This commit was generated by cvs2git to track changes on a CVS vendor

branch.

5 files changed, 1393 insertions, 0 deletions

diff --git a/src/lib/libcrypto/asn1/ameth_lib.c b/src/lib/libcrypto/asn1/ameth_lib.c
new file mode 100644
index 0000000000..18957c669e
--- /dev/null
+++ b/src/lib/libcrypto/asn1/ameth_lib.c
@@ -0,0 +1,446 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include "asn1_locl.h"
+
+extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[];
+extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[];
+extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
+
+/* Keep this sorted in type order !! */
+static const EVP_PKEY_ASN1_METHOD *standard_methods[] = 
+        {
+#ifndef OPENSSL_NO_RSA
+        &rsa_asn1_meths[0],
+        &rsa_asn1_meths[1],
+#endif
+#ifndef OPENSSL_NO_DH
+        &dh_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_DSA
+        &dsa_asn1_meths[0],
+        &dsa_asn1_meths[1],
+        &dsa_asn1_meths[2],
+        &dsa_asn1_meths[3],
+        &dsa_asn1_meths[4],
+#endif
+#ifndef OPENSSL_NO_EC
+        &eckey_asn1_meth,
+#endif
+        &hmac_asn1_meth
+        };
+
+typedef int sk_cmp_fn_type(const char * const *a, const char * const *b);
+DECLARE_STACK_OF(EVP_PKEY_ASN1_METHOD)
+static STACK_OF(EVP_PKEY_ASN1_METHOD) *app_methods = NULL;
+
+
+
+#ifdef TEST
+void main()
+        {
+        int i;
+        for (i = 0;
+                i < sizeof(standard_methods)/sizeof(EVP_PKEY_ASN1_METHOD *);
+                i++)
+                fprintf(stderr, "Number %d id=%d (%s)\n", i,
+                        standard_methods[i]->pkey_id,
+                        OBJ_nid2sn(standard_methods[i]->pkey_id));
+        }
+#endif
+
+DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *,
+                           const EVP_PKEY_ASN1_METHOD *, ameth);
+
+static int ameth_cmp(const EVP_PKEY_ASN1_METHOD * const *a,
+                     const EVP_PKEY_ASN1_METHOD * const *b)
+        {
+        return ((*a)->pkey_id - (*b)->pkey_id);
+        }
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *,
+                             const EVP_PKEY_ASN1_METHOD *, ameth);
+
+int EVP_PKEY_asn1_get_count(void)
+        {
+        int num = sizeof(standard_methods)/sizeof(EVP_PKEY_ASN1_METHOD *);
+        if (app_methods)
+                num += sk_EVP_PKEY_ASN1_METHOD_num(app_methods);
+        return num;
+        }
+
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx)
+        {
+        int num = sizeof(standard_methods)/sizeof(EVP_PKEY_ASN1_METHOD *);
+        if (idx < 0)
+                return NULL; 
+        if (idx < num)
+                return standard_methods[idx];
+        idx -= num;
+        return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
+        }
+
+static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type)
+        {
+        EVP_PKEY_ASN1_METHOD tmp;
+        const EVP_PKEY_ASN1_METHOD *t = &tmp, **ret;
+        tmp.pkey_id = type;
+        if (app_methods)
+                {
+                int idx;
+                idx = sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp);
+                if (idx >= 0)
+                        return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
+                }
+        ret = OBJ_bsearch_ameth(&t, standard_methods,
+                          sizeof(standard_methods)
+                          /sizeof(EVP_PKEY_ASN1_METHOD *));
+        if (!ret || !*ret)
+                return NULL;
+        return *ret;
+        }
+
+/* Find an implementation of an ASN1 algorithm. If 'pe' is not NULL
+ * also search through engines and set *pe to a functional reference
+ * to the engine implementing 'type' or NULL if no engine implements 
+ * it.
+ */
+
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type)
+        {
+        const EVP_PKEY_ASN1_METHOD *t;
+        ENGINE *e;
+
+        for (;;)
+                {
+                t = pkey_asn1_find(type);
+                if (!t || !(t->pkey_flags & ASN1_PKEY_ALIAS))
+                        break;
+                type = t->pkey_base_id;
+                }
+        if (pe)
+                {
+#ifndef OPENSSL_NO_ENGINE
+                /* type will contain the final unaliased type */
+                e = ENGINE_get_pkey_asn1_meth_engine(type);
+                if (e)
+                        {
+                        *pe = e;
+                        return ENGINE_get_pkey_asn1_meth(e, type);
+                        }
+#endif
+                *pe = NULL;
+                }
+        return t;
+        }
+
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
+                                        const char *str, int len)
+        {
+        int i;
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        if (len == -1)
+                len = strlen(str);
+        if (pe)
+                {
+#ifndef OPENSSL_NO_ENGINE
+                ENGINE *e;
+                ameth = ENGINE_pkey_asn1_find_str(&e, str, len);
+                if (ameth)
+                        {
+                        /* Convert structural into
+                         * functional reference
+                         */
+                        if (!ENGINE_init(e))
+                                ameth = NULL;
+                        ENGINE_free(e);
+                        *pe = e;
+                        return ameth;
+                        }
+#endif
+                *pe = NULL;
+                }
+        for (i = 0; i < EVP_PKEY_asn1_get_count(); i++)
+                {
+                ameth = EVP_PKEY_asn1_get0(i);
+                if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
+                        continue;
+                if (((int)strlen(ameth->pem_str) == len) && 
+                        !strncasecmp(ameth->pem_str, str, len))
+                        return ameth;
+                }
+        return NULL;
+        }
+
+int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
+        {
+        if (app_methods == NULL)
+                {
+                app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp);
+                if (!app_methods)
+                        return 0;
+                }
+        if (!sk_EVP_PKEY_ASN1_METHOD_push(app_methods, ameth))
+                return 0;
+        sk_EVP_PKEY_ASN1_METHOD_sort(app_methods);
+        return 1;
+        }
+
+int EVP_PKEY_asn1_add_alias(int to, int from)
+        {
+        EVP_PKEY_ASN1_METHOD *ameth;
+        ameth = EVP_PKEY_asn1_new(from, ASN1_PKEY_ALIAS, NULL, NULL);
+        if (!ameth)
+                return 0;
+        ameth->pkey_base_id = to;
+        return EVP_PKEY_asn1_add0(ameth);
+        }
+
+int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, int *ppkey_flags,
+                                const char **pinfo, const char **ppem_str,
+                                        const EVP_PKEY_ASN1_METHOD *ameth)
+        {
+        if (!ameth)
+                return 0;
+        if (ppkey_id)
+                *ppkey_id = ameth->pkey_id;
+        if (ppkey_base_id)
+                *ppkey_base_id = ameth->pkey_base_id;
+        if (ppkey_flags)
+                *ppkey_flags = ameth->pkey_flags;
+        if (pinfo)
+                *pinfo = ameth->info;
+        if (ppem_str)
+                *ppem_str = ameth->pem_str;
+        return 1;
+        }
+
+const EVP_PKEY_ASN1_METHOD* EVP_PKEY_get0_asn1(EVP_PKEY *pkey)
+        {
+        return pkey->ameth;
+        }
+
+EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags,
+                                        const char *pem_str, const char *info)
+        {
+        EVP_PKEY_ASN1_METHOD *ameth;
+        ameth = OPENSSL_malloc(sizeof(EVP_PKEY_ASN1_METHOD));
+        if (!ameth)
+                return NULL;
+
+        ameth->pkey_id = id;
+        ameth->pkey_base_id = id;
+        ameth->pkey_flags = flags | ASN1_PKEY_DYNAMIC;
+
+        if (info)
+                {
+                ameth->info = BUF_strdup(info);
+                if (!ameth->info)
+                        goto err;
+                }
+
+        if (pem_str)
+                {
+                ameth->pem_str = BUF_strdup(pem_str);
+                if (!ameth->pem_str)
+                        goto err;
+                }
+
+        ameth->pub_decode = 0;
+        ameth->pub_encode = 0;
+        ameth->pub_cmp = 0;
+        ameth->pub_print = 0;
+
+        ameth->priv_decode = 0;
+        ameth->priv_encode = 0;
+        ameth->priv_print = 0;
+
+        ameth->old_priv_encode = 0;
+        ameth->old_priv_decode = 0;
+
+        ameth->pkey_size = 0;
+        ameth->pkey_bits = 0;
+
+        ameth->param_decode = 0;
+        ameth->param_encode = 0;
+        ameth->param_missing = 0;
+        ameth->param_copy = 0;
+        ameth->param_cmp = 0;
+        ameth->param_print = 0;
+
+        ameth->pkey_free = 0;
+        ameth->pkey_ctrl = 0;
+
+        return ameth;
+
+        err:
+
+        EVP_PKEY_asn1_free(ameth);
+        return NULL;
+
+        }
+
+void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, 
+                        const EVP_PKEY_ASN1_METHOD *src)
+        {
+
+        dst->pub_decode = src->pub_decode;
+        dst->pub_encode = src->pub_encode;
+        dst->pub_cmp = src->pub_cmp;
+        dst->pub_print = src->pub_print;
+
+        dst->priv_decode = src->priv_decode;
+        dst->priv_encode = src->priv_encode;
+        dst->priv_print = src->priv_print;
+
+        dst->old_priv_encode = src->old_priv_encode;
+        dst->old_priv_decode = src->old_priv_decode;
+
+        dst->pkey_size = src->pkey_size;
+        dst->pkey_bits = src->pkey_bits;
+
+        dst->param_decode = src->param_decode;
+        dst->param_encode = src->param_encode;
+        dst->param_missing = src->param_missing;
+        dst->param_copy = src->param_copy;
+        dst->param_cmp = src->param_cmp;
+        dst->param_print = src->param_print;
+
+        dst->pkey_free = src->pkey_free;
+        dst->pkey_ctrl = src->pkey_ctrl;
+
+        }
+
+void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth)
+        {
+        if (ameth && (ameth->pkey_flags & ASN1_PKEY_DYNAMIC))
+                {
+                if (ameth->pem_str)
+                        OPENSSL_free(ameth->pem_str);
+                if (ameth->info)
+                        OPENSSL_free(ameth->info);
+                OPENSSL_free(ameth);
+                }
+        }
+
+void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
+                int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub),
+                int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk),
+                int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b),
+                int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *pctx),
+                int (*pkey_size)(const EVP_PKEY *pk),
+                int (*pkey_bits)(const EVP_PKEY *pk))
+        {
+        ameth->pub_decode = pub_decode;
+        ameth->pub_encode = pub_encode;
+        ameth->pub_cmp = pub_cmp;
+        ameth->pub_print = pub_print;
+        ameth->pkey_size = pkey_size;
+        ameth->pkey_bits = pkey_bits;
+        }
+
+void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
+                int (*priv_decode)(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf),
+                int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk),
+                int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *pctx))
+        {
+        ameth->priv_decode = priv_decode;
+        ameth->priv_encode = priv_encode;
+        ameth->priv_print = priv_print;
+        }
+
+void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth,
+                int (*param_decode)(EVP_PKEY *pkey,
+                                const unsigned char **pder, int derlen),
+                int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder),
+                int (*param_missing)(const EVP_PKEY *pk),
+                int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from),
+                int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b),
+                int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *pctx))
+        {
+        ameth->param_decode = param_decode;
+        ameth->param_encode = param_encode;
+        ameth->param_missing = param_missing;
+        ameth->param_copy = param_copy;
+        ameth->param_cmp = param_cmp;
+        ameth->param_print = param_print;
+        }
+
+void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
+                void (*pkey_free)(EVP_PKEY *pkey))
+        {
+        ameth->pkey_free = pkey_free;
+        }
+
+void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
+                int (*pkey_ctrl)(EVP_PKEY *pkey, int op,
+                                                        long arg1, void *arg2))
+        {
+        ameth->pkey_ctrl = pkey_ctrl;
+        }
diff --git a/src/lib/libcrypto/asn1/asn1_locl.h b/src/lib/libcrypto/asn1/asn1_locl.h
new file mode 100644
index 0000000000..5aa65e28f5
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn1_locl.h
@@ -0,0 +1,134 @@
+/* asn1t.h */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* Internal ASN1 structures and functions: not for application use */
+
+/* ASN1 print context structure */
+
+struct asn1_pctx_st
+        {
+        unsigned long flags;
+        unsigned long nm_flags;
+        unsigned long cert_flags;
+        unsigned long oid_flags;
+        unsigned long str_flags;
+        } /* ASN1_PCTX */;
+
+/* ASN1 public key method structure */
+
+struct evp_pkey_asn1_method_st
+        {
+        int pkey_id;
+        int pkey_base_id;
+        unsigned long pkey_flags;
+
+        char *pem_str;
+        char *info;
+
+        int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub);
+        int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk);
+        int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);
+        int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *pctx);
+
+        int (*priv_decode)(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf);
+        int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);
+        int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *pctx);
+
+        int (*pkey_size)(const EVP_PKEY *pk);
+        int (*pkey_bits)(const EVP_PKEY *pk);
+
+        int (*param_decode)(EVP_PKEY *pkey,
+                                const unsigned char **pder, int derlen);
+        int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder);
+        int (*param_missing)(const EVP_PKEY *pk);
+        int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from);
+        int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);
+        int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *pctx);
+
+        void (*pkey_free)(EVP_PKEY *pkey);
+        int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2);
+
+        /* Legacy functions for old PEM */
+
+        int (*old_priv_decode)(EVP_PKEY *pkey,
+                                const unsigned char **pder, int derlen);
+        int (*old_priv_encode)(const EVP_PKEY *pkey, unsigned char **pder);
+
+        } /* EVP_PKEY_ASN1_METHOD */;
+
+/* Method to handle CRL access.
+ * In general a CRL could be very large (several Mb) and can consume large
+ * amounts of resources if stored in memory by multiple processes.
+ * This method allows general CRL operations to be redirected to more
+ * efficient callbacks: for example a CRL entry database.
+ */
+
+#define X509_CRL_METHOD_DYNAMIC         1
+
+struct x509_crl_method_st
+        {
+        int flags;
+        int (*crl_init)(X509_CRL *crl);
+        int (*crl_free)(X509_CRL *crl);
+        int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
+                                ASN1_INTEGER *ser, X509_NAME *issuer);
+        int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk);
+        };
diff --git a/src/lib/libcrypto/asn1/bio_asn1.c b/src/lib/libcrypto/asn1/bio_asn1.c
new file mode 100644
index 0000000000..dc7efd551c
--- /dev/null
+++ b/src/lib/libcrypto/asn1/bio_asn1.c
@@ -0,0 +1,495 @@
+/* bio_asn1.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* Experimental ASN1 BIO. When written through the data is converted
+ * to an ASN1 string type: default is OCTET STRING. Additional functions
+ * can be provided to add prefix and suffix data.
+ */
+
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+
+/* Must be large enough for biggest tag+length */
+#define DEFAULT_ASN1_BUF_SIZE 20
+
+typedef enum 
+        {
+        ASN1_STATE_START,
+        ASN1_STATE_PRE_COPY,
+        ASN1_STATE_HEADER,
+        ASN1_STATE_HEADER_COPY,
+        ASN1_STATE_DATA_COPY,
+        ASN1_STATE_POST_COPY,
+        ASN1_STATE_DONE
+        } asn1_bio_state_t;
+
+typedef struct BIO_ASN1_EX_FUNCS_st
+        {
+        asn1_ps_func    *ex_func;
+        asn1_ps_func    *ex_free_func;
+        } BIO_ASN1_EX_FUNCS;
+
+typedef struct BIO_ASN1_BUF_CTX_t
+        {
+        /* Internal state */
+        asn1_bio_state_t state;
+        /* Internal buffer */
+        unsigned char *buf;
+        /* Size of buffer */
+        int bufsize;
+        /* Current position in buffer */
+        int bufpos;
+        /* Current buffer length */
+        int buflen;
+        /* Amount of data to copy */
+        int copylen;
+        /* Class and tag to use */
+        int asn1_class, asn1_tag;
+        asn1_ps_func *prefix, *prefix_free, *suffix, *suffix_free;
+        /* Extra buffer for prefix and suffix data */
+        unsigned char *ex_buf;
+        int ex_len;
+        int ex_pos;
+        void *ex_arg;
+        } BIO_ASN1_BUF_CTX;
+
+
+static int asn1_bio_write(BIO *h, const char *buf,int num);
+static int asn1_bio_read(BIO *h, char *buf, int size);
+static int asn1_bio_puts(BIO *h, const char *str);
+static int asn1_bio_gets(BIO *h, char *str, int size);
+static long asn1_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int asn1_bio_new(BIO *h);
+static int asn1_bio_free(BIO *data);
+static long asn1_bio_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+
+static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size);
+static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
+                                asn1_ps_func *cleanup, asn1_bio_state_t next);
+static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
+                                asn1_ps_func *setup, 
+                                asn1_bio_state_t ex_state,
+                                asn1_bio_state_t other_state);
+
+static BIO_METHOD methods_asn1=
+        {
+        BIO_TYPE_ASN1,
+        "asn1",
+        asn1_bio_write,
+        asn1_bio_read,
+        asn1_bio_puts,
+        asn1_bio_gets,
+        asn1_bio_ctrl,
+        asn1_bio_new,
+        asn1_bio_free,
+        asn1_bio_callback_ctrl,
+        };
+
+BIO_METHOD *BIO_f_asn1(void)
+        {
+        return(&methods_asn1);
+        }
+
+
+static int asn1_bio_new(BIO *b)
+        {
+        BIO_ASN1_BUF_CTX *ctx;
+        ctx = OPENSSL_malloc(sizeof(BIO_ASN1_BUF_CTX));
+        if (!ctx)
+                return 0;
+        if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE))
+                return 0;
+        b->init = 1;
+        b->ptr = (char *)ctx;
+        b->flags = 0;
+        return 1;
+        }
+
+static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size)
+        {
+        ctx->buf = OPENSSL_malloc(size);
+        if (!ctx->buf)
+                return 0;
+        ctx->bufsize = size;
+        ctx->bufpos = 0;
+        ctx->buflen = 0;
+        ctx->copylen = 0;
+        ctx->asn1_class = V_ASN1_UNIVERSAL;
+        ctx->asn1_tag = V_ASN1_OCTET_STRING;
+        ctx->ex_buf = 0;
+        ctx->ex_pos = 0;
+        ctx->ex_len = 0;
+        ctx->state = ASN1_STATE_START;
+        return 1;
+        }
+
+static int asn1_bio_free(BIO *b)
+        {
+        BIO_ASN1_BUF_CTX *ctx;
+        ctx = (BIO_ASN1_BUF_CTX *) b->ptr;
+        if (ctx == NULL)
+                return 0;
+        if (ctx->buf)
+                OPENSSL_free(ctx->buf);
+        OPENSSL_free(ctx);
+        b->init = 0;
+        b->ptr = NULL;
+        b->flags = 0;
+        return 1;
+        }
+
+static int asn1_bio_write(BIO *b, const char *in , int inl)
+        {
+        BIO_ASN1_BUF_CTX *ctx;
+        int wrmax, wrlen, ret;
+        unsigned char *p;
+        if (!in || (inl < 0) || (b->next_bio == NULL))
+                return 0;
+        ctx = (BIO_ASN1_BUF_CTX *) b->ptr;
+        if (ctx == NULL)
+                return 0;
+
+        wrlen = 0;
+        ret = -1;
+
+        for(;;)
+                {
+                switch (ctx->state)
+                        {
+
+                        /* Setup prefix data, call it */
+                        case ASN1_STATE_START:
+                        if (!asn1_bio_setup_ex(b, ctx, ctx->prefix,
+                                ASN1_STATE_PRE_COPY, ASN1_STATE_HEADER))
+                                return 0;
+                        break;
+
+                        /* Copy any pre data first */
+                        case ASN1_STATE_PRE_COPY:
+
+                        ret = asn1_bio_flush_ex(b, ctx, ctx->prefix_free,
+                                                        ASN1_STATE_HEADER);
+
+                        if (ret <= 0)
+                                goto done;
+
+                        break;
+
+                        case ASN1_STATE_HEADER:
+                        ctx->buflen =
+                                ASN1_object_size(0, inl, ctx->asn1_tag) - inl;
+                        OPENSSL_assert(ctx->buflen <= ctx->bufsize);
+                        p = ctx->buf;
+                        ASN1_put_object(&p, 0, inl,
+                                        ctx->asn1_tag, ctx->asn1_class);
+                        ctx->copylen = inl;
+                        ctx->state = ASN1_STATE_HEADER_COPY;
+
+                        break;
+
+                        case ASN1_STATE_HEADER_COPY:    
+                        ret = BIO_write(b->next_bio,
+                                        ctx->buf + ctx->bufpos, ctx->buflen);
+                        if (ret <= 0)
+                                goto done;
+
+                        ctx->buflen -= ret;
+                        if (ctx->buflen)
+                                ctx->bufpos += ret;
+                        else
+                                {
+                                ctx->bufpos = 0;
+                                ctx->state = ASN1_STATE_DATA_COPY;
+                                }
+
+                        break;
+
+                        case ASN1_STATE_DATA_COPY:
+
+                        if (inl > ctx->copylen)
+                                wrmax = ctx->copylen;
+                        else
+                                wrmax = inl;
+                        ret = BIO_write(b->next_bio, in, wrmax);
+                        if (ret <= 0)
+                                break;
+                        wrlen += ret;
+                        ctx->copylen -= ret;
+                        in += ret;
+                        inl -= ret;
+
+                        if (ctx->copylen == 0)
+                                ctx->state = ASN1_STATE_HEADER;
+
+                        if (inl == 0)
+                                goto done;
+
+                        break;
+
+                        default:
+                        BIO_clear_retry_flags(b);
+                        return 0;
+
+                        }
+
+                }
+
+        done:
+        BIO_clear_retry_flags(b);
+        BIO_copy_next_retry(b);
+
+        return (wrlen > 0) ? wrlen : ret;
+
+        }
+
+static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
+                                asn1_ps_func *cleanup, asn1_bio_state_t next)
+        {
+        int ret;
+        if (ctx->ex_len <= 0)
+                return 1;
+        for(;;)
+                {
+                ret = BIO_write(b->next_bio, ctx->ex_buf + ctx->ex_pos,
+                                                                ctx->ex_len);
+                if (ret <= 0)
+                        break;
+                ctx->ex_len -= ret;
+                if (ctx->ex_len > 0)
+                        ctx->ex_pos += ret;
+                else
+                        {
+                        if(cleanup)
+                                cleanup(b, &ctx->ex_buf, &ctx->ex_len,
+                                                                &ctx->ex_arg);
+                        ctx->state = next;
+                        ctx->ex_pos = 0;
+                        break;
+                        }
+                }
+        return ret;
+        }
+
+static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
+                                asn1_ps_func *setup, 
+                                asn1_bio_state_t ex_state,
+                                asn1_bio_state_t other_state)
+        {
+        if (setup && !setup(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg))
+                {
+                BIO_clear_retry_flags(b);
+                return 0;
+                }
+        if (ctx->ex_len > 0)
+                ctx->state = ex_state;
+        else
+                ctx->state = other_state;
+        return 1;
+        }
+
+static int asn1_bio_read(BIO *b, char *in , int inl)
+        {
+        if (!b->next_bio)
+                return 0;
+        return BIO_read(b->next_bio, in , inl);
+        }
+
+static int asn1_bio_puts(BIO *b, const char *str)
+        {
+        return asn1_bio_write(b, str, strlen(str));
+        }
+
+static int asn1_bio_gets(BIO *b, char *str, int size)
+        {
+        if (!b->next_bio)
+                return 0;
+        return BIO_gets(b->next_bio, str , size);
+        }
+
+static long asn1_bio_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+        {
+        if (b->next_bio == NULL) return(0);
+        return BIO_callback_ctrl(b->next_bio,cmd,fp);
+        }
+
+static long asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2)
+        {
+        BIO_ASN1_BUF_CTX *ctx;
+        BIO_ASN1_EX_FUNCS *ex_func;
+        long ret = 1;
+        ctx = (BIO_ASN1_BUF_CTX *) b->ptr;
+        if (ctx == NULL)
+                return 0;
+        switch(cmd)
+                {
+
+                case BIO_C_SET_PREFIX:
+                ex_func = arg2;
+                ctx->prefix  = ex_func->ex_func;
+                ctx->prefix_free  = ex_func->ex_free_func;
+                break;
+
+                case BIO_C_GET_PREFIX:
+                ex_func = arg2;
+                ex_func->ex_func = ctx->prefix;
+                ex_func->ex_free_func = ctx->prefix_free;
+                break;
+
+                case BIO_C_SET_SUFFIX:
+                ex_func = arg2;
+                ctx->suffix  = ex_func->ex_func;
+                ctx->suffix_free  = ex_func->ex_free_func;
+                break;
+
+                case BIO_C_GET_SUFFIX:
+                ex_func = arg2;
+                ex_func->ex_func = ctx->suffix;
+                ex_func->ex_free_func = ctx->suffix_free;
+                break;
+
+                case BIO_C_SET_EX_ARG:
+                ctx->ex_arg = arg2;
+                break;
+
+                case BIO_C_GET_EX_ARG:
+                *(void **)arg2 = ctx->ex_arg;
+                break;
+
+                case BIO_CTRL_FLUSH:
+                if (!b->next_bio)
+                        return 0;
+
+                /* Call post function if possible */
+                if (ctx->state == ASN1_STATE_HEADER)
+                        {
+                        if (!asn1_bio_setup_ex(b, ctx, ctx->suffix,
+                                ASN1_STATE_POST_COPY, ASN1_STATE_DONE))
+                                return 0;
+                        }
+
+                if (ctx->state == ASN1_STATE_POST_COPY)
+                        {
+                        ret = asn1_bio_flush_ex(b, ctx, ctx->suffix_free,
+                                                        ASN1_STATE_DONE);
+                        if (ret <= 0)
+                                return ret;
+                        }
+
+                if (ctx->state == ASN1_STATE_DONE)
+                        return BIO_ctrl(b->next_bio, cmd, arg1, arg2);
+                else
+                        {
+                        BIO_clear_retry_flags(b);
+                        return 0;
+                        }
+                break;
+
+
+                default:
+                if (!b->next_bio)
+                        return 0;
+                return BIO_ctrl(b->next_bio, cmd, arg1, arg2);
+
+                }
+
+        return ret;
+        }
+
+static int asn1_bio_set_ex(BIO *b, int cmd,
+                asn1_ps_func *ex_func, asn1_ps_func *ex_free_func)
+        {
+        BIO_ASN1_EX_FUNCS extmp;
+        extmp.ex_func = ex_func;
+        extmp.ex_free_func = ex_free_func;
+        return BIO_ctrl(b, cmd, 0, &extmp);
+        }
+
+static int asn1_bio_get_ex(BIO *b, int cmd,
+                asn1_ps_func **ex_func, asn1_ps_func **ex_free_func)
+        {
+        BIO_ASN1_EX_FUNCS extmp;
+        int ret;
+        ret = BIO_ctrl(b, cmd, 0, &extmp);
+        if (ret > 0)
+                {
+                *ex_func = extmp.ex_func;
+                *ex_free_func = extmp.ex_free_func;
+                }
+        return ret;
+        }
+
+int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, asn1_ps_func *prefix_free)
+        {
+        return asn1_bio_set_ex(b, BIO_C_SET_PREFIX, prefix, prefix_free);
+        }
+
+int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix, asn1_ps_func **pprefix_free)
+        {
+        return asn1_bio_get_ex(b, BIO_C_GET_PREFIX, pprefix, pprefix_free);
+        }
+
+int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, asn1_ps_func *suffix_free)
+        {
+        return asn1_bio_set_ex(b, BIO_C_SET_SUFFIX, suffix, suffix_free);
+        }
+
+int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, asn1_ps_func **psuffix_free)
+        {
+        return asn1_bio_get_ex(b, BIO_C_GET_SUFFIX, psuffix, psuffix_free);
+        }
diff --git a/src/lib/libcrypto/asn1/bio_ndef.c b/src/lib/libcrypto/asn1/bio_ndef.c
new file mode 100644
index 0000000000..370389b1e6
--- /dev/null
+++ b/src/lib/libcrypto/asn1/bio_ndef.c
@@ -0,0 +1,246 @@
+/* bio_ndef.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+
+#ifndef OPENSSL_SYSNAME_NETWARE
+#include <memory.h>
+#endif
+#include <stdio.h>
+
+/* Experimental NDEF ASN1 BIO support routines */
+
+/* The usage is quite simple, initialize an ASN1 structure,
+ * get a BIO from it then any data written through the BIO
+ * will end up translated to approptiate format on the fly.
+ * The data is streamed out and does *not* need to be
+ * all held in memory at once.
+ *
+ * When the BIO is flushed the output is finalized and any
+ * signatures etc written out.
+ *
+ * The BIO is a 'proper' BIO and can handle non blocking I/O
+ * correctly.
+ *
+ * The usage is simple. The implementation is *not*...
+ */
+
+/* BIO support data stored in the ASN1 BIO ex_arg */
+
+typedef struct ndef_aux_st
+        {
+        /* ASN1 structure this BIO refers to */
+        ASN1_VALUE *val;
+        const ASN1_ITEM *it;
+        /* Top of the BIO chain */
+        BIO *ndef_bio;
+        /* Output BIO */
+        BIO *out;
+        /* Boundary where content is inserted */
+        unsigned char **boundary;
+        /* DER buffer start */
+        unsigned char *derbuf;
+        } NDEF_SUPPORT;
+
+static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg);
+static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg);
+static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg);
+static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg);
+
+BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
+        {
+        NDEF_SUPPORT *ndef_aux = NULL;
+        BIO *asn_bio = NULL;
+        const ASN1_AUX *aux = it->funcs;
+        ASN1_STREAM_ARG sarg;
+
+        if (!aux || !aux->asn1_cb)
+                {
+                ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED);
+                return NULL;
+                }
+        ndef_aux = OPENSSL_malloc(sizeof(NDEF_SUPPORT));
+        asn_bio = BIO_new(BIO_f_asn1());
+
+        /* ASN1 bio needs to be next to output BIO */
+
+        out = BIO_push(asn_bio, out);
+
+        if (!ndef_aux || !asn_bio || !out)
+                goto err;
+
+        BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free);
+        BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free);
+
+        /* Now let callback prepend any digest, cipher etc BIOs
+         * ASN1 structure needs.
+         */
+
+        sarg.out = out;
+        sarg.ndef_bio = NULL;
+        sarg.boundary = NULL;
+
+        if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0)
+                goto err;
+
+        ndef_aux->val = val;
+        ndef_aux->it = it;
+        ndef_aux->ndef_bio = sarg.ndef_bio;
+        ndef_aux->boundary = sarg.boundary;
+        ndef_aux->out = out;
+
+        BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux);
+
+        return sarg.ndef_bio;
+
+        err:
+        if (asn_bio)
+                BIO_free(asn_bio);
+        if (ndef_aux)
+                OPENSSL_free(ndef_aux);
+        return NULL;
+        }
+
+static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
+        {
+        NDEF_SUPPORT *ndef_aux;
+        unsigned char *p;
+        int derlen;
+
+        if (!parg)
+                return 0;
+
+        ndef_aux = *(NDEF_SUPPORT **)parg;
+
+        derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
+        p = OPENSSL_malloc(derlen);
+        ndef_aux->derbuf = p;
+        *pbuf = p;
+        derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it);
+
+        if (!*ndef_aux->boundary)
+                return 0;
+
+        *plen = *ndef_aux->boundary - *pbuf;
+
+        return 1;
+        }
+
+static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg)
+        {
+        NDEF_SUPPORT *ndef_aux;
+
+        if (!parg)
+                return 0;
+
+        ndef_aux = *(NDEF_SUPPORT **)parg;
+
+        if (ndef_aux->derbuf)
+                OPENSSL_free(ndef_aux->derbuf);
+
+        ndef_aux->derbuf = NULL;
+        *pbuf = NULL;
+        *plen = 0;
+        return 1;
+        }
+
+static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg)
+        {
+        NDEF_SUPPORT **pndef_aux = (NDEF_SUPPORT **)parg;
+        if (!ndef_prefix_free(b, pbuf, plen, parg))
+                return 0;
+        OPENSSL_free(*pndef_aux);
+        *pndef_aux = NULL;
+        return 1;
+        }
+
+static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
+        {
+        NDEF_SUPPORT *ndef_aux;
+        unsigned char *p;
+        int derlen;
+        const ASN1_AUX *aux;
+        ASN1_STREAM_ARG sarg;
+
+        if (!parg)
+                return 0;
+
+        ndef_aux = *(NDEF_SUPPORT **)parg;
+
+        aux = ndef_aux->it->funcs;
+
+        /* Finalize structures */
+        sarg.ndef_bio = ndef_aux->ndef_bio;
+        sarg.out = ndef_aux->out;
+        sarg.boundary = ndef_aux->boundary;
+        if (aux->asn1_cb(ASN1_OP_STREAM_POST,
+                                &ndef_aux->val, ndef_aux->it, &sarg) <= 0)
+                return 0;
+
+        derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
+        p = OPENSSL_malloc(derlen);
+        ndef_aux->derbuf = p;
+        *pbuf = p;
+        derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it);
+
+        if (!*ndef_aux->boundary)
+                return 0;
+        *pbuf = *ndef_aux->boundary;
+        *plen = derlen - (*ndef_aux->boundary - ndef_aux->derbuf);
+
+        return 1;
+        }
diff --git a/src/lib/libcrypto/asn1/x_nx509.c b/src/lib/libcrypto/asn1/x_nx509.c
new file mode 100644
index 0000000000..fbd9a22db3
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_nx509.c
@@ -0,0 +1,72 @@
+/* x_nx509.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stddef.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+/* Old netscape certificate wrapper format */
+
+ASN1_SEQUENCE(NETSCAPE_X509) = {
+        ASN1_SIMPLE(NETSCAPE_X509, header, ASN1_OCTET_STRING),
+        ASN1_OPT(NETSCAPE_X509, cert, X509)
+} ASN1_SEQUENCE_END(NETSCAPE_X509)
+
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_X509)
+