This commit was manufactured by cvs2git to create tag 'SSLeay_0_9_0b'.SSLeay_0_9_0b

11 files changed, 1144 insertions, 0 deletions

diff --git a/src/lib/libcrypto/x509/Makefile.ssl b/src/lib/libcrypto/x509/Makefile.ssl
new file mode 100644
index 0000000000..1c1ca2ffa0
--- /dev/null
+++ b/src/lib/libcrypto/x509/Makefile.ssl
@@ -0,0 +1,96 @@
+#
+# SSLeay/crypto/x509/Makefile
+#
+
+DIR=    x509
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=x509
+ERRC=x509_err
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
+        x509_obj.c x509_req.c x509_vfy.c \
+        x509_set.c x509rset.c $(ERRC).c \
+        x509name.c x509_v3.c x509_ext.c x509pack.c \
+        x509type.c x509_lu.c x_all.c x509_txt.c \
+        by_file.c by_dir.c \
+        v3_net.c v3_x509.c
+LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
+        x509_obj.o x509_req.o x509_vfy.o \
+        x509_set.o x509rset.o $(ERRC).o \
+        x509name.o x509_v3.o x509_ext.o x509pack.o \
+        x509type.o x509_lu.o x_all.o x509_txt.o \
+        by_file.o by_dir.o \
+        v3_net.o v3_x509.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= x509.h x509_vfy.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        sh $(TOP)/util/ranlib.sh $(LIB)
+        @touch lib
+
+files:
+        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        /bin/rm -f Makefile
+        $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+        $(TOP)/util/mklink.sh ../../test $(TEST)
+        $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALLTOP)/include/$$i; \
+        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/x509/attrib b/src/lib/libcrypto/x509/attrib
new file mode 100644
index 0000000000..37f6cd755f
--- /dev/null
+++ b/src/lib/libcrypto/x509/attrib
@@ -0,0 +1,38 @@
+
+PKCS7
+        STACK of X509_ATTRIBUTES
+                ASN1_OBJECT
+                STACK of ASN1_TYPE
+
+So it is
+
+p7.xa[].obj
+p7.xa[].data[]
+
+get_obj_by_nid(STACK , nid)
+get_num_by_nid(STACK , nid)
+get_data_by_nid(STACK , nid, index)
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_new(void );
+void            X509_ATTRIBUTE_free(X509_ATTRIBUTE *a);
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **ex,
+                        int nid, STACK *value);
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **ex,
+                        int nid, STACK *value);
+
+int             X509_ATTRIBUTE_set_object(X509_ATTRIBUTE *ex,ASN1_OBJECT *obj);
+int             X509_ATTRIBUTE_add_data(X509_ATTRIBUTE *ex, int index,
+                        ASN1_TYPE *value);
+
+ASN1_OBJECT *   X509_ATTRIBUTE_get_object(X509_ATTRIBUTE *ex);
+int             X509_ATTRIBUTE_get_num(X509_ATTRIBUTE *ne);
+ASN1_TYPE *     X509_ATTRIBUTE_get_data(X509_ATTRIBUTE *ne,int index);
+
+ASN1_TYPE *     X509_ATTRIBUTE_get_data_by_NID(X509_ATTRIBUTE *ne,
+                        ASN1_OBJECT *obj);
+
+X509_ATTRUBUTE *PKCS7_get_s_att_by_NID(PKCS7 *p7,int nid);
+X509_ATTRUBUTE *PKCS7_get_u_att_by_NID(PKCS7 *p7,int nid);
+
diff --git a/src/lib/libcrypto/x509/v3_net.c b/src/lib/libcrypto/x509/v3_net.c
new file mode 100644
index 0000000000..0c2d276d13
--- /dev/null
+++ b/src/lib/libcrypto/x509/v3_net.c
@@ -0,0 +1,87 @@
+/* crypto/x509/v3_net.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "stack.h"
+#include "cryptlib.h"
+#include "asn1.h"
+#include "objects.h"
+#include "x509.h"
+
+#define NETSCAPE_X509_EXT_NUM   8
+
+static X509_EXTENSION_METHOD netscape_x509_ext[NETSCAPE_X509_EXT_NUM]={
+{NID_netscape_ca_policy_url,    V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
+{NID_netscape_ssl_server_name,  V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
+{NID_netscape_revocation_url,   V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
+{NID_netscape_base_url,V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
+{NID_netscape_cert_type,V_ASN1_BIT_STRING,X509_EXT_PACK_STRING},
+{NID_netscape_ca_revocation_url,V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
+{NID_netscape_renewal_url,V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
+{NID_netscape_comment,V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
+        };
+
+int X509v3_add_netscape_extensions()
+        {
+        int i;
+
+        for (i=0; i<NETSCAPE_X509_EXT_NUM; i++)
+                if (!X509v3_add_extension(&(netscape_x509_ext[i])))
+                        return(0);
+        return(1);
+        }
diff --git a/src/lib/libcrypto/x509/v3_x509.c b/src/lib/libcrypto/x509/v3_x509.c
new file mode 100644
index 0000000000..f685aa4c71
--- /dev/null
+++ b/src/lib/libcrypto/x509/v3_x509.c
@@ -0,0 +1,253 @@
+/* crypto/x509/v3_x509.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "stack.h"
+#include "cryptlib.h"
+#include "bio.h"
+#include "asn1.h"
+#include "objects.h"
+#include "x509.h"
+
+#if 0
+static int i2a_key_usage(BIO *bp, X509 *x);
+static int a2i_key_usage(X509 *x, char *str, int len);
+#endif
+
+int X509v3_get_key_usage(X509 *x);
+int X509v3_set_key_usage(X509 *x,unsigned int use);
+int i2a_X509v3_key_usage(BIO *bp, unsigned int use);
+unsigned int a2i_X509v3_key_usage(char *p);
+
+#define STD_X509_EXT_NUM        9
+
+#if 0
+static X509_OBJECTS std_x509_ext[STD_X509_EXT_NUM]={
+{NID_subject_key_identifier,    NULL,NULL},
+{NID_key_usage,                 a2i_key_usage,i2a_key_usage}, /**/
+{NID_private_key_usage_period,  NULL,NULL},
+{NID_subject_alt_name,          NULL,NULL},
+{NID_issuer_alt_name,           NULL,NULL},
+{NID_basic_constraints,         NULL,NULL},
+{NID_crl_number,                NULL,NULL},
+{NID_certificate_policies,      NULL,NULL},
+{NID_authority_key_identifier,  NULL,NULL},
+        };
+#endif
+
+int X509v3_add_standard_extensions()
+        {
+
+#if 0
+        for (i=0; i<STD_X509_EXT_NUM; i++)
+                if (!X509v3_add_extension(&(std_x509_ext[i])))
+                        return(0);
+#endif
+        return(1);
+        }
+
+int X509v3_get_key_usage(x)
+X509 *x;
+        {
+        X509_EXTENSION *ext;
+        ASN1_STRING *st;
+        char *p;
+        int i;
+
+        i=X509_get_ext_by_NID(x,NID_key_usage,-1);
+        if (i < 0) return(X509v3_KU_UNDEF);
+        ext=X509_get_ext(x,i);
+        st=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING,
+                X509_EXTENSION_get_data(X509_get_ext(x,i)));
+
+        p=(char *)ASN1_STRING_data(st);
+        if (ASN1_STRING_length(st) == 1)
+                i=p[0];
+        else if (ASN1_STRING_length(st) == 2)
+                i=p[0]|(p[1]<<8);
+        else
+                i=0;
+        return(i);
+        }
+
+static struct
+        {
+        char *name;
+        unsigned int value;
+        } key_usage_data[] ={
+        {"digitalSignature",    X509v3_KU_DIGITAL_SIGNATURE},
+        {"nonRepudiation",      X509v3_KU_NON_REPUDIATION},
+        {"keyEncipherment",     X509v3_KU_KEY_ENCIPHERMENT},
+        {"dataEncipherment",    X509v3_KU_DATA_ENCIPHERMENT},
+        {"keyAgreement",        X509v3_KU_KEY_AGREEMENT},
+        {"keyCertSign",         X509v3_KU_KEY_CERT_SIGN},
+        {"cRLSign",             X509v3_KU_CRL_SIGN},
+        {"encipherOnly",        X509v3_KU_ENCIPHER_ONLY},
+        {"decipherOnly",        X509v3_KU_DECIPHER_ONLY},
+        {NULL,0},
+        };
+
+#if 0
+static int a2i_key_usage(x,str,len)
+X509 *x;
+char *str;
+int len;
+        {
+        return(X509v3_set_key_usage(x,a2i_X509v3_key_usage(str)));
+        }
+
+static int i2a_key_usage(bp,x)
+BIO *bp;
+X509 *x;
+        {
+        return(i2a_X509v3_key_usage(bp,X509v3_get_key_usage(x)));
+        }
+#endif
+
+int i2a_X509v3_key_usage(bp,use)
+BIO *bp;
+unsigned int use;
+        {
+        int i=0,first=1;
+
+        for (;;)
+                {
+                if (use | key_usage_data[i].value)
+                        {
+                        BIO_printf(bp,"%s%s",((first)?"":" "),
+                                key_usage_data[i].name);
+                        first=0;
+                        }
+                }
+        return(1);
+        }
+
+unsigned int a2i_X509v3_key_usage(p)
+char *p;
+        {
+        unsigned int ret=0;
+        char *q,*s;
+        int i,n;
+
+        q=p;
+        for (;;)
+                {
+                while ((*q != '\0') && isalnum(*q))
+                        q++;
+                if (*q == '\0') break;
+                s=q++;
+                while (isalnum(*q))
+                        q++;
+                n=q-s;
+                i=0;
+                for (;;)
+                        {
+                        if (strncmp(key_usage_data[i].name,s,n) == 0)
+                                {
+                                ret|=key_usage_data[i].value;
+                                break;
+                                }
+                        i++;
+                        if (key_usage_data[i].name == NULL)
+                                return(X509v3_KU_UNDEF);
+                        }
+                }
+        return(ret);
+        }
+
+int X509v3_set_key_usage(x,use)
+X509 *x;
+unsigned int use;
+        {
+        ASN1_OCTET_STRING *os;
+        X509_EXTENSION *ext;
+        int i;
+        unsigned char data[4];
+
+        i=X509_get_ext_by_NID(x,NID_key_usage,-1);
+        if (i < 0)
+                {
+                i=X509_get_ext_count(x)+1;
+                if ((ext=X509_EXTENSION_new()) == NULL) return(0);
+                if (!X509_add_ext(x,ext,i))
+                        {
+                        X509_EXTENSION_free(ext);
+                        return(0);
+                        }
+                }
+        else
+                ext=X509_get_ext(x,i);
+
+        /* fill in 'ext' */
+        os=X509_EXTENSION_get_data(ext);
+
+        i=0;
+        if (use > 0)
+                {
+                i=1;
+                data[0]=use&0xff;
+                }
+        if (use > 0xff)
+                {
+                i=2;
+                data[1]=(use>>8)&0xff;
+                }
+        return((X509v3_pack_string(&os,V_ASN1_BIT_STRING,data,i) == NULL)?0:1);
+        }
+
diff --git a/src/lib/libcrypto/x509/x509.doc b/src/lib/libcrypto/x509/x509.doc
new file mode 100644
index 0000000000..73cfc9f034
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509.doc
@@ -0,0 +1,27 @@
+X509_verify()
+X509_sign()
+
+X509_get_version()
+X509_get_serialNumber()
+X509_get_issuer()
+X509_get_subject()
+X509_get_notBefore()
+X509_get_notAfter()
+X509_get_pubkey()
+
+X509_set_version()
+X509_set_serialNumber()
+X509_set_issuer()
+X509_set_subject()
+X509_set_notBefore()
+X509_set_notAfter()
+X509_set_pubkey()
+
+X509_get_extensions()
+X509_set_extensions()
+
+X509_EXTENSIONS_clear()
+X509_EXTENSIONS_retrieve()
+X509_EXTENSIONS_add()
+X509_EXTENSIONS_delete()
+
diff --git a/src/lib/libcrypto/x509/x509.err b/src/lib/libcrypto/x509/x509.err
new file mode 100644
index 0000000000..8d0862d7d1
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509.err
@@ -0,0 +1,46 @@
+/* Error codes for the X509 functions. */
+
+/* Function codes. */
+#define X509_F_ADD_CERT_DIR                              100
+#define X509_F_BY_FILE_CTRL                              101
+#define X509_F_DIR_CTRL                                  102
+#define X509_F_GET_CERT_BY_SUBJECT                       103
+#define X509_F_X509V3_ADD_EXT                            104
+#define X509_F_X509V3_ADD_EXTENSION                      105
+#define X509_F_X509V3_PACK_STRING                        106
+#define X509_F_X509V3_UNPACK_STRING                      107
+#define X509_F_X509_EXTENSION_CREATE_BY_NID              108
+#define X509_F_X509_EXTENSION_CREATE_BY_OBJ              109
+#define X509_F_X509_GET_PUBKEY_PARAMETERS                110
+#define X509_F_X509_LOAD_CERT_FILE                       111
+#define X509_F_X509_LOAD_CRL_FILE                        112
+#define X509_F_X509_NAME_ADD_ENTRY                       113
+#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID             114
+#define X509_F_X509_NAME_ENTRY_SET_OBJECT                115
+#define X509_F_X509_NAME_ONELINE                         116
+#define X509_F_X509_NAME_PRINT                           117
+#define X509_F_X509_PRINT_FP                             118
+#define X509_F_X509_PUBKEY_GET                           119
+#define X509_F_X509_PUBKEY_SET                           120
+#define X509_F_X509_REQ_PRINT                            121
+#define X509_F_X509_REQ_PRINT_FP                         122
+#define X509_F_X509_REQ_TO_X509                          123
+#define X509_F_X509_STORE_ADD_CERT                       124
+#define X509_F_X509_STORE_ADD_CRL                        125
+#define X509_F_X509_TO_X509_REQ                          126
+#define X509_F_X509_VERIFY_CERT                          127
+
+/* Reason codes. */
+#define X509_R_BAD_X509_FILETYPE                         100
+#define X509_R_CERT_ALREADY_IN_HASH_TABLE                101
+#define X509_R_ERR_ASN1_LIB                              102
+#define X509_R_LOADING_CERT_DIR                          103
+#define X509_R_LOADING_DEFAULTS                          104
+#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY              105
+#define X509_R_SHOULD_RETRY                              106
+#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN        107
+#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY            108
+#define X509_R_UNKNOWN_NID                               109
+#define X509_R_UNKNOWN_STRING_TYPE                       110
+#define X509_R_UNSUPPORTED_ALGORITHM                     111
+#define X509_R_WRONG_LOOKUP_TYPE                         112
diff --git a/src/lib/libcrypto/x509/x509pack.c b/src/lib/libcrypto/x509/x509pack.c
new file mode 100644
index 0000000000..846f125859
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509pack.c
@@ -0,0 +1,157 @@
+/* crypto/x509/x509pack.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "stack.h"
+#include "cryptlib.h"
+#include "asn1.h"
+#include "objects.h"
+#include "evp.h"
+#include "x509.h"
+
+ASN1_OCTET_STRING *X509v3_pack_string(ex,type,bytes,len)
+ASN1_OCTET_STRING **ex;
+int type;
+unsigned char *bytes;
+int len;
+        {
+        ASN1_OCTET_STRING *os;
+        ASN1_STRING str;
+        unsigned char *p;
+        int i;
+
+        if ((ex == NULL) || (*ex == NULL))
+                os=ASN1_OCTET_STRING_new();
+        else
+                os= *ex;
+
+        if (len < 0) len=strlen((char *)bytes);
+        str.length=len;
+        str.type=type;
+        str.data=bytes;
+
+        /* str now holds the data, we just have to copy it into ->value */
+
+        switch (type)
+                {
+        case V_ASN1_BIT_STRING:
+                i=i2d_ASN1_BIT_STRING((ASN1_BIT_STRING *)&str,NULL);
+                if (!ASN1_STRING_set((ASN1_STRING *)os,NULL,i))
+                        goto err;
+                p=(unsigned char *)os->data;
+                i2d_ASN1_BIT_STRING((ASN1_BIT_STRING *)&str,&p);
+                break;
+        case V_ASN1_OCTET_STRING:
+                i=i2d_ASN1_OCTET_STRING((ASN1_OCTET_STRING *)&str,NULL);
+                if (!ASN1_STRING_set((ASN1_STRING *)os,NULL,i))
+                        goto err;
+                p=(unsigned char *)os->data;
+                i2d_ASN1_OCTET_STRING((ASN1_OCTET_STRING *)&str,&p);
+                break;
+        case V_ASN1_IA5STRING:
+        case V_ASN1_PRINTABLESTRING:
+        case V_ASN1_T61STRING:
+                i=i2d_ASN1_bytes(&str,NULL,type,V_ASN1_UNIVERSAL);
+                if (!ASN1_STRING_set((ASN1_STRING *)os,NULL,i))
+                        goto err;
+                p=(unsigned char *)os->data;
+                i=i2d_ASN1_bytes(&str,&p,type,V_ASN1_UNIVERSAL);
+                break;
+        default:
+                X509err(X509_F_X509V3_PACK_STRING,X509_R_UNKNOWN_STRING_TYPE);
+                goto err;
+                }
+        os->length=i;
+
+        if ((ex != NULL) && (os != *ex))
+                *ex=os;
+        return(os);
+err:
+        return(NULL);
+        }
+
+ASN1_STRING *X509v3_unpack_string(ex,type,os)
+ASN1_STRING **ex;
+int type;
+ASN1_OCTET_STRING *os;
+        {
+        unsigned char *p;
+        ASN1_STRING *ret=NULL;
+
+        p=os->data;
+        switch (type)
+                {
+        case V_ASN1_BIT_STRING:
+                ret=(ASN1_STRING *)d2i_ASN1_BIT_STRING(
+                        (ASN1_BIT_STRING **)ex,&p,os->length);
+                break;
+        case V_ASN1_OCTET_STRING:
+                ret=(ASN1_STRING *)d2i_ASN1_OCTET_STRING(
+                        (ASN1_BIT_STRING **)ex,&p,os->length);
+                break;
+        case V_ASN1_IA5STRING:
+        case V_ASN1_PRINTABLESTRING:
+        case V_ASN1_T61STRING:
+                ret=(ASN1_STRING *)d2i_ASN1_PRINTABLE(ex,&p,os->length);
+                break;
+        default:
+                X509err(X509_F_X509V3_UNPACK_STRING,X509_R_UNKNOWN_STRING_TYPE);
+                }
+        return(ret);
+        }
+
diff --git a/src/lib/libcrypto/x509/x509v3.doc b/src/lib/libcrypto/x509/x509v3.doc
new file mode 100644
index 0000000000..1e760a9469
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509v3.doc
@@ -0,0 +1,24 @@
+The 'new' system.
+
+The X509_EXTENSION_METHOD includes extensions and attributes and/or names. 
+Basically everthing that can be added to an X509 with an OID identifying it.
+
+It operates via 2 methods per object id.
+int a2i_XXX(X509 *x,char *str,int len);
+int i2a_XXX(BIO *bp,X509 *x);
+
+The a2i_XXX function will add the object with a value converted from the
+string into the X509.  Len can be -1 in which case the length is calculated
+via strlen(str).   Applications can always use direct knowledge to load and
+unload the relevent objects themselves.
+
+i2a_XXX will print to the passed BIO, a text representation of the
+relevet object.  Use a memory BIO if you want it printed to a buffer :-).
+
+X509_add_by_NID(X509 *x,int nid,char *str,int len);
+X509_add_by_OBJ(X509 *x,ASN1_OBJECT *obj,char *str,int len);
+
+X509_print_by_name(BIO *bp,X509 *x);
+X509_print_by_NID(BIO *bp,X509 *x);
+X509_print_by_OBJ(BIO *bp,X509 *x);
+
diff --git a/src/lib/libcrypto/x509v3/format b/src/lib/libcrypto/x509v3/format
new file mode 100644
index 0000000000..3307978121
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/format
@@ -0,0 +1,92 @@
+AuthorityKeyIdentifier
+        {
+        keyIdentifier           [0] OCTET_STRING        OPTIONAL
+        authorityCertIssuer     [1] GeneralNames        OPTIONAL
+        authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL
+        }
+
+SubjectKeyIdentifier    OCTET_STRING
+
+KeyUsage
+        {
+        BIT_STRING
+                digitalSignature        0
+                nonRepudiation          1
+                keyEncipherment         2
+                dataEncipherment        3
+                keyAgreement            4
+                keyCertSign             5
+                cRLSign                 6
+                encipherOnly            7
+                decipherOnly            8
+        }
+
+extKeyUsage
+        {
+        SEQUENCE of OBJECT_IDENTIFIER
+        }
+
+privateKeyUsagePeriod
+        {
+        notBefore       [0]     GeneralizedTime OPTIONAL
+        notAfter        [1]     GeneralizedTime OPTIONAL
+        }
+
+certificatePoliciesSyntax
+        SEQUENCE of PoliciesInformation
+
+PoliciesInformation     XXX
+policyMappings          XXX
+supportedAlgorithms     XXX
+
+subjectAltName
+        GeneralNames sequence of GeneralName
+
+GeneralName
+        {
+        otherName       [0] INSTANCE OF OTHER-NAME
+        rfc882Name      [1] IA5String
+        dNSName         [2] IA5String
+        x400Address     [3] ORAddress
+        directoryName   [4] Name
+        ediPartyName    [5] 
+                                {
+                                nameAssigner    [0] DirectoryString OPTIONAL
+                                partyName       [1] DirectoryString
+                                }
+        uniformResourceIdentifier [6] IA5String
+        iPAddress       [7] OCTET_STRING
+        registeredID    [8] OBJECT_IDENTIFIER
+        }
+
+issuerAltName
+        GeneralNames sequence of GeneralName
+
+subjectDirectoryAttribute SEQUENCE of Attribute
+
+basicConstraints
+        {
+        cA                      BOOLEAN default FALSE
+        pathLenConstraint       INTEGER OPTIONAL
+        }
+
+nameConstraints
+        {
+        permittedSubtrees [0] sequence of GeneralSubtree OPTIONAL
+        excludedSubtrees [1] sequence of GeneralSubtree OPTIONAL
+        }
+
+GeneralSubtree
+        {
+        base    GeneralName
+        minimum [0] BaseDistance DEFAULT 0
+        maximum [1] BaseDistance OPTIONAL
+        }
+
+PolicyConstraints
+        {
+        requiredExplicitPolicy  [0] SkipCerts OPTIONAL
+        inhibitPolicyMapping    [1] SkipCerts OPTIONAL
+        }
+SkipCerts == INTEGER
+
diff --git a/src/lib/libcrypto/x509v3/header b/src/lib/libcrypto/x509v3/header
new file mode 100644
index 0000000000..3d791ca3dd
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/header
@@ -0,0 +1,6 @@
+int             a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size)
+int             i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
+int             i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp)
+ASN1_INTEGER *  d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,long length)
+
+
diff --git a/src/lib/libcrypto/x509v3/v3_ku.c b/src/lib/libcrypto/x509v3/v3_ku.c
new file mode 100644
index 0000000000..87c7402f43
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_ku.c
@@ -0,0 +1,318 @@
+/* crypto/x509v3/v3_ku.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "stack.h"
+#include "cryptlib.h"
+#include "bio.h"
+#include "asn1.h"
+#include "objects.h"
+#include "x509.h"
+
+X509_EXTENSION_METHOD X509v3_key_usage_method=
+        {
+        NID_key_usage,
+        ku_clear,
+        ex_get_bool,
+        ex_set_bool,
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        ku_a2i,
+        ku_i2a,
+        };
+
+static void ku_clear(a)
+X509_EXTENSION *a;
+        {
+        }
+
+static int ku_expand(a)
+X509_EXTENSION *a;
+        {
+        ASN1_BIT_STRING *bs;
+
+        if (a->argp == NULL)
+                {
+                bs=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING,value);
+                if (bs == NULL) return(0);
+                a->argp=(char *)bs;
+                a->ex_free=ASN1_STRING_free;
+                }
+        return(1);
+        }
+
+static int ku_get_bool(a,num)
+X509_EXTENSION *a;
+int num;
+        {
+        int ret;
+        ASN1_BIT_STRING *bs;
+
+        if ((a->argp == NULL) && !ku_expand(a))
+                return(-1);
+        bs=(ASN1_BIT_STRING *)a->argp;
+        ret=ASN1_BIT_STRING_get_bit(bs,num);
+        return(ret);
+        }
+
+static int ku_set_bool(a,num,value)
+X509_EXTENSION *a;
+int num;
+int value;
+        {
+        ASN1_BIT_STRING *a;
+
+        if ((a->argp == NULL) && !ku_expand(a))
+                return(0);
+        bs=(ASN1_BIT_STRING *)a->argp;
+        ret=ASN1_BIT_STRING_set_bit(bs,num,value);
+        }
+
+static int ku_a2i(bio,a,buf,len)
+BIO *bio;
+X509_EXTENSION *a;
+char *buf;
+int len;
+        {
+        get token
+        }
+
+static char ku_names[X509v3_N_KU_NUM]={
+        X509v3_S_KU_digitalSignature,
+        X509v3_S_KU_nonRepudiation,
+        X509v3_S_KU_keyEncipherment,
+        X509v3_S_KU_dataEncipherment,
+        X509v3_S_KU_keyAgreement,
+        X509v3_S_KU_keyCertSign,
+        X509v3_S_KU_cRLSign,
+        X509v3_S_KU_encipherOnly,
+        X509v3_S_KU_decipherOnly,
+        };
+
+static int ku_i2a(bio,a);
+BIO *bio;
+X509_EXTENSION *a;
+        {
+        int i,first=1;
+        char *c;
+
+        for (i=0; i<X509v3_N_KU_NUM; i++)
+                {
+                if (ku_get_bool(a,i) > 0)
+                        {
+                        BIO_printf(bio,"%s%s",((first)?"":" "),ku_names[i]);
+                        first=0;
+                        }
+                }
+        }
+
+/***********************/
+
+int X509v3_get_key_usage(x,ret)
+STACK *x;
+unsigned long *ret;
+        {
+        X509_EXTENSION *ext;
+        ASN1_STRING *st;
+        char *p;
+        int i;
+
+        i=X509_get_ext_by_NID(x,NID_key_usage,-1);
+        if (i < 0) return(X509v3_KU_UNDEF);
+        ext=X509_get_ext(x,i);
+        st=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING,
+                X509_EXTENSION_get_data(X509_get_ext(x,i)));
+
+        p=ASN1_STRING_data(st);
+        if (ASN1_STRING_length(st) == 1)
+                i=p[0];
+        else if (ASN1_STRING_length(st) == 2)
+                i=p[0]|(p[1]<<8);
+        else
+                i=0;
+        return(i);
+        }
+
+static struct
+        {
+        char *name;
+        unsigned int value;
+        } key_usage_data[] ={
+        {"digitalSignature",    X509v3_KU_DIGITAL_SIGNATURE},
+        {"nonRepudiation",      X509v3_KU_NON_REPUDIATION},
+        {"keyEncipherment",     X509v3_KU_KEY_ENCIPHERMENT},
+        {"dataEncipherment",    X509v3_KU_DATA_ENCIPHERMENT},
+        {"keyAgreement",        X509v3_KU_KEY_AGREEMENT},
+        {"keyCertSign",         X509v3_KU_KEY_CERT_SIGN},
+        {"cRLSign",             X509v3_KU_CRL_SIGN},
+        {"encipherOnly",        X509v3_KU_ENCIPHER_ONLY},
+        {"decipherOnly",        X509v3_KU_DECIPHER_ONLY},
+        {NULL,0},
+        };
+
+#if 0
+static int a2i_key_usage(x,str,len)
+X509 *x;
+char *str;
+int len;
+        {
+        return(X509v3_set_key_usage(x,a2i_X509v3_key_usage(str)));
+        }
+
+static int i2a_key_usage(bp,x)
+BIO *bp;
+X509 *x;
+        {
+        return(i2a_X509v3_key_usage(bp,X509v3_get_key_usage(x)));
+        }
+#endif
+
+int i2a_X509v3_key_usage(bp,use)
+BIO *bp;
+unsigned int use;
+        {
+        int i=0,first=1;
+
+        for (;;)
+                {
+                if (use | key_usage_data[i].value)
+                        {
+                        BIO_printf(bp,"%s%s",((first)?"":" "),
+                                key_usage_data[i].name);
+                        first=0;
+                        }
+                }
+        return(1);
+        }
+
+unsigned int a2i_X509v3_key_usage(p)
+char *p;
+        {
+        unsigned int ret=0;
+        char *q,*s;
+        int i,n;
+
+        q=p;
+        for (;;)
+                {
+                while ((*q != '\0') && isalnum(*q))
+                        q++;
+                if (*q == '\0') break;
+                s=q++;
+                while (isalnum(*q))
+                        q++;
+                n=q-s;
+                i=0;
+                for (;;)
+                        {
+                        if (strncmp(key_usage_data[i].name,s,n) == 0)
+                                {
+                                ret|=key_usage_data[i].value;
+                                break;
+                                }
+                        i++;
+                        if (key_usage_data[i].name == NULL)
+                                return(X509v3_KU_UNDEF);
+                        }
+                }
+        return(ret);
+        }
+
+int X509v3_set_key_usage(x,use)
+X509 *x;
+unsigned int use;
+        {
+        ASN1_OCTET_STRING *os;
+        X509_EXTENSION *ext;
+        int i;
+        unsigned char data[4];
+
+        i=X509_get_ext_by_NID(x,NID_key_usage,-1);
+        if (i < 0)
+                {
+                i=X509_get_ext_count(x)+1;
+                if ((ext=X509_EXTENSION_new()) == NULL) return(0);
+                if (!X509_add_ext(x,ext,i))
+                        {
+                        X509_EXTENSION_free(ext);
+                        return(0);
+                        }
+                }
+        else
+                ext=X509_get_ext(x,i);
+
+        /* fill in 'ext' */
+        os=X509_EXTENSION_get_data(ext);
+
+        i=0;
+        if (use > 0)
+                {
+                i=1;
+                data[0]=use&0xff;
+                }
+        if (use > 0xff)
+                {
+                i=2;
+                data[1]=(use>>8)&0xff;
+                }
+        return((X509v3_pack_string(&os,V_ASN1_BIT_STRING,data,i) == NULL)?0:1);
+        }
+