* C string */
+        STORE_ATTR_FILENAME=                    0x0b, /* C string */
+        STORE_ATTR_TYPE_NUM=                    0x0b, /* The amount of known
+                                                         attribute types */
+        STORE_ATTR_OR=                          0xff  /* This is a special
+                                                         separator, which
+                                                         expresses the OR
+                                                         operation.  */
+        } STORE_ATTR_TYPES;
+/* Attribute value sizes.  -1 means unknown, anything else is the required size. */
+extern const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1];
+
+typedef enum STORE_certificate_status
+        {
+        STORE_X509_VALID=                       0x00,
+        STORE_X509_EXPIRED=                     0x01,
+        STORE_X509_SUSPENDED=                   0x02,
+        STORE_X509_REVOKED=                     0x03
+        } STORE_CERTIFICATE_STATUS;
+
+/* Engine store functions will return a structure that contains all the necessary
+ * information, including revokation status for certificates.  This is really not
+ * needed for application authors, as the ENGINE framework functions will extract
+ * the OpenSSL-specific information when at all possible.  However, for engine
+ * authors, it's crucial to know this structure.  */
+typedef struct STORE_OBJECT_st
+        {
+        STORE_OBJECT_TYPES type;
+        union
+                {
+                struct
+                        {
+                        STORE_CERTIFICATE_STATUS status;
+                        X509 *certificate;
+                        } x509;
+                X509_CRL *crl;
+                EVP_PKEY *key;
+                BIGNUM *number;
+                BUF_MEM *arbitrary;
+                } data;
+        } STORE_OBJECT;
+DECLARE_STACK_OF(STORE_OBJECT)
+STORE_OBJECT *STORE_OBJECT_new(void);
+void STORE_OBJECT_free(STORE_OBJECT *data);
+
+
+
+/* The following functions handle the storage. They return 0, a negative number
+   or NULL on error, anything else on success. */
+X509 *STORE_get_certificate(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_store_certificate(STORE *e, X509 *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_modify_certificate(STORE *e, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
+int STORE_revoke_certificate(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_delete_certificate(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+void *STORE_list_certificate_start(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+X509 *STORE_list_certificate_next(STORE *e, void *handle);
+int STORE_list_certificate_end(STORE *e, void *handle);
+int STORE_list_certificate_endp(STORE *e, void *handle);
+EVP_PKEY *STORE_generate_key(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+EVP_PKEY *STORE_get_private_key(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_store_private_key(STORE *e, EVP_PKEY *data,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+int STORE_modify_private_key(STORE *e, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
+int STORE_revoke_private_key(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_delete_private_key(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+void *STORE_list_private_key_start(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+EVP_PKEY *STORE_list_private_key_next(STORE *e, void *handle);
+int STORE_list_private_key_end(STORE *e, void *handle);
+int STORE_list_private_key_endp(STORE *e, void *handle);
+EVP_PKEY *STORE_get_public_key(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_store_public_key(STORE *e, EVP_PKEY *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_modify_public_key(STORE *e, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
+int STORE_revoke_public_key(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_delete_public_key(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+void *STORE_list_public_key_start(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+EVP_PKEY *STORE_list_public_key_next(STORE *e, void *handle);
+int STORE_list_public_key_end(STORE *e, void *handle);
+int STORE_list_public_key_endp(STORE *e, void *handle);
+X509_CRL *STORE_generate_crl(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+X509_CRL *STORE_get_crl(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_store_crl(STORE *e, X509_CRL *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_modify_crl(STORE *e, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
+int STORE_delete_crl(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+void *STORE_list_crl_start(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+X509_CRL *STORE_list_crl_next(STORE *e, void *handle);
+int STORE_list_crl_end(STORE *e, void *handle);
+int STORE_list_crl_endp(STORE *e, void *handle);
+int STORE_store_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_modify_number(STORE *e, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
+BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_delete_number(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_store_arbitrary(STORE *e, BUF_MEM *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_modify_arbitrary(STORE *e, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
+BUF_MEM *STORE_get_arbitrary(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_delete_arbitrary(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+
+
+/* Create and manipulate methods */
+STORE_METHOD *STORE_create_method(char *name);
+void STORE_destroy_method(STORE_METHOD *store_method);
+
+/* These callback types are use for store handlers */
+typedef int (*STORE_INITIALISE_FUNC_PTR)(STORE *);
+typedef void (*STORE_CLEANUP_FUNC_PTR)(STORE *);
+typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+typedef STORE_OBJECT *(*STORE_NEXT_OBJECT_FUNC_PTR)(STORE *, void *handle);
+typedef int (*STORE_END_OBJECT_FUNC_PTR)(STORE *, void *handle);
+typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+typedef int (*STORE_STORE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, STORE_OBJECT *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
+typedef int (*STORE_GENERIC_FUNC_PTR)(STORE *, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+typedef int (*STORE_CTRL_FUNC_PTR)(STORE *, int cmd, long l, void *p, void (*f)(void));
+
+int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f);
+int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f);
+int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f);
+int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f);
+int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f);
+int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR store_f);
+int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f);
+int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f);
+int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f);
+int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f);
+int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f);
+int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR);
+int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR);
+int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR);
+int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f);
+
+STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm);
+STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm);
+STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm);
+STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm);
+STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm);
+STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm);
+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm);
+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm);
+STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm);
+STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm);
+STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm);
+STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm);
+STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm);
+STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm);
+STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm);
+
+/* Method helper structures and functions. */
+
+/* This structure is the result of parsing through the information in a list
+   of OPENSSL_ITEMs.  It stores all the necessary information in a structured
+   way.*/
+typedef struct STORE_attr_info_st STORE_ATTR_INFO;
+
+/* Parse a list of OPENSSL_ITEMs and return a pointer to a STORE_ATTR_INFO.
+   Note that we do this in the list form, since the list of OPENSSL_ITEMs can
+   come in blocks separated with STORE_ATTR_OR.  Note that the value returned
+   by STORE_parse_attrs_next() must be freed with STORE_ATTR_INFO_free(). */
+void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes);
+STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle);
+int STORE_parse_attrs_end(void *handle);
+int STORE_parse_attrs_endp(void *handle);
+
+/* Creator and destructor */
+STORE_ATTR_INFO *STORE_ATTR_INFO_new(void);
+int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs);
+
+/* Manipulators */
+char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code);
+unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,
+        STORE_ATTR_TYPES code);
+X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code);
+BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code);
+int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        char *cstr, size_t cstr_size);
+int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        unsigned char *sha1str, size_t sha1str_size);
+int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        X509_NAME *dn);
+int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        BIGNUM *number);
+int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        char *cstr, size_t cstr_size);
+int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        unsigned char *sha1str, size_t sha1str_size);
+int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        X509_NAME *dn);
+int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        BIGNUM *number);
+
+/* Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values
+   in each contained attribute. */
+int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
+/* Check if the set of attributes in a is within the range of attributes
+   set in b. */
+int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
+/* Check if the set of attributes in a are also set in b. */
+int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
+/* Same as STORE_ATTR_INFO_in(), but also checks the attribute values. */
+int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_STORE_strings(void);
+
+/* Error codes for the STORE functions. */
+
+/* Function codes. */
+#define STORE_F_MEM_DELETE                               134
+#define STORE_F_MEM_GENERATE                             135
+#define STORE_F_MEM_LIST_END                             168
+#define STORE_F_MEM_LIST_NEXT                            136
+#define STORE_F_MEM_LIST_START                           137
+#define STORE_F_MEM_MODIFY                               169
+#define STORE_F_MEM_STORE                                138
+#define STORE_F_STORE_ATTR_INFO_GET0_CSTR                139
+#define STORE_F_STORE_ATTR_INFO_GET0_DN                  140
+#define STORE_F_STORE_ATTR_INFO_GET0_NUMBER              141
+#define STORE_F_STORE_ATTR_INFO_GET0_SHA1STR             142
+#define STORE_F_STORE_ATTR_INFO_MODIFY_CSTR              143
+#define STORE_F_STORE_ATTR_INFO_MODIFY_DN                144
+#define STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER            145
+#define STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR           146
+#define STORE_F_STORE_ATTR_INFO_SET_CSTR                 147
+#define STORE_F_STORE_ATTR_INFO_SET_DN                   148
+#define STORE_F_STORE_ATTR_INFO_SET_NUMBER               149
+#define STORE_F_STORE_ATTR_INFO_SET_SHA1STR              150
+#define STORE_F_STORE_CERTIFICATE                        170
+#define STORE_F_STORE_CTRL                               161
+#define STORE_F_STORE_DELETE_ARBITRARY                   158
+#define STORE_F_STORE_DELETE_CERTIFICATE                 102
+#define STORE_F_STORE_DELETE_CRL                         103
+#define STORE_F_STORE_DELETE_NUMBER                      104
+#define STORE_F_STORE_DELETE_PRIVATE_KEY                 105
+#define STORE_F_STORE_DELETE_PUBLIC_KEY                  106
+#define STORE_F_STORE_GENERATE_CRL                       107
+#define STORE_F_STORE_GENERATE_KEY                       108
+#define STORE_F_STORE_GET_ARBITRARY                      159
+#define STORE_F_STORE_GET_CERTIFICATE                    109
+#define STORE_F_STORE_GET_CRL                            110
+#define STORE_F_STORE_GET_NUMBER                         111
+#define STORE_F_STORE_GET_PRIVATE_KEY                    112
+#define STORE_F_STORE_GET_PUBLIC_KEY                     113
+#define STORE_F_STORE_LIST_CERTIFICATE_END               114
+#define STORE_F_STORE_LIST_CERTIFICATE_ENDP              153
+#define STORE_F_STORE_LIST_CERTIFICATE_NEXT              115
+#define STORE_F_STORE_LIST_CERTIFICATE_START             116
+#define STORE_F_STORE_LIST_CRL_END                       117
+#define STORE_F_STORE_LIST_CRL_ENDP                      154
+#define STORE_F_STORE_LIST_CRL_NEXT                      118
+#define STORE_F_STORE_LIST_CRL_START                     119
+#define STORE_F_STORE_LIST_PRIVATE_KEY_END               120
+#define STORE_F_STORE_LIST_PRIVATE_KEY_ENDP              155
+#define STORE_F_STORE_LIST_PRIVATE_KEY_NEXT              121
+#define STORE_F_STORE_LIST_PRIVATE_KEY_START             122
+#define STORE_F_STORE_LIST_PUBLIC_KEY_END                123
+#define STORE_F_STORE_LIST_PUBLIC_KEY_ENDP               156
+#define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT               124
+#define STORE_F_STORE_LIST_PUBLIC_KEY_START              125
+#define STORE_F_STORE_MODIFY_ARBITRARY                   162
+#define STORE_F_STORE_MODIFY_CERTIFICATE                 163
+#define STORE_F_STORE_MODIFY_CRL                         164
+#define STORE_F_STORE_MODIFY_NUMBER                      165
+#define STORE_F_STORE_MODIFY_PRIVATE_KEY                 166
+#define STORE_F_STORE_MODIFY_PUBLIC_KEY                  167
+#define STORE_F_STORE_NEW_ENGINE                         133
+#define STORE_F_STORE_NEW_METHOD                         132
+#define STORE_F_STORE_PARSE_ATTRS_END                    151
+#define STORE_F_STORE_PARSE_ATTRS_ENDP                   172
+#define STORE_F_STORE_PARSE_ATTRS_NEXT                   152
+#define STORE_F_STORE_PARSE_ATTRS_START                  171
+#define STORE_F_STORE_REVOKE_CERTIFICATE                 129
+#define STORE_F_STORE_REVOKE_PRIVATE_KEY                 130
+#define STORE_F_STORE_REVOKE_PUBLIC_KEY                  131
+#define STORE_F_STORE_STORE_ARBITRARY                    157
+#define STORE_F_STORE_STORE_CERTIFICATE                  100
+#define STORE_F_STORE_STORE_CRL                          101
+#define STORE_F_STORE_STORE_NUMBER                       126
+#define STORE_F_STORE_STORE_PRIVATE_KEY                  127
+#define STORE_F_STORE_STORE_PUBLIC_KEY                   128
+
+/* Reason codes. */
+#define STORE_R_ALREADY_HAS_A_VALUE                      127
+#define STORE_R_FAILED_DELETING_ARBITRARY                132
+#define STORE_R_FAILED_DELETING_CERTIFICATE              100
+#define STORE_R_FAILED_DELETING_KEY                      101
+#define STORE_R_FAILED_DELETING_NUMBER                   102
+#define STORE_R_FAILED_GENERATING_CRL                    103
+#define STORE_R_FAILED_GENERATING_KEY                    104
+#define STORE_R_FAILED_GETTING_ARBITRARY                 133
+#define STORE_R_FAILED_GETTING_CERTIFICATE               105
+#define STORE_R_FAILED_GETTING_KEY                       106
+#define STORE_R_FAILED_GETTING_NUMBER                    107
+#define STORE_R_FAILED_LISTING_CERTIFICATES              108
+#define STORE_R_FAILED_LISTING_KEYS                      109
+#define STORE_R_FAILED_MODIFYING_ARBITRARY               138
+#define STORE_R_FAILED_MODIFYING_CERTIFICATE             139
+#define STORE_R_FAILED_MODIFYING_CRL                     140
+#define STORE_R_FAILED_MODIFYING_NUMBER                  141
+#define STORE_R_FAILED_MODIFYING_PRIVATE_KEY             142
+#define STORE_R_FAILED_MODIFYING_PUBLIC_KEY              143
+#define STORE_R_FAILED_REVOKING_CERTIFICATE              110
+#define STORE_R_FAILED_REVOKING_KEY                      111
+#define STORE_R_FAILED_STORING_ARBITRARY                 134
+#define STORE_R_FAILED_STORING_CERTIFICATE               112
+#define STORE_R_FAILED_STORING_KEY                       113
+#define STORE_R_FAILED_STORING_NUMBER                    114
+#define STORE_R_NOT_IMPLEMENTED                          128
+#define STORE_R_NO_CONTROL_FUNCTION                      144
+#define STORE_R_NO_DELETE_ARBITRARY_FUNCTION             135
+#define STORE_R_NO_DELETE_NUMBER_FUNCTION                115
+#define STORE_R_NO_DELETE_OBJECT_FUNCTION                116
+#define STORE_R_NO_GENERATE_CRL_FUNCTION                 117
+#define STORE_R_NO_GENERATE_OBJECT_FUNCTION              118
+#define STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION         136
+#define STORE_R_NO_GET_OBJECT_FUNCTION                   119
+#define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION            120
+#define STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION             131
+#define STORE_R_NO_LIST_OBJECT_END_FUNCTION              121
+#define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION             122
+#define STORE_R_NO_LIST_OBJECT_START_FUNCTION            123
+#define STORE_R_NO_MODIFY_OBJECT_FUNCTION                145
+#define STORE_R_NO_REVOKE_OBJECT_FUNCTION                124
+#define STORE_R_NO_STORE                                 129
+#define STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION       137
+#define STORE_R_NO_STORE_OBJECT_FUNCTION                 125
+#define STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION          126
+#define STORE_R_NO_VALUE                                 130
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/store/str_err.c b/src/lib/libcrypto/store/str_err.c
new file mode 100644
index 0000000000..6fee649822
--- /dev/null
+++ b/src/lib/libcrypto/store/str_err.c
@@ -0,0 +1,211 @@
+/* crypto/store/str_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/store.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_STORE,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_STORE,0,reason)
+
+static ERR_STRING_DATA STORE_str_functs[]=
+        {
+{ERR_FUNC(STORE_F_MEM_DELETE),  "MEM_DELETE"},
+{ERR_FUNC(STORE_F_MEM_GENERATE),        "MEM_GENERATE"},
+{ERR_FUNC(STORE_F_MEM_LIST_END),        "MEM_LIST_END"},
+{ERR_FUNC(STORE_F_MEM_LIST_NEXT),       "MEM_LIST_NEXT"},
+{ERR_FUNC(STORE_F_MEM_LIST_START),      "MEM_LIST_START"},
+{ERR_FUNC(STORE_F_MEM_MODIFY),  "MEM_MODIFY"},
+{ERR_FUNC(STORE_F_MEM_STORE),   "MEM_STORE"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_CSTR),   "STORE_ATTR_INFO_get0_cstr"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_DN),     "STORE_ATTR_INFO_get0_dn"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_NUMBER), "STORE_ATTR_INFO_get0_number"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR),        "STORE_ATTR_INFO_get0_sha1str"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR), "STORE_ATTR_INFO_modify_cstr"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_DN),   "STORE_ATTR_INFO_modify_dn"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER),       "STORE_ATTR_INFO_modify_number"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR),      "STORE_ATTR_INFO_modify_sha1str"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_CSTR),    "STORE_ATTR_INFO_set_cstr"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_DN),      "STORE_ATTR_INFO_set_dn"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_NUMBER),  "STORE_ATTR_INFO_set_number"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_SHA1STR), "STORE_ATTR_INFO_set_sha1str"},
+{ERR_FUNC(STORE_F_STORE_CERTIFICATE),   "STORE_CERTIFICATE"},
+{ERR_FUNC(STORE_F_STORE_CTRL),  "STORE_ctrl"},
+{ERR_FUNC(STORE_F_STORE_DELETE_ARBITRARY),      "STORE_delete_arbitrary"},
+{ERR_FUNC(STORE_F_STORE_DELETE_CERTIFICATE),    "STORE_delete_certificate"},
+{ERR_FUNC(STORE_F_STORE_DELETE_CRL),    "STORE_delete_crl"},
+{ERR_FUNC(STORE_F_STORE_DELETE_NUMBER), "STORE_delete_number"},
+{ERR_FUNC(STORE_F_STORE_DELETE_PRIVATE_KEY),    "STORE_delete_private_key"},
+{ERR_FUNC(STORE_F_STORE_DELETE_PUBLIC_KEY),     "STORE_delete_public_key"},
+{ERR_FUNC(STORE_F_STORE_GENERATE_CRL),  "STORE_generate_crl"},
+{ERR_FUNC(STORE_F_STORE_GENERATE_KEY),  "STORE_generate_key"},
+{ERR_FUNC(STORE_F_STORE_GET_ARBITRARY), "STORE_get_arbitrary"},
+{ERR_FUNC(STORE_F_STORE_GET_CERTIFICATE),       "STORE_get_certificate"},
+{ERR_FUNC(STORE_F_STORE_GET_CRL),       "STORE_get_crl"},
+{ERR_FUNC(STORE_F_STORE_GET_NUMBER),    "STORE_get_number"},
+{ERR_FUNC(STORE_F_STORE_GET_PRIVATE_KEY),       "STORE_get_private_key"},
+{ERR_FUNC(STORE_F_STORE_GET_PUBLIC_KEY),        "STORE_get_public_key"},
+{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_END),  "STORE_list_certificate_end"},
+{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_ENDP), "STORE_list_certificate_endp"},
+{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_NEXT), "STORE_list_certificate_next"},
+{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_START),        "STORE_list_certificate_start"},
+{ERR_FUNC(STORE_F_STORE_LIST_CRL_END),  "STORE_list_crl_end"},
+{ERR_FUNC(STORE_F_STORE_LIST_CRL_ENDP), "STORE_list_crl_endp"},
+{ERR_FUNC(STORE_F_STORE_LIST_CRL_NEXT), "STORE_list_crl_next"},
+{ERR_FUNC(STORE_F_STORE_LIST_CRL_START),        "STORE_list_crl_start"},
+{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_END),  "STORE_list_private_key_end"},
+{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP), "STORE_list_private_key_endp"},
+{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT), "STORE_list_private_key_next"},
+{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_START),        "STORE_list_private_key_start"},
+{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_END),   "STORE_list_public_key_end"},
+{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP),  "STORE_list_public_key_endp"},
+{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT),  "STORE_list_public_key_next"},
+{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_START), "STORE_list_public_key_start"},
+{ERR_FUNC(STORE_F_STORE_MODIFY_ARBITRARY),      "STORE_modify_arbitrary"},
+{ERR_FUNC(STORE_F_STORE_MODIFY_CERTIFICATE),    "STORE_modify_certificate"},
+{ERR_FUNC(STORE_F_STORE_MODIFY_CRL),    "STORE_modify_crl"},
+{ERR_FUNC(STORE_F_STORE_MODIFY_NUMBER), "STORE_modify_number"},
+{ERR_FUNC(STORE_F_STORE_MODIFY_PRIVATE_KEY),    "STORE_modify_private_key"},
+{ERR_FUNC(STORE_F_STORE_MODIFY_PUBLIC_KEY),     "STORE_modify_public_key"},
+{ERR_FUNC(STORE_F_STORE_NEW_ENGINE),    "STORE_new_engine"},
+{ERR_FUNC(STORE_F_STORE_NEW_METHOD),    "STORE_new_method"},
+{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_END),       "STORE_parse_attrs_end"},
+{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_ENDP),      "STORE_parse_attrs_endp"},
+{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_NEXT),      "STORE_parse_attrs_next"},
+{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_START),     "STORE_parse_attrs_start"},
+{ERR_FUNC(STORE_F_STORE_REVOKE_CERTIFICATE),    "STORE_revoke_certificate"},
+{ERR_FUNC(STORE_F_STORE_REVOKE_PRIVATE_KEY),    "STORE_revoke_private_key"},
+{ERR_FUNC(STORE_F_STORE_REVOKE_PUBLIC_KEY),     "STORE_revoke_public_key"},
+{ERR_FUNC(STORE_F_STORE_STORE_ARBITRARY),       "STORE_store_arbitrary"},
+{ERR_FUNC(STORE_F_STORE_STORE_CERTIFICATE),     "STORE_store_certificate"},
+{ERR_FUNC(STORE_F_STORE_STORE_CRL),     "STORE_store_crl"},
+{ERR_FUNC(STORE_F_STORE_STORE_NUMBER),  "STORE_store_number"},
+{ERR_FUNC(STORE_F_STORE_STORE_PRIVATE_KEY),     "STORE_store_private_key"},
+{ERR_FUNC(STORE_F_STORE_STORE_PUBLIC_KEY),      "STORE_store_public_key"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA STORE_str_reasons[]=
+        {
+{ERR_REASON(STORE_R_ALREADY_HAS_A_VALUE) ,"already has a value"},
+{ERR_REASON(STORE_R_FAILED_DELETING_ARBITRARY),"failed deleting arbitrary"},
+{ERR_REASON(STORE_R_FAILED_DELETING_CERTIFICATE),"failed deleting certificate"},
+{ERR_REASON(STORE_R_FAILED_DELETING_KEY) ,"failed deleting key"},
+{ERR_REASON(STORE_R_FAILED_DELETING_NUMBER),"failed deleting number"},
+{ERR_REASON(STORE_R_FAILED_GENERATING_CRL),"failed generating crl"},
+{ERR_REASON(STORE_R_FAILED_GENERATING_KEY),"failed generating key"},
+{ERR_REASON(STORE_R_FAILED_GETTING_ARBITRARY),"failed getting arbitrary"},
+{ERR_REASON(STORE_R_FAILED_GETTING_CERTIFICATE),"failed getting certificate"},
+{ERR_REASON(STORE_R_FAILED_GETTING_KEY)  ,"failed getting key"},
+{ERR_REASON(STORE_R_FAILED_GETTING_NUMBER),"failed getting number"},
+{ERR_REASON(STORE_R_FAILED_LISTING_CERTIFICATES),"failed listing certificates"},
+{ERR_REASON(STORE_R_FAILED_LISTING_KEYS) ,"failed listing keys"},
+{ERR_REASON(STORE_R_FAILED_MODIFYING_ARBITRARY),"failed modifying arbitrary"},
+{ERR_REASON(STORE_R_FAILED_MODIFYING_CERTIFICATE),"failed modifying certificate"},
+{ERR_REASON(STORE_R_FAILED_MODIFYING_CRL),"failed modifying crl"},
+{ERR_REASON(STORE_R_FAILED_MODIFYING_NUMBER),"failed modifying number"},
+{ERR_REASON(STORE_R_FAILED_MODIFYING_PRIVATE_KEY),"failed modifying private key"},
+{ERR_REASON(STORE_R_FAILED_MODIFYING_PUBLIC_KEY),"failed modifying public key"},
+{ERR_REASON(STORE_R_FAILED_REVOKING_CERTIFICATE),"failed revoking certificate"},
+{ERR_REASON(STORE_R_FAILED_REVOKING_KEY) ,"failed revoking key"},
+{ERR_REASON(STORE_R_FAILED_STORING_ARBITRARY),"failed storing arbitrary"},
+{ERR_REASON(STORE_R_FAILED_STORING_CERTIFICATE),"failed storing certificate"},
+{ERR_REASON(STORE_R_FAILED_STORING_KEY)  ,"failed storing key"},
+{ERR_REASON(STORE_R_FAILED_STORING_NUMBER),"failed storing number"},
+{ERR_REASON(STORE_R_NOT_IMPLEMENTED)     ,"not implemented"},
+{ERR_REASON(STORE_R_NO_CONTROL_FUNCTION) ,"no control function"},
+{ERR_REASON(STORE_R_NO_DELETE_ARBITRARY_FUNCTION),"no delete arbitrary function"},
+{ERR_REASON(STORE_R_NO_DELETE_NUMBER_FUNCTION),"no delete number function"},
+{ERR_REASON(STORE_R_NO_DELETE_OBJECT_FUNCTION),"no delete object function"},
+{ERR_REASON(STORE_R_NO_GENERATE_CRL_FUNCTION),"no generate crl function"},
+{ERR_REASON(STORE_R_NO_GENERATE_OBJECT_FUNCTION),"no generate object function"},
+{ERR_REASON(STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION),"no get object arbitrary function"},
+{ERR_REASON(STORE_R_NO_GET_OBJECT_FUNCTION),"no get object function"},
+{ERR_REASON(STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION),"no get object number function"},
+{ERR_REASON(STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION),"no list object endp function"},
+{ERR_REASON(STORE_R_NO_LIST_OBJECT_END_FUNCTION),"no list object end function"},
+{ERR_REASON(STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION),"no list object next function"},
+{ERR_REASON(STORE_R_NO_LIST_OBJECT_START_FUNCTION),"no list object start function"},
+{ERR_REASON(STORE_R_NO_MODIFY_OBJECT_FUNCTION),"no modify object function"},
+{ERR_REASON(STORE_R_NO_REVOKE_OBJECT_FUNCTION),"no revoke object function"},
+{ERR_REASON(STORE_R_NO_STORE)            ,"no store"},
+{ERR_REASON(STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION),"no store object arbitrary function"},
+{ERR_REASON(STORE_R_NO_STORE_OBJECT_FUNCTION),"no store object function"},
+{ERR_REASON(STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION),"no store object number function"},
+{ERR_REASON(STORE_R_NO_VALUE)            ,"no value"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_STORE_strings(void)
+        {
+#ifndef OPENSSL_NO_ERR
+
+        if (ERR_func_error_string(STORE_str_functs[0].error) == NULL)
+                {
+                ERR_load_strings(0,STORE_str_functs);
+                ERR_load_strings(0,STORE_str_reasons);
+                }
+#endif
+        }
diff --git a/src/lib/libcrypto/store/str_lib.c b/src/lib/libcrypto/store/str_lib.c
new file mode 100644
index 0000000000..32ae5bd395
--- /dev/null
+++ b/src/lib/libcrypto/store/str_lib.c
@@ -0,0 +1,1824 @@
+/* crypto/store/str_lib.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/sha.h>
+#include <openssl/x509.h>
+#include "str_locl.h"
+
+const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1] =
+        {
+        0,
+        "X.509 Certificate",
+        "X.509 CRL",
+        "Private Key",
+        "Public Key",
+        "Number",
+        "Arbitrary Data"
+        };
+
+const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1] =
+        {
+        0,
+        sizeof(int),            /* EVP_TYPE */
+        sizeof(size_t),         /* BITS */
+        -1,                     /* KEY_PARAMETERS */
+        0                       /* KEY_NO_PARAMETERS */
+        };      
+
+const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1] =
+        {
+        0,
+        -1,                     /* FRIENDLYNAME:        C string */
+        SHA_DIGEST_LENGTH,      /* KEYID:               SHA1 digest, 160 bits */
+        SHA_DIGEST_LENGTH,      /* ISSUERKEYID:         SHA1 digest, 160 bits */
+        SHA_DIGEST_LENGTH,      /* SUBJECTKEYID:        SHA1 digest, 160 bits */
+        SHA_DIGEST_LENGTH,      /* ISSUERSERIALHASH:    SHA1 digest, 160 bits */
+        sizeof(X509_NAME *),    /* ISSUER:              X509_NAME * */
+        sizeof(BIGNUM *),       /* SERIAL:              BIGNUM * */
+        sizeof(X509_NAME *),    /* SUBJECT:             X509_NAME * */
+        SHA_DIGEST_LENGTH,      /* CERTHASH:            SHA1 digest, 160 bits */
+        -1,                     /* EMAIL:               C string */
+        -1,                     /* FILENAME:            C string */
+        };      
+
+STORE *STORE_new_method(const STORE_METHOD *method)
+        {
+        STORE *ret;
+
+        if (method == NULL)
+                {
+                STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+
+        ret=(STORE *)OPENSSL_malloc(sizeof(STORE));
+        if (ret == NULL)
+                {
+                STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+
+        ret->meth=method;
+
+        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data);
+        if (ret->meth->init && !ret->meth->init(ret))
+                {
+                STORE_free(ret);
+                ret = NULL;
+                }
+        return ret;
+        }
+
+STORE *STORE_new_engine(ENGINE *engine)
+        {
+        STORE *ret = NULL;
+        ENGINE *e = engine;
+        const STORE_METHOD *meth = 0;
+
+#ifdef OPENSSL_NO_ENGINE
+        e = NULL;
+#else
+        if (engine)
+                {
+                if (!ENGINE_init(engine))
+                        {
+                        STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB);
+                        return NULL;
+                        }
+                e = engine;
+                }
+        else
+                {
+                STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        if(e)
+                {
+                meth = ENGINE_get_STORE(e);
+                if(!meth)
+                        {
+                        STOREerr(STORE_F_STORE_NEW_ENGINE,
+                                ERR_R_ENGINE_LIB);
+                        ENGINE_finish(e);
+                        return NULL;
+                        }
+                }
+#endif
+
+        ret = STORE_new_method(meth);
+        if (ret == NULL)
+                {
+                STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_STORE_LIB);
+                return NULL;
+                }
+
+        ret->engine = e;
+
+        return(ret);
+        }
+
+void STORE_free(STORE *store)
+        {
+        if (store == NULL)
+                return;
+        if (store->meth->clean)
+                store->meth->clean(store);
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_STORE, store, &store->ex_data);
+        OPENSSL_free(store);
+        }
+
+int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void))
+        {
+        if (store == NULL)
+                {
+                STOREerr(STORE_F_STORE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (store->meth->ctrl)
+                return store->meth->ctrl(store, cmd, i, p, f);
+        STOREerr(STORE_F_STORE_CTRL,STORE_R_NO_CONTROL_FUNCTION);
+        return 0;
+        }
+
+
+int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+        {
+        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_STORE, argl, argp,
+                                new_func, dup_func, free_func);
+        }
+
+int STORE_set_ex_data(STORE *r, int idx, void *arg)
+        {
+        return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
+        }
+
+void *STORE_get_ex_data(STORE *r, int idx)
+        {
+        return(CRYPTO_get_ex_data(&r->ex_data,idx));
+        }
+
+const STORE_METHOD *STORE_get_method(STORE *store)
+        {
+        return store->meth;
+        }
+
+const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth)
+        {
+        store->meth=meth;
+        return store->meth;
+        }
+
+
+/* API helpers */
+
+#define check_store(s,fncode,fnname,fnerrcode) \
+        do \
+                { \
+                if ((s) == NULL || (s)->meth == NULL) \
+                        { \
+                        STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \
+                        return 0; \
+                        } \
+                if ((s)->meth->fnname == NULL) \
+                        { \
+                        STOREerr((fncode), (fnerrcode)); \
+                        return 0; \
+                        } \
+                } \
+        while(0)
+
+/* API functions */
+
+X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        X509 *x;
+
+        check_store(s,STORE_F_STORE_GET_CERTIFICATE,
+                get_object,STORE_R_NO_GET_OBJECT_FUNCTION);
+
+        object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                attributes, parameters);
+        if (!object || !object->data.x509.certificate)
+                {
+                STOREerr(STORE_F_STORE_GET_CERTIFICATE,
+                        STORE_R_FAILED_GETTING_CERTIFICATE);
+                return 0;
+                }
+        CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509);
+#ifdef REF_PRINT
+        REF_PRINT("X509",data);
+#endif
+        x = object->data.x509.certificate;
+        STORE_OBJECT_free(object);
+        return x;
+        }
+
+int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        int i;
+
+        check_store(s,STORE_F_STORE_CERTIFICATE,
+                store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);
+
+        object = STORE_OBJECT_new();
+        if (!object)
+                {
+                STOREerr(STORE_F_STORE_STORE_CERTIFICATE,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        
+        CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509);
+#ifdef REF_PRINT
+        REF_PRINT("X509",data);
+#endif
+        object->data.x509.certificate = data;
+
+        i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                object, attributes, parameters);
+
+        STORE_OBJECT_free(object);
+
+        if (!i)
+                {
+                STOREerr(STORE_F_STORE_STORE_CERTIFICATE,
+                        STORE_R_FAILED_STORING_CERTIFICATE);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_modify_certificate(STORE *s, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_MODIFY_CERTIFICATE,
+                modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+        if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                    search_attributes, add_attributes, modify_attributes,
+                    delete_attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_MODIFY_CERTIFICATE,
+                        STORE_R_FAILED_MODIFYING_CERTIFICATE);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_REVOKE_CERTIFICATE,
+                revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION);
+
+        if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                    attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE,
+                        STORE_R_FAILED_REVOKING_CERTIFICATE);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_DELETE_CERTIFICATE,
+                delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);
+
+        if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                    attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_DELETE_CERTIFICATE,
+                        STORE_R_FAILED_DELETING_CERTIFICATE);
+                return 0;
+                }
+        return 1;
+        }
+
+void *STORE_list_certificate_start(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        void *handle;
+
+        check_store(s,STORE_F_STORE_LIST_CERTIFICATE_START,
+                list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);
+
+        handle = s->meth->list_object_start(s,
+                STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes, parameters);
+        if (!handle)
+                {
+                STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START,
+                        STORE_R_FAILED_LISTING_CERTIFICATES);
+                return 0;
+                }
+        return handle;
+        }
+
+X509 *STORE_list_certificate_next(STORE *s, void *handle)
+        {
+        STORE_OBJECT *object;
+        X509 *x;
+
+        check_store(s,STORE_F_STORE_LIST_CERTIFICATE_NEXT,
+                list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
+
+        object = s->meth->list_object_next(s, handle);
+        if (!object || !object->data.x509.certificate)
+                {
+                STOREerr(STORE_F_STORE_LIST_CERTIFICATE_NEXT,
+                        STORE_R_FAILED_LISTING_CERTIFICATES);
+                return 0;
+                }
+        CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509);
+#ifdef REF_PRINT
+        REF_PRINT("X509",data);
+#endif
+        x = object->data.x509.certificate;
+        STORE_OBJECT_free(object);
+        return x;
+        }
+
+int STORE_list_certificate_end(STORE *s, void *handle)
+        {
+        check_store(s,STORE_F_STORE_LIST_CERTIFICATE_END,
+                list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);
+
+        if (!s->meth->list_object_end(s, handle))
+                {
+                STOREerr(STORE_F_STORE_LIST_CERTIFICATE_END,
+                        STORE_R_FAILED_LISTING_CERTIFICATES);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_list_certificate_endp(STORE *s, void *handle)
+        {
+        check_store(s,STORE_F_STORE_LIST_CERTIFICATE_ENDP,
+                list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
+
+        if (!s->meth->list_object_endp(s, handle))
+                {
+                STOREerr(STORE_F_STORE_LIST_CERTIFICATE_ENDP,
+                        STORE_R_FAILED_LISTING_CERTIFICATES);
+                return 0;
+                }
+        return 1;
+        }
+
+EVP_PKEY *STORE_generate_key(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        EVP_PKEY *pkey;
+
+        check_store(s,STORE_F_STORE_GENERATE_KEY,
+                generate_object,STORE_R_NO_GENERATE_OBJECT_FUNCTION);
+
+        object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                attributes, parameters);
+        if (!object || !object->data.key)
+                {
+                STOREerr(STORE_F_STORE_GENERATE_KEY,
+                        STORE_R_FAILED_GENERATING_KEY);
+                return 0;
+                }
+        CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("EVP_PKEY",data);
+#endif
+        pkey = object->data.key;
+        STORE_OBJECT_free(object);
+        return pkey;
+        }
+
+EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        EVP_PKEY *pkey;
+
+        check_store(s,STORE_F_STORE_GET_PRIVATE_KEY,
+                get_object,STORE_R_NO_GET_OBJECT_FUNCTION);
+
+        object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                attributes, parameters);
+        if (!object || !object->data.key || !object->data.key)
+                {
+                STOREerr(STORE_F_STORE_GET_PRIVATE_KEY,
+                        STORE_R_FAILED_GETTING_KEY);
+                return 0;
+                }
+        CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("EVP_PKEY",data);
+#endif
+        pkey = object->data.key;
+        STORE_OBJECT_free(object);
+        return pkey;
+        }
+
+int STORE_store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        int i;
+
+        check_store(s,STORE_F_STORE_STORE_PRIVATE_KEY,
+                store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);
+
+        object = STORE_OBJECT_new();
+        if (!object)
+                {
+                STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        object->data.key = EVP_PKEY_new();
+        if (!object->data.key)
+                {
+                STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        
+        CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("EVP_PKEY",data);
+#endif
+        object->data.key = data;
+
+        i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object,
+                attributes, parameters);
+
+        STORE_OBJECT_free(object);
+
+        if (!i)
+                {
+                STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY,
+                        STORE_R_FAILED_STORING_KEY);
+                return 0;
+                }
+        return i;
+        }
+
+int STORE_modify_private_key(STORE *s, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_MODIFY_PRIVATE_KEY,
+                modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+        if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                    search_attributes, add_attributes, modify_attributes,
+                    delete_attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_MODIFY_PRIVATE_KEY,
+                        STORE_R_FAILED_MODIFYING_PRIVATE_KEY);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        int i;
+
+        check_store(s,STORE_F_STORE_REVOKE_PRIVATE_KEY,
+                revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION);
+
+        i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                attributes, parameters);
+
+        if (!i)
+                {
+                STOREerr(STORE_F_STORE_REVOKE_PRIVATE_KEY,
+                        STORE_R_FAILED_REVOKING_KEY);
+                return 0;
+                }
+        return i;
+        }
+
+int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_DELETE_PRIVATE_KEY,
+                delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);
+        
+        if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                    attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY,
+                        STORE_R_FAILED_DELETING_KEY);
+                return 0;
+                }
+        return 1;
+        }
+
+void *STORE_list_private_key_start(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        void *handle;
+
+        check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_START,
+                list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);
+
+        handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                attributes, parameters);
+        if (!handle)
+                {
+                STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return handle;
+        }
+
+EVP_PKEY *STORE_list_private_key_next(STORE *s, void *handle)
+        {
+        STORE_OBJECT *object;
+        EVP_PKEY *pkey;
+
+        check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
+                list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
+
+        object = s->meth->list_object_next(s, handle);
+        if (!object || !object->data.key || !object->data.key)
+                {
+                STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("EVP_PKEY",data);
+#endif
+        pkey = object->data.key;
+        STORE_OBJECT_free(object);
+        return pkey;
+        }
+
+int STORE_list_private_key_end(STORE *s, void *handle)
+        {
+        check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_END,
+                list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);
+
+        if (!s->meth->list_object_end(s, handle))
+                {
+                STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_END,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_list_private_key_endp(STORE *s, void *handle)
+        {
+        check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
+                list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
+
+        if (!s->meth->list_object_endp(s, handle))
+                {
+                STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return 1;
+        }
+
+EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        EVP_PKEY *pkey;
+
+        check_store(s,STORE_F_STORE_GET_PUBLIC_KEY,
+                get_object,STORE_R_NO_GET_OBJECT_FUNCTION);
+
+        object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                attributes, parameters);
+        if (!object || !object->data.key || !object->data.key)
+                {
+                STOREerr(STORE_F_STORE_GET_PUBLIC_KEY,
+                        STORE_R_FAILED_GETTING_KEY);
+                return 0;
+                }
+        CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("EVP_PKEY",data);
+#endif
+        pkey = object->data.key;
+        STORE_OBJECT_free(object);
+        return pkey;
+        }
+
+int STORE_store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        int i;
+
+        check_store(s,STORE_F_STORE_STORE_PUBLIC_KEY,
+                store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);
+
+        object = STORE_OBJECT_new();
+        if (!object)
+                {
+                STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        object->data.key = EVP_PKEY_new();
+        if (!object->data.key)
+                {
+                STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        
+        CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("EVP_PKEY",data);
+#endif
+        object->data.key = data;
+
+        i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object,
+                attributes, parameters);
+
+        STORE_OBJECT_free(object);
+
+        if (!i)
+                {
+                STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,
+                        STORE_R_FAILED_STORING_KEY);
+                return 0;
+                }
+        return i;
+        }
+
+int STORE_modify_public_key(STORE *s, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_MODIFY_PUBLIC_KEY,
+                modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+        if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                    search_attributes, add_attributes, modify_attributes,
+                    delete_attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_MODIFY_PUBLIC_KEY,
+                        STORE_R_FAILED_MODIFYING_PUBLIC_KEY);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        int i;
+
+        check_store(s,STORE_F_STORE_REVOKE_PUBLIC_KEY,
+                revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION);
+
+        i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                attributes, parameters);
+
+        if (!i)
+                {
+                STOREerr(STORE_F_STORE_REVOKE_PUBLIC_KEY,
+                        STORE_R_FAILED_REVOKING_KEY);
+                return 0;
+                }
+        return i;
+        }
+
+int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_DELETE_PUBLIC_KEY,
+                delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);
+        
+        if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                    attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_DELETE_PUBLIC_KEY,
+                        STORE_R_FAILED_DELETING_KEY);
+                return 0;
+                }
+        return 1;
+        }
+
+void *STORE_list_public_key_start(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        void *handle;
+
+        check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_START,
+                list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);
+
+        handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                attributes, parameters);
+        if (!handle)
+                {
+                STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_START,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return handle;
+        }
+
+EVP_PKEY *STORE_list_public_key_next(STORE *s, void *handle)
+        {
+        STORE_OBJECT *object;
+        EVP_PKEY *pkey;
+
+        check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
+                list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
+
+        object = s->meth->list_object_next(s, handle);
+        if (!object || !object->data.key || !object->data.key)
+                {
+                STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("EVP_PKEY",data);
+#endif
+        pkey = object->data.key;
+        STORE_OBJECT_free(object);
+        return pkey;
+        }
+
+int STORE_list_public_key_end(STORE *s, void *handle)
+        {
+        check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_END,
+                list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);
+
+        if (!s->meth->list_object_end(s, handle))
+                {
+                STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_END,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_list_public_key_endp(STORE *s, void *handle)
+        {
+        check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
+                list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
+
+        if (!s->meth->list_object_endp(s, handle))
+                {
+                STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return 1;
+        }
+
+X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        X509_CRL *crl;
+
+        check_store(s,STORE_F_STORE_GENERATE_CRL,
+                generate_object,STORE_R_NO_GENERATE_CRL_FUNCTION);
+
+        object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL,
+                attributes, parameters);
+        if (!object || !object->data.crl)
+                {
+                STOREerr(STORE_F_STORE_GENERATE_CRL,
+                        STORE_R_FAILED_GENERATING_CRL);
+                return 0;
+                }
+        CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
+#ifdef REF_PRINT
+        REF_PRINT("X509_CRL",data);
+#endif
+        crl = object->data.crl;
+        STORE_OBJECT_free(object);
+        return crl;
+        }
+
+X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        X509_CRL *crl;
+
+        check_store(s,STORE_F_STORE_GET_CRL,
+                get_object,STORE_R_NO_GET_OBJECT_FUNCTION);
+
+        object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL,
+                attributes, parameters);
+        if (!object || !object->data.crl)
+                {
+                STOREerr(STORE_F_STORE_GET_CRL,
+                        STORE_R_FAILED_GETTING_KEY);
+                return 0;
+                }
+        CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
+#ifdef REF_PRINT
+        REF_PRINT("X509_CRL",data);
+#endif
+        crl = object->data.crl;
+        STORE_OBJECT_free(object);
+        return crl;
+        }
+
+int STORE_store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        int i;
+
+        check_store(s,STORE_F_STORE_STORE_CRL,
+                store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);
+
+        object = STORE_OBJECT_new();
+        if (!object)
+                {
+                STOREerr(STORE_F_STORE_STORE_CRL,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        
+        CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509_CRL);
+#ifdef REF_PRINT
+        REF_PRINT("X509_CRL",data);
+#endif
+        object->data.crl = data;
+
+        i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object,
+                attributes, parameters);
+
+        STORE_OBJECT_free(object);
+
+        if (!i)
+                {
+                STOREerr(STORE_F_STORE_STORE_CRL,
+                        STORE_R_FAILED_STORING_KEY);
+                return 0;
+                }
+        return i;
+        }
+
+int STORE_modify_crl(STORE *s, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_MODIFY_CRL,
+                modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+        if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CRL,
+                    search_attributes, add_attributes, modify_attributes,
+                    delete_attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_MODIFY_CRL,
+                        STORE_R_FAILED_MODIFYING_CRL);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_DELETE_CRL,
+                delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);
+        
+        if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL,
+                    attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_DELETE_CRL,
+                        STORE_R_FAILED_DELETING_KEY);
+                return 0;
+                }
+        return 1;
+        }
+
+void *STORE_list_crl_start(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        void *handle;
+
+        check_store(s,STORE_F_STORE_LIST_CRL_START,
+                list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);
+
+        handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL,
+                attributes, parameters);
+        if (!handle)
+                {
+                STOREerr(STORE_F_STORE_LIST_CRL_START,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return handle;
+        }
+
+X509_CRL *STORE_list_crl_next(STORE *s, void *handle)
+        {
+        STORE_OBJECT *object;
+        X509_CRL *crl;
+
+        check_store(s,STORE_F_STORE_LIST_CRL_NEXT,
+                list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
+
+        object = s->meth->list_object_next(s, handle);
+        if (!object || !object->data.crl)
+                {
+                STOREerr(STORE_F_STORE_LIST_CRL_NEXT,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
+#ifdef REF_PRINT
+        REF_PRINT("X509_CRL",data);
+#endif
+        crl = object->data.crl;
+        STORE_OBJECT_free(object);
+        return crl;
+        }
+
+int STORE_list_crl_end(STORE *s, void *handle)
+        {
+        check_store(s,STORE_F_STORE_LIST_CRL_END,
+                list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);
+
+        if (!s->meth->list_object_end(s, handle))
+                {
+                STOREerr(STORE_F_STORE_LIST_CRL_END,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_list_crl_endp(STORE *s, void *handle)
+        {
+        check_store(s,STORE_F_STORE_LIST_CRL_ENDP,
+                list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
+
+        if (!s->meth->list_object_endp(s, handle))
+                {
+                STOREerr(STORE_F_STORE_LIST_CRL_ENDP,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        int i;
+
+        check_store(s,STORE_F_STORE_STORE_NUMBER,
+                store_object,STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION);
+
+        object = STORE_OBJECT_new();
+        if (!object)
+                {
+                STOREerr(STORE_F_STORE_STORE_NUMBER,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        
+        object->data.number = data;
+
+        i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object,
+                attributes, parameters);
+
+        STORE_OBJECT_free(object);
+
+        if (!i)
+                {
+                STOREerr(STORE_F_STORE_STORE_NUMBER,
+                        STORE_R_FAILED_STORING_NUMBER);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_modify_number(STORE *s, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_MODIFY_NUMBER,
+                modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+        if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_NUMBER,
+                    search_attributes, add_attributes, modify_attributes,
+                    delete_attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_MODIFY_NUMBER,
+                        STORE_R_FAILED_MODIFYING_NUMBER);
+                return 0;
+                }
+        return 1;
+        }
+
+BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        BIGNUM *n;
+
+        check_store(s,STORE_F_STORE_GET_NUMBER,
+                get_object,STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION);
+
+        object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
+                parameters);
+        if (!object || !object->data.number)
+                {
+                STOREerr(STORE_F_STORE_GET_NUMBER,
+                        STORE_R_FAILED_GETTING_NUMBER);
+                return 0;
+                }
+        n = object->data.number;
+        object->data.number = NULL;
+        STORE_OBJECT_free(object);
+        return n;
+        }
+
+int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_DELETE_NUMBER,
+                delete_object,STORE_R_NO_DELETE_NUMBER_FUNCTION);
+
+        if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
+                    parameters))
+                {
+                STOREerr(STORE_F_STORE_DELETE_NUMBER,
+                        STORE_R_FAILED_DELETING_NUMBER);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        int i;
+
+        check_store(s,STORE_F_STORE_STORE_ARBITRARY,
+                store_object,STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION);
+
+        object = STORE_OBJECT_new();
+        if (!object)
+                {
+                STOREerr(STORE_F_STORE_STORE_ARBITRARY,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        
+        object->data.arbitrary = data;
+
+        i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object,
+                attributes, parameters);
+
+        STORE_OBJECT_free(object);
+
+        if (!i)
+                {
+                STOREerr(STORE_F_STORE_STORE_ARBITRARY,
+                        STORE_R_FAILED_STORING_ARBITRARY);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_modify_arbitrary(STORE *s, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_MODIFY_ARBITRARY,
+                modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+        if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_ARBITRARY,
+                    search_attributes, add_attributes, modify_attributes,
+                    delete_attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_MODIFY_ARBITRARY,
+                        STORE_R_FAILED_MODIFYING_ARBITRARY);
+                return 0;
+                }
+        return 1;
+        }
+
+BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        BUF_MEM *b;
+
+        check_store(s,STORE_F_STORE_GET_ARBITRARY,
+                get_object,STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION);
+
+        object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY,
+                attributes, parameters);
+        if (!object || !object->data.arbitrary)
+                {
+                STOREerr(STORE_F_STORE_GET_ARBITRARY,
+                        STORE_R_FAILED_GETTING_ARBITRARY);
+                return 0;
+                }
+        b = object->data.arbitrary;
+        object->data.arbitrary = NULL;
+        STORE_OBJECT_free(object);
+        return b;
+        }
+
+int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_DELETE_ARBITRARY,
+                delete_object,STORE_R_NO_DELETE_ARBITRARY_FUNCTION);
+
+        if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes,
+                    parameters))
+                {
+                STOREerr(STORE_F_STORE_DELETE_ARBITRARY,
+                        STORE_R_FAILED_DELETING_ARBITRARY);
+                return 0;
+                }
+        return 1;
+        }
+
+STORE_OBJECT *STORE_OBJECT_new(void)
+        {
+        STORE_OBJECT *object = OPENSSL_malloc(sizeof(STORE_OBJECT));
+        if (object) memset(object, 0, sizeof(STORE_OBJECT));
+        return object;
+        }
+void STORE_OBJECT_free(STORE_OBJECT *data)
+        {
+        if (!data) return;
+        switch (data->type)
+                {
+        case STORE_OBJECT_TYPE_X509_CERTIFICATE:
+                X509_free(data->data.x509.certificate);
+                break;
+        case STORE_OBJECT_TYPE_X509_CRL:
+                X509_CRL_free(data->data.crl);
+                break;
+        case STORE_OBJECT_TYPE_PRIVATE_KEY:
+        case STORE_OBJECT_TYPE_PUBLIC_KEY:
+                EVP_PKEY_free(data->data.key);
+                break;
+        case STORE_OBJECT_TYPE_NUMBER:
+                BN_free(data->data.number);
+                break;
+        case STORE_OBJECT_TYPE_ARBITRARY:
+                BUF_MEM_free(data->data.arbitrary);
+                break;
+                }
+        OPENSSL_free(data);
+        }
+
+IMPLEMENT_STACK_OF(STORE_OBJECT*)
+
+
+struct STORE_attr_info_st
+        {
+        unsigned char set[(STORE_ATTR_TYPE_NUM + 8) / 8];
+        union
+                {
+                char *cstring;
+                unsigned char *sha1string;
+                X509_NAME *dn;
+                BIGNUM *number;
+                void *any;
+                } values[STORE_ATTR_TYPE_NUM+1];
+        size_t value_sizes[STORE_ATTR_TYPE_NUM+1];
+        };
+
+#define ATTR_IS_SET(a,i)        ((i) > 0 && (i) < STORE_ATTR_TYPE_NUM \
+                                && ((a)->set[(i) / 8] & (1 << ((i) % 8))))
+#define SET_ATTRBIT(a,i)        ((a)->set[(i) / 8] |= (1 << ((i) % 8)))
+#define CLEAR_ATTRBIT(a,i)      ((a)->set[(i) / 8] &= ~(1 << ((i) % 8)))
+
+STORE_ATTR_INFO *STORE_ATTR_INFO_new(void)
+        {
+        return (STORE_ATTR_INFO *)OPENSSL_malloc(sizeof(STORE_ATTR_INFO));
+        }
+static void STORE_ATTR_INFO_attr_free(STORE_ATTR_INFO *attrs,
+        STORE_ATTR_TYPES code)
+        {
+        if (ATTR_IS_SET(attrs,code))
+                {
+                switch(code)
+                        {
+                case STORE_ATTR_FRIENDLYNAME:
+                case STORE_ATTR_EMAIL:
+                case STORE_ATTR_FILENAME:
+                        STORE_ATTR_INFO_modify_cstr(attrs, code, NULL, 0);
+                        break;
+                case STORE_ATTR_KEYID:
+                case STORE_ATTR_ISSUERKEYID:
+                case STORE_ATTR_SUBJECTKEYID:
+                case STORE_ATTR_ISSUERSERIALHASH:
+                case STORE_ATTR_CERTHASH:
+                        STORE_ATTR_INFO_modify_sha1str(attrs, code, NULL, 0);
+                        break;
+                case STORE_ATTR_ISSUER:
+                case STORE_ATTR_SUBJECT:
+                        STORE_ATTR_INFO_modify_dn(attrs, code, NULL);
+                        break;
+                case STORE_ATTR_SERIAL:
+                        STORE_ATTR_INFO_modify_number(attrs, code, NULL);
+                        break;
+                default:
+                        break;
+                        }
+                }
+        }
+int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs)
+        {
+        if (attrs)
+                {
+                STORE_ATTR_TYPES i;
+                for(i = 0; i++ < STORE_ATTR_TYPE_NUM;)
+                        STORE_ATTR_INFO_attr_free(attrs, i);
+                OPENSSL_free(attrs);
+                }
+        return 1;
+        }
+char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        if (ATTR_IS_SET(attrs,code))
+                return attrs->values[code].cstring;
+        STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR,
+                STORE_R_NO_VALUE);
+        return NULL;
+        }
+unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,
+        STORE_ATTR_TYPES code)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        if (ATTR_IS_SET(attrs,code))
+                return attrs->values[code].sha1string;
+        STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,
+                STORE_R_NO_VALUE);
+        return NULL;
+        }
+X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        if (ATTR_IS_SET(attrs,code))
+                return attrs->values[code].dn;
+        STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN,
+                STORE_R_NO_VALUE);
+        return NULL;
+        }
+BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        if (ATTR_IS_SET(attrs,code))
+                return attrs->values[code].number;
+        STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER,
+                STORE_R_NO_VALUE);
+        return NULL;
+        }
+int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        char *cstr, size_t cstr_size)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (!ATTR_IS_SET(attrs,code))
+                {
+                if ((attrs->values[code].cstring = BUF_strndup(cstr, cstr_size)))
+                        return 1;
+                STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, STORE_R_ALREADY_HAS_A_VALUE);
+        return 0;
+        }
+int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        unsigned char *sha1str, size_t sha1str_size)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (!ATTR_IS_SET(attrs,code))
+                {
+                if ((attrs->values[code].sha1string =
+                            (unsigned char *)BUF_memdup(sha1str,
+                                    sha1str_size)))
+                        return 1;
+                STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, STORE_R_ALREADY_HAS_A_VALUE);
+        return 0;
+        }
+int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        X509_NAME *dn)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (!ATTR_IS_SET(attrs,code))
+                {
+                if ((attrs->values[code].dn = X509_NAME_dup(dn)))
+                        return 1;
+                STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, STORE_R_ALREADY_HAS_A_VALUE);
+        return 0;
+        }
+int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        BIGNUM *number)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (!ATTR_IS_SET(attrs,code))
+                {
+                if ((attrs->values[code].number = BN_dup(number)))
+                        return 1;
+                STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, STORE_R_ALREADY_HAS_A_VALUE);
+        return 0;
+        }
+int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        char *cstr, size_t cstr_size)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (ATTR_IS_SET(attrs,code))
+                {
+                OPENSSL_free(attrs->values[code].cstring);
+                attrs->values[code].cstring = NULL;
+                CLEAR_ATTRBIT(attrs, code);
+                }
+        return STORE_ATTR_INFO_set_cstr(attrs, code, cstr, cstr_size);
+        }
+int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        unsigned char *sha1str, size_t sha1str_size)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (ATTR_IS_SET(attrs,code))
+                {
+                OPENSSL_free(attrs->values[code].sha1string);
+                attrs->values[code].sha1string = NULL;
+                CLEAR_ATTRBIT(attrs, code);
+                }
+        return STORE_ATTR_INFO_set_sha1str(attrs, code, sha1str, sha1str_size);
+        }
+int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        X509_NAME *dn)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_DN,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (ATTR_IS_SET(attrs,code))
+                {
+                OPENSSL_free(attrs->values[code].dn);
+                attrs->values[code].dn = NULL;
+                CLEAR_ATTRBIT(attrs, code);
+                }
+        return STORE_ATTR_INFO_set_dn(attrs, code, dn);
+        }
+int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        BIGNUM *number)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (ATTR_IS_SET(attrs,code))
+                {
+                OPENSSL_free(attrs->values[code].number);
+                attrs->values[code].number = NULL;
+                CLEAR_ATTRBIT(attrs, code);
+                }
+        return STORE_ATTR_INFO_set_number(attrs, code, number);
+        }
+
+struct attr_list_ctx_st
+        {
+        OPENSSL_ITEM *attributes;
+        };
+void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes)
+        {
+        if (attributes)
+                {
+                struct attr_list_ctx_st *context =
+                        (struct attr_list_ctx_st *)OPENSSL_malloc(sizeof(struct attr_list_ctx_st));
+                if (context)
+                        context->attributes = attributes;
+                else
+                        STOREerr(STORE_F_STORE_PARSE_ATTRS_START,
+                                ERR_R_MALLOC_FAILURE);
+                return context;
+                }
+        STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+        }
+STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle)
+        {
+        struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
+
+        if (context && context->attributes)
+                {
+                STORE_ATTR_INFO *attrs = NULL;
+
+                while(context->attributes
+                        && context->attributes->code != STORE_ATTR_OR
+                        && context->attributes->code != STORE_ATTR_END)
+                        {
+                        switch(context->attributes->code)
+                                {
+                        case STORE_ATTR_FRIENDLYNAME:
+                        case STORE_ATTR_EMAIL:
+                        case STORE_ATTR_FILENAME:
+                                if (!attrs) attrs = STORE_ATTR_INFO_new();
+                                if (attrs == NULL)
+                                        {
+                                        STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
+                                                ERR_R_MALLOC_FAILURE);
+                                        goto err;
+                                        }
+                                STORE_ATTR_INFO_set_cstr(attrs,
+                                        context->attributes->code,
+                                        context->attributes->value,
+                                        context->attributes->value_size);
+                                break;
+                        case STORE_ATTR_KEYID:
+                        case STORE_ATTR_ISSUERKEYID:
+                        case STORE_ATTR_SUBJECTKEYID:
+                        case STORE_ATTR_ISSUERSERIALHASH:
+                        case STORE_ATTR_CERTHASH:
+                                if (!attrs) attrs = STORE_ATTR_INFO_new();
+                                if (attrs == NULL)
+                                        {
+                                        STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
+                                                ERR_R_MALLOC_FAILURE);
+                                        goto err;
+                                        }
+                                STORE_ATTR_INFO_set_sha1str(attrs,
+                                        context->attributes->code,
+                                        context->attributes->value,
+                                        context->attributes->value_size);
+                                break;
+                        case STORE_ATTR_ISSUER:
+                        case STORE_ATTR_SUBJECT:
+                                if (!attrs) attrs = STORE_ATTR_INFO_new();
+                                if (attrs == NULL)
+                                        {
+                                        STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
+                                                ERR_R_MALLOC_FAILURE);
+                                        goto err;
+                                        }
+                                STORE_ATTR_INFO_modify_dn(attrs,
+                                        context->attributes->code,
+                                        context->attributes->value);
+                                break;
+                        case STORE_ATTR_SERIAL:
+                                if (!attrs) attrs = STORE_ATTR_INFO_new();
+                                if (attrs == NULL)
+                                        {
+                                        STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
+                                                ERR_R_MALLOC_FAILURE);
+                                        goto err;
+                                        }
+                                STORE_ATTR_INFO_modify_number(attrs,
+                                        context->attributes->code,
+                                        context->attributes->value);
+                                break;
+                                }
+                        context->attributes++;
+                        }
+                if (context->attributes->code == STORE_ATTR_OR)
+                        context->attributes++;
+                return attrs;
+        err:
+                while(context->attributes
+                        && context->attributes->code != STORE_ATTR_OR
+                        && context->attributes->code != STORE_ATTR_END)
+                        context->attributes++;
+                if (context->attributes->code == STORE_ATTR_OR)
+                        context->attributes++;
+                return NULL;
+                }
+        STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+        }
+int STORE_parse_attrs_end(void *handle)
+        {
+        struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
+
+        if (context && context->attributes)
+                {
+#if 0
+                OPENSSL_ITEM *attributes = context->attributes;
+#endif
+                OPENSSL_free(context);
+                return 1;
+                }
+        STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+        }
+
+int STORE_parse_attrs_endp(void *handle)
+        {
+        struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
+
+        if (context && context->attributes)
+                {
+                return context->attributes->code == STORE_ATTR_END;
+                }
+        STOREerr(STORE_F_STORE_PARSE_ATTRS_ENDP, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+        }
+
+static int attr_info_compare_compute_range(
+        unsigned char *abits, unsigned char *bbits,
+        unsigned int *alowp, unsigned int *ahighp,
+        unsigned int *blowp, unsigned int *bhighp)
+        {
+        unsigned int alow = (unsigned int)-1, ahigh = 0;
+        unsigned int blow = (unsigned int)-1, bhigh = 0;
+        int i, res = 0;
+
+        for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++)
+                {
+                if (res == 0)
+                        {
+                        if (*abits < *bbits) res = -1;
+                        if (*abits > *bbits) res = 1;
+                        }
+                if (*abits)
+                        {
+                        if (alow == (unsigned int)-1)
+                                {
+                                alow = i * 8;
+                                if (!(*abits & 0x01)) alow++;
+                                if (!(*abits & 0x02)) alow++;
+                                if (!(*abits & 0x04)) alow++;
+                                if (!(*abits & 0x08)) alow++;
+                                if (!(*abits & 0x10)) alow++;
+                                if (!(*abits & 0x20)) alow++;
+                                if (!(*abits & 0x40)) alow++;
+                                }
+                        ahigh = i * 8 + 7;
+                        if (!(*abits & 0x80)) ahigh++;
+                        if (!(*abits & 0x40)) ahigh++;
+                        if (!(*abits & 0x20)) ahigh++;
+                        if (!(*abits & 0x10)) ahigh++;
+                        if (!(*abits & 0x08)) ahigh++;
+                        if (!(*abits & 0x04)) ahigh++;
+                        if (!(*abits & 0x02)) ahigh++;
+                        }
+                if (*bbits)
+                        {
+                        if (blow == (unsigned int)-1)
+                                {
+                                blow = i * 8;
+                                if (!(*bbits & 0x01)) blow++;
+                                if (!(*bbits & 0x02)) blow++;
+                                if (!(*bbits & 0x04)) blow++;
+                                if (!(*bbits & 0x08)) blow++;
+                                if (!(*bbits & 0x10)) blow++;
+                                if (!(*bbits & 0x20)) blow++;
+                                if (!(*bbits & 0x40)) blow++;
+                                }
+                        bhigh = i * 8 + 7;
+                        if (!(*bbits & 0x80)) bhigh++;
+                        if (!(*bbits & 0x40)) bhigh++;
+                        if (!(*bbits & 0x20)) bhigh++;
+                        if (!(*bbits & 0x10)) bhigh++;
+                        if (!(*bbits & 0x08)) bhigh++;
+                        if (!(*bbits & 0x04)) bhigh++;
+                        if (!(*bbits & 0x02)) bhigh++;
+                        }
+                }
+        if (ahigh + alow < bhigh + blow) res = -1;
+        if (ahigh + alow > bhigh + blow) res = 1;
+        if (alowp) *alowp = alow;
+        if (ahighp) *ahighp = ahigh;
+        if (blowp) *blowp = blow;
+        if (bhighp) *bhighp = bhigh;
+        return res;
+        }
+
+int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
+        {
+        if (a == b) return 0;
+        if (!a) return -1;
+        if (!b) return 1;
+        return attr_info_compare_compute_range(a->set, b->set, 0, 0, 0, 0);
+        }
+int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
+        {
+        unsigned int alow, ahigh, blow, bhigh;
+
+        if (a == b) return 1;
+        if (!a) return 0;
+        if (!b) return 0;
+        attr_info_compare_compute_range(a->set, b->set,
+                &alow, &ahigh, &blow, &bhigh);
+        if (alow >= blow && ahigh <= bhigh)
+                return 1;
+        return 0;
+        }
+int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
+        {
+        unsigned char *abits, *bbits;
+        int i;
+
+        if (a == b) return 1;
+        if (!a) return 0;
+        if (!b) return 0;
+        abits = a->set;
+        bbits = b->set;
+        for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++)
+                {
+                if (*abits && (*bbits & *abits) != *abits)
+                        return 0;
+                }
+        return 1;
+        }
+int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
+        {
+        STORE_ATTR_TYPES i;
+
+        if (a == b) return 1;
+        if (!STORE_ATTR_INFO_in(a, b)) return 0;
+        for (i = 1; i < STORE_ATTR_TYPE_NUM; i++)
+                if (ATTR_IS_SET(a, i))
+                        {
+                        switch(i)
+                                {
+                        case STORE_ATTR_FRIENDLYNAME:
+                        case STORE_ATTR_EMAIL:
+                        case STORE_ATTR_FILENAME:
+                                if (strcmp(a->values[i].cstring,
+                                            b->values[i].cstring))
+                                        return 0;
+                                break;
+                        case STORE_ATTR_KEYID:
+                        case STORE_ATTR_ISSUERKEYID:
+                        case STORE_ATTR_SUBJECTKEYID:
+                        case STORE_ATTR_ISSUERSERIALHASH:
+                        case STORE_ATTR_CERTHASH:
+                                if (memcmp(a->values[i].sha1string,
+                                            b->values[i].sha1string,
+                                            a->value_sizes[i]))
+                                        return 0;
+                                break;
+                        case STORE_ATTR_ISSUER:
+                        case STORE_ATTR_SUBJECT:
+                                if (X509_NAME_cmp(a->values[i].dn,
+                                            b->values[i].dn))
+                                        return 0;
+                                break;
+                        case STORE_ATTR_SERIAL:
+                                if (BN_cmp(a->values[i].number,
+                                            b->values[i].number))
+                                        return 0;
+                                break;
+                        default:
+                                break;
+                                }
+                        }
+
+        return 1;
+        }
diff --git a/src/lib/libcrypto/store/str_locl.h b/src/lib/libcrypto/store/str_locl.h
new file mode 100644
index 0000000000..3f8cb75619
--- /dev/null
+++ b/src/lib/libcrypto/store/str_locl.h
@@ -0,0 +1,124 @@
+/* crypto/store/str_locl.h -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_STORE_LOCL_H
+#define HEADER_STORE_LOCL_H
+
+#include <openssl/crypto.h>
+#include <openssl/store.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+struct store_method_st
+        {
+        char *name;
+
+        /* All the functions return a positive integer or non-NULL for success
+           and 0, a negative integer or NULL for failure */
+
+        /* Initialise the STORE with private data */
+        STORE_INITIALISE_FUNC_PTR init;
+        /* Initialise the STORE with private data */
+        STORE_CLEANUP_FUNC_PTR clean;
+        /* Generate an object of a given type */
+        STORE_GENERATE_OBJECT_FUNC_PTR generate_object;
+        /* Get an object of a given type.  This function isn't really very
+           useful since the listing functions (below) can be used for the
+           same purpose and are much more general. */
+        STORE_GET_OBJECT_FUNC_PTR get_object;
+        /* Store an object of a given type. */
+        STORE_STORE_OBJECT_FUNC_PTR store_object;
+        /* Modify the attributes bound to an object of a given type. */
+        STORE_MODIFY_OBJECT_FUNC_PTR modify_object;
+        /* Revoke an object of a given type. */
+        STORE_HANDLE_OBJECT_FUNC_PTR revoke_object;
+        /* Delete an object of a given type. */
+        STORE_HANDLE_OBJECT_FUNC_PTR delete_object;
+        /* List a bunch of objects of a given type and with the associated
+           attributes. */
+        STORE_START_OBJECT_FUNC_PTR list_object_start;
+        STORE_NEXT_OBJECT_FUNC_PTR list_object_next;
+        STORE_END_OBJECT_FUNC_PTR list_object_end;
+        STORE_END_OBJECT_FUNC_PTR list_object_endp;
+        /* Store-level function to make any necessary update operations. */
+        STORE_GENERIC_FUNC_PTR update_store;
+        /* Store-level function to get exclusive access to the store. */
+        STORE_GENERIC_FUNC_PTR lock_store;
+        /* Store-level function to release exclusive access to the store. */
+        STORE_GENERIC_FUNC_PTR unlock_store;
+
+        /* Generic control function */
+        STORE_CTRL_FUNC_PTR ctrl;
+        };
+
+struct store_st
+        {
+        const STORE_METHOD *meth;
+        /* functional reference if 'meth' is ENGINE-provided */
+        ENGINE *engine;
+
+        CRYPTO_EX_DATA ex_data;
+        int references;
+        };
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/store/str_mem.c b/src/lib/libcrypto/store/str_mem.c
new file mode 100644
index 0000000000..527757ae09
--- /dev/null
+++ b/src/lib/libcrypto/store/str_mem.c
@@ -0,0 +1,357 @@
+/* crypto/store/str_mem.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include "str_locl.h"
+
+/* The memory store is currently highly experimental.  It's meant to become
+   a base store used by other stores for internal caching (for full caching
+   support, aging needs to be added).
+
+   The database use is meant to support as much attribute association as
+   possible, while providing for as small search ranges as possible.
+   This is currently provided for by sorting the entries by numbers that
+   are composed of bits set at the positions indicated by attribute type
+   codes.  This provides for ranges determined by the highest attribute
+   type code value.  A better idea might be to sort by values computed
+   from the range of attributes associated with the object (basically,
+   the difference between the highest and lowest attribute type code)
+   and it's distance from a base (basically, the lowest associated
+   attribute type code).
+*/
+
+struct mem_object_data_st
+        {
+        STORE_OBJECT *object;
+        STORE_ATTR_INFO *attr_info;
+        int references;
+        };
+
+struct mem_data_st
+        {
+        STACK *data;            /* A stack of mem_object_data_st,
+                                   sorted with STORE_ATTR_INFO_compare(). */
+        unsigned int compute_components : 1; /* Currently unused, but can
+                                                be used to add attributes
+                                                from parts of the data. */
+        };
+
+struct mem_ctx_st
+        {
+        int type;               /* The type we're searching for */
+        STACK *search_attributes; /* Sets of attributes to search for.
+                                     Each element is a STORE_ATTR_INFO. */
+        int search_index;       /* which of the search attributes we found a match
+                                   for, -1 when we still haven't found any */
+        int index;              /* -1 as long as we're searching for the first */
+        };
+
+static int mem_init(STORE *s);
+static void mem_clean(STORE *s);
+static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+static int mem_store(STORE *s, STORE_OBJECT_TYPES type,
+        STORE_OBJECT *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+static int mem_modify(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[],
+        OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[],
+        OPENSSL_ITEM parameters[]);
+static int mem_delete(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+static STORE_OBJECT *mem_list_next(STORE *s, void *handle);
+static int mem_list_end(STORE *s, void *handle);
+static int mem_list_endp(STORE *s, void *handle);
+static int mem_lock(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)(void));
+
+static STORE_METHOD store_memory =
+        {
+        "OpenSSL memory store interface",
+        mem_init,
+        mem_clean,
+        mem_generate,
+        mem_get,
+        mem_store,
+        mem_modify,
+        NULL, /* revoke */
+        mem_delete,
+        mem_list_start,
+        mem_list_next,
+        mem_list_end,
+        mem_list_endp,
+        NULL, /* update */
+        mem_lock,
+        mem_unlock,
+        mem_ctrl
+        };
+
+const STORE_METHOD *STORE_Memory(void)
+        {
+        return &store_memory;
+        }
+
+static int mem_init(STORE *s)
+        {
+        return 1;
+        }
+
+static void mem_clean(STORE *s)
+        {
+        return;
+        }
+
+static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
+        {
+        STOREerr(STORE_F_MEM_GENERATE, STORE_R_NOT_IMPLEMENTED);
+        return 0;
+        }
+static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
+        {
+        void *context = mem_list_start(s, type, attributes, parameters);
+        
+        if (context)
+                {
+                STORE_OBJECT *object = mem_list_next(s, context);
+
+                if (mem_list_end(s, context))
+                        return object;
+                }
+        return NULL;
+        }
+static int mem_store(STORE *s, STORE_OBJECT_TYPES type,
+        STORE_OBJECT *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED);
+        return 0;
+        }
+static int mem_modify(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[],
+        OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STOREerr(STORE_F_MEM_MODIFY, STORE_R_NOT_IMPLEMENTED);
+        return 0;
+        }
+static int mem_delete(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
+        {
+        STOREerr(STORE_F_MEM_DELETE, STORE_R_NOT_IMPLEMENTED);
+        return 0;
+        }
+
+/* The list functions may be the hardest to understand.  Basically,
+   mem_list_start compiles a stack of attribute info elements, and
+   puts that stack into the context to be returned.  mem_list_next
+   will then find the first matching element in the store, and then
+   walk all the way to the end of the store (since any combination
+   of attribute bits above the starting point may match the searched
+   for bit pattern...). */
+static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
+        {
+        struct mem_ctx_st *context =
+                (struct mem_ctx_st *)OPENSSL_malloc(sizeof(struct mem_ctx_st));
+        void *attribute_context = NULL;
+        STORE_ATTR_INFO *attrs = NULL;
+
+        if (!context)
+                {
+                STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        memset(context, 0, sizeof(struct mem_ctx_st));
+
+        attribute_context = STORE_parse_attrs_start(attributes);
+        if (!attribute_context)
+                {
+                STOREerr(STORE_F_MEM_LIST_START, ERR_R_STORE_LIB);
+                goto err;
+                }
+
+        while((attrs = STORE_parse_attrs_next(attribute_context)))
+                {
+                if (context->search_attributes == NULL)
+                        {
+                        context->search_attributes =
+                                sk_new((int (*)(const char * const *, const char * const *))STORE_ATTR_INFO_compare);
+                        if (!context->search_attributes)
+                                {
+                                STOREerr(STORE_F_MEM_LIST_START,
+                                        ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        }
+                sk_push(context->search_attributes,(char *)attrs);
+                }
+        if (!STORE_parse_attrs_endp(attribute_context))
+                goto err;
+        STORE_parse_attrs_end(attribute_context);
+        context->search_index = -1;
+        context->index = -1;
+        return context;
+ err:
+        if (attribute_context) STORE_parse_attrs_end(attribute_context);
+        mem_list_end(s, context);
+        return NULL;
+        }
+static STORE_OBJECT *mem_list_next(STORE *s, void *handle)
+        {
+        int i;
+        struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
+        struct mem_object_data_st key = { 0, 0, 1 };
+        struct mem_data_st *store =
+                (struct mem_data_st *)STORE_get_ex_data(s, 1);
+        int srch;
+        int cres = 0;
+
+        if (!context)
+                {
+                STOREerr(STORE_F_MEM_LIST_NEXT, ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        if (!store)
+                {
+                STOREerr(STORE_F_MEM_LIST_NEXT, STORE_R_NO_STORE);
+                return NULL;
+                }
+
+        if (context->search_index == -1)
+                {
+                for (i = 0; i < sk_num(context->search_attributes); i++)
+                        {
+                        key.attr_info =
+                                (STORE_ATTR_INFO *)sk_value(context->search_attributes, i);
+                        srch = sk_find_ex(store->data, (char *)&key);
+
+                        if (srch >= 0)
+                                {
+                                context->search_index = srch;
+                                break;
+                                }
+                        }
+                }
+        if (context->search_index < 0)
+                return NULL;
+        
+        key.attr_info =
+                (STORE_ATTR_INFO *)sk_value(context->search_attributes,
+                        context->search_index);
+        for(srch = context->search_index;
+            srch < sk_num(store->data)
+                    && STORE_ATTR_INFO_in_range(key.attr_info,
+                            (STORE_ATTR_INFO *)sk_value(store->data, srch))
+                    && !(cres = STORE_ATTR_INFO_in_ex(key.attr_info,
+                                 (STORE_ATTR_INFO *)sk_value(store->data, srch)));
+            srch++)
+                ;
+
+        context->search_index = srch;
+        if (cres)
+                return ((struct mem_object_data_st *)sk_value(store->data,
+                                srch))->object;
+        return NULL;
+        }
+static int mem_list_end(STORE *s, void *handle)
+        {
+        struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
+
+        if (!context)
+                {
+                STOREerr(STORE_F_MEM_LIST_END, ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (context && context->search_attributes)
+                sk_free(context->search_attributes);
+        if (context) OPENSSL_free(context);
+        return 1;
+        }
+static int mem_list_endp(STORE *s, void *handle)
+        {
+        struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
+
+        if (!context
+                || context->search_index == sk_num(context->search_attributes))
+                return 1;
+        return 0;
+        }
+static int mem_lock(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        return 1;
+        }
+static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        return 1;
+        }
+static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)(void))
+        {
+        return 1;
+        }
diff --git a/src/lib/libcrypto/store/str_meth.c b/src/lib/libcrypto/store/str_meth.c
new file mode 100644
index 0000000000..a46de03a26
--- /dev/null
+++ b/src/lib/libcrypto/store/str_meth.c
@@ -0,0 +1,250 @@
+/* crypto/store/str_meth.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/buffer.h>
+#include "str_locl.h"
+
+STORE_METHOD *STORE_create_method(char *name)
+        {
+        STORE_METHOD *store_method = (STORE_METHOD *)OPENSSL_malloc(sizeof(STORE_METHOD));
+
+        if (store_method)
+                {
+                memset(store_method, 0, sizeof(*store_method));
+                store_method->name = BUF_strdup(name);
+                }
+        return store_method;
+        }
+
+/* BIG FSCKING WARNING!!!!  If you use this on a statically allocated method
+   (that is, it hasn't been allocated using STORE_create_method(), you deserve
+   anything Murphy can throw at you and more!  You have been warned. */
+void STORE_destroy_method(STORE_METHOD *store_method)
+        {
+        if (!store_method) return;
+        OPENSSL_free(store_method->name);
+        store_method->name = NULL;
+        OPENSSL_free(store_method);
+        }
+
+int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f)
+        {
+        sm->init = init_f;
+        return 1;
+        }
+
+int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f)
+        {
+        sm->clean = clean_f;
+        return 1;
+        }
+
+int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f)
+        {
+        sm->generate_object = generate_f;
+        return 1;
+        }
+
+int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f)
+        {
+        sm->get_object = get_f;
+        return 1;
+        }
+
+int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f)
+        {
+        sm->store_object = store_f;
+        return 1;
+        }
+
+int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR modify_f)
+        {
+        sm->modify_object = modify_f;
+        return 1;
+        }
+
+int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f)
+        {
+        sm->revoke_object = revoke_f;
+        return 1;
+        }
+
+int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f)
+        {
+        sm->delete_object = delete_f;
+        return 1;
+        }
+
+int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f)
+        {
+        sm->list_object_start = list_start_f;
+        return 1;
+        }
+
+int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f)
+        {
+        sm->list_object_next = list_next_f;
+        return 1;
+        }
+
+int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f)
+        {
+        sm->list_object_end = list_end_f;
+        return 1;
+        }
+
+int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR update_f)
+        {
+        sm->update_store = update_f;
+        return 1;
+        }
+
+int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR lock_f)
+        {
+        sm->lock_store = lock_f;
+        return 1;
+        }
+
+int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR unlock_f)
+        {
+        sm->unlock_store = unlock_f;
+        return 1;
+        }
+
+int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f)
+        {
+        sm->ctrl = ctrl_f;
+        return 1;
+        }
+
+STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm)
+        {
+        return sm->init;
+        }
+
+STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm)
+        {
+        return sm->clean;
+        }
+
+STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm)
+        {
+        return sm->generate_object;
+        }
+
+STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm)
+        {
+        return sm->get_object;
+        }
+
+STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm)
+        {
+        return sm->store_object;
+        }
+
+STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm)
+        {
+        return sm->modify_object;
+        }
+
+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm)
+        {
+        return sm->revoke_object;
+        }
+
+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm)
+        {
+        return sm->delete_object;
+        }
+
+STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm)
+        {
+        return sm->list_object_start;
+        }
+
+STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm)
+        {
+        return sm->list_object_next;
+        }
+
+STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm)
+        {
+        return sm->list_object_end;
+        }
+
+STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm)
+        {
+        return sm->update_store;
+        }
+
+STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm)
+        {
+        return sm->lock_store;
+        }
+
+STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm)
+        {
+        return sm->unlock_store;
+        }
+
+STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm)
+        {
+        return sm->ctrl;
+        }
+
diff --git a/src/lib/libcrypto/threads/netware.bat b/src/lib/libcrypto/threads/netware.bat
new file mode 100644
index 0000000000..0b3eca3caf
--- /dev/null
+++ b/src/lib/libcrypto/threads/netware.bat
@@ -0,0 +1,79 @@
+@echo off
+rem batch file to build multi-thread test ( mttest.nlm )
+
+rem command line arguments:
+rem      debug => build using debug settings
+
+rem
+rem After building, copy mttest.nlm to the server and run it, you'll probably
+rem want to redirect stdout and stderr.  An example command line would be
+rem "mttest.nlm -thread 20 -loops 10 -CAfile \openssl\apps\server.pem >mttest.out 2>mttest.err"
+rem 
+
+del mttest.nlm
+
+set BLD_DEBUG=
+set CFLAGS=
+set LFLAGS=
+set LIBS=
+
+if "%1" == "DEBUG" set BLD_DEBUG=YES
+if "%1" == "debug" set BLD_DEBUG=YES
+
+if "%MWCIncludes%" == "" goto inc_error
+if "%PRELUDE%" == "" goto prelude_error
+if "%IMPORTS%" == "" goto imports_error
+
+set CFLAGS=-c -I..\..\outinc_nw -nosyspath -DOPENSSL_SYS_NETWARE -opt off -g -sym internal -maxerrors 20
+
+if "%BLD_DEBUG%" == "YES" set LIBS=..\..\out_nw.dbg\ssl.lib ..\..\out_nw.dbg\crypto.lib
+if "%BLD_DEBUG%" == ""  set LIBS=..\..\out_nw\ssl.lib ..\..\out_nw\crypto.lib
+
+set LFLAGS=-msgstyle gcc -zerobss -stacksize 32768 -nostdlib -sym internal 
+  
+rem generate command file for metrowerks
+echo.
+echo Generating Metrowerks command file: mttest.def
+echo # dynamically generated command file for metrowerks build > mttest.def
+echo IMPORT @%IMPORTS%\clib.imp              >> mttest.def 
+echo IMPORT @%IMPORTS%\threads.imp           >> mttest.def 
+echo IMPORT @%IMPORTS%\ws2nlm.imp            >> mttest.def 
+echo IMPORT GetProcessSwitchCount            >> mttest.def
+echo MODULE clib                             >> mttest.def 
+
+rem compile
+echo.
+echo Compiling mttest.c
+mwccnlm.exe mttest.c %CFLAGS% 
+if errorlevel 1 goto end
+
+rem link               
+echo.
+echo Linking mttest.nlm
+mwldnlm.exe %LFLAGS% -screenname mttest -commandfile mttest.def mttest.o "%PRELUDE%" %LIBS% -o mttest.nlm
+if errorlevel 1 goto end
+
+goto end
+
+:inc_error
+echo.
+echo Environment variable MWCIncludes is not set - see install.nw
+goto end
+
+:prelude_error
+echo.
+echo Environment variable PRELUDE is not set - see install.nw
+goto end
+
+:imports_error
+echo.
+echo Environment variable IMPORTS is not set - see install.nw
+goto end
+    
+    
+:end
+set BLD_DEBUG=
+set CFLAGS=
+set LFLAGS=
+set LIBS=
+
diff --git a/src/lib/libcrypto/util/copy.pl b/src/lib/libcrypto/util/copy.pl
new file mode 100644
index 0000000000..e20b45530a
--- /dev/null
+++ b/src/lib/libcrypto/util/copy.pl
@@ -0,0 +1,59 @@
+#!/usr/local/bin/perl
+
+use Fcntl;
+
+
+# copy.pl
+
+# Perl script 'copy' comment. On Windows the built in "copy" command also
+# copies timestamps: this messes up Makefile dependencies.
+
+my $arg;
+
+foreach $arg (@ARGV) {
+        $arg =~ s|\\|/|g;       # compensate for bug/feature in cygwin glob...
+        foreach (glob $arg)
+                {
+                push @filelist, $_;
+                }
+}
+
+$fnum = @filelist;
+
+if ($fnum <= 1)
+        {
+        die "Need at least two filenames";
+        }
+
+$dest = pop @filelist;
+        
+if ($fnum > 2 && ! -d $dest)
+        {
+        die "Destination must be a directory";
+        }
+
+foreach (@filelist)
+        {
+        if (-d $dest)
+                {
+                $dfile = $_;
+                $dfile =~ s|^.*[/\\]([^/\\]*)$|$1|;
+                $dfile = "$dest/$dfile";
+                }
+        else
+                {
+                $dfile = $dest;
+                }
+        sysopen(IN, $_, O_RDONLY|O_BINARY) || die "Can't Open $_";
+        sysopen(OUT, $dfile, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY)
+                                        || die "Can't Open $dfile";
+        while (sysread IN, $buf, 10240)
+                {
+                syswrite(OUT, $buf, length($buf));
+                }
+        close(IN);
+        close(OUT);
+        print "Copying: $_ to $dfile\n";
+        }
+                
+
diff --git a/src/lib/libcrypto/util/extract-section.pl b/src/lib/libcrypto/util/extract-section.pl
new file mode 100644
index 0000000000..7a0ba4f69a
--- /dev/null
+++ b/src/lib/libcrypto/util/extract-section.pl
@@ -0,0 +1,12 @@
+#!/usr/bin/perl
+
+while(<STDIN>) {
+        if (/=for\s+comment\s+openssl_manual_section:(\S+)/)
+                {
+                print "$1\n";
+                exit 0;
+                }
+}
+
+print "$ARGV[0]\n";
+
diff --git a/src/lib/libcrypto/util/pl/netware.pl b/src/lib/libcrypto/util/pl/netware.pl
new file mode 100644
index 0000000000..173c9919f2
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/netware.pl
@@ -0,0 +1,526 @@
+# Metrowerks Codewarrior or gcc / nlmconv for NetWare
+#
+
+$version_header = "crypto/opensslv.h";
+open(IN, "$version_header") or die "Couldn't open $version_header: $!";
+while (<IN>) {
+  if (/^#define[\s\t]+OPENSSL_VERSION_NUMBER[\s\t]+0x(\d)(\d{2})(\d{2})(\d{2})/)
+  {
+    # die "OpenSSL version detected: $1.$2.$3.$4\n";
+    #$nlmvernum = "$1,$2,$3";
+    $nlmvernum = "$1,".($2*10+$3).",".($4*1);
+    #$nlmverstr = "$1.".($2*1).".".($3*1).($4?(chr(96+$4)):"");
+    break;
+  }
+}
+close(IN) or die "Couldn't close $version_header: $!";
+
+$readme_file = "README";
+open(IN, $readme_file) or die "Couldn't open $readme_file: $!";
+while (<IN>) {
+  if (/^[\s\t]+OpenSSL[\s\t]+(\d)\.(\d{1,2})\.(\d{1,2})([a-z])(.*)/)
+  {
+    #$nlmvernum = "$1,$2,$3";
+    #$nlmvernum = "$1,".($2*10+$3).",".($4*1);
+    $nlmverstr = "$1.$2.$3$4$5";
+  }
+  elsif (/^[\s\t]+(Copyright \(c\) \d{4}\-\d{4} The OpenSSL Project)$/)
+  {
+    $nlmcpystr = $1;
+  }
+  break if ($nlmvernum && $nlmcpystr);
+}
+close(IN) or die "Couldn't close $readme_file: $!";
+
+# Define stacksize here
+$nlmstack = "32768";
+
+# some default settings here in case we failed to find them in README
+$nlmvernum = "1,0,0" if (!$nlmvernum);
+$nlmverstr = "OpenSSL" if (!$nlmverstr);
+$nlmcpystr = "Copyright (c) 1998-now The OpenSSL Project" if (!$nlmcpystr);
+
+# die "OpenSSL copyright: $nlmcpystr\nOpenSSL verstring: $nlmverstr\nOpenSSL vernumber: $nlmvernum\n";
+
+# The import files and other misc imports needed to link
+@misc_imports = ("GetProcessSwitchCount", "RunningProcess",
+                 "GetSuperHighResolutionTimer");
+if ($LIBC)
+{
+   @import_files = ("libc.imp");
+   @module_files = ("libc");
+   $libarch = "LIBC";
+}
+else
+{
+   # clib build
+   @import_files = ("clib.imp");
+   push(@import_files, "socklib.imp") if ($BSDSOCK);
+   @module_files = ("clib");
+   # push(@misc_imports, "_rt_modu64%16", "_rt_divu64%16");
+   $libarch = "CLIB";
+}
+if ($BSDSOCK)
+{
+   $libarch .= "-BSD";
+}
+else
+{
+   $libarch .= "-WS2";
+   push(@import_files, "ws2nlm.imp");
+}
+
+# The "IMPORTS" environment variable must be set and point to the location
+# where import files (*.imp) can be found.
+# Example:  set IMPORTS=c:\ndk\nwsdk\imports
+$import_path = $ENV{"IMPORTS"} || die ("IMPORTS environment variable not set\n");
+
+
+# The "PRELUDE" environment variable must be set and point to the location
+# and name of the prelude source to link with ( nwpre.obj is recommended ).
+# Example: set PRELUDE=c:\codewar\novell support\metrowerks support\libraries\runtime\nwpre.obj
+$prelude = $ENV{"PRELUDE"} || die ("PRELUDE environment variable not set\n");
+
+# The "INCLUDES" environment variable must be set and point to the location
+# where import files (*.imp) can be found.
+$include_path = $ENV{"INCLUDE"} || die ("INCLUDES environment variable not set\n");
+$include_path =~ s/\\/\//g;
+$include_path = join(" -I", split(/;/, $include_path));
+
+# check for gcc compiler
+$gnuc = $ENV{"GNUC"};
+
+#$ssl=   "ssleay32";
+#$crypto="libeay32";
+
+if ($gnuc)
+{
+   # C compiler
+   $cc='gcc';
+   # Linker
+   $link='nlmconv';
+   # librarian
+   $mklib='ar';
+   $o='/';
+   # cp command
+   $cp='cp -af';
+   # rm command
+   $rm='rm -f';
+   # mv command
+   $mv='mv -f';
+   # mkdir command
+   $mkdir='gmkdir';
+   #$ranlib='ranlib';
+}
+else
+{
+   # C compiler
+   $cc='mwccnlm';
+   # Linker
+   $link='mwldnlm';
+   # librarian
+   $mklib='mwldnlm';
+   # Path separator
+   $o='\\';
+   # cp command
+   $cp='copy >nul:';
+   # rm command
+   $rm='del /f /q';
+}
+
+# assembler
+if ($nw_nasm)
+{
+   if ($gnuc)
+   {
+      $asm="nasmw -s -f elf";
+   }
+   else
+   {
+      $asm="nasmw -s -f coff";
+   }
+   $afile="-o ";
+   $asm.=" -g" if $debug;
+}
+elsif ($nw_mwasm)
+{
+   $asm="mwasmnlm -maxerrors 20";
+   $afile="-o ";
+   $asm.=" -g" if $debug;
+}
+elsif ($nw_masm)
+{
+# masm assembly settings - it should be possible to use masm but haven't
+# got it working.
+# $asm='ml /Cp /coff /c /Cx';
+# $asm.=" /Zi" if $debug;
+# $afile='/Fo';
+   die("Support for masm assembler not yet functional\n");
+}
+else
+{
+   $asm="";
+   $afile="";
+}
+
+
+
+if ($gnuc)
+{
+   # compile flags for GNUC
+   # additional flags based upon debug | non-debug
+   if ($debug)
+   {
+      $cflags="-g -DDEBUG";
+   }
+   else
+   {
+      $cflags="-O2";
+   }
+   $cflags.=" -nostdinc -I$include_path \\
+         -fno-builtin -fpcc-struct-return -fno-strict-aliasing \\
+         -funsigned-char -Wall -Wno-unused -Wno-uninitialized";
+
+   # link flags
+   $lflags="-T";
+}
+else
+{
+   # compile flags for CodeWarrior
+   # additional flags based upon debug | non-debug
+   if ($debug)
+   {
+      $cflags="-opt off -g -sym internal -DDEBUG";
+   }
+   else
+   {
+   # CodeWarrior compiler has a problem with optimizations for floating
+   # points - no optimizations until further investigation
+   #      $cflags="-opt all";
+   }
+
+   # NOTES: Several c files in the crypto subdirectory include headers from
+   #        their local directories.  Metrowerks wouldn't find these h files
+   #        without adding individual include directives as compile flags
+   #        or modifying the c files.  Instead of adding individual include
+   #        paths for each subdirectory a recursive include directive
+   #        is used ( -ir crypto ).
+   #
+   #        A similar issue exists for the engines and apps subdirectories.
+   #
+   #        Turned off the "possible" warnings ( -w nopossible ).  Metrowerks
+   #        complained a lot about various stuff.  May want to turn back
+   #        on for further development.
+   $cflags.=" -nostdinc -ir crypto -ir engines -ir apps -I$include_path \\
+         -msgstyle gcc -align 4 -processor pentium -char unsigned \\
+         -w on -w nolargeargs -w nopossible -w nounusedarg -w nounusedexpr \\
+         -w noimplicitconv -relax_pointers -nosyspath -maxerrors 20";
+
+   # link flags
+   $lflags="-msgstyle gcc -zerobss -nostdlib -sym internal -commandfile";
+}
+
+# common defines
+$cflags.=" -DL_ENDIAN -DOPENSSL_SYSNAME_NETWARE -U_WIN32";
+
+# If LibC build add in NKS_LIBC define and set the entry/exit
+# routines - The default entry/exit routines are for CLib and don't exist
+# in LibC
+if ($LIBC)
+{
+   $cflags.=" -DNETWARE_LIBC";
+   $nlmstart = "_LibCPrelude";
+   $nlmexit = "_LibCPostlude";
+   @nlm_flags = ("pseudopreemption", "flag_on 64");
+}
+else
+{
+   $cflags.=" -DNETWARE_CLIB";
+   $nlmstart = "_Prelude";
+   $nlmexit = "_Stop";
+}
+
+# If BSD Socket support is requested, set a define for the compiler
+if ($BSDSOCK)
+{
+   $cflags.=" -DNETWARE_BSDSOCK";
+   if (!$LIBC)
+   {
+      $cflags.=" -DNETDB_USE_INTERNET";
+   }
+}
+
+
+# linking stuff
+# for the output directories use the mk1mf.pl values with "_nw" appended
+if ($shlib)
+{
+   if ($LIBC)
+   {
+      $out_def.="_nw_libc_nlm";
+      $tmp_def.="_nw_libc_nlm";
+      $inc_def.="_nw_libc_nlm";
+   }
+   else  # NETWARE_CLIB
+   {
+      $out_def.="_nw_clib_nlm";
+      $tmp_def.="_nw_clib_nlm";
+      $inc_def.="_nw_clib_nlm";
+   }
+}
+else
+{
+   if ($gnuc) # GNUC Tools
+   {
+      $libp=".a";
+      $shlibp=".a";
+      $lib_flags="-cr";
+   }
+   else       # CodeWarrior
+   {
+      $libp=".lib";
+      $shlibp=".lib";
+      $lib_flags="-nodefaults -type library -o";
+   }
+   if ($LIBC)
+   {
+      $out_def.="_nw_libc";
+      $tmp_def.="_nw_libc";
+      $inc_def.="_nw_libc";
+   }
+   else  # NETWARE_CLIB
+   {
+      $out_def.="_nw_clib";
+      $tmp_def.="_nw_clib";
+      $inc_def.="_nw_clib";
+   }
+}
+
+# used by mk1mf.pl
+$obj='.o';
+$ofile='-o ';
+$efile='';
+$exep='.nlm';
+$ex_libs='';
+
+if (!$no_asm)
+{
+   $bn_asm_obj="\$(OBJ_D)${o}bn-nw${obj}";
+   $bn_asm_src="crypto${o}bn${o}asm${o}bn-nw.asm";
+   $bnco_asm_obj="\$(OBJ_D)${o}co-nw${obj}";
+   $bnco_asm_src="crypto${o}bn${o}asm${o}co-nw.asm";
+   $aes_asm_obj="\$(OBJ_D)${o}a-nw${obj}";
+   $aes_asm_src="crypto${o}aes${o}asm${o}a-nw.asm";
+   $des_enc_obj="\$(OBJ_D)${o}d-nw${obj} \$(OBJ_D)${o}y-nw${obj}";
+   $des_enc_src="crypto${o}des${o}asm${o}d-nw.asm crypto${o}des${o}asm${o}y-nw.asm";
+   $bf_enc_obj="\$(OBJ_D)${o}b-nw${obj}";
+   $bf_enc_src="crypto${o}bf${o}asm${o}b-nw.asm";
+   $cast_enc_obj="\$(OBJ_D)${o}c-nw${obj}";
+   $cast_enc_src="crypto${o}cast${o}asm${o}c-nw.asm";
+   $rc4_enc_obj="\$(OBJ_D)${o}r4-nw${obj}";
+   $rc4_enc_src="crypto${o}rc4${o}asm${o}r4-nw.asm";
+   $rc5_enc_obj="\$(OBJ_D)${o}r5-nw${obj}";
+   $rc5_enc_src="crypto${o}rc5${o}asm${o}r5-nw.asm";
+   $md5_asm_obj="\$(OBJ_D)${o}m5-nw${obj}";
+   $md5_asm_src="crypto${o}md5${o}asm${o}m5-nw.asm";
+   $sha1_asm_obj="\$(OBJ_D)${o}s1-nw${obj}";
+   $sha1_asm_src="crypto${o}sha${o}asm${o}s1-nw.asm";
+   $rmd160_asm_obj="\$(OBJ_D)${o}rm-nw${obj}";
+   $rmd160_asm_src="crypto${o}ripemd${o}asm${o}rm-nw.asm";
+   $cpuid_asm_obj="\$(OBJ_D)${o}x86cpuid-nw${obj}";
+   $cpuid_asm_src="crypto${o}x86cpuid-nw.asm";
+   $cflags.=" -DOPENSSL_CPUID_OBJ -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DMD5_ASM -DSHA1_ASM";
+   $cflags.=" -DAES_ASM -DRMD160_ASM";
+}
+else
+{
+   $bn_asm_obj='';
+   $bn_asm_src='';
+   $bnco_asm_obj='';
+   $bnco_asm_src='';
+   $aes_asm_obj='';
+   $aes_asm_src='';
+   $des_enc_obj='';
+   $des_enc_src='';
+   $bf_enc_obj='';
+   $bf_enc_src='';
+   $cast_enc_obj='';
+   $cast_enc_src='';
+   $rc4_enc_obj='';
+   $rc4_enc_src='';
+   $rc5_enc_obj='';
+   $rc5_enc_src='';
+   $md5_asm_obj='';
+   $md5_asm_src='';
+   $sha1_asm_obj='';
+   $sha1_asm_src='';
+   $rmd160_asm_obj='';
+   $rmd160_asm_src='';
+   $cpuid_asm_obj='';
+   $cpuid_asm_src='';
+}
+
+# create the *.def linker command files in \openssl\netware\ directory
+sub do_def_file
+{
+   # strip off the leading path
+   my($target) = bname(shift);
+   my($i);
+
+   if ($target =~ /(.*).nlm/)
+   {
+      $target = $1;
+   }
+
+   # special case for openssl - the mk1mf.pl defines E_EXE = openssl
+   if ($target =~ /E_EXE/)
+   {
+      $target =~ s/\$\(E_EXE\)/openssl/;
+   }
+
+   # Note: originally tried to use full path ( \openssl\netware\$target.def )
+   # Metrowerks linker choked on this with an assertion failure. bug???
+   #
+   my($def_file) = "netware${o}$target.def";
+
+   open(DEF_OUT, ">$def_file") || die("unable to open file $def_file\n");
+
+   print( DEF_OUT "# command file generated by netware.pl for NLM target.\n" );
+   print( DEF_OUT "# do not edit this file - all your changes will be lost!!\n" );
+   print( DEF_OUT "#\n");
+   print( DEF_OUT "DESCRIPTION \"$target ($libarch) - OpenSSL $nlmverstr\"\n");
+   print( DEF_OUT "COPYRIGHT \"$nlmcpystr\"\n");
+   print( DEF_OUT "VERSION $nlmvernum\n");
+   print( DEF_OUT "STACK $nlmstack\n");
+   print( DEF_OUT "START $nlmstart\n");
+   print( DEF_OUT "EXIT $nlmexit\n");
+
+   # special case for openssl
+   if ($target eq "openssl")
+   {
+      print( DEF_OUT "SCREENNAME \"OpenSSL $nlmverstr\"\n");
+   }
+   else
+   {
+      print( DEF_OUT "SCREENNAME \"DEFAULT\"\n");
+   }
+
+   foreach $i (@misc_imports)
+   {
+      print( DEF_OUT "IMPORT $i\n");
+   }
+
+   foreach $i (@import_files)
+   {
+      print( DEF_OUT "IMPORT \@$import_path${o}$i\n");
+   }
+
+   foreach $i (@module_files)
+   {
+      print( DEF_OUT "MODULE $i\n");
+   }
+
+   foreach $i (@nlm_flags)
+   {
+      print( DEF_OUT "$i\n");
+   }
+
+   if ($gnuc)
+   {
+      if ($target =~ /openssl/)
+      {
+         print( DEF_OUT "INPUT ${tmp_def}${o}openssl${obj}\n");
+         print( DEF_OUT "INPUT ${tmp_def}${o}openssl${libp}\n");
+      }
+      else
+      {
+         print( DEF_OUT "INPUT ${tmp_def}${o}${target}${obj}\n");
+      }
+      print( DEF_OUT "INPUT $prelude\n");
+      print( DEF_OUT "INPUT ${out_def}${o}${ssl}${libp} ${out_def}${o}${crypto}${libp}\n");
+      print( DEF_OUT "OUTPUT $target.nlm\n");
+   }
+
+   close(DEF_OUT);
+   return($def_file);
+}
+
+sub do_lib_rule
+{
+   my($objs,$target,$name,$shlib)=@_;
+   my($ret);
+
+   $ret.="$target: $objs\n";
+   if (!$shlib)
+   {
+      $ret.="\t\@echo Building Lib: $name\n";
+      $ret.="\t\$(MKLIB) $lib_flags $target $objs\n";
+      $ret.="\t\@echo .\n"
+   }
+   else
+   {
+      die( "Building as NLM not currently supported!" );
+   }
+
+   $ret.="\n";
+   return($ret);
+}
+
+sub do_link_rule
+{
+   my($target,$files,$dep_libs,$libs)=@_;
+   my($ret);
+   my($def_file) = do_def_file($target);
+
+   $ret.="$target: $files $dep_libs\n";
+
+   # NOTE:  When building the test nlms no screen name is given
+   #  which causes the console screen to be used.  By using the console
+   #  screen there is no "<press any key to continue>" message which
+   #  requires user interaction.  The test script ( do_tests.pl ) needs
+   #  to be able to run the tests without requiring user interaction.
+   #
+   #  However, the sample program "openssl.nlm" is used by the tests and is
+   #  a interactive sample so a screen is desired when not be run by the
+   #  tests.  To solve the problem, two versions of the program are built:
+   #    openssl2 - no screen used by tests
+   #    openssl - default screen - use for normal interactive modes
+   #
+
+   # special case for openssl - the mk1mf.pl defines E_EXE = openssl
+   if ($target =~ /E_EXE/)
+   {
+      my($target2) = $target;
+
+      $target2 =~ s/\(E_EXE\)/\(E_EXE\)2/;
+
+      # openssl2
+      my($def_file2) = do_def_file($target2);
+
+      if ($gnuc)
+      {
+         $ret.="\t\$(MKLIB) $lib_flags \$(TMP_D)${o}\$(E_EXE).a \$(filter-out \$(TMP_D)${o}\$(E_EXE)${obj},$files)\n";
+         $ret.="\t\$(LINK) \$(LFLAGS) $def_file2\n";
+         $ret.="\t\@$mv \$(E_EXE)2.nlm \$(TEST_D)\n";
+      }
+      else
+      {
+         $ret.="\t\$(LINK) \$(LFLAGS) $def_file2 $files \"$prelude\" $libs -o $target2\n";
+      }
+   }
+   if ($gnuc)
+   {
+      $ret.="\t\$(LINK) \$(LFLAGS) $def_file\n";
+      $ret.="\t\@$mv \$(\@F) \$(TEST_D)\n";
+   }
+   else
+   {
+      $ret.="\t\$(LINK) \$(LFLAGS) $def_file $files \"$prelude\" $libs -o $target\n";
+   }
+
+   $ret.="\n";
+   return($ret);
+
+}
+
+1;
diff --git a/src/lib/libcrypto/x509v3/v3_addr.c b/src/lib/libcrypto/x509v3/v3_addr.c
new file mode 100644
index 0000000000..ed9847b307
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_addr.c
@@ -0,0 +1,1280 @@
+/*
+ * Contributed to the OpenSSL Project by the American Registry for
+ * Internet Numbers ("ARIN").
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ */
+
+/*
+ * Implementation of RFC 3779 section 2.2.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/buffer.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_NO_RFC3779
+
+/*
+ * OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
+ */
+
+ASN1_SEQUENCE(IPAddressRange) = {
+  ASN1_SIMPLE(IPAddressRange, min, ASN1_BIT_STRING),
+  ASN1_SIMPLE(IPAddressRange, max, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(IPAddressRange)
+
+ASN1_CHOICE(IPAddressOrRange) = {
+  ASN1_SIMPLE(IPAddressOrRange, u.addressPrefix, ASN1_BIT_STRING),
+  ASN1_SIMPLE(IPAddressOrRange, u.addressRange,  IPAddressRange)
+} ASN1_CHOICE_END(IPAddressOrRange)
+
+ASN1_CHOICE(IPAddressChoice) = {
+  ASN1_SIMPLE(IPAddressChoice,      u.inherit,           ASN1_NULL),
+  ASN1_SEQUENCE_OF(IPAddressChoice, u.addressesOrRanges, IPAddressOrRange)
+} ASN1_CHOICE_END(IPAddressChoice)
+
+ASN1_SEQUENCE(IPAddressFamily) = {
+  ASN1_SIMPLE(IPAddressFamily, addressFamily,   ASN1_OCTET_STRING),
+  ASN1_SIMPLE(IPAddressFamily, ipAddressChoice, IPAddressChoice)
+} ASN1_SEQUENCE_END(IPAddressFamily)
+
+ASN1_ITEM_TEMPLATE(IPAddrBlocks) = 
+  ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
+                        IPAddrBlocks, IPAddressFamily)
+ASN1_ITEM_TEMPLATE_END(IPAddrBlocks)
+
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressOrRange)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressChoice)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily)
+
+/*
+ * How much buffer space do we need for a raw address?
+ */
+#define ADDR_RAW_BUF_LEN        16
+
+/*
+ * What's the address length associated with this AFI?
+ */
+static int length_from_afi(const unsigned afi)
+{
+  switch (afi) {
+  case IANA_AFI_IPV4:
+    return 4;
+  case IANA_AFI_IPV6:
+    return 16;
+  default:
+    return 0;
+  }
+}
+
+/*
+ * Extract the AFI from an IPAddressFamily.
+ */
+unsigned v3_addr_get_afi(const IPAddressFamily *f)
+{
+  return ((f != NULL &&
+           f->addressFamily != NULL &&
+           f->addressFamily->data != NULL)
+          ? ((f->addressFamily->data[0] << 8) |
+             (f->addressFamily->data[1]))
+          : 0);
+}
+
+/*
+ * Expand the bitstring form of an address into a raw byte array.
+ * At the moment this is coded for simplicity, not speed.
+ */
+static void addr_expand(unsigned char *addr,
+                        const ASN1_BIT_STRING *bs,
+                        const int length,
+                        const unsigned char fill)
+{
+  assert(bs->length >= 0 && bs->length <= length);
+  if (bs->length > 0) {
+    memcpy(addr, bs->data, bs->length);
+    if ((bs->flags & 7) != 0) {
+      unsigned char mask = 0xFF >> (8 - (bs->flags & 7));
+      if (fill == 0)
+        addr[bs->length - 1] &= ~mask;
+      else
+        addr[bs->length - 1] |= mask;
+    }
+  }
+  memset(addr + bs->length, fill, length - bs->length);
+}
+
+/*
+ * Extract the prefix length from a bitstring.
+ */
+#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
+
+/*
+ * i2r handler for one address bitstring.
+ */
+static int i2r_address(BIO *out,
+                       const unsigned afi,
+                       const unsigned char fill,
+                       const ASN1_BIT_STRING *bs)
+{
+  unsigned char addr[ADDR_RAW_BUF_LEN];
+  int i, n;
+
+  switch (afi) {
+  case IANA_AFI_IPV4:
+    addr_expand(addr, bs, 4, fill);
+    BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
+    break;
+  case IANA_AFI_IPV6:
+    addr_expand(addr, bs, 16, fill);
+    for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
+      ;
+    for (i = 0; i < n; i += 2)
+      BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i+1], (i < 14 ? ":" : ""));
+    if (i < 16)
+      BIO_puts(out, ":");
+    break;
+  default:
+    for (i = 0; i < bs->length; i++)
+      BIO_printf(out, "%s%02x", (i > 0 ? ":" : ""), bs->data[i]);
+    BIO_printf(out, "[%d]", (int) (bs->flags & 7));
+    break;
+  }
+  return 1;
+}
+
+/*
+ * i2r handler for a sequence of addresses and ranges.
+ */
+static int i2r_IPAddressOrRanges(BIO *out,
+                                 const int indent,
+                                 const IPAddressOrRanges *aors,
+                                 const unsigned afi)
+{
+  int i;
+  for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) {
+    const IPAddressOrRange *aor = sk_IPAddressOrRange_value(aors, i);
+    BIO_printf(out, "%*s", indent, "");
+    switch (aor->type) {
+    case IPAddressOrRange_addressPrefix:
+      if (!i2r_address(out, afi, 0x00, aor->u.addressPrefix))
+        return 0;
+      BIO_printf(out, "/%d\n", addr_prefixlen(aor->u.addressPrefix));
+      continue;
+    case IPAddressOrRange_addressRange:
+      if (!i2r_address(out, afi, 0x00, aor->u.addressRange->min))
+        return 0;
+      BIO_puts(out, "-");
+      if (!i2r_address(out, afi, 0xFF, aor->u.addressRange->max))
+        return 0;
+      BIO_puts(out, "\n");
+      continue;
+    }
+  }
+  return 1;
+}
+
+/*
+ * i2r handler for an IPAddrBlocks extension.
+ */
+static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method,
+                            void *ext,
+                            BIO *out,
+                            int indent)
+{
+  const IPAddrBlocks *addr = ext;
+  int i;
+  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+    const unsigned afi = v3_addr_get_afi(f);
+    switch (afi) {
+    case IANA_AFI_IPV4:
+      BIO_printf(out, "%*sIPv4", indent, "");
+      break;
+    case IANA_AFI_IPV6:
+      BIO_printf(out, "%*sIPv6", indent, "");
+      break;
+    default:
+      BIO_printf(out, "%*sUnknown AFI %u", indent, "", afi);
+      break;
+    }
+    if (f->addressFamily->length > 2) {
+      switch (f->addressFamily->data[2]) {
+      case   1:
+        BIO_puts(out, " (Unicast)");
+        break;
+      case   2:
+        BIO_puts(out, " (Multicast)");
+        break;
+      case   3:
+        BIO_puts(out, " (Unicast/Multicast)");
+        break;
+      case   4:
+        BIO_puts(out, " (MPLS)");
+        break;
+      case  64:
+        BIO_puts(out, " (Tunnel)");
+        break;
+      case  65:
+        BIO_puts(out, " (VPLS)");
+        break;
+      case  66:
+        BIO_puts(out, " (BGP MDT)");
+        break;
+      case 128:
+        BIO_puts(out, " (MPLS-labeled VPN)");
+        break;
+      default:  
+        BIO_printf(out, " (Unknown SAFI %u)",
+                   (unsigned) f->addressFamily->data[2]);
+        break;
+      }
+    }
+    switch (f->ipAddressChoice->type) {
+    case IPAddressChoice_inherit:
+      BIO_puts(out, ": inherit\n");
+      break;
+    case IPAddressChoice_addressesOrRanges:
+      BIO_puts(out, ":\n");
+      if (!i2r_IPAddressOrRanges(out,
+                                 indent + 2,
+                                 f->ipAddressChoice->u.addressesOrRanges,
+                                 afi))
+        return 0;
+      break;
+    }
+  }
+  return 1;
+}
+
+/*
+ * Sort comparison function for a sequence of IPAddressOrRange
+ * elements.
+ */
+static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
+                                const IPAddressOrRange *b,
+                                const int length)
+{
+  unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN];
+  int prefixlen_a = 0;
+  int prefixlen_b = 0;
+  int r;
+
+  switch (a->type) {
+  case IPAddressOrRange_addressPrefix:
+    addr_expand(addr_a, a->u.addressPrefix, length, 0x00);
+    prefixlen_a = addr_prefixlen(a->u.addressPrefix);
+    break;
+  case IPAddressOrRange_addressRange:
+    addr_expand(addr_a, a->u.addressRange->min, length, 0x00);
+    prefixlen_a = length * 8;
+    break;
+  }
+
+  switch (b->type) {
+  case IPAddressOrRange_addressPrefix:
+    addr_expand(addr_b, b->u.addressPrefix, length, 0x00);
+    prefixlen_b = addr_prefixlen(b->u.addressPrefix);
+    break;
+  case IPAddressOrRange_addressRange:
+    addr_expand(addr_b, b->u.addressRange->min, length, 0x00);
+    prefixlen_b = length * 8;
+    break;
+  }
+
+  if ((r = memcmp(addr_a, addr_b, length)) != 0)
+    return r;
+  else
+    return prefixlen_a - prefixlen_b;
+}
+
+/*
+ * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort()
+ * comparision routines are only allowed two arguments.
+ */
+static int v4IPAddressOrRange_cmp(const IPAddressOrRange * const *a,
+                                  const IPAddressOrRange * const *b)
+{
+  return IPAddressOrRange_cmp(*a, *b, 4);
+}
+
+/*
+ * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort()
+ * comparision routines are only allowed two arguments.
+ */
+static int v6IPAddressOrRange_cmp(const IPAddressOrRange * const *a,
+                                  const IPAddressOrRange * const *b)
+{
+  return IPAddressOrRange_cmp(*a, *b, 16);
+}
+
+/*
+ * Calculate whether a range collapses to a prefix.
+ * See last paragraph of RFC 3779 2.2.3.7.
+ */
+static int range_should_be_prefix(const unsigned char *min,
+                                  const unsigned char *max,
+                                  const int length)
+{
+  unsigned char mask;
+  int i, j;
+
+  for (i = 0; i < length && min[i] == max[i]; i++)
+    ;
+  for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--)
+    ;
+  if (i < j)
+    return -1;
+  if (i > j)
+    return i * 8;
+  mask = min[i] ^ max[i];
+  switch (mask) {
+  case 0x01: j = 7; break;
+  case 0x03: j = 6; break;
+  case 0x07: j = 5; break;
+  case 0x0F: j = 4; break;
+  case 0x1F: j = 3; break;
+  case 0x3F: j = 2; break;
+  case 0x7F: j = 1; break;
+  default:   return -1;
+  }
+  if ((min[i] & mask) != 0 || (max[i] & mask) != mask)
+    return -1;
+  else
+    return i * 8 + j;
+}
+
+/*
+ * Construct a prefix.
+ */
+static int make_addressPrefix(IPAddressOrRange **result,
+                              unsigned char *addr,
+                              const int prefixlen)
+{
+  int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8;
+  IPAddressOrRange *aor = IPAddressOrRange_new();
+
+  if (aor == NULL)
+    return 0;
+  aor->type = IPAddressOrRange_addressPrefix;
+  if (aor->u.addressPrefix == NULL &&
+      (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL)
+    goto err;
+  if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen))
+    goto err;
+  aor->u.addressPrefix->flags &= ~7;
+  aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+  if (bitlen > 0) {
+    aor->u.addressPrefix->data[bytelen - 1] &= ~(0xFF >> bitlen);
+    aor->u.addressPrefix->flags |= 8 - bitlen;
+  }
+  
+  *result = aor;
+  return 1;
+
+ err:
+  IPAddressOrRange_free(aor);
+  return 0;
+}
+
+/*
+ * Construct a range.  If it can be expressed as a prefix,
+ * return a prefix instead.  Doing this here simplifies
+ * the rest of the code considerably.
+ */
+static int make_addressRange(IPAddressOrRange **result,
+                             unsigned char *min,
+                             unsigned char *max,
+                             const int length)
+{
+  IPAddressOrRange *aor;
+  int i, prefixlen;
+
+  if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0)
+    return make_addressPrefix(result, min, prefixlen);
+
+  if ((aor = IPAddressOrRange_new()) == NULL)
+    return 0;
+  aor->type = IPAddressOrRange_addressRange;
+  assert(aor->u.addressRange == NULL);
+  if ((aor->u.addressRange = IPAddressRange_new()) == NULL)
+    goto err;
+  if (aor->u.addressRange->min == NULL &&
+      (aor->u.addressRange->min = ASN1_BIT_STRING_new()) == NULL)
+    goto err;
+  if (aor->u.addressRange->max == NULL &&
+      (aor->u.addressRange->max = ASN1_BIT_STRING_new()) == NULL)
+    goto err;
+
+  for (i = length; i > 0 && min[i - 1] == 0x00; --i)
+    ;
+  if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i))
+    goto err;
+  aor->u.addressRange->min->flags &= ~7;
+  aor->u.addressRange->min->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+  if (i > 0) {
+    unsigned char b = min[i - 1];
+    int j = 1;
+    while ((b & (0xFFU >> j)) != 0) 
+      ++j;
+    aor->u.addressRange->min->flags |= 8 - j;
+  }
+
+  for (i = length; i > 0 && max[i - 1] == 0xFF; --i)
+    ;
+  if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i))
+    goto err;
+  aor->u.addressRange->max->flags &= ~7;
+  aor->u.addressRange->max->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+  if (i > 0) {
+    unsigned char b = max[i - 1];
+    int j = 1;
+    while ((b & (0xFFU >> j)) != (0xFFU >> j))
+      ++j;
+    aor->u.addressRange->max->flags |= 8 - j;
+  }
+
+  *result = aor;
+  return 1;
+
+ err:
+  IPAddressOrRange_free(aor);
+  return 0;
+}
+
+/*
+ * Construct a new address family or find an existing one.
+ */
+static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
+                                             const unsigned afi,
+                                             const unsigned *safi)
+{
+  IPAddressFamily *f;
+  unsigned char key[3];
+  unsigned keylen;
+  int i;
+
+  key[0] = (afi >> 8) & 0xFF;
+  key[1] = afi & 0xFF;
+  if (safi != NULL) {
+    key[2] = *safi & 0xFF;
+    keylen = 3;
+  } else {
+    keylen = 2;
+  }
+
+  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+    f = sk_IPAddressFamily_value(addr, i);
+    assert(f->addressFamily->data != NULL);
+    if (f->addressFamily->length == keylen &&
+        !memcmp(f->addressFamily->data, key, keylen))
+      return f;
+  }
+
+  if ((f = IPAddressFamily_new()) == NULL)
+    goto err;
+  if (f->ipAddressChoice == NULL &&
+      (f->ipAddressChoice = IPAddressChoice_new()) == NULL)
+    goto err;
+  if (f->addressFamily == NULL && 
+      (f->addressFamily = ASN1_OCTET_STRING_new()) == NULL)
+    goto err;
+  if (!ASN1_OCTET_STRING_set(f->addressFamily, key, keylen))
+    goto err;
+  if (!sk_IPAddressFamily_push(addr, f))
+    goto err;
+
+  return f;
+
+ err:
+  IPAddressFamily_free(f);
+  return NULL;
+}
+
+/*
+ * Add an inheritance element.
+ */
+int v3_addr_add_inherit(IPAddrBlocks *addr,
+                        const unsigned afi,
+                        const unsigned *safi)
+{
+  IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
+  if (f == NULL ||
+      f->ipAddressChoice == NULL ||
+      (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
+       f->ipAddressChoice->u.addressesOrRanges != NULL))
+    return 0;
+  if (f->ipAddressChoice->type == IPAddressChoice_inherit &&
+      f->ipAddressChoice->u.inherit != NULL)
+    return 1;
+  if (f->ipAddressChoice->u.inherit == NULL &&
+      (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL)
+    return 0;
+  f->ipAddressChoice->type = IPAddressChoice_inherit;
+  return 1;
+}
+
+/*
+ * Construct an IPAddressOrRange sequence, or return an existing one.
+ */
+static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,
+                                               const unsigned afi,
+                                               const unsigned *safi)
+{
+  IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
+  IPAddressOrRanges *aors = NULL;
+
+  if (f == NULL ||
+      f->ipAddressChoice == NULL ||
+      (f->ipAddressChoice->type == IPAddressChoice_inherit &&
+       f->ipAddressChoice->u.inherit != NULL))
+    return NULL;
+  if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges)
+    aors = f->ipAddressChoice->u.addressesOrRanges;
+  if (aors != NULL)
+    return aors;
+  if ((aors = sk_IPAddressOrRange_new_null()) == NULL)
+    return NULL;
+  switch (afi) {
+  case IANA_AFI_IPV4:
+    sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
+    break;
+  case IANA_AFI_IPV6:
+    sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
+    break;
+  }
+  f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;
+  f->ipAddressChoice->u.addressesOrRanges = aors;
+  return aors;
+}
+
+/*
+ * Add a prefix.
+ */
+int v3_addr_add_prefix(IPAddrBlocks *addr,
+                       const unsigned afi,
+                       const unsigned *safi,
+                       unsigned char *a,
+                       const int prefixlen)
+{
+  IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
+  IPAddressOrRange *aor;
+  if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen))
+    return 0;
+  if (sk_IPAddressOrRange_push(aors, aor))
+    return 1;
+  IPAddressOrRange_free(aor);
+  return 0;
+}
+
+/*
+ * Add a range.
+ */
+int v3_addr_add_range(IPAddrBlocks *addr,
+                      const unsigned afi,
+                      const unsigned *safi,
+                      unsigned char *min,
+                      unsigned char *max)
+{
+  IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
+  IPAddressOrRange *aor;
+  int length = length_from_afi(afi);
+  if (aors == NULL)
+    return 0;
+  if (!make_addressRange(&aor, min, max, length))
+    return 0;
+  if (sk_IPAddressOrRange_push(aors, aor))
+    return 1;
+  IPAddressOrRange_free(aor);
+  return 0;
+}
+
+/*
+ * Extract min and max values from an IPAddressOrRange.
+ */
+static void extract_min_max(IPAddressOrRange *aor,
+                            unsigned char *min,
+                            unsigned char *max,
+                            int length)
+{
+  assert(aor != NULL && min != NULL && max != NULL);
+  switch (aor->type) {
+  case IPAddressOrRange_addressPrefix:
+    addr_expand(min, aor->u.addressPrefix, length, 0x00);
+    addr_expand(max, aor->u.addressPrefix, length, 0xFF);
+    return;
+  case IPAddressOrRange_addressRange:
+    addr_expand(min, aor->u.addressRange->min, length, 0x00);
+    addr_expand(max, aor->u.addressRange->max, length, 0xFF);
+    return;
+  }
+}
+
+/*
+ * Public wrapper for extract_min_max().
+ */
+int v3_addr_get_range(IPAddressOrRange *aor,
+                      const unsigned afi,
+                      unsigned char *min,
+                      unsigned char *max,
+                      const int length)
+{
+  int afi_length = length_from_afi(afi);
+  if (aor == NULL || min == NULL || max == NULL ||
+      afi_length == 0 || length < afi_length ||
+      (aor->type != IPAddressOrRange_addressPrefix &&
+       aor->type != IPAddressOrRange_addressRange))
+    return 0;
+  extract_min_max(aor, min, max, afi_length);
+  return afi_length;
+}
+
+/*
+ * Sort comparision function for a sequence of IPAddressFamily.
+ *
+ * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about
+ * the ordering: I can read it as meaning that IPv6 without a SAFI
+ * comes before IPv4 with a SAFI, which seems pretty weird.  The
+ * examples in appendix B suggest that the author intended the
+ * null-SAFI rule to apply only within a single AFI, which is what I
+ * would have expected and is what the following code implements.
+ */
+static int IPAddressFamily_cmp(const IPAddressFamily * const *a_,
+                               const IPAddressFamily * const *b_)
+{
+  const ASN1_OCTET_STRING *a = (*a_)->addressFamily;
+  const ASN1_OCTET_STRING *b = (*b_)->addressFamily;
+  int len = ((a->length <= b->length) ? a->length : b->length);
+  int cmp = memcmp(a->data, b->data, len);
+  return cmp ? cmp : a->length - b->length;
+}
+
+/*
+ * Check whether an IPAddrBLocks is in canonical form.
+ */
+int v3_addr_is_canonical(IPAddrBlocks *addr)
+{
+  unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+  unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
+  IPAddressOrRanges *aors;
+  int i, j, k;
+
+  /*
+   * Empty extension is cannonical.
+   */
+  if (addr == NULL)
+    return 1;
+
+  /*
+   * Check whether the top-level list is in order.
+   */
+  for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) {
+    const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i);
+    const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1);
+    if (IPAddressFamily_cmp(&a, &b) >= 0)
+      return 0;
+  }
+
+  /*
+   * Top level's ok, now check each address family.
+   */
+  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+    int length = length_from_afi(v3_addr_get_afi(f));
+
+    /*
+     * Inheritance is canonical.  Anything other than inheritance or
+     * a SEQUENCE OF IPAddressOrRange is an ASN.1 error or something.
+     */
+    if (f == NULL || f->ipAddressChoice == NULL)
+      return 0;
+    switch (f->ipAddressChoice->type) {
+    case IPAddressChoice_inherit:
+      continue;
+    case IPAddressChoice_addressesOrRanges:
+      break;
+    default:
+      return 0;
+    }
+
+    /*
+     * It's an IPAddressOrRanges sequence, check it.
+     */
+    aors = f->ipAddressChoice->u.addressesOrRanges;
+    if (sk_IPAddressOrRange_num(aors) == 0)
+      return 0;
+    for (j = 0; j < sk_IPAddressOrRange_num(aors) - 1; j++) {
+      IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+      IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1);
+
+      extract_min_max(a, a_min, a_max, length);
+      extract_min_max(b, b_min, b_max, length);
+
+      /*
+       * Punt misordered list, overlapping start, or inverted range.
+       */
+      if (memcmp(a_min, b_min, length) >= 0 ||
+          memcmp(a_min, a_max, length) > 0 ||
+          memcmp(b_min, b_max, length) > 0)
+        return 0;
+
+      /*
+       * Punt if adjacent or overlapping.  Check for adjacency by
+       * subtracting one from b_min first.
+       */
+      for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--)
+        ;
+      if (memcmp(a_max, b_min, length) >= 0)
+        return 0;
+
+      /*
+       * Check for range that should be expressed as a prefix.
+       */
+      if (a->type == IPAddressOrRange_addressRange &&
+          range_should_be_prefix(a_min, a_max, length) >= 0)
+        return 0;
+    }
+
+    /*
+     * Check final range to see if it should be a prefix.
+     */
+    j = sk_IPAddressOrRange_num(aors) - 1;
+    {
+      IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+      if (a->type == IPAddressOrRange_addressRange) {
+        extract_min_max(a, a_min, a_max, length);
+        if (range_should_be_prefix(a_min, a_max, length) >= 0)
+          return 0;
+      }
+    }
+  }
+
+  /*
+   * If we made it through all that, we're happy.
+   */
+  return 1;
+}
+
+/*
+ * Whack an IPAddressOrRanges into canonical form.
+ */
+static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
+                                      const unsigned afi)
+{
+  int i, j, length = length_from_afi(afi);
+
+  /*
+   * Sort the IPAddressOrRanges sequence.
+   */
+  sk_IPAddressOrRange_sort(aors);
+
+  /*
+   * Clean up representation issues, punt on duplicates or overlaps.
+   */
+  for (i = 0; i < sk_IPAddressOrRange_num(aors) - 1; i++) {
+    IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, i);
+    IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, i + 1);
+    unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+    unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
+
+    extract_min_max(a, a_min, a_max, length);
+    extract_min_max(b, b_min, b_max, length);
+
+    /*
+     * Punt overlaps.
+     */
+    if (memcmp(a_max, b_min, length) >= 0)
+      return 0;
+
+    /*
+     * Merge if a and b are adjacent.  We check for
+     * adjacency by subtracting one from b_min first.
+     */
+    for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--)
+      ;
+    if (memcmp(a_max, b_min, length) == 0) {
+      IPAddressOrRange *merged;
+      if (!make_addressRange(&merged, a_min, b_max, length))
+        return 0;
+      sk_IPAddressOrRange_set(aors, i, merged);
+      sk_IPAddressOrRange_delete(aors, i + 1);
+      IPAddressOrRange_free(a);
+      IPAddressOrRange_free(b);
+      --i;
+      continue;
+    }
+  }
+
+  return 1;
+}
+
+/*
+ * Whack an IPAddrBlocks extension into canonical form.
+ */
+int v3_addr_canonize(IPAddrBlocks *addr)
+{
+  int i;
+  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+    if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
+        !IPAddressOrRanges_canonize(f->ipAddressChoice->u.addressesOrRanges,
+                                    v3_addr_get_afi(f)))
+      return 0;
+  }
+  sk_IPAddressFamily_sort(addr);
+  assert(v3_addr_is_canonical(addr));
+  return 1;
+}
+
+/*
+ * v2i handler for the IPAddrBlocks extension.
+ */
+static void *v2i_IPAddrBlocks(struct v3_ext_method *method,
+                              struct v3_ext_ctx *ctx,
+                              STACK_OF(CONF_VALUE) *values)
+{
+  static const char v4addr_chars[] = "0123456789.";
+  static const char v6addr_chars[] = "0123456789.:abcdefABCDEF";
+  IPAddrBlocks *addr = NULL;
+  char *s = NULL, *t;
+  int i;
+  
+  if ((addr = sk_IPAddressFamily_new(IPAddressFamily_cmp)) == NULL) {
+    X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+    return NULL;
+  }
+
+  for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+    CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
+    unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN];
+    unsigned afi, *safi = NULL, safi_;
+    const char *addr_chars;
+    int prefixlen, i1, i2, delim, length;
+
+    if (       !name_cmp(val->name, "IPv4")) {
+      afi = IANA_AFI_IPV4;
+    } else if (!name_cmp(val->name, "IPv6")) {
+      afi = IANA_AFI_IPV6;
+    } else if (!name_cmp(val->name, "IPv4-SAFI")) {
+      afi = IANA_AFI_IPV4;
+      safi = &safi_;
+    } else if (!name_cmp(val->name, "IPv6-SAFI")) {
+      afi = IANA_AFI_IPV6;
+      safi = &safi_;
+    } else {
+      X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_NAME_ERROR);
+      X509V3_conf_err(val);
+      goto err;
+    }
+
+    switch (afi) {
+    case IANA_AFI_IPV4:
+      addr_chars = v4addr_chars;
+      break;
+    case IANA_AFI_IPV6:
+      addr_chars = v6addr_chars;
+      break;
+    }
+
+    length = length_from_afi(afi);
+
+    /*
+     * Handle SAFI, if any, and BUF_strdup() so we can null-terminate
+     * the other input values.
+     */
+    if (safi != NULL) {
+      *safi = strtoul(val->value, &t, 0);
+      t += strspn(t, " \t");
+      if (*safi > 0xFF || *t++ != ':') {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_SAFI);
+        X509V3_conf_err(val);
+        goto err;
+      }
+      t += strspn(t, " \t");
+      s = BUF_strdup(t);
+    } else {
+      s = BUF_strdup(val->value);
+    }
+    if (s == NULL) {
+      X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+      goto err;
+    }
+
+    /*
+     * Check for inheritance.  Not worth additional complexity to
+     * optimize this (seldom-used) case.
+     */
+    if (!strcmp(s, "inherit")) {
+      if (!v3_addr_add_inherit(addr, afi, safi)) {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_INHERITANCE);
+        X509V3_conf_err(val);
+        goto err;
+      }
+      OPENSSL_free(s);
+      s = NULL;
+      continue;
+    }
+
+    i1 = strspn(s, addr_chars);
+    i2 = i1 + strspn(s + i1, " \t");
+    delim = s[i2++];
+    s[i1] = '\0';
+
+    if (a2i_ipadd(min, s) != length) {
+      X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS);
+      X509V3_conf_err(val);
+      goto err;
+    }
+
+    switch (delim) {
+    case '/':
+      prefixlen = (int) strtoul(s + i2, &t, 10);
+      if (t == s + i2 || *t != '\0') {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
+        X509V3_conf_err(val);
+        goto err;
+      }
+      if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+        goto err;
+      }
+      break;
+    case '-':
+      i1 = i2 + strspn(s + i2, " \t");
+      i2 = i1 + strspn(s + i1, addr_chars);
+      if (i1 == i2 || s[i2] != '\0') {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
+        X509V3_conf_err(val);
+        goto err;
+      }
+      if (a2i_ipadd(max, s + i1) != length) {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS);
+        X509V3_conf_err(val);
+        goto err;
+      }
+      if (!v3_addr_add_range(addr, afi, safi, min, max)) {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+        goto err;
+      }
+      break;
+    case '\0':
+      if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+        goto err;
+      }
+      break;
+    default:
+      X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
+      X509V3_conf_err(val);
+      goto err;
+    }
+
+    OPENSSL_free(s);
+    s = NULL;
+  }
+
+  /*
+   * Canonize the result, then we're done.
+   */
+  if (!v3_addr_canonize(addr))
+    goto err;    
+  return addr;
+
+ err:
+  OPENSSL_free(s);
+  sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free);
+  return NULL;
+}
+
+/*
+ * OpenSSL dispatch
+ */
+const X509V3_EXT_METHOD v3_addr = {
+  NID_sbgp_ipAddrBlock,         /* nid */
+  0,                            /* flags */
+  ASN1_ITEM_ref(IPAddrBlocks),  /* template */
+  0, 0, 0, 0,                   /* old functions, ignored */
+  0,                            /* i2s */
+  0,                            /* s2i */
+  0,                            /* i2v */
+  v2i_IPAddrBlocks,             /* v2i */
+  i2r_IPAddrBlocks,             /* i2r */
+  0,                            /* r2i */
+  NULL                          /* extension-specific data */
+};
+
+/*
+ * Figure out whether extension sues inheritance.
+ */
+int v3_addr_inherits(IPAddrBlocks *addr)
+{
+  int i;
+  if (addr == NULL)
+    return 0;
+  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+    if (f->ipAddressChoice->type == IPAddressChoice_inherit)
+      return 1;
+  }
+  return 0;
+}
+
+/*
+ * Figure out whether parent contains child.
+ */
+static int addr_contains(IPAddressOrRanges *parent,
+                         IPAddressOrRanges *child,
+                         int length)
+{
+  unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN];
+  unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN];
+  int p, c;
+
+  if (child == NULL || parent == child)
+    return 1;
+  if (parent == NULL)
+    return 0;
+
+  p = 0;
+  for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
+    extract_min_max(sk_IPAddressOrRange_value(child, c),
+                    c_min, c_max, length);
+    for (;; p++) {
+      if (p >= sk_IPAddressOrRange_num(parent))
+        return 0;
+      extract_min_max(sk_IPAddressOrRange_value(parent, p),
+                      p_min, p_max, length);
+      if (memcmp(p_max, c_max, length) < 0)
+        continue;
+      if (memcmp(p_min, c_min, length) > 0)
+        return 0;
+      break;
+    }
+  }
+
+  return 1;
+}
+
+/*
+ * Test whether a is a subset of b.
+ */
+int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
+{
+  int i;
+  if (a == NULL || a == b)
+    return 1;
+  if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b))
+    return 0;
+  sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
+  for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
+    IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
+    int j = sk_IPAddressFamily_find(b, fa);
+    IPAddressFamily *fb = sk_IPAddressFamily_value(b, j);
+    if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, 
+                       fa->ipAddressChoice->u.addressesOrRanges,
+                       length_from_afi(v3_addr_get_afi(fb))))
+      return 0;
+  }
+  return 1;
+}
+
+/*
+ * Validation error handling via callback.
+ */
+#define validation_err(_err_)           \
+  do {                                  \
+    if (ctx != NULL) {                  \
+      ctx->error = _err_;               \
+      ctx->error_depth = i;             \
+      ctx->current_cert = x;            \
+      ret = ctx->verify_cb(0, ctx);     \
+    } else {                            \
+      ret = 0;                          \
+    }                                   \
+    if (!ret)                           \
+      goto done;                        \
+  } while (0)
+
+/*
+ * Core code for RFC 3779 2.3 path validation.
+ */
+static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
+                                          STACK_OF(X509) *chain,
+                                          IPAddrBlocks *ext)
+{
+  IPAddrBlocks *child = NULL;
+  int i, j, ret = 1;
+  X509 *x = NULL;
+
+  assert(chain != NULL && sk_X509_num(chain) > 0);
+  assert(ctx != NULL || ext != NULL);
+  assert(ctx == NULL || ctx->verify_cb != NULL);
+
+  /*
+   * Figure out where to start.  If we don't have an extension to
+   * check, we're done.  Otherwise, check canonical form and
+   * set up for walking up the chain.
+   */
+  if (ext != NULL) {
+    i = -1;
+  } else {
+    i = 0;
+    x = sk_X509_value(chain, i);
+    assert(x != NULL);
+    if ((ext = x->rfc3779_addr) == NULL)
+      goto done;
+  }
+  if (!v3_addr_is_canonical(ext))
+    validation_err(X509_V_ERR_INVALID_EXTENSION);
+  sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
+  if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
+    X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE);
+    ret = 0;
+    goto done;
+  }
+
+  /*
+   * Now walk up the chain.  No cert may list resources that its
+   * parent doesn't list.
+   */
+  for (i++; i < sk_X509_num(chain); i++) {
+    x = sk_X509_value(chain, i);
+    assert(x != NULL);
+    if (!v3_addr_is_canonical(x->rfc3779_addr))
+      validation_err(X509_V_ERR_INVALID_EXTENSION);
+    if (x->rfc3779_addr == NULL) {
+      for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
+        IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
+        if (fc->ipAddressChoice->type != IPAddressChoice_inherit) {
+          validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+          break;
+        }
+      }
+      continue;
+    }
+    sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp);
+    for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
+      IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
+      int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);
+      IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, k);
+      if (fp == NULL) {
+        if (fc->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) {
+          validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+          break;
+        }
+        continue;
+      }
+      if (fp->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) {
+        if (fc->ipAddressChoice->type == IPAddressChoice_inherit ||
+            addr_contains(fp->ipAddressChoice->u.addressesOrRanges, 
+                          fc->ipAddressChoice->u.addressesOrRanges,
+                          length_from_afi(v3_addr_get_afi(fc))))
+          sk_IPAddressFamily_set(child, j, fp);
+        else
+          validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+      }
+    }
+  }
+
+  /*
+   * Trust anchor can't inherit.
+   */
+  if (x->rfc3779_addr != NULL) {
+    for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) {
+      IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, j);
+      if (fp->ipAddressChoice->type == IPAddressChoice_inherit &&
+          sk_IPAddressFamily_find(child, fp) >= 0)
+        validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+    }
+  }
+
+ done:
+  sk_IPAddressFamily_free(child);
+  return ret;
+}
+
+#undef validation_err
+
+/*
+ * RFC 3779 2.3 path validation -- called from X509_verify_cert().
+ */
+int v3_addr_validate_path(X509_STORE_CTX *ctx)
+{
+  return v3_addr_validate_path_internal(ctx, ctx->chain, NULL);
+}
+
+/*
+ * RFC 3779 2.3 path validation of an extension.
+ * Test whether chain covers extension.
+ */
+int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
+                                  IPAddrBlocks *ext,
+                                  int allow_inheritance)
+{
+  if (ext == NULL)
+    return 1;
+  if (chain == NULL || sk_X509_num(chain) == 0)
+    return 0;
+  if (!allow_inheritance && v3_addr_inherits(ext))
+    return 0;
+  return v3_addr_validate_path_internal(NULL, chain, ext);
+}
+
+#endif /* OPENSSL_NO_RFC3779 */
diff --git a/src/lib/libcrypto/x509v3/v3_asid.c b/src/lib/libcrypto/x509v3/v3_asid.c
new file mode 100644
index 0000000000..271930f967
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_asid.c
@@ -0,0 +1,842 @@
+/*
+ * Contributed to the OpenSSL Project by the American Registry for
+ * Internet Numbers ("ARIN").
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ */
+
+/*
+ * Implementation of RFC 3779 section 3.2.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include <openssl/x509.h>
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_NO_RFC3779
+
+/*
+ * OpenSSL ASN.1 template translation of RFC 3779 3.2.3.
+ */
+
+ASN1_SEQUENCE(ASRange) = {
+  ASN1_SIMPLE(ASRange, min, ASN1_INTEGER),
+  ASN1_SIMPLE(ASRange, max, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(ASRange)
+
+ASN1_CHOICE(ASIdOrRange) = {
+  ASN1_SIMPLE(ASIdOrRange, u.id,    ASN1_INTEGER),
+  ASN1_SIMPLE(ASIdOrRange, u.range, ASRange)
+} ASN1_CHOICE_END(ASIdOrRange)
+
+ASN1_CHOICE(ASIdentifierChoice) = {
+  ASN1_SIMPLE(ASIdentifierChoice,      u.inherit,       ASN1_NULL),
+  ASN1_SEQUENCE_OF(ASIdentifierChoice, u.asIdsOrRanges, ASIdOrRange)
+} ASN1_CHOICE_END(ASIdentifierChoice)
+
+ASN1_SEQUENCE(ASIdentifiers) = {
+  ASN1_EXP_OPT(ASIdentifiers, asnum, ASIdentifierChoice, 0),
+  ASN1_EXP_OPT(ASIdentifiers, rdi,   ASIdentifierChoice, 1)
+} ASN1_SEQUENCE_END(ASIdentifiers)
+
+IMPLEMENT_ASN1_FUNCTIONS(ASRange)
+IMPLEMENT_ASN1_FUNCTIONS(ASIdOrRange)
+IMPLEMENT_ASN1_FUNCTIONS(ASIdentifierChoice)
+IMPLEMENT_ASN1_FUNCTIONS(ASIdentifiers)
+
+/*
+ * i2r method for an ASIdentifierChoice.
+ */
+static int i2r_ASIdentifierChoice(BIO *out,
+                                  ASIdentifierChoice *choice,
+                                  int indent,
+                                  const char *msg)
+{
+  int i;
+  char *s;
+  if (choice == NULL)
+    return 1;
+  BIO_printf(out, "%*s%s:\n", indent, "", msg);
+  switch (choice->type) {
+  case ASIdentifierChoice_inherit:
+    BIO_printf(out, "%*sinherit\n", indent + 2, "");
+    break;
+  case ASIdentifierChoice_asIdsOrRanges:
+    for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges); i++) {
+      ASIdOrRange *aor = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+      switch (aor->type) {
+      case ASIdOrRange_id:
+        if ((s = i2s_ASN1_INTEGER(NULL, aor->u.id)) == NULL)
+          return 0;
+        BIO_printf(out, "%*s%s\n", indent + 2, "", s);
+        OPENSSL_free(s);
+        break;
+      case ASIdOrRange_range:
+        if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->min)) == NULL)
+          return 0;
+        BIO_printf(out, "%*s%s-", indent + 2, "", s);
+        OPENSSL_free(s);
+        if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->max)) == NULL)
+          return 0;
+        BIO_printf(out, "%s\n", s);
+        OPENSSL_free(s);
+        break;
+      default:
+        return 0;
+      }
+    }
+    break;
+  default:
+    return 0;
+  }
+  return 1;
+}
+
+/*
+ * i2r method for an ASIdentifier extension.
+ */
+static int i2r_ASIdentifiers(X509V3_EXT_METHOD *method,
+                             void *ext,
+                             BIO *out,
+                             int indent)
+{
+  ASIdentifiers *asid = ext;
+  return (i2r_ASIdentifierChoice(out, asid->asnum, indent,
+                                 "Autonomous System Numbers") &&
+          i2r_ASIdentifierChoice(out, asid->rdi, indent,
+                                 "Routing Domain Identifiers"));
+}
+
+/*
+ * Sort comparision function for a sequence of ASIdOrRange elements.
+ */
+static int ASIdOrRange_cmp(const ASIdOrRange * const *a_,
+                           const ASIdOrRange * const *b_)
+{
+  const ASIdOrRange *a = *a_, *b = *b_;
+
+  assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
+         (a->type == ASIdOrRange_range && a->u.range != NULL &&
+          a->u.range->min != NULL && a->u.range->max != NULL));
+
+  assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
+         (b->type == ASIdOrRange_range && b->u.range != NULL &&
+          b->u.range->min != NULL && b->u.range->max != NULL));
+
+  if (a->type == ASIdOrRange_id && b->type == ASIdOrRange_id)
+    return ASN1_INTEGER_cmp(a->u.id, b->u.id);
+
+  if (a->type == ASIdOrRange_range && b->type == ASIdOrRange_range) {
+    int r = ASN1_INTEGER_cmp(a->u.range->min, b->u.range->min);
+    return r != 0 ? r : ASN1_INTEGER_cmp(a->u.range->max, b->u.range->max);
+  }
+
+  if (a->type == ASIdOrRange_id)
+    return ASN1_INTEGER_cmp(a->u.id, b->u.range->min);
+  else
+    return ASN1_INTEGER_cmp(a->u.range->min, b->u.id);
+}
+
+/*
+ * Add an inherit element.
+ */
+int v3_asid_add_inherit(ASIdentifiers *asid, int which)
+{
+  ASIdentifierChoice **choice;
+  if (asid == NULL)
+    return 0;
+  switch (which) {
+  case V3_ASID_ASNUM:
+    choice = &asid->asnum;
+    break;
+  case V3_ASID_RDI:
+    choice = &asid->rdi;
+    break;
+  default:
+    return 0;
+  }
+  if (*choice == NULL) {
+    if ((*choice = ASIdentifierChoice_new()) == NULL)
+      return 0;
+    assert((*choice)->u.inherit == NULL);
+    if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
+      return 0;
+    (*choice)->type = ASIdentifierChoice_inherit;
+  }
+  return (*choice)->type == ASIdentifierChoice_inherit;
+}
+
+/*
+ * Add an ID or range to an ASIdentifierChoice.
+ */
+int v3_asid_add_id_or_range(ASIdentifiers *asid,
+                            int which,
+                            ASN1_INTEGER *min,
+                            ASN1_INTEGER *max)
+{
+  ASIdentifierChoice **choice;
+  ASIdOrRange *aor;
+  if (asid == NULL)
+    return 0;
+  switch (which) {
+  case V3_ASID_ASNUM:
+    choice = &asid->asnum;
+    break;
+  case V3_ASID_RDI:
+    choice = &asid->rdi;
+    break;
+  default:
+    return 0;
+  }
+  if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit)
+    return 0;
+  if (*choice == NULL) {
+    if ((*choice = ASIdentifierChoice_new()) == NULL)
+      return 0;
+    assert((*choice)->u.asIdsOrRanges == NULL);
+    (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
+    if ((*choice)->u.asIdsOrRanges == NULL)
+      return 0;
+    (*choice)->type = ASIdentifierChoice_asIdsOrRanges;
+  }
+  if ((aor = ASIdOrRange_new()) == NULL)
+    return 0;
+  if (max == NULL) {
+    aor->type = ASIdOrRange_id;
+    aor->u.id = min;
+  } else {
+    aor->type = ASIdOrRange_range;
+    if ((aor->u.range = ASRange_new()) == NULL)
+      goto err;
+    ASN1_INTEGER_free(aor->u.range->min);
+    aor->u.range->min = min;
+    ASN1_INTEGER_free(aor->u.range->max);
+    aor->u.range->max = max;
+  }
+  if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor)))
+    goto err;
+  return 1;
+
+ err:
+  ASIdOrRange_free(aor);
+  return 0;
+}
+
+/*
+ * Extract min and max values from an ASIdOrRange.
+ */
+static void extract_min_max(ASIdOrRange *aor,
+                            ASN1_INTEGER **min,
+                            ASN1_INTEGER **max)
+{
+  assert(aor != NULL && min != NULL && max != NULL);
+  switch (aor->type) {
+  case ASIdOrRange_id:
+    *min = aor->u.id;
+    *max = aor->u.id;
+    return;
+  case ASIdOrRange_range:
+    *min = aor->u.range->min;
+    *max = aor->u.range->max;
+    return;
+  }
+}
+
+/*
+ * Check whether an ASIdentifierChoice is in canonical form.
+ */
+static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
+{
+  ASN1_INTEGER *a_max_plus_one = NULL;
+  BIGNUM *bn = NULL;
+  int i, ret = 0;
+
+  /*
+   * Empty element or inheritance is canonical.
+   */
+  if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
+    return 1;
+
+  /*
+   * If not a list, or if empty list, it's broken.
+   */
+  if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
+      sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0)
+    return 0;
+
+  /*
+   * It's a list, check it.
+   */
+  for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
+    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+    ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
+    ASN1_INTEGER *a_min, *a_max, *b_min, *b_max;
+
+    extract_min_max(a, &a_min, &a_max);
+    extract_min_max(b, &b_min, &b_max);
+
+    /*
+     * Punt misordered list, overlapping start, or inverted range.
+     */
+    if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 ||
+        ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
+        ASN1_INTEGER_cmp(b_min, b_max) > 0)
+      goto done;
+
+    /*
+     * Calculate a_max + 1 to check for adjacency.
+     */
+    if ((bn == NULL && (bn = BN_new()) == NULL) ||
+        ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
+        !BN_add_word(bn, 1) ||
+        (a_max_plus_one = BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
+      X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
+                ERR_R_MALLOC_FAILURE);
+      goto done;
+    }
+    
+    /*
+     * Punt if adjacent or overlapping.
+     */
+    if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) >= 0)
+      goto done;
+  }
+
+  ret = 1;
+
+ done:
+  ASN1_INTEGER_free(a_max_plus_one);
+  BN_free(bn);
+  return ret;
+}
+
+/*
+ * Check whether an ASIdentifier extension is in canonical form.
+ */
+int v3_asid_is_canonical(ASIdentifiers *asid)
+{
+  return (asid == NULL ||
+          (ASIdentifierChoice_is_canonical(asid->asnum) ||
+           ASIdentifierChoice_is_canonical(asid->rdi)));
+}
+
+/*
+ * Whack an ASIdentifierChoice into canonical form.
+ */
+static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
+{
+  ASN1_INTEGER *a_max_plus_one = NULL;
+  BIGNUM *bn = NULL;
+  int i, ret = 0;
+
+  /*
+   * Nothing to do for empty element or inheritance.
+   */
+  if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
+    return 1;
+
+  /*
+   * We have a list.  Sort it.
+   */
+  assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
+  sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
+
+  /*
+   * Now check for errors and suboptimal encoding, rejecting the
+   * former and fixing the latter.
+   */
+  for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
+    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+    ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
+    ASN1_INTEGER *a_min, *a_max, *b_min, *b_max;
+
+    extract_min_max(a, &a_min, &a_max);
+    extract_min_max(b, &b_min, &b_max);
+
+    /*
+     * Make sure we're properly sorted (paranoia).
+     */
+    assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
+
+    /*
+     * Check for overlaps.
+     */
+    if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) {
+      X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                X509V3_R_EXTENSION_VALUE_ERROR);
+      goto done;
+    }
+
+    /*
+     * Calculate a_max + 1 to check for adjacency.
+     */
+    if ((bn == NULL && (bn = BN_new()) == NULL) ||
+        ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
+        !BN_add_word(bn, 1) ||
+        (a_max_plus_one = BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
+      X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ERR_R_MALLOC_FAILURE);
+      goto done;
+    }
+    
+    /*
+     * If a and b are adjacent, merge them.
+     */
+    if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) == 0) {
+      ASRange *r;
+      switch (a->type) {
+      case ASIdOrRange_id:
+        if ((r = OPENSSL_malloc(sizeof(ASRange))) == NULL) {
+          X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                    ERR_R_MALLOC_FAILURE);
+          goto done;
+        }
+        r->min = a_min;
+        r->max = b_max;
+        a->type = ASIdOrRange_range;
+        a->u.range = r;
+        break;
+      case ASIdOrRange_range:
+        ASN1_INTEGER_free(a->u.range->max);
+        a->u.range->max = b_max;
+        break;
+      }
+      switch (b->type) {
+      case ASIdOrRange_id:
+        b->u.id = NULL;
+        break;
+      case ASIdOrRange_range:
+        b->u.range->max = NULL;
+        break;
+      }
+      ASIdOrRange_free(b);
+      sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
+      i--;
+      continue;
+    }
+  }
+
+  assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
+
+  ret = 1;
+
+ done:
+  ASN1_INTEGER_free(a_max_plus_one);
+  BN_free(bn);
+  return ret;
+}
+
+/*
+ * Whack an ASIdentifier extension into canonical form.
+ */
+int v3_asid_canonize(ASIdentifiers *asid)
+{
+  return (asid == NULL ||
+          (ASIdentifierChoice_canonize(asid->asnum) &&
+           ASIdentifierChoice_canonize(asid->rdi)));
+}
+
+/*
+ * v2i method for an ASIdentifier extension.
+ */
+static void *v2i_ASIdentifiers(struct v3_ext_method *method,
+                               struct v3_ext_ctx *ctx,
+                               STACK_OF(CONF_VALUE) *values)
+{
+  ASIdentifiers *asid = NULL;
+  int i;
+
+  if ((asid = ASIdentifiers_new()) == NULL) {
+    X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+    return NULL;
+  }
+
+  for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+    CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
+    ASN1_INTEGER *min = NULL, *max = NULL;
+    int i1, i2, i3, is_range, which;
+
+    /*
+     * Figure out whether this is an AS or an RDI.
+     */
+    if (       !name_cmp(val->name, "AS")) {
+      which = V3_ASID_ASNUM;
+    } else if (!name_cmp(val->name, "RDI")) {
+      which = V3_ASID_RDI;
+    } else {
+      X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_NAME_ERROR);
+      X509V3_conf_err(val);
+      goto err;
+    }
+
+    /*
+     * Handle inheritance.
+     */
+    if (!strcmp(val->value, "inherit")) {
+      if (v3_asid_add_inherit(asid, which))
+        continue;
+      X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_INHERITANCE);
+      X509V3_conf_err(val);
+      goto err;
+    }
+
+    /*
+     * Number, range, or mistake, pick it apart and figure out which.
+     */
+    i1 = strspn(val->value, "0123456789");
+    if (val->value[i1] == '\0') {
+      is_range = 0;
+    } else {
+      is_range = 1;
+      i2 = i1 + strspn(val->value + i1, " \t");
+      if (val->value[i2] != '-') {
+        X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_ASNUMBER);
+        X509V3_conf_err(val);
+        goto err;
+      }
+      i2++;
+      i2 = i2 + strspn(val->value + i2, " \t");
+      i3 = i2 + strspn(val->value + i2, "0123456789");
+      if (val->value[i3] != '\0') {
+        X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_ASRANGE);
+        X509V3_conf_err(val);
+        goto err;
+      }
+    }
+
+    /*
+     * Syntax is ok, read and add it.
+     */
+    if (!is_range) {
+      if (!X509V3_get_value_int(val, &min)) {
+        X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+        goto err;
+      }
+    } else {
+      char *s = BUF_strdup(val->value);
+      if (s == NULL) {
+        X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+        goto err;
+      }
+      s[i1] = '\0';
+      min = s2i_ASN1_INTEGER(NULL, s);
+      max = s2i_ASN1_INTEGER(NULL, s + i2);
+      OPENSSL_free(s);
+      if (min == NULL || max == NULL) {
+        ASN1_INTEGER_free(min);
+        ASN1_INTEGER_free(max);
+        X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+        goto err;
+      }
+    }
+    if (!v3_asid_add_id_or_range(asid, which, min, max)) {
+      ASN1_INTEGER_free(min);
+      ASN1_INTEGER_free(max);
+      X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+      goto err;
+    }
+  }
+
+  /*
+   * Canonize the result, then we're done.
+   */
+  if (!v3_asid_canonize(asid))
+    goto err;
+  return asid;
+
+ err:
+  ASIdentifiers_free(asid);
+  return NULL;
+}
+
+/*
+ * OpenSSL dispatch.
+ */
+const X509V3_EXT_METHOD v3_asid = {
+  NID_sbgp_autonomousSysNum,    /* nid */
+  0,                            /* flags */
+  ASN1_ITEM_ref(ASIdentifiers), /* template */
+  0, 0, 0, 0,                   /* old functions, ignored */
+  0,                            /* i2s */
+  0,                            /* s2i */
+  0,                            /* i2v */
+  v2i_ASIdentifiers,            /* v2i */
+  i2r_ASIdentifiers,            /* i2r */
+  0,                            /* r2i */
+  NULL                          /* extension-specific data */
+};
+
+/*
+ * Figure out whether extension uses inheritance.
+ */
+int v3_asid_inherits(ASIdentifiers *asid)
+{
+  return (asid != NULL &&
+          ((asid->asnum != NULL &&
+            asid->asnum->type == ASIdentifierChoice_inherit) ||
+           (asid->rdi != NULL &&
+            asid->rdi->type == ASIdentifierChoice_inherit)));
+}
+
+/*
+ * Figure out whether parent contains child.
+ */
+static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child)
+{
+  ASN1_INTEGER *p_min, *p_max, *c_min, *c_max;
+  int p, c;
+
+  if (child == NULL || parent == child)
+    return 1;
+  if (parent == NULL)
+    return 0;
+
+  p = 0;
+  for (c = 0; c < sk_ASIdOrRange_num(child); c++) {
+    extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max);
+    for (;; p++) {
+      if (p >= sk_ASIdOrRange_num(parent))
+        return 0;
+      extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min, &p_max);
+      if (ASN1_INTEGER_cmp(p_max, c_max) < 0)
+        continue;
+      if (ASN1_INTEGER_cmp(p_min, c_min) > 0)
+        return 0;
+      break;
+    }
+  }
+
+  return 1;
+}
+
+/*
+ * Test whether a is a subet of b.
+ */
+int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
+{
+  return (a == NULL ||
+          a == b ||
+          (b != NULL &&
+           !v3_asid_inherits(a) &&
+           !v3_asid_inherits(b) &&
+           asid_contains(b->asnum->u.asIdsOrRanges,
+                         a->asnum->u.asIdsOrRanges) &&
+           asid_contains(b->rdi->u.asIdsOrRanges,
+                         a->rdi->u.asIdsOrRanges)));
+}
+
+/*
+ * Validation error handling via callback.
+ */
+#define validation_err(_err_)           \
+  do {                                  \
+    if (ctx != NULL) {                  \
+      ctx->error = _err_;               \
+      ctx->error_depth = i;             \
+      ctx->current_cert = x;            \
+      ret = ctx->verify_cb(0, ctx);     \
+    } else {                            \
+      ret = 0;                          \
+    }                                   \
+    if (!ret)                           \
+      goto done;                        \
+  } while (0)
+
+/*
+ * Core code for RFC 3779 3.3 path validation.
+ */
+static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
+                                          STACK_OF(X509) *chain,
+                                          ASIdentifiers *ext)
+{
+  ASIdOrRanges *child_as = NULL, *child_rdi = NULL;
+  int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
+  X509 *x = NULL;
+
+  assert(chain != NULL && sk_X509_num(chain) > 0);
+  assert(ctx != NULL || ext != NULL);
+  assert(ctx == NULL || ctx->verify_cb != NULL);
+
+  /*
+   * Figure out where to start.  If we don't have an extension to
+   * check, we're done.  Otherwise, check canonical form and
+   * set up for walking up the chain.
+   */
+  if (ext != NULL) {
+    i = -1;
+  } else {
+    i = 0;
+    x = sk_X509_value(chain, i);
+    assert(x != NULL);
+    if ((ext = x->rfc3779_asid) == NULL)
+      goto done;
+  }
+  if (!v3_asid_is_canonical(ext))
+    validation_err(X509_V_ERR_INVALID_EXTENSION);
+  if (ext->asnum != NULL)  {
+    switch (ext->asnum->type) {
+    case ASIdentifierChoice_inherit:
+      inherit_as = 1;
+      break;
+    case ASIdentifierChoice_asIdsOrRanges:
+      child_as = ext->asnum->u.asIdsOrRanges;
+      break;
+    }
+  }
+  if (ext->rdi != NULL) {
+    switch (ext->rdi->type) {
+    case ASIdentifierChoice_inherit:
+      inherit_rdi = 1;
+      break;
+    case ASIdentifierChoice_asIdsOrRanges:
+      child_rdi = ext->rdi->u.asIdsOrRanges;
+      break;
+    }
+  }
+
+  /*
+   * Now walk up the chain.  Extensions must be in canonical form, no
+   * cert may list resources that its parent doesn't list.
+   */
+  for (i++; i < sk_X509_num(chain); i++) {
+    x = sk_X509_value(chain, i);
+    assert(x != NULL);
+    if (x->rfc3779_asid == NULL) {
+      if (child_as != NULL || child_rdi != NULL)
+        validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+      continue;
+    }
+    if (!v3_asid_is_canonical(x->rfc3779_asid))
+      validation_err(X509_V_ERR_INVALID_EXTENSION);
+    if (x->rfc3779_asid->asnum == NULL && child_as != NULL) {
+      validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+      child_as = NULL;
+      inherit_as = 0;
+    }
+    if (x->rfc3779_asid->asnum != NULL &&
+        x->rfc3779_asid->asnum->type == ASIdentifierChoice_asIdsOrRanges) {
+      if (inherit_as ||
+          asid_contains(x->rfc3779_asid->asnum->u.asIdsOrRanges, child_as)) {
+        child_as = x->rfc3779_asid->asnum->u.asIdsOrRanges;
+        inherit_as = 0;
+      } else {
+        validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+      }
+    }
+    if (x->rfc3779_asid->rdi == NULL && child_rdi != NULL) {
+      validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+      child_rdi = NULL;
+      inherit_rdi = 0;
+    }
+    if (x->rfc3779_asid->rdi != NULL &&
+        x->rfc3779_asid->rdi->type == ASIdentifierChoice_asIdsOrRanges) {
+      if (inherit_rdi ||
+          asid_contains(x->rfc3779_asid->rdi->u.asIdsOrRanges, child_rdi)) {
+        child_rdi = x->rfc3779_asid->rdi->u.asIdsOrRanges;
+        inherit_rdi = 0;
+      } else {
+        validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+      }
+    }
+  }
+
+  /*
+   * Trust anchor can't inherit.
+   */
+  if (x->rfc3779_asid != NULL) {
+    if (x->rfc3779_asid->asnum != NULL &&
+        x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)
+      validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+    if (x->rfc3779_asid->rdi != NULL &&
+        x->rfc3779_asid->rdi->type == ASIdentifierChoice_inherit)
+      validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+  }
+
+ done:
+  return ret;
+}
+
+#undef validation_err
+
+/*
+ * RFC 3779 3.3 path validation -- called from X509_verify_cert().
+ */
+int v3_asid_validate_path(X509_STORE_CTX *ctx)
+{
+  return v3_asid_validate_path_internal(ctx, ctx->chain, NULL);
+}
+
+/*
+ * RFC 3779 3.3 path validation of an extension.
+ * Test whether chain covers extension.
+ */
+int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
+                                  ASIdentifiers *ext,
+                                  int allow_inheritance)
+{
+  if (ext == NULL)
+    return 1;
+  if (chain == NULL || sk_X509_num(chain) == 0)
+    return 0;
+  if (!allow_inheritance && v3_asid_inherits(ext))
+    return 0;
+  return v3_asid_validate_path_internal(NULL, chain, ext);
+}
+
+#endif /* OPENSSL_NO_RFC3779 */