This commit was manufactured by cvs2git to create branch 'unlabeled-1.1.1'.

4 files changed, 879 insertions, 0 deletions

diff --git a/src/lib/libcrypto/x509/x509_att.c b/src/lib/libcrypto/x509/x509_att.c
new file mode 100644
index 0000000000..caafde658f
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_att.c
@@ -0,0 +1,326 @@
+/* crypto/x509/x509_att.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/stack.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
+{
+        if (!x) return 0;
+        return(sk_X509_ATTRIBUTE_num(x));
+}
+
+int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
+                          int lastpos)
+{
+        ASN1_OBJECT *obj;
+
+        obj=OBJ_nid2obj(nid);
+        if (obj == NULL) return(-2);
+        return(X509at_get_attr_by_OBJ(x,obj,lastpos));
+}
+
+int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
+                          int lastpos)
+{
+        int n;
+        X509_ATTRIBUTE *ex;
+
+        if (sk == NULL) return(-1);
+        lastpos++;
+        if (lastpos < 0)
+                lastpos=0;
+        n=sk_X509_ATTRIBUTE_num(sk);
+        for ( ; lastpos < n; lastpos++)
+                {
+                ex=sk_X509_ATTRIBUTE_value(sk,lastpos);
+                if (OBJ_cmp(ex->object,obj) == 0)
+                        return(lastpos);
+                }
+        return(-1);
+}
+
+X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
+{
+        if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
+                return NULL;
+        else
+                return sk_X509_ATTRIBUTE_value(x,loc);
+}
+
+X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
+{
+        X509_ATTRIBUTE *ret;
+
+        if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
+                return(NULL);
+        ret=sk_X509_ATTRIBUTE_delete(x,loc);
+        return(ret);
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
+                                         X509_ATTRIBUTE *attr)
+{
+        X509_ATTRIBUTE *new_attr=NULL;
+        STACK_OF(X509_ATTRIBUTE) *sk=NULL;
+
+        if ((x != NULL) && (*x == NULL))
+                {
+                if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL)
+                        goto err;
+                }
+        else
+                sk= *x;
+
+        if ((new_attr=X509_ATTRIBUTE_dup(attr)) == NULL)
+                goto err2;
+        if (!sk_X509_ATTRIBUTE_push(sk,new_attr))
+                goto err;
+        if ((x != NULL) && (*x == NULL))
+                *x=sk;
+        return(sk);
+err:
+        X509err(X509_F_X509_ADD_ATTR,ERR_R_MALLOC_FAILURE);
+err2:
+        if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr);
+        if (sk != NULL) sk_X509_ATTRIBUTE_free(sk);
+        return(NULL);
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
+                        ASN1_OBJECT *obj, int type,
+                        unsigned char *bytes, int len)
+{
+        X509_ATTRIBUTE *attr;
+        STACK_OF(X509_ATTRIBUTE) *ret;
+        attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
+        if(!attr) return 0;
+        ret = X509at_add1_attr(x, attr);
+        X509_ATTRIBUTE_free(attr);
+        return ret;
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
+                        int nid, int type,
+                        unsigned char *bytes, int len)
+{
+        X509_ATTRIBUTE *attr;
+        STACK_OF(X509_ATTRIBUTE) *ret;
+        attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
+        if(!attr) return 0;
+        ret = X509at_add1_attr(x, attr);
+        X509_ATTRIBUTE_free(attr);
+        return ret;
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
+                        char *attrname, int type,
+                        unsigned char *bytes, int len)
+{
+        X509_ATTRIBUTE *attr;
+        STACK_OF(X509_ATTRIBUTE) *ret;
+        attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
+        if(!attr) return 0;
+        ret = X509at_add1_attr(x, attr);
+        X509_ATTRIBUTE_free(attr);
+        return ret;
+}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
+             int atrtype, void *data, int len)
+{
+        ASN1_OBJECT *obj;
+        X509_ATTRIBUTE *ret;
+
+        obj=OBJ_nid2obj(nid);
+        if (obj == NULL)
+                {
+                X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,X509_R_UNKNOWN_NID);
+                return(NULL);
+                }
+        ret=X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len);
+        if (ret == NULL) ASN1_OBJECT_free(obj);
+        return(ret);
+}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
+             ASN1_OBJECT *obj, int atrtype, void *data, int len)
+{
+        X509_ATTRIBUTE *ret;
+
+        if ((attr == NULL) || (*attr == NULL))
+                {
+                if ((ret=X509_ATTRIBUTE_new()) == NULL)
+                        {
+                        X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
+                        return(NULL);
+                        }
+                }
+        else
+                ret= *attr;
+
+        if (!X509_ATTRIBUTE_set1_object(ret,obj))
+                goto err;
+        if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len))
+                goto err;
+        
+        if ((attr != NULL) && (*attr == NULL)) *attr=ret;
+        return(ret);
+err:
+        if ((attr == NULL) || (ret != *attr))
+                X509_ATTRIBUTE_free(ret);
+        return(NULL);
+}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
+                char *atrname, int type, unsigned char *bytes, int len)
+        {
+        ASN1_OBJECT *obj;
+        X509_ATTRIBUTE *nattr;
+
+        obj=OBJ_txt2obj(atrname, 0);
+        if (obj == NULL)
+                {
+                X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
+                                                X509_R_INVALID_FIELD_NAME);
+                ERR_add_error_data(2, "name=", atrname);
+                return(NULL);
+                }
+        nattr = X509_ATTRIBUTE_create_by_OBJ(attr,obj,type,bytes,len);
+        ASN1_OBJECT_free(obj);
+        return nattr;
+        }
+
+int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj)
+{
+        if ((attr == NULL) || (obj == NULL))
+                return(0);
+        ASN1_OBJECT_free(attr->object);
+        attr->object=OBJ_dup(obj);
+        return(1);
+}
+
+int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int len)
+{
+        ASN1_TYPE *ttmp;
+        ASN1_STRING *stmp;
+        int atype;
+        if (!attr) return 0;
+        if(attrtype & MBSTRING_FLAG) {
+                stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
+                                                OBJ_obj2nid(attr->object));
+                if(!stmp) {
+                        X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
+                        return 0;
+                }
+                atype = stmp->type;
+        } else {
+                if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err;
+                if(!ASN1_STRING_set(stmp, data, len)) goto err;
+                atype = attrtype;
+        }
+        if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
+        if(!(ttmp = ASN1_TYPE_new())) goto err;
+        if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
+        attr->set = 1;
+        ASN1_TYPE_set(ttmp, atype, stmp);
+        return 1;
+        err:
+        X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
+        return 0;
+}
+
+int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
+{
+        if(attr->set) return sk_ASN1_TYPE_num(attr->value.set);
+        if(attr->value.single) return 1;
+        return 0;
+}
+
+ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
+{
+        if (attr == NULL) return(NULL);
+        return(attr->object);
+}
+
+void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
+                                        int atrtype, void *data)
+{
+        ASN1_TYPE *ttmp;
+        ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
+        if(!ttmp) return NULL;
+        if(atrtype != ASN1_TYPE_get(ttmp)){
+                X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
+                return NULL;
+        }
+        return ttmp->value.ptr;
+}
+
+ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
+{
+        if (attr == NULL) return(NULL);
+        if(idx >= X509_ATTRIBUTE_count(attr)) return NULL;
+        if(attr->set) return sk_ASN1_TYPE_value(attr->value.set, idx);
+        else return attr->value.single;
+}
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
new file mode 100644
index 0000000000..9f7d67952d
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -0,0 +1,263 @@
+/* x509_trs.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509v3.h>
+
+
+static int tr_cmp(X509_TRUST **a, X509_TRUST **b);
+static void trtable_free(X509_TRUST *p);
+
+static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
+static int trust_any(X509_TRUST *trust, X509 *x, int flags);
+
+static int obj_trust(int id, X509 *x, int flags);
+static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
+
+/* WARNING: the following table should be kept in order of trust
+ * and without any gaps so we can just subtract the minimum trust
+ * value to get an index into the table
+ */
+
+static X509_TRUST trstandard[] = {
+{X509_TRUST_ANY, 0, trust_any, "Any", 0, NULL},
+{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
+{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Client", NID_server_auth, NULL},
+{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
+};
+
+#define X509_TRUST_COUNT        (sizeof(trstandard)/sizeof(X509_TRUST))
+
+IMPLEMENT_STACK_OF(X509_TRUST)
+
+static STACK_OF(X509_TRUST) *trtable = NULL;
+
+static int tr_cmp(X509_TRUST **a, X509_TRUST **b)
+{
+        return (*a)->trust - (*b)->trust;
+}
+
+int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
+{
+int (*oldtrust)(int , X509 *, int);
+oldtrust = default_trust;
+default_trust = trust;
+return oldtrust;
+}
+
+
+int X509_check_trust(X509 *x, int id, int flags)
+{
+        X509_TRUST *pt;
+        int idx;
+        if(id == -1) return 1;
+        if(!(idx = X509_TRUST_get_by_id(id)))
+                        return default_trust(id, x, flags);
+        pt = X509_TRUST_get0(idx);
+        return pt->check_trust(pt, x, flags);
+}
+
+int X509_TRUST_get_count(void)
+{
+        if(!trtable) return X509_TRUST_COUNT;
+        return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
+}
+
+X509_TRUST * X509_TRUST_get0(int idx)
+{
+        if(idx < 0) return NULL;
+        if(idx < X509_TRUST_COUNT) return trstandard + idx;
+        return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
+}
+
+int X509_TRUST_get_by_id(int id)
+{
+        X509_TRUST tmp;
+        int idx;
+        if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
+                                 return id - X509_TRUST_MIN;
+        tmp.trust = id;
+        if(!trtable) return -1;
+        idx = sk_X509_TRUST_find(trtable, &tmp);
+        if(idx == -1) return -1;
+        return idx + X509_TRUST_COUNT;
+}
+
+int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
+                                        char *name, int arg1, void *arg2)
+{
+        int idx;
+        X509_TRUST *trtmp;
+        /* This is set according to what we change: application can't set it */
+        flags &= ~X509_TRUST_DYNAMIC;
+        /* This will always be set for application modified trust entries */
+        flags |= X509_TRUST_DYNAMIC_NAME;
+        /* Get existing entry if any */
+        idx = X509_TRUST_get_by_id(id);
+        /* Need a new entry */
+        if(idx == -1) {
+                if(!(trtmp = Malloc(sizeof(X509_TRUST)))) {
+                        X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
+                        return 0;
+                }
+                trtmp->flags = X509_TRUST_DYNAMIC;
+        } else trtmp = X509_TRUST_get0(idx);
+
+        /* Free existing name if dynamic */
+        if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) Free(trtmp->name);
+        /* dup supplied name */
+        if(!(trtmp->name = BUF_strdup(name))) {
+                X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        /* Keep the dynamic flag of existing entry */
+        trtmp->flags &= X509_TRUST_DYNAMIC;
+        /* Set all other flags */
+        trtmp->flags |= flags;
+
+        trtmp->trust = id;
+        trtmp->check_trust = ck;
+        trtmp->arg1 = arg1;
+        trtmp->arg2 = arg2;
+
+        /* If its a new entry manage the dynamic table */
+        if(idx == -1) {
+                if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {
+                        X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
+                        return 0;
+                }
+                if (!sk_X509_TRUST_push(trtable, trtmp)) {
+                        X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
+                        return 0;
+                }
+        }
+        return 1;
+}
+
+static void trtable_free(X509_TRUST *p)
+        {
+        if(!p) return;
+        if (p->flags & X509_TRUST_DYNAMIC) 
+                {
+                if (p->flags & X509_TRUST_DYNAMIC_NAME)
+                        Free(p->name);
+                Free(p);
+                }
+        }
+
+void X509_TRUST_cleanup(void)
+{
+        int i;
+        for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i);
+        sk_X509_TRUST_pop_free(trtable, trtable_free);
+        trtable = NULL;
+}
+
+int X509_TRUST_get_flags(X509_TRUST *xp)
+{
+        return xp->flags;
+}
+
+char *X509_TRUST_get0_name(X509_TRUST *xp)
+{
+        return xp->name;
+}
+
+int X509_TRUST_get_trust(X509_TRUST *xp)
+{
+        return xp->trust;
+}
+
+static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
+{
+        if(x->aux) return obj_trust(trust->arg1, x, flags);
+        /* we don't have any trust settings: for compatibility
+         * we return trusted if it is self signed
+         */
+        X509_check_purpose(x, -1, 0);
+        if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED;
+        else return X509_TRUST_UNTRUSTED;
+}
+
+static int obj_trust(int id, X509 *x, int flags)
+{
+        ASN1_OBJECT *obj;
+        int i;
+        X509_CERT_AUX *ax;
+        ax = x->aux;
+        if(!ax) return X509_TRUST_UNTRUSTED;
+        if(ax->reject) {
+                for(i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
+                        obj = sk_ASN1_OBJECT_value(ax->reject, i);
+                        if(OBJ_obj2nid(obj) == id) return X509_TRUST_REJECTED;
+                }
+        }       
+        if(ax->trust) {
+                for(i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
+                        obj = sk_ASN1_OBJECT_value(ax->trust, i);
+                        if(OBJ_obj2nid(obj) == id) return X509_TRUST_TRUSTED;
+                }
+        }
+        return X509_TRUST_UNTRUSTED;
+}
+
+static int trust_any(X509_TRUST *trust, X509 *x, int flags)
+{
+        return X509_TRUST_TRUSTED;
+}
diff --git a/src/lib/libcrypto/x509/x509cset.c b/src/lib/libcrypto/x509/x509cset.c
new file mode 100644
index 0000000000..6cac440ea9
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509cset.c
@@ -0,0 +1,169 @@
+/* crypto/x509/x509cset.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+int X509_CRL_set_version(X509_CRL *x, long version)
+        {
+        if (x == NULL) return(0);
+        if (x->crl->version == NULL)
+                {
+                if ((x->crl->version=M_ASN1_INTEGER_new()) == NULL)
+                        return(0);
+                }
+        return(ASN1_INTEGER_set(x->crl->version,version));
+        }
+
+int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
+        {
+        if ((x == NULL) || (x->crl == NULL)) return(0);
+        return(X509_NAME_set(&x->crl->issuer,name));
+        }
+
+
+int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm)
+        {
+        ASN1_TIME *in;
+
+        if (x == NULL) return(0);
+        in=x->crl->lastUpdate;
+        if (in != tm)
+                {
+                in=M_ASN1_TIME_dup(tm);
+                if (in != NULL)
+                        {
+                        M_ASN1_TIME_free(x->crl->lastUpdate);
+                        x->crl->lastUpdate=in;
+                        }
+                }
+        return(in != NULL);
+        }
+
+int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm)
+        {
+        ASN1_TIME *in;
+
+        if (x == NULL) return(0);
+        in=x->crl->nextUpdate;
+        if (in != tm)
+                {
+                in=M_ASN1_TIME_dup(tm);
+                if (in != NULL)
+                        {
+                        M_ASN1_TIME_free(x->crl->nextUpdate);
+                        x->crl->nextUpdate=in;
+                        }
+                }
+        return(in != NULL);
+        }
+
+int X509_CRL_sort(X509_CRL *c)
+        {
+        int i;
+        X509_REVOKED *r;
+        /* sort the data so it will be written in serial
+         * number order */
+        sk_X509_REVOKED_sort(c->crl->revoked);
+        for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++)
+                {
+                r=sk_X509_REVOKED_value(c->crl->revoked,i);
+                r->sequence=i;
+                }
+        return 1;
+        }
+
+int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
+        {
+        ASN1_TIME *in;
+
+        if (x == NULL) return(0);
+        in=x->revocationDate;
+        if (in != tm)
+                {
+                in=M_ASN1_TIME_dup(tm);
+                if (in != NULL)
+                        {
+                        M_ASN1_TIME_free(x->revocationDate);
+                        x->revocationDate=in;
+                        }
+                }
+        return(in != NULL);
+        }
+
+int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
+        {
+        ASN1_INTEGER *in;
+
+        if (x == NULL) return(0);
+        in=x->serialNumber;
+        if (in != serial)
+                {
+                in=M_ASN1_INTEGER_dup(serial);
+                if (in != NULL)
+                        {
+                        M_ASN1_INTEGER_free(x->serialNumber);
+                        x->serialNumber=in;
+                        }
+                }
+        return(in != NULL);
+        }
diff --git a/src/lib/libcrypto/x509/x509spki.c b/src/lib/libcrypto/x509/x509spki.c
new file mode 100644
index 0000000000..b35c3f92e7
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509spki.c
@@ -0,0 +1,121 @@
+/* x509spki.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1_mac.h>
+
+int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
+{
+        if ((x == NULL) || (x->spkac == NULL)) return(0);
+        return(X509_PUBKEY_set(&(x->spkac->pubkey),pkey));
+}
+
+EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x)
+{
+        if ((x == NULL) || (x->spkac == NULL))
+                return(NULL);
+        return(X509_PUBKEY_get(x->spkac->pubkey));
+}
+
+/* Load a Netscape SPKI from a base64 encoded string */
+
+NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)
+{
+        unsigned char *spki_der, *p;
+        int spki_len;
+        NETSCAPE_SPKI *spki;
+        if(len <= 0) len = strlen(str);
+        if (!(spki_der = Malloc(len + 1))) {
+                X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
+        if(spki_len < 0) {
+                X509err(X509_F_NETSCAPE_SPKI_B64_DECODE,
+                                                X509_R_BASE64_DECODE_ERROR);
+                Free(spki_der);
+                return NULL;
+        }
+        p = spki_der;
+        spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
+        Free(spki_der);
+        return spki;
+}
+
+/* Generate a base64 encoded string from an SPKI */
+
+char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
+{
+        unsigned char *der_spki, *p;
+        char *b64_str;
+        int der_len;
+        der_len = i2d_NETSCAPE_SPKI(spki, NULL);
+        der_spki = Malloc(der_len);
+        b64_str = Malloc(der_len * 2);
+        if(!der_spki || !b64_str) {
+                X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        p = der_spki;
+        i2d_NETSCAPE_SPKI(spki, &p);
+        EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
+        Free(der_spki);
+        return b64_str;
+}