82 files changed, 23052 insertions, 0 deletions

diff --git a/src/lib/libcrypto/asn1/Makefile b/src/lib/libcrypto/asn1/Makefile
new file mode 100644
index 0000000000..63066899d0
--- /dev/null
+++ b/src/lib/libcrypto/asn1/Makefile
@@ -0,0 +1,885 @@
+#
+# OpenSSL/crypto/asn1/Makefile
+#
+
+DIR=    asn1
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
+        a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
+        a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
+        x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c \
+        x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
+        d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
+        t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
+        tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
+        f_int.c f_string.c n_pkey.c \
+        f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn_mime.c \
+        asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \
+        evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
+LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
+        a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
+        a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
+        x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o \
+        x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
+        d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
+        t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
+        tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
+        f_int.o f_string.o n_pkey.o \
+        f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o asn_mime.o \
+        asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \
+        evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=  asn1.h asn1_mac.h asn1t.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:   test.c
+        cc -g -I../../include -c test.c
+        cc -g -I../../include -o test test.o -L../.. -lcrypto
+
+pk:     pk.c
+        cc -g -I../../include -c pk.c
+        cc -g -I../../include -o pk pk.o -L../.. -lcrypto
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+a_bitstr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bitstr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_bitstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_bitstr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_bitstr.o: ../../include/openssl/opensslconf.h
+a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_bitstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bitstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bitstr.c
+a_bool.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bool.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_bool.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_bool.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_bool.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_bool.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_bool.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bool.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bool.c
+a_bytes.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_bytes.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_bytes.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_bytes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_bytes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_bytes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_bytes.o: ../cryptlib.h a_bytes.c
+a_d2i_fp.o: ../../e_os.h ../../include/openssl/asn1.h
+a_d2i_fp.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_d2i_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_d2i_fp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_d2i_fp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_d2i_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_d2i_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_d2i_fp.c
+a_digest.o: ../../e_os.h ../../include/openssl/asn1.h
+a_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+a_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+a_digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_digest.o: ../../include/openssl/opensslconf.h
+a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+a_digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_digest.c
+a_dup.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_dup.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_dup.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_dup.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_dup.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_dup.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_dup.o: ../../include/openssl/symhacks.h ../cryptlib.h a_dup.c
+a_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_enum.o: ../cryptlib.h a_enum.c
+a_gentm.o: ../../e_os.h ../../include/openssl/asn1.h
+a_gentm.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_gentm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_gentm.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_gentm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_gentm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_gentm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_gentm.o: ../cryptlib.h ../o_time.h a_gentm.c
+a_hdr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_hdr.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_hdr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_hdr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_hdr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_hdr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_hdr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_hdr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_hdr.c
+a_i2d_fp.o: ../../e_os.h ../../include/openssl/asn1.h
+a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_i2d_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_i2d_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_i2d_fp.o: ../../include/openssl/opensslconf.h
+a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_i2d_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_i2d_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_i2d_fp.c
+a_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_int.o: ../cryptlib.h a_int.c
+a_mbstr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_mbstr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_mbstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_mbstr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_mbstr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_mbstr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_mbstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_mbstr.o: ../cryptlib.h a_mbstr.c
+a_meth.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_meth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_meth.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_meth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_meth.o: ../../include/openssl/symhacks.h ../cryptlib.h a_meth.c
+a_object.o: ../../e_os.h ../../include/openssl/asn1.h
+a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_object.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_object.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_object.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_object.o: ../../include/openssl/symhacks.h ../cryptlib.h a_object.c
+a_octet.o: ../../e_os.h ../../include/openssl/asn1.h
+a_octet.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_octet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_octet.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_octet.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_octet.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_octet.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_octet.o: ../cryptlib.h a_octet.c
+a_print.o: ../../e_os.h ../../include/openssl/asn1.h
+a_print.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_print.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_print.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_print.o: ../cryptlib.h a_print.c
+a_set.o: ../../e_os.h ../../include/openssl/asn1.h
+a_set.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_set.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_set.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_set.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_set.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_set.o: ../../include/openssl/symhacks.h ../cryptlib.h a_set.c
+a_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+a_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+a_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_sign.o: ../cryptlib.h a_sign.c
+a_strex.o: ../../e_os.h ../../include/openssl/asn1.h
+a_strex.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_strex.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+a_strex.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+a_strex.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_strex.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_strex.o: ../cryptlib.h a_strex.c charmap.h
+a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h
+a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_strnid.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_strnid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_strnid.o: ../../include/openssl/opensslconf.h
+a_strnid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_strnid.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_strnid.o: ../../include/openssl/symhacks.h ../cryptlib.h a_strnid.c
+a_time.o: ../../e_os.h ../../include/openssl/asn1.h
+a_time.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_time.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_time.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_time.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_time.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_time.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_time.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_time.c
+a_type.o: ../../e_os.h ../../include/openssl/asn1.h
+a_type.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_type.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_type.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_type.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_type.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_type.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_type.o: ../../include/openssl/symhacks.h ../cryptlib.h a_type.c
+a_utctm.o: ../../e_os.h ../../include/openssl/asn1.h
+a_utctm.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_utctm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_utctm.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_utctm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_utctm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_utctm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_utctm.o: ../cryptlib.h ../o_time.h a_utctm.c
+a_utf8.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_utf8.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_utf8.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_utf8.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_utf8.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_utf8.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_utf8.o: ../../include/openssl/symhacks.h ../cryptlib.h a_utf8.c
+a_verify.o: ../../e_os.h ../../include/openssl/asn1.h
+a_verify.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_verify.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+a_verify.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+a_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+a_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_verify.c
+asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+asn1_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+asn1_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+asn1_err.o: ../../include/openssl/opensslconf.h
+asn1_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_err.o: ../../include/openssl/symhacks.h asn1_err.c
+asn1_gen.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_gen.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+asn1_gen.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+asn1_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+asn1_gen.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+asn1_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+asn1_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+asn1_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+asn1_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_gen.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+asn1_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+asn1_gen.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+asn1_gen.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+asn1_gen.o: ../cryptlib.h asn1_gen.c
+asn1_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+asn1_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+asn1_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn1_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_lib.c
+asn1_par.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_par.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+asn1_par.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+asn1_par.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+asn1_par.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn1_par.o: ../../include/openssl/opensslconf.h
+asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_par.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_par.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_par.c
+asn_mime.o: ../../e_os.h ../../include/openssl/asn1.h
+asn_mime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+asn_mime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+asn_mime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+asn_mime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+asn_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+asn_mime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+asn_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+asn_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+asn_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+asn_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+asn_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+asn_mime.o: ../cryptlib.h asn_mime.c
+asn_moid.o: ../../e_os.h ../../include/openssl/asn1.h
+asn_moid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+asn_moid.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+asn_moid.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+asn_moid.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+asn_moid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn_moid.o: ../../include/openssl/opensslconf.h
+asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+asn_moid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+asn_moid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+asn_moid.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn_moid.c
+asn_pack.o: ../../e_os.h ../../include/openssl/asn1.h
+asn_pack.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+asn_pack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+asn_pack.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+asn_pack.o: ../../include/openssl/opensslconf.h
+asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_pack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn_pack.o: ../../include/openssl/symhacks.h ../cryptlib.h asn_pack.c
+d2i_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+d2i_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+d2i_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+d2i_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+d2i_pr.o: ../cryptlib.h d2i_pr.c
+d2i_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+d2i_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+d2i_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+d2i_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+d2i_pu.o: ../cryptlib.h d2i_pu.c
+evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+evp_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+evp_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_asn1.c
+f_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_enum.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+f_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+f_enum.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+f_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+f_enum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_enum.o: ../../include/openssl/symhacks.h ../cryptlib.h f_enum.c
+f_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_int.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+f_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+f_int.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+f_int.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+f_int.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_int.o: ../../include/openssl/symhacks.h ../cryptlib.h f_int.c
+f_string.o: ../../e_os.h ../../include/openssl/asn1.h
+f_string.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+f_string.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+f_string.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+f_string.o: ../../include/openssl/opensslconf.h
+f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c
+i2d_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+i2d_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+i2d_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+i2d_pr.o: ../cryptlib.h i2d_pr.c
+i2d_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+i2d_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+i2d_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+i2d_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+i2d_pu.o: ../cryptlib.h i2d_pu.c
+n_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h
+n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+n_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+n_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+n_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+n_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+n_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+n_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h n_pkey.c
+nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+nsseq.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+nsseq.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+nsseq.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+nsseq.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+nsseq.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+nsseq.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+nsseq.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+nsseq.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+nsseq.o: ../../include/openssl/x509_vfy.h nsseq.c
+p5_pbe.o: ../../e_os.h ../../include/openssl/asn1.h
+p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+p5_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p5_pbe.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p5_pbe.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p5_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_pbe.o: ../cryptlib.h p5_pbe.c
+p5_pbev2.o: ../../e_os.h ../../include/openssl/asn1.h
+p5_pbev2.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+p5_pbev2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p5_pbev2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p5_pbev2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_pbev2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_pbev2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_pbev2.o: ../cryptlib.h p5_pbev2.c
+p8_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+p8_pkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+p8_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p8_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p8_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p8_pkey.c
+t_bitst.o: ../../e_os.h ../../include/openssl/asn1.h
+t_bitst.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+t_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_bitst.o: ../cryptlib.h t_bitst.c
+t_crl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+t_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_crl.o: ../cryptlib.h t_crl.c
+t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+t_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_pkey.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+t_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_pkey.o: ../cryptlib.h t_pkey.c
+t_req.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+t_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+t_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_req.o: ../cryptlib.h t_req.c
+t_spki.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_spki.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+t_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+t_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_spki.o: ../cryptlib.h t_spki.c
+t_x509.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+t_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+t_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_x509.o: ../cryptlib.h t_x509.c
+t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
+t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+t_x509a.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+t_x509a.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_x509a.o: ../cryptlib.h t_x509a.c
+tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+tasn_dec.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_dec.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tasn_dec.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_dec.o: ../../include/openssl/opensslconf.h
+tasn_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_dec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_dec.o: ../../include/openssl/symhacks.h tasn_dec.c
+tasn_enc.o: ../../e_os.h ../../include/openssl/asn1.h
+tasn_enc.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+tasn_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+tasn_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+tasn_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tasn_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tasn_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h tasn_enc.c
+tasn_fre.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_fre.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+tasn_fre.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h
+tasn_fre.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c
+tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+tasn_new.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+tasn_new.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tasn_new.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c
+tasn_typ.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_typ.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+tasn_typ.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+tasn_typ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_typ.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_typ.o: ../../include/openssl/symhacks.h tasn_typ.c
+tasn_utl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_utl.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+tasn_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+tasn_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tasn_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tasn_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_utl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_utl.o: ../../include/openssl/symhacks.h tasn_utl.c
+x_algor.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_algor.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x_algor.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_algor.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_algor.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_algor.o: ../../include/openssl/x509_vfy.h x_algor.c
+x_attrib.o: ../../e_os.h ../../include/openssl/asn1.h
+x_attrib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_attrib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_attrib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_attrib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_attrib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_attrib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_attrib.c
+x_bignum.o: ../../e_os.h ../../include/openssl/asn1.h
+x_bignum.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_bignum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_bignum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_bignum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+x_bignum.o: ../../include/openssl/opensslconf.h
+x_bignum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_bignum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+x_bignum.o: ../../include/openssl/symhacks.h ../cryptlib.h x_bignum.c
+x_crl.o: ../../e_os.h ../../include/openssl/asn1.h
+x_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_crl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_crl.c
+x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_exten.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_exten.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_exten.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_exten.o: ../../include/openssl/x509_vfy.h x_exten.c
+x_info.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x_info.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_info.c
+x_long.o: ../../e_os.h ../../include/openssl/asn1.h
+x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_long.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_long.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_long.o: ../cryptlib.h x_long.c
+x_name.o: ../../e_os.h ../../include/openssl/asn1.h
+x_name.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_name.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_name.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_name.c
+x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_pkey.c
+x_pubkey.o: ../../e_os.h ../../include/openssl/asn1.h
+x_pubkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_pubkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_pubkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_pubkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x_pubkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_pubkey.o: ../../include/openssl/opensslconf.h
+x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_pubkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_pubkey.o: ../cryptlib.h x_pubkey.c
+x_req.o: ../../e_os.h ../../include/openssl/asn1.h
+x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_req.c
+x_sig.o: ../../e_os.h ../../include/openssl/asn1.h
+x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_sig.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_sig.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_sig.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_sig.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_sig.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_sig.c
+x_spki.o: ../../e_os.h ../../include/openssl/asn1.h
+x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_spki.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_spki.c
+x_val.o: ../../e_os.h ../../include/openssl/asn1.h
+x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_val.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_val.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_val.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_val.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_val.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_val.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_val.c
+x_x509.o: ../../e_os.h ../../include/openssl/asn1.h
+x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_x509.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h x_x509.c
+x_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
+x_x509a.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_x509a.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_x509a.c
diff --git a/src/lib/libcrypto/asn1/a_bitstr.c b/src/lib/libcrypto/asn1/a_bitstr.c
new file mode 100644
index 0000000000..0fb9ce0c2a
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_bitstr.c
@@ -0,0 +1,225 @@
+/* crypto/asn1/a_bitstr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
+{ return M_ASN1_BIT_STRING_set(x, d, len); }
+
+int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
+        {
+        int ret,j,bits,len;
+        unsigned char *p,*d;
+
+        if (a == NULL) return(0);
+
+        len=a->length;
+
+        if (len > 0)
+                {
+                if (a->flags & ASN1_STRING_FLAG_BITS_LEFT)
+                        {
+                        bits=(int)a->flags&0x07;
+                        }
+                else
+                        {
+                        for ( ; len > 0; len--)
+                                {
+                                if (a->data[len-1]) break;
+                                }
+                        j=a->data[len-1];
+                        if      (j & 0x01) bits=0;
+                        else if (j & 0x02) bits=1;
+                        else if (j & 0x04) bits=2;
+                        else if (j & 0x08) bits=3;
+                        else if (j & 0x10) bits=4;
+                        else if (j & 0x20) bits=5;
+                        else if (j & 0x40) bits=6;
+                        else if (j & 0x80) bits=7;
+                        else bits=0; /* should not happen */
+                        }
+                }
+        else
+                bits=0;
+
+        ret=1+len;
+        if (pp == NULL) return(ret);
+
+        p= *pp;
+
+        *(p++)=(unsigned char)bits;
+        d=a->data;
+        memcpy(p,d,len);
+        p+=len;
+        if (len > 0) p[-1]&=(0xff<<bits);
+        *pp=p;
+        return(ret);
+        }
+
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
+        const unsigned char **pp, long len)
+        {
+        ASN1_BIT_STRING *ret=NULL;
+        const unsigned char *p;
+        unsigned char *s;
+        int i;
+
+        if (len < 1)
+                {
+                i=ASN1_R_STRING_TOO_SHORT;
+                goto err;
+                }
+
+        if ((a == NULL) || ((*a) == NULL))
+                {
+                if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
+                }
+        else
+                ret=(*a);
+
+        p= *pp;
+        i= *(p++);
+        /* We do this to preserve the settings.  If we modify
+         * the settings, via the _set_bit function, we will recalculate
+         * on output */
+        ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */
+        ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */
+
+        if (len-- > 1) /* using one because of the bits left byte */
+                {
+                s=(unsigned char *)OPENSSL_malloc((int)len);
+                if (s == NULL)
+                        {
+                        i=ERR_R_MALLOC_FAILURE;
+                        goto err;
+                        }
+                memcpy(s,p,(int)len);
+                s[len-1]&=(0xff<<i);
+                p+=len;
+                }
+        else
+                s=NULL;
+
+        ret->length=(int)len;
+        if (ret->data != NULL) OPENSSL_free(ret->data);
+        ret->data=s;
+        ret->type=V_ASN1_BIT_STRING;
+        if (a != NULL) (*a)=ret;
+        *pp=p;
+        return(ret);
+err:
+        ASN1err(ASN1_F_C2I_ASN1_BIT_STRING,i);
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                M_ASN1_BIT_STRING_free(ret);
+        return(NULL);
+        }
+
+/* These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de>
+ */
+int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
+        {
+        int w,v,iv;
+        unsigned char *c;
+
+        w=n/8;
+        v=1<<(7-(n&0x07));
+        iv= ~v;
+        if (!value) v=0;
+
+        if (a == NULL)
+                return 0;
+
+        a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */
+
+        if ((a->length < (w+1)) || (a->data == NULL))
+                {
+                if (!value) return(1); /* Don't need to set */
+                if (a->data == NULL)
+                        c=(unsigned char *)OPENSSL_malloc(w+1);
+                else
+                        c=(unsigned char *)OPENSSL_realloc_clean(a->data,
+                                                                 a->length,
+                                                                 w+1);
+                if (c == NULL)
+                        {
+                        ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT,ERR_R_MALLOC_FAILURE);
+                        return 0;
+                        }
+                if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
+                a->data=c;
+                a->length=w+1;
+        }
+        a->data[w]=((a->data[w])&iv)|v;
+        while ((a->length > 0) && (a->data[a->length-1] == 0))
+                a->length--;
+        return(1);
+        }
+
+int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
+        {
+        int w,v;
+
+        w=n/8;
+        v=1<<(7-(n&0x07));
+        if ((a == NULL) || (a->length < (w+1)) || (a->data == NULL))
+                return(0);
+        return((a->data[w]&v) != 0);
+        }
+
diff --git a/src/lib/libcrypto/asn1/a_bool.c b/src/lib/libcrypto/asn1/a_bool.c
new file mode 100644
index 0000000000..331acdf053
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_bool.c
@@ -0,0 +1,114 @@
+/* crypto/asn1/a_bool.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+
+int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
+        {
+        int r;
+        unsigned char *p;
+
+        r=ASN1_object_size(0,1,V_ASN1_BOOLEAN);
+        if (pp == NULL) return(r);
+        p= *pp;
+
+        ASN1_put_object(&p,0,1,V_ASN1_BOOLEAN,V_ASN1_UNIVERSAL);
+        *(p++)= (unsigned char)a;
+        *pp=p;
+        return(r);
+        }
+
+int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)
+        {
+        int ret= -1;
+        const unsigned char *p;
+        long len;
+        int inf,tag,xclass;
+        int i=0;
+
+        p= *pp;
+        inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+        if (inf & 0x80)
+                {
+                i=ASN1_R_BAD_OBJECT_HEADER;
+                goto err;
+                }
+
+        if (tag != V_ASN1_BOOLEAN)
+                {
+                i=ASN1_R_EXPECTING_A_BOOLEAN;
+                goto err;
+                }
+
+        if (len != 1)
+                {
+                i=ASN1_R_BOOLEAN_IS_WRONG_LENGTH;
+                goto err;
+                }
+        ret= (int)*(p++);
+        if (a != NULL) (*a)=ret;
+        *pp=p;
+        return(ret);
+err:
+        ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i);
+        return(ret);
+        }
+
+
diff --git a/src/lib/libcrypto/asn1/a_bytes.c b/src/lib/libcrypto/asn1/a_bytes.c
new file mode 100644
index 0000000000..92d630cdba
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_bytes.c
@@ -0,0 +1,314 @@
+/* crypto/asn1/a_bytes.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c);
+/* type is a 'bitmap' of acceptable string types.
+ */
+ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
+             long length, int type)
+        {
+        ASN1_STRING *ret=NULL;
+        const unsigned char *p;
+        unsigned char *s;
+        long len;
+        int inf,tag,xclass;
+        int i=0;
+
+        p= *pp;
+        inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+        if (inf & 0x80) goto err;
+
+        if (tag >= 32)
+                {
+                i=ASN1_R_TAG_VALUE_TOO_HIGH;
+                goto err;
+                }
+        if (!(ASN1_tag2bit(tag) & type))
+                {
+                i=ASN1_R_WRONG_TYPE;
+                goto err;
+                }
+
+        /* If a bit-string, exit early */
+        if (tag == V_ASN1_BIT_STRING)
+                return(d2i_ASN1_BIT_STRING(a,pp,length));
+
+        if ((a == NULL) || ((*a) == NULL))
+                {
+                if ((ret=ASN1_STRING_new()) == NULL) return(NULL);
+                }
+        else
+                ret=(*a);
+
+        if (len != 0)
+                {
+                s=(unsigned char *)OPENSSL_malloc((int)len+1);
+                if (s == NULL)
+                        {
+                        i=ERR_R_MALLOC_FAILURE;
+                        goto err;
+                        }
+                memcpy(s,p,(int)len);
+                s[len]='\0';
+                p+=len;
+                }
+        else
+                s=NULL;
+
+        if (ret->data != NULL) OPENSSL_free(ret->data);
+        ret->length=(int)len;
+        ret->data=s;
+        ret->type=tag;
+        if (a != NULL) (*a)=ret;
+        *pp=p;
+        return(ret);
+err:
+        ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,i);
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                ASN1_STRING_free(ret);
+        return(NULL);
+        }
+
+int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)
+        {
+        int ret,r,constructed;
+        unsigned char *p;
+
+        if (a == NULL)  return(0);
+
+        if (tag == V_ASN1_BIT_STRING)
+                return(i2d_ASN1_BIT_STRING(a,pp));
+                
+        ret=a->length;
+        r=ASN1_object_size(0,ret,tag);
+        if (pp == NULL) return(r);
+        p= *pp;
+
+        if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET))
+                constructed=1;
+        else
+                constructed=0;
+        ASN1_put_object(&p,constructed,ret,tag,xclass);
+        memcpy(p,a->data,a->length);
+        p+=a->length;
+        *pp= p;
+        return(r);
+        }
+
+ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
+             long length, int Ptag, int Pclass)
+        {
+        ASN1_STRING *ret=NULL;
+        const unsigned char *p;
+        unsigned char *s;
+        long len;
+        int inf,tag,xclass;
+        int i=0;
+
+        if ((a == NULL) || ((*a) == NULL))
+                {
+                if ((ret=ASN1_STRING_new()) == NULL) return(NULL);
+                }
+        else
+                ret=(*a);
+
+        p= *pp;
+        inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+        if (inf & 0x80)
+                {
+                i=ASN1_R_BAD_OBJECT_HEADER;
+                goto err;
+                }
+
+        if (tag != Ptag)
+                {
+                i=ASN1_R_WRONG_TAG;
+                goto err;
+                }
+
+        if (inf & V_ASN1_CONSTRUCTED)
+                {
+                ASN1_const_CTX c;
+
+                c.pp=pp;
+                c.p=p;
+                c.inf=inf;
+                c.slen=len;
+                c.tag=Ptag;
+                c.xclass=Pclass;
+                c.max=(length == 0)?0:(p+length);
+                if (!asn1_collate_primitive(ret,&c)) 
+                        goto err; 
+                else
+                        {
+                        p=c.p;
+                        }
+                }
+        else
+                {
+                if (len != 0)
+                        {
+                        if ((ret->length < len) || (ret->data == NULL))
+                                {
+                                if (ret->data != NULL) OPENSSL_free(ret->data);
+                                s=(unsigned char *)OPENSSL_malloc((int)len + 1);
+                                if (s == NULL)
+                                        {
+                                        i=ERR_R_MALLOC_FAILURE;
+                                        goto err;
+                                        }
+                                }
+                        else
+                                s=ret->data;
+                        memcpy(s,p,(int)len);
+                        s[len] = '\0';
+                        p+=len;
+                        }
+                else
+                        {
+                        s=NULL;
+                        if (ret->data != NULL) OPENSSL_free(ret->data);
+                        }
+
+                ret->length=(int)len;
+                ret->data=s;
+                ret->type=Ptag;
+                }
+
+        if (a != NULL) (*a)=ret;
+        *pp=p;
+        return(ret);
+err:
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                ASN1_STRING_free(ret);
+        ASN1err(ASN1_F_D2I_ASN1_BYTES,i);
+        return(NULL);
+        }
+
+
+/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse
+ * them into the one structure that is then returned */
+/* There have been a few bug fixes for this function from
+ * Paul Keogh <paul.keogh@sse.ie>, many thanks to him */
+static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
+        {
+        ASN1_STRING *os=NULL;
+        BUF_MEM b;
+        int num;
+
+        b.length=0;
+        b.max=0;
+        b.data=NULL;
+
+        if (a == NULL)
+                {
+                c->error=ERR_R_PASSED_NULL_PARAMETER;
+                goto err;
+                }
+
+        num=0;
+        for (;;)
+                {
+                if (c->inf & 1)
+                        {
+                        c->eos=ASN1_const_check_infinite_end(&c->p,
+                                (long)(c->max-c->p));
+                        if (c->eos) break;
+                        }
+                else
+                        {
+                        if (c->slen <= 0) break;
+                        }
+
+                c->q=c->p;
+                if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass)
+                        == NULL)
+                        {
+                        c->error=ERR_R_ASN1_LIB;
+                        goto err;
+                        }
+
+                if (!BUF_MEM_grow_clean(&b,num+os->length))
+                        {
+                        c->error=ERR_R_BUF_LIB;
+                        goto err;
+                        }
+                memcpy(&(b.data[num]),os->data,os->length);
+                if (!(c->inf & 1))
+                        c->slen-=(c->p-c->q);
+                num+=os->length;
+                }
+
+        if (!asn1_const_Finish(c)) goto err;
+
+        a->length=num;
+        if (a->data != NULL) OPENSSL_free(a->data);
+        a->data=(unsigned char *)b.data;
+        if (os != NULL) ASN1_STRING_free(os);
+        return(1);
+err:
+        ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE,c->error);
+        if (os != NULL) ASN1_STRING_free(os);
+        if (b.data != NULL) OPENSSL_free(b.data);
+        return(0);
+        }
+
diff --git a/src/lib/libcrypto/asn1/a_d2i_fp.c b/src/lib/libcrypto/asn1/a_d2i_fp.c
new file mode 100644
index 0000000000..ece40bc4c0
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_d2i_fp.c
@@ -0,0 +1,260 @@
+/* crypto/asn1/a_d2i_fp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1_mac.h>
+
+static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
+
+#ifndef NO_OLD_ASN1
+#ifndef OPENSSL_NO_FP_API
+
+void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x)
+        {
+        BIO *b;
+        void *ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB);
+                return(NULL);
+                }
+        BIO_set_fp(b,in,BIO_NOCLOSE);
+        ret=ASN1_d2i_bio(xnew,d2i,b,x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x)
+        {
+        BUF_MEM *b = NULL;
+        const unsigned char *p;
+        void *ret=NULL;
+        int len;
+
+        len = asn1_d2i_read_bio(in, &b);
+        if(len < 0) goto err;
+
+        p=(unsigned char *)b->data;
+        ret=d2i(x,&p,len);
+err:
+        if (b != NULL) BUF_MEM_free(b);
+        return(ret);
+        }
+
+#endif
+
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
+        {
+        BUF_MEM *b = NULL;
+        const unsigned char *p;
+        void *ret=NULL;
+        int len;
+
+        len = asn1_d2i_read_bio(in, &b);
+        if(len < 0) goto err;
+
+        p=(const unsigned char *)b->data;
+        ret=ASN1_item_d2i(x,&p,len, it);
+err:
+        if (b != NULL) BUF_MEM_free(b);
+        return(ret);
+        }
+
+#ifndef OPENSSL_NO_FP_API
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
+        {
+        BIO *b;
+        char *ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_ITEM_D2I_FP,ERR_R_BUF_LIB);
+                return(NULL);
+                }
+        BIO_set_fp(b,in,BIO_NOCLOSE);
+        ret=ASN1_item_d2i_bio(it,b,x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+#define HEADER_SIZE   8
+static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
+        {
+        BUF_MEM *b;
+        unsigned char *p;
+        int i;
+        int ret=-1;
+        ASN1_const_CTX c;
+        int want=HEADER_SIZE;
+        int eos=0;
+#if defined(__GNUC__) && defined(__ia64)
+        /* pathetic compiler bug in all known versions as of Nov. 2002 */
+        long off=0;
+#else
+        int off=0;
+#endif
+        int len=0;
+
+        b=BUF_MEM_new();
+        if (b == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
+                return -1;
+                }
+
+        ERR_clear_error();
+        for (;;)
+                {
+                if (want >= (len-off))
+                        {
+                        want-=(len-off);
+
+                        if (!BUF_MEM_grow_clean(b,len+want))
+                                {
+                                ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        i=BIO_read(in,&(b->data[len]),want);
+                        if ((i < 0) && ((len-off) == 0))
+                                {
+                                ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_NOT_ENOUGH_DATA);
+                                goto err;
+                                }
+                        if (i > 0)
+                                len+=i;
+                        }
+                /* else data already loaded */
+
+                p=(unsigned char *)&(b->data[off]);
+                c.p=p;
+                c.inf=ASN1_get_object(&(c.p),&(c.slen),&(c.tag),&(c.xclass),
+                        len-off);
+                if (c.inf & 0x80)
+                        {
+                        unsigned long e;
+
+                        e=ERR_GET_REASON(ERR_peek_error());
+                        if (e != ASN1_R_TOO_LONG)
+                                goto err;
+                        else
+                                ERR_clear_error(); /* clear error */
+                        }
+                i=c.p-p;/* header length */
+                off+=i; /* end of data */
+
+                if (c.inf & 1)
+                        {
+                        /* no data body so go round again */
+                        eos++;
+                        want=HEADER_SIZE;
+                        }
+                else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC))
+                        {
+                        /* eos value, so go back and read another header */
+                        eos--;
+                        if (eos <= 0)
+                                break;
+                        else
+                                want=HEADER_SIZE;
+                        }
+                else 
+                        {
+                        /* suck in c.slen bytes of data */
+                        want=(int)c.slen;
+                        if (want > (len-off))
+                                {
+                                want-=(len-off);
+                                if (!BUF_MEM_grow_clean(b,len+want))
+                                        {
+                                        ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
+                                        goto err;
+                                        }
+                                while (want > 0)
+                                        {
+                                        i=BIO_read(in,&(b->data[len]),want);
+                                        if (i <= 0)
+                                                {
+                                                ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
+                                                    ASN1_R_NOT_ENOUGH_DATA);
+                                                goto err;
+                                                }
+                                        len+=i;
+                                        want -= i;
+                                        }
+                                }
+                        off+=(int)c.slen;
+                        if (eos <= 0)
+                                {
+                                break;
+                                }
+                        else
+                                want=HEADER_SIZE;
+                        }
+                }
+
+        *pb = b;
+        return off;
+err:
+        if (b != NULL) BUF_MEM_free(b);
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/asn1/a_digest.c b/src/lib/libcrypto/asn1/a_digest.c
new file mode 100644
index 0000000000..d00d9e22b1
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_digest.c
@@ -0,0 +1,111 @@
+/* crypto/asn1/a_digest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+
+#include "cryptlib.h"
+
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+#include <openssl/x509.h>
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
+                unsigned char *md, unsigned int *len)
+        {
+        int i;
+        unsigned char *str,*p;
+
+        i=i2d(data,NULL);
+        if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_DIGEST,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        p=str;
+        i2d(data,&p);
+
+        EVP_Digest(str, i, md, len, type, NULL);
+        OPENSSL_free(str);
+        return(1);
+        }
+
+#endif
+
+
+int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
+                unsigned char *md, unsigned int *len)
+        {
+        int i;
+        unsigned char *str = NULL;
+
+        i=ASN1_item_i2d(asn,&str, it);
+        if (!str) return(0);
+
+        EVP_Digest(str, i, md, len, type, NULL);
+        OPENSSL_free(str);
+        return(1);
+        }
+
diff --git a/src/lib/libcrypto/asn1/a_dup.c b/src/lib/libcrypto/asn1/a_dup.c
new file mode 100644
index 0000000000..199d50f521
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_dup.c
@@ -0,0 +1,109 @@
+/* crypto/asn1/a_dup.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+#ifndef NO_OLD_ASN1
+
+void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x)
+        {
+        unsigned char *b,*p;
+        const unsigned char *p2;
+        int i;
+        char *ret;
+
+        if (x == NULL) return(NULL);
+
+        i=i2d(x,NULL);
+        b=OPENSSL_malloc(i+10);
+        if (b == NULL)
+                { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
+        p= b;
+        i=i2d(x,&p);
+        p2= b;
+        ret=d2i(NULL,&p2,i);
+        OPENSSL_free(b);
+        return(ret);
+        }
+
+#endif
+
+/* ASN1_ITEM version of dup: this follows the model above except we don't need
+ * to allocate the buffer. At some point this could be rewritten to directly dup
+ * the underlying structure instead of doing and encode and decode.
+ */
+
+void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
+        {
+        unsigned char *b = NULL;
+        const unsigned char *p;
+        long i;
+        void *ret;
+
+        if (x == NULL) return(NULL);
+
+        i=ASN1_item_i2d(x,&b,it);
+        if (b == NULL)
+                { ASN1err(ASN1_F_ASN1_ITEM_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
+        p= b;
+        ret=ASN1_item_d2i(NULL,&p,i, it);
+        OPENSSL_free(b);
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/asn1/a_enum.c b/src/lib/libcrypto/asn1/a_enum.c
new file mode 100644
index 0000000000..fe9aa13b9c
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_enum.c
@@ -0,0 +1,182 @@
+/* crypto/asn1/a_enum.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/bn.h>
+
+/* 
+ * Code for ENUMERATED type: identical to INTEGER apart from a different tag.
+ * for comments on encoding see a_int.c
+ */
+
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
+        {
+        int j,k;
+        unsigned int i;
+        unsigned char buf[sizeof(long)+1];
+        long d;
+
+        a->type=V_ASN1_ENUMERATED;
+        if (a->length < (int)(sizeof(long)+1))
+                {
+                if (a->data != NULL)
+                        OPENSSL_free(a->data);
+                if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)
+                        memset((char *)a->data,0,sizeof(long)+1);
+                }
+        if (a->data == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_ENUMERATED_SET,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        d=v;
+        if (d < 0)
+                {
+                d= -d;
+                a->type=V_ASN1_NEG_ENUMERATED;
+                }
+
+        for (i=0; i<sizeof(long); i++)
+                {
+                if (d == 0) break;
+                buf[i]=(int)d&0xff;
+                d>>=8;
+                }
+        j=0;
+        for (k=i-1; k >=0; k--)
+                a->data[j++]=buf[k];
+        a->length=j;
+        return(1);
+        }
+
+long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
+        {
+        int neg=0,i;
+        long r=0;
+
+        if (a == NULL) return(0L);
+        i=a->type;
+        if (i == V_ASN1_NEG_ENUMERATED)
+                neg=1;
+        else if (i != V_ASN1_ENUMERATED)
+                return -1;
+        
+        if (a->length > (int)sizeof(long))
+                {
+                /* hmm... a bit ugly */
+                return(0xffffffffL);
+                }
+        if (a->data == NULL)
+                return 0;
+
+        for (i=0; i<a->length; i++)
+                {
+                r<<=8;
+                r|=(unsigned char)a->data[i];
+                }
+        if (neg) r= -r;
+        return(r);
+        }
+
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
+        {
+        ASN1_ENUMERATED *ret;
+        int len,j;
+
+        if (ai == NULL)
+                ret=M_ASN1_ENUMERATED_new();
+        else
+                ret=ai;
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR);
+                goto err;
+                }
+        if(BN_is_negative(bn)) ret->type = V_ASN1_NEG_ENUMERATED;
+        else ret->type=V_ASN1_ENUMERATED;
+        j=BN_num_bits(bn);
+        len=((j == 0)?0:((j/8)+1));
+        if (ret->length < len+4)
+                {
+                unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
+                if (!new_data)
+                        {
+                        ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                ret->data=new_data;
+                }
+
+        ret->length=BN_bn2bin(bn,ret->data);
+        return(ret);
+err:
+        if (ret != ai) M_ASN1_ENUMERATED_free(ret);
+        return(NULL);
+        }
+
+BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
+        {
+        BIGNUM *ret;
+
+        if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
+                ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB);
+        else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_negative(ret,1);
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/asn1/a_gentm.c b/src/lib/libcrypto/asn1/a_gentm.c
new file mode 100644
index 0000000000..def79062a5
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_gentm.c
@@ -0,0 +1,246 @@
+/* crypto/asn1/a_gentm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "o_time.h"
+#include <openssl/asn1.h>
+
+#if 0
+
+int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
+        {
+#ifdef CHARSET_EBCDIC
+        /* KLUDGE! We convert to ascii before writing DER */
+        int len;
+        char tmp[24];
+        ASN1_STRING tmpstr = *(ASN1_STRING *)a;
+
+        len = tmpstr.length;
+        ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
+        tmpstr.data = tmp;
+
+        a = (ASN1_GENERALIZEDTIME *) &tmpstr;
+#endif
+        return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+                V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL));
+        }
+
+
+ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,
+             unsigned char **pp, long length)
+        {
+        ASN1_GENERALIZEDTIME *ret=NULL;
+
+        ret=(ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length,
+                V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL);
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ERR_R_NESTED_ASN1_ERROR);
+                return(NULL);
+                }
+#ifdef CHARSET_EBCDIC
+        ascii2ebcdic(ret->data, ret->data, ret->length);
+#endif
+        if (!ASN1_GENERALIZEDTIME_check(ret))
+                {
+                ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ASN1_R_INVALID_TIME_FORMAT);
+                goto err;
+                }
+
+        return(ret);
+err:
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                M_ASN1_GENERALIZEDTIME_free(ret);
+        return(NULL);
+        }
+
+#endif
+
+int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
+        {
+        static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
+        static int max[9]={99, 99,12,31,23,59,59,12,59};
+        char *a;
+        int n,i,l,o;
+
+        if (d->type != V_ASN1_GENERALIZEDTIME) return(0);
+        l=d->length;
+        a=(char *)d->data;
+        o=0;
+        /* GENERALIZEDTIME is similar to UTCTIME except the year is
+         * represented as YYYY. This stuff treats everything as a two digit
+         * field so make first two fields 00 to 99
+         */
+        if (l < 13) goto err;
+        for (i=0; i<7; i++)
+                {
+                if ((i == 6) && ((a[o] == 'Z') ||
+                        (a[o] == '+') || (a[o] == '-')))
+                        { i++; break; }
+                if ((a[o] < '0') || (a[o] > '9')) goto err;
+                n= a[o]-'0';
+                if (++o > l) goto err;
+
+                if ((a[o] < '0') || (a[o] > '9')) goto err;
+                n=(n*10)+ a[o]-'0';
+                if (++o > l) goto err;
+
+                if ((n < min[i]) || (n > max[i])) goto err;
+                }
+        /* Optional fractional seconds: decimal point followed by one
+         * or more digits.
+         */
+        if (a[o] == '.')
+                {
+                if (++o > l) goto err;
+                i = o;
+                while ((a[o] >= '0') && (a[o] <= '9') && (o <= l))
+                        o++;
+                /* Must have at least one digit after decimal point */
+                if (i == o) goto err;
+                }
+
+        if (a[o] == 'Z')
+                o++;
+        else if ((a[o] == '+') || (a[o] == '-'))
+                {
+                o++;
+                if (o+4 > l) goto err;
+                for (i=7; i<9; i++)
+                        {
+                        if ((a[o] < '0') || (a[o] > '9')) goto err;
+                        n= a[o]-'0';
+                        o++;
+                        if ((a[o] < '0') || (a[o] > '9')) goto err;
+                        n=(n*10)+ a[o]-'0';
+                        if ((n < min[i]) || (n > max[i])) goto err;
+                        o++;
+                        }
+                }
+        return(o == l);
+err:
+        return(0);
+        }
+
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
+        {
+        ASN1_GENERALIZEDTIME t;
+
+        t.type=V_ASN1_GENERALIZEDTIME;
+        t.length=strlen(str);
+        t.data=(unsigned char *)str;
+        if (ASN1_GENERALIZEDTIME_check(&t))
+                {
+                if (s != NULL)
+                        {
+                        if (!ASN1_STRING_set((ASN1_STRING *)s,
+                                (unsigned char *)str,t.length))
+                                return 0;
+                        s->type=V_ASN1_GENERALIZEDTIME;
+                        }
+                return(1);
+                }
+        else
+                return(0);
+        }
+
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
+             time_t t)
+        {
+        char *p;
+        struct tm *ts;
+        struct tm data;
+        size_t len = 20; 
+
+        if (s == NULL)
+                s=M_ASN1_GENERALIZEDTIME_new();
+        if (s == NULL)
+                return(NULL);
+
+        ts=OPENSSL_gmtime(&t, &data);
+        if (ts == NULL)
+                return(NULL);
+
+        p=(char *)s->data;
+        if ((p == NULL) || ((size_t)s->length < len))
+                {
+                p=OPENSSL_malloc(len);
+                if (p == NULL)
+                        {
+                        ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET,
+                                ERR_R_MALLOC_FAILURE);
+                        return(NULL);
+                        }
+                if (s->data != NULL)
+                        OPENSSL_free(s->data);
+                s->data=(unsigned char *)p;
+                }
+
+        BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
+                     ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+        s->length=strlen(p);
+        s->type=V_ASN1_GENERALIZEDTIME;
+#ifdef CHARSET_EBCDIC_not
+        ebcdic2ascii(s->data, s->data, s->length);
+#endif
+        return(s);
+        }
diff --git a/src/lib/libcrypto/asn1/a_hdr.c b/src/lib/libcrypto/asn1/a_hdr.c
new file mode 100644
index 0000000000..d1c2a7b9e3
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_hdr.c
@@ -0,0 +1,119 @@
+/* crypto/asn1/a_hdr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/asn1.h>
+
+int i2d_ASN1_HEADER(ASN1_HEADER *a, unsigned char **pp)
+        {
+        M_ASN1_I2D_vars(a);
+
+        M_ASN1_I2D_len(a->header,       i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_len(a->data,         a->meth->i2d);
+
+        M_ASN1_I2D_seq_total();
+
+        M_ASN1_I2D_put(a->header,       i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_put(a->data,         a->meth->i2d);
+
+        M_ASN1_I2D_finish();
+        }
+
+ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a, const unsigned char **pp,
+             long length)
+        {
+        M_ASN1_D2I_vars(a,ASN1_HEADER *,ASN1_HEADER_new);
+
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->header,d2i_ASN1_OCTET_STRING);
+        if (ret->meth != NULL)
+                {
+                M_ASN1_D2I_get_x(void,ret->data,ret->meth->d2i);
+                }
+        else
+                {
+                if (a != NULL) (*a)=ret;
+                return(ret);
+                }
+        M_ASN1_D2I_Finish(a,ASN1_HEADER_free,ASN1_F_D2I_ASN1_HEADER);
+        }
+
+ASN1_HEADER *ASN1_HEADER_new(void)
+        {
+        ASN1_HEADER *ret=NULL;
+        ASN1_CTX c;
+
+        M_ASN1_New_Malloc(ret,ASN1_HEADER);
+        M_ASN1_New(ret->header,M_ASN1_OCTET_STRING_new);
+        ret->meth=NULL;
+        ret->data=NULL;
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_ASN1_HEADER_NEW);
+        }
+
+void ASN1_HEADER_free(ASN1_HEADER *a)
+        {
+        if (a == NULL) return;
+        M_ASN1_OCTET_STRING_free(a->header);
+        if (a->meth != NULL)
+                a->meth->destroy(a->data);
+        OPENSSL_free(a);
+        }
diff --git a/src/lib/libcrypto/asn1/a_i2d_fp.c b/src/lib/libcrypto/asn1/a_i2d_fp.c
new file mode 100644
index 0000000000..a3ad76d356
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_i2d_fp.c
@@ -0,0 +1,163 @@
+/* crypto/asn1/a_i2d_fp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+#ifndef NO_OLD_ASN1
+
+#ifndef OPENSSL_NO_FP_API
+int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,out,BIO_NOCLOSE);
+        ret=ASN1_i2d_bio(i2d,b,x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
+        {
+        char *b;
+        unsigned char *p;
+        int i,j=0,n,ret=1;
+
+        n=i2d(x,NULL);
+        b=(char *)OPENSSL_malloc(n);
+        if (b == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+
+        p=(unsigned char *)b;
+        i2d(x,&p);
+        
+        for (;;)
+                {
+                i=BIO_write(out,&(b[j]),n);
+                if (i == n) break;
+                if (i <= 0)
+                        {
+                        ret=0;
+                        break;
+                        }
+                j+=i;
+                n-=i;
+                }
+        OPENSSL_free(b);
+        return(ret);
+        }
+
+#endif
+
+#ifndef OPENSSL_NO_FP_API
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_ITEM_I2D_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,out,BIO_NOCLOSE);
+        ret=ASN1_item_i2d_bio(it,b,x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
+        {
+        unsigned char *b = NULL;
+        int i,j=0,n,ret=1;
+
+        n = ASN1_item_i2d(x, &b, it);
+        if (b == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+
+        for (;;)
+                {
+                i=BIO_write(out,&(b[j]),n);
+                if (i == n) break;
+                if (i <= 0)
+                        {
+                        ret=0;
+                        break;
+                        }
+                j+=i;
+                n-=i;
+                }
+        OPENSSL_free(b);
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/asn1/a_int.c b/src/lib/libcrypto/asn1/a_int.c
new file mode 100644
index 0000000000..f8d198efb1
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_int.c
@@ -0,0 +1,459 @@
+/* crypto/asn1/a_int.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/bn.h>
+
+ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
+{ return M_ASN1_INTEGER_dup(x);}
+
+int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
+        { 
+        int neg, ret;
+        /* Compare signs */
+        neg = x->type & V_ASN1_NEG;
+        if (neg != (y->type & V_ASN1_NEG))
+                {
+                if (neg)
+                        return -1;
+                else
+                        return 1;
+                }
+
+        ret = ASN1_STRING_cmp(x, y);
+
+        if (neg)
+                return -ret;
+        else
+                return ret;
+        }
+        
+
+/* 
+ * This converts an ASN1 INTEGER into its content encoding.
+ * The internal representation is an ASN1_STRING whose data is a big endian
+ * representation of the value, ignoring the sign. The sign is determined by
+ * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. 
+ *
+ * Positive integers are no problem: they are almost the same as the DER
+ * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
+ *
+ * Negative integers are a bit trickier...
+ * The DER representation of negative integers is in 2s complement form.
+ * The internal form is converted by complementing each octet and finally 
+ * adding one to the result. This can be done less messily with a little trick.
+ * If the internal form has trailing zeroes then they will become FF by the
+ * complement and 0 by the add one (due to carry) so just copy as many trailing 
+ * zeros to the destination as there are in the source. The carry will add one
+ * to the last none zero octet: so complement this octet and add one and finally
+ * complement any left over until you get to the start of the string.
+ *
+ * Padding is a little trickier too. If the first bytes is > 0x80 then we pad
+ * with 0xff. However if the first byte is 0x80 and one of the following bytes
+ * is non-zero we pad with 0xff. The reason for this distinction is that 0x80
+ * followed by optional zeros isn't padded.
+ */
+
+int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
+        {
+        int pad=0,ret,i,neg;
+        unsigned char *p,*n,pb=0;
+
+        if ((a == NULL) || (a->data == NULL)) return(0);
+        neg=a->type & V_ASN1_NEG;
+        if (a->length == 0)
+                ret=1;
+        else
+                {
+                ret=a->length;
+                i=a->data[0];
+                if (!neg && (i > 127)) {
+                        pad=1;
+                        pb=0;
+                } else if(neg) {
+                        if(i>128) {
+                                pad=1;
+                                pb=0xFF;
+                        } else if(i == 128) {
+                        /*
+                         * Special case: if any other bytes non zero we pad:
+                         * otherwise we don't.
+                         */
+                                for(i = 1; i < a->length; i++) if(a->data[i]) {
+                                                pad=1;
+                                                pb=0xFF;
+                                                break;
+                                }
+                        }
+                }
+                ret+=pad;
+                }
+        if (pp == NULL) return(ret);
+        p= *pp;
+
+        if (pad) *(p++)=pb;
+        if (a->length == 0) *(p++)=0;
+        else if (!neg) memcpy(p,a->data,(unsigned int)a->length);
+        else {
+                /* Begin at the end of the encoding */
+                n=a->data + a->length - 1;
+                p += a->length - 1;
+                i = a->length;
+                /* Copy zeros to destination as long as source is zero */
+                while(!*n) {
+                        *(p--) = 0;
+                        n--;
+                        i--;
+                }
+                /* Complement and increment next octet */
+                *(p--) = ((*(n--)) ^ 0xff) + 1;
+                i--;
+                /* Complement any octets left */
+                for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
+        }
+
+        *pp+=ret;
+        return(ret);
+        }
+
+/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
+
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+             long len)
+        {
+        ASN1_INTEGER *ret=NULL;
+        const unsigned char *p, *pend;
+        unsigned char *to,*s;
+        int i;
+
+        if ((a == NULL) || ((*a) == NULL))
+                {
+                if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);
+                ret->type=V_ASN1_INTEGER;
+                }
+        else
+                ret=(*a);
+
+        p= *pp;
+        pend = p + len;
+
+        /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it
+         * signifies a missing NULL parameter. */
+        s=(unsigned char *)OPENSSL_malloc((int)len+1);
+        if (s == NULL)
+                {
+                i=ERR_R_MALLOC_FAILURE;
+                goto err;
+                }
+        to=s;
+        if(!len) {
+                /* Strictly speaking this is an illegal INTEGER but we
+                 * tolerate it.
+                 */
+                ret->type=V_ASN1_INTEGER;
+        } else if (*p & 0x80) /* a negative number */
+                {
+                ret->type=V_ASN1_NEG_INTEGER;
+                if ((*p == 0xff) && (len != 1)) {
+                        p++;
+                        len--;
+                }
+                i = len;
+                p += i - 1;
+                to += i - 1;
+                while((!*p) && i) {
+                        *(to--) = 0;
+                        i--;
+                        p--;
+                }
+                /* Special case: if all zeros then the number will be of
+                 * the form FF followed by n zero bytes: this corresponds to
+                 * 1 followed by n zero bytes. We've already written n zeros
+                 * so we just append an extra one and set the first byte to
+                 * a 1. This is treated separately because it is the only case
+                 * where the number of bytes is larger than len.
+                 */
+                if(!i) {
+                        *s = 1;
+                        s[len] = 0;
+                        len++;
+                } else {
+                        *(to--) = (*(p--) ^ 0xff) + 1;
+                        i--;
+                        for(;i > 0; i--) *(to--) = *(p--) ^ 0xff;
+                }
+        } else {
+                ret->type=V_ASN1_INTEGER;
+                if ((*p == 0) && (len != 1))
+                        {
+                        p++;
+                        len--;
+                        }
+                memcpy(s,p,(int)len);
+        }
+
+        if (ret->data != NULL) OPENSSL_free(ret->data);
+        ret->data=s;
+        ret->length=(int)len;
+        if (a != NULL) (*a)=ret;
+        *pp=pend;
+        return(ret);
+err:
+        ASN1err(ASN1_F_C2I_ASN1_INTEGER,i);
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                M_ASN1_INTEGER_free(ret);
+        return(NULL);
+        }
+
+
+/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of
+ * ASN1 integers: some broken software can encode a positive INTEGER
+ * with its MSB set as negative (it doesn't add a padding zero).
+ */
+
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+             long length)
+        {
+        ASN1_INTEGER *ret=NULL;
+        const unsigned char *p;
+        unsigned char *to,*s;
+        long len;
+        int inf,tag,xclass;
+        int i;
+
+        if ((a == NULL) || ((*a) == NULL))
+                {
+                if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);
+                ret->type=V_ASN1_INTEGER;
+                }
+        else
+                ret=(*a);
+
+        p= *pp;
+        inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+        if (inf & 0x80)
+                {
+                i=ASN1_R_BAD_OBJECT_HEADER;
+                goto err;
+                }
+
+        if (tag != V_ASN1_INTEGER)
+                {
+                i=ASN1_R_EXPECTING_AN_INTEGER;
+                goto err;
+                }
+
+        /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it
+         * signifies a missing NULL parameter. */
+        s=(unsigned char *)OPENSSL_malloc((int)len+1);
+        if (s == NULL)
+                {
+                i=ERR_R_MALLOC_FAILURE;
+                goto err;
+                }
+        to=s;
+        ret->type=V_ASN1_INTEGER;
+        if(len) {
+                if ((*p == 0) && (len != 1))
+                        {
+                        p++;
+                        len--;
+                        }
+                memcpy(s,p,(int)len);
+                p+=len;
+        }
+
+        if (ret->data != NULL) OPENSSL_free(ret->data);
+        ret->data=s;
+        ret->length=(int)len;
+        if (a != NULL) (*a)=ret;
+        *pp=p;
+        return(ret);
+err:
+        ASN1err(ASN1_F_D2I_ASN1_UINTEGER,i);
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                M_ASN1_INTEGER_free(ret);
+        return(NULL);
+        }
+
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
+        {
+        int j,k;
+        unsigned int i;
+        unsigned char buf[sizeof(long)+1];
+        long d;
+
+        a->type=V_ASN1_INTEGER;
+        if (a->length < (int)(sizeof(long)+1))
+                {
+                if (a->data != NULL)
+                        OPENSSL_free(a->data);
+                if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)
+                        memset((char *)a->data,0,sizeof(long)+1);
+                }
+        if (a->data == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_INTEGER_SET,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        d=v;
+        if (d < 0)
+                {
+                d= -d;
+                a->type=V_ASN1_NEG_INTEGER;
+                }
+
+        for (i=0; i<sizeof(long); i++)
+                {
+                if (d == 0) break;
+                buf[i]=(int)d&0xff;
+                d>>=8;
+                }
+        j=0;
+        for (k=i-1; k >=0; k--)
+                a->data[j++]=buf[k];
+        a->length=j;
+        return(1);
+        }
+
+long ASN1_INTEGER_get(ASN1_INTEGER *a)
+        {
+        int neg=0,i;
+        long r=0;
+
+        if (a == NULL) return(0L);
+        i=a->type;
+        if (i == V_ASN1_NEG_INTEGER)
+                neg=1;
+        else if (i != V_ASN1_INTEGER)
+                return -1;
+        
+        if (a->length > (int)sizeof(long))
+                {
+                /* hmm... a bit ugly */
+                return(0xffffffffL);
+                }
+        if (a->data == NULL)
+                return 0;
+
+        for (i=0; i<a->length; i++)
+                {
+                r<<=8;
+                r|=(unsigned char)a->data[i];
+                }
+        if (neg) r= -r;
+        return(r);
+        }
+
+ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
+        {
+        ASN1_INTEGER *ret;
+        int len,j;
+
+        if (ai == NULL)
+                ret=M_ASN1_INTEGER_new();
+        else
+                ret=ai;
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR);
+                goto err;
+                }
+        if (BN_is_negative(bn))
+                ret->type = V_ASN1_NEG_INTEGER;
+        else ret->type=V_ASN1_INTEGER;
+        j=BN_num_bits(bn);
+        len=((j == 0)?0:((j/8)+1));
+        if (ret->length < len+4)
+                {
+                unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
+                if (!new_data)
+                        {
+                        ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                ret->data=new_data;
+                }
+        ret->length=BN_bn2bin(bn,ret->data);
+        /* Correct zero case */
+        if(!ret->length)
+                {
+                ret->data[0] = 0;
+                ret->length = 1;
+                }
+        return(ret);
+err:
+        if (ret != ai) M_ASN1_INTEGER_free(ret);
+        return(NULL);
+        }
+
+BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
+        {
+        BIGNUM *ret;
+
+        if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
+                ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);
+        else if(ai->type == V_ASN1_NEG_INTEGER)
+                BN_set_negative(ret, 1);
+        return(ret);
+        }
+
+IMPLEMENT_STACK_OF(ASN1_INTEGER)
+IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER)
diff --git a/src/lib/libcrypto/asn1/a_mbstr.c b/src/lib/libcrypto/asn1/a_mbstr.c
new file mode 100644
index 0000000000..2d4800a22a
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_mbstr.c
@@ -0,0 +1,400 @@
+/* a_mbstr.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+static int traverse_string(const unsigned char *p, int len, int inform,
+                 int (*rfunc)(unsigned long value, void *in), void *arg);
+static int in_utf8(unsigned long value, void *arg);
+static int out_utf8(unsigned long value, void *arg);
+static int type_str(unsigned long value, void *arg);
+static int cpy_asc(unsigned long value, void *arg);
+static int cpy_bmp(unsigned long value, void *arg);
+static int cpy_univ(unsigned long value, void *arg);
+static int cpy_utf8(unsigned long value, void *arg);
+static int is_printable(unsigned long value);
+
+/* These functions take a string in UTF8, ASCII or multibyte form and
+ * a mask of permissible ASN1 string types. It then works out the minimal
+ * type (using the order Printable < IA5 < T61 < BMP < Universal < UTF8)
+ * and creates a string of the correct type with the supplied data.
+ * Yes this is horrible: it has to be :-(
+ * The 'ncopy' form checks minimum and maximum size limits too.
+ */
+
+int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
+                                        int inform, unsigned long mask)
+{
+        return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);
+}
+
+int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
+                                        int inform, unsigned long mask, 
+                                        long minsize, long maxsize)
+{
+        int str_type;
+        int ret;
+        char free_out;
+        int outform, outlen;
+        ASN1_STRING *dest;
+        unsigned char *p;
+        int nchar;
+        char strbuf[32];
+        int (*cpyfunc)(unsigned long,void *) = NULL;
+        if(len == -1) len = strlen((const char *)in);
+        if(!mask) mask = DIRSTRING_TYPE;
+
+        /* First do a string check and work out the number of characters */
+        switch(inform) {
+
+                case MBSTRING_BMP:
+                if(len & 1) {
+                        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
+                                         ASN1_R_INVALID_BMPSTRING_LENGTH);
+                        return -1;
+                }
+                nchar = len >> 1;
+                break;
+
+                case MBSTRING_UNIV:
+                if(len & 3) {
+                        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
+                                         ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
+                        return -1;
+                }
+                nchar = len >> 2;
+                break;
+
+                case MBSTRING_UTF8:
+                nchar = 0;
+                /* This counts the characters and does utf8 syntax checking */
+                ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
+                if(ret < 0) {
+                        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
+                                                 ASN1_R_INVALID_UTF8STRING);
+                        return -1;
+                }
+                break;
+
+                case MBSTRING_ASC:
+                nchar = len;
+                break;
+
+                default:
+                ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT);
+                return -1;
+        }
+
+        if((minsize > 0) && (nchar < minsize)) {
+                ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);
+                BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
+                ERR_add_error_data(2, "minsize=", strbuf);
+                return -1;
+        }
+
+        if((maxsize > 0) && (nchar > maxsize)) {
+                ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);
+                BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
+                ERR_add_error_data(2, "maxsize=", strbuf);
+                return -1;
+        }
+
+        /* Now work out minimal type (if any) */
+        if(traverse_string(in, len, inform, type_str, &mask) < 0) {
+                ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS);
+                return -1;
+        }
+
+
+        /* Now work out output format and string type */
+        outform = MBSTRING_ASC;
+        if(mask & B_ASN1_PRINTABLESTRING) str_type = V_ASN1_PRINTABLESTRING;
+        else if(mask & B_ASN1_IA5STRING) str_type = V_ASN1_IA5STRING;
+        else if(mask & B_ASN1_T61STRING) str_type = V_ASN1_T61STRING;
+        else if(mask & B_ASN1_BMPSTRING) {
+                str_type = V_ASN1_BMPSTRING;
+                outform = MBSTRING_BMP;
+        } else if(mask & B_ASN1_UNIVERSALSTRING) {
+                str_type = V_ASN1_UNIVERSALSTRING;
+                outform = MBSTRING_UNIV;
+        } else {
+                str_type = V_ASN1_UTF8STRING;
+                outform = MBSTRING_UTF8;
+        }
+        if(!out) return str_type;
+        if(*out) {
+                free_out = 0;
+                dest = *out;
+                if(dest->data) {
+                        dest->length = 0;
+                        OPENSSL_free(dest->data);
+                        dest->data = NULL;
+                }
+                dest->type = str_type;
+        } else {
+                free_out = 1;
+                dest = ASN1_STRING_type_new(str_type);
+                if(!dest) {
+                        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
+                                                        ERR_R_MALLOC_FAILURE);
+                        return -1;
+                }
+                *out = dest;
+        }
+        /* If both the same type just copy across */
+        if(inform == outform) {
+                if(!ASN1_STRING_set(dest, in, len)) {
+                        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE);
+                        return -1;
+                }
+                return str_type;
+        } 
+
+        /* Work out how much space the destination will need */
+        switch(outform) {
+                case MBSTRING_ASC:
+                outlen = nchar;
+                cpyfunc = cpy_asc;
+                break;
+
+                case MBSTRING_BMP:
+                outlen = nchar << 1;
+                cpyfunc = cpy_bmp;
+                break;
+
+                case MBSTRING_UNIV:
+                outlen = nchar << 2;
+                cpyfunc = cpy_univ;
+                break;
+
+                case MBSTRING_UTF8:
+                outlen = 0;
+                traverse_string(in, len, inform, out_utf8, &outlen);
+                cpyfunc = cpy_utf8;
+                break;
+        }
+        if(!(p = OPENSSL_malloc(outlen + 1))) {
+                if(free_out) ASN1_STRING_free(dest);
+                ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE);
+                return -1;
+        }
+        dest->length = outlen;
+        dest->data = p;
+        p[outlen] = 0;
+        traverse_string(in, len, inform, cpyfunc, &p);
+        return str_type;        
+}
+
+/* This function traverses a string and passes the value of each character
+ * to an optional function along with a void * argument.
+ */
+
+static int traverse_string(const unsigned char *p, int len, int inform,
+                 int (*rfunc)(unsigned long value, void *in), void *arg)
+{
+        unsigned long value;
+        int ret;
+        while(len) {
+                if(inform == MBSTRING_ASC) {
+                        value = *p++;
+                        len--;
+                } else if(inform == MBSTRING_BMP) {
+                        value = *p++ << 8;
+                        value |= *p++;
+                        len -= 2;
+                } else if(inform == MBSTRING_UNIV) {
+                        value = ((unsigned long)*p++) << 24;
+                        value |= ((unsigned long)*p++) << 16;
+                        value |= *p++ << 8;
+                        value |= *p++;
+                        len -= 4;
+                } else {
+                        ret = UTF8_getc(p, len, &value);
+                        if(ret < 0) return -1;
+                        len -= ret;
+                        p += ret;
+                }
+                if(rfunc) {
+                        ret = rfunc(value, arg);
+                        if(ret <= 0) return ret;
+                }
+        }
+        return 1;
+}
+
+/* Various utility functions for traverse_string */
+
+/* Just count number of characters */
+
+static int in_utf8(unsigned long value, void *arg)
+{
+        int *nchar;
+        nchar = arg;
+        (*nchar)++;
+        return 1;
+}
+
+/* Determine size of output as a UTF8 String */
+
+static int out_utf8(unsigned long value, void *arg)
+{
+        int *outlen;
+        outlen = arg;
+        *outlen += UTF8_putc(NULL, -1, value);
+        return 1;
+}
+
+/* Determine the "type" of a string: check each character against a
+ * supplied "mask".
+ */
+
+static int type_str(unsigned long value, void *arg)
+{
+        unsigned long types;
+        types = *((unsigned long *)arg);
+        if((types & B_ASN1_PRINTABLESTRING) && !is_printable(value))
+                                        types &= ~B_ASN1_PRINTABLESTRING;
+        if((types & B_ASN1_IA5STRING) && (value > 127))
+                                        types &= ~B_ASN1_IA5STRING;
+        if((types & B_ASN1_T61STRING) && (value > 0xff))
+                                        types &= ~B_ASN1_T61STRING;
+        if((types & B_ASN1_BMPSTRING) && (value > 0xffff))
+                                        types &= ~B_ASN1_BMPSTRING;
+        if(!types) return -1;
+        *((unsigned long *)arg) = types;
+        return 1;
+}
+
+/* Copy one byte per character ASCII like strings */
+
+static int cpy_asc(unsigned long value, void *arg)
+{
+        unsigned char **p, *q;
+        p = arg;
+        q = *p;
+        *q = (unsigned char) value;
+        (*p)++;
+        return 1;
+}
+
+/* Copy two byte per character BMPStrings */
+
+static int cpy_bmp(unsigned long value, void *arg)
+{
+        unsigned char **p, *q;
+        p = arg;
+        q = *p;
+        *q++ = (unsigned char) ((value >> 8) & 0xff);
+        *q = (unsigned char) (value & 0xff);
+        *p += 2;
+        return 1;
+}
+
+/* Copy four byte per character UniversalStrings */
+
+static int cpy_univ(unsigned long value, void *arg)
+{
+        unsigned char **p, *q;
+        p = arg;
+        q = *p;
+        *q++ = (unsigned char) ((value >> 24) & 0xff);
+        *q++ = (unsigned char) ((value >> 16) & 0xff);
+        *q++ = (unsigned char) ((value >> 8) & 0xff);
+        *q = (unsigned char) (value & 0xff);
+        *p += 4;
+        return 1;
+}
+
+/* Copy to a UTF8String */
+
+static int cpy_utf8(unsigned long value, void *arg)
+{
+        unsigned char **p;
+        int ret;
+        p = arg;
+        /* We already know there is enough room so pass 0xff as the length */
+        ret = UTF8_putc(*p, 0xff, value);
+        *p += ret;
+        return 1;
+}
+
+/* Return 1 if the character is permitted in a PrintableString */
+static int is_printable(unsigned long value)
+{
+        int ch;
+        if(value > 0x7f) return 0;
+        ch = (int) value;
+        /* Note: we can't use 'isalnum' because certain accented 
+         * characters may count as alphanumeric in some environments.
+         */
+#ifndef CHARSET_EBCDIC
+        if((ch >= 'a') && (ch <= 'z')) return 1;
+        if((ch >= 'A') && (ch <= 'Z')) return 1;
+        if((ch >= '0') && (ch <= '9')) return 1;
+        if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1;
+#else /*CHARSET_EBCDIC*/
+        if((ch >= os_toascii['a']) && (ch <= os_toascii['z'])) return 1;
+        if((ch >= os_toascii['A']) && (ch <= os_toascii['Z'])) return 1;
+        if((ch >= os_toascii['0']) && (ch <= os_toascii['9'])) return 1;
+        if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch])) return 1;
+#endif /*CHARSET_EBCDIC*/
+        return 0;
+}
diff --git a/src/lib/libcrypto/asn1/a_meth.c b/src/lib/libcrypto/asn1/a_meth.c
new file mode 100644
index 0000000000..50bea917e3
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_meth.c
@@ -0,0 +1,84 @@
+/* crypto/asn1/a_meth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+static  ASN1_METHOD ia5string_meth={
+        (I2D_OF(void))  i2d_ASN1_IA5STRING,
+        (D2I_OF(void))  d2i_ASN1_IA5STRING,
+        (void *(*)(void))ASN1_STRING_new,
+        (void (*)(void *))ASN1_STRING_free};
+
+static  ASN1_METHOD bit_string_meth={
+        (I2D_OF(void))  i2d_ASN1_BIT_STRING,
+        (D2I_OF(void))  d2i_ASN1_BIT_STRING,
+        (void *(*)(void))ASN1_STRING_new,
+        (void (*)(void *))ASN1_STRING_free};
+
+ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void)
+        {
+        return(&ia5string_meth);
+        }
+
+ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void)
+        {
+        return(&bit_string_meth);
+        }
diff --git a/src/lib/libcrypto/asn1/a_object.c b/src/lib/libcrypto/asn1/a_object.c
new file mode 100644
index 0000000000..dc980421d0
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_object.c
@@ -0,0 +1,386 @@
+/* crypto/asn1/a_object.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+
+int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
+        {
+        unsigned char *p;
+        int objsize;
+
+        if ((a == NULL) || (a->data == NULL)) return(0);
+
+        objsize = ASN1_object_size(0,a->length,V_ASN1_OBJECT);
+        if (pp == NULL) return objsize;
+
+        p= *pp;
+        ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
+        memcpy(p,a->data,a->length);
+        p+=a->length;
+
+        *pp=p;
+        return(objsize);
+        }
+
+int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
+        {
+        int i,first,len=0,c, use_bn;
+        char ftmp[24], *tmp = ftmp;
+        int tmpsize = sizeof ftmp;
+        const char *p;
+        unsigned long l;
+        BIGNUM *bl = NULL;
+
+        if (num == 0)
+                return(0);
+        else if (num == -1)
+                num=strlen(buf);
+
+        p=buf;
+        c= *(p++);
+        num--;
+        if ((c >= '0') && (c <= '2'))
+                {
+                first= c-'0';
+                }
+        else
+                {
+                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_FIRST_NUM_TOO_LARGE);
+                goto err;
+                }
+
+        if (num <= 0)
+                {
+                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_MISSING_SECOND_NUMBER);
+                goto err;
+                }
+        c= *(p++);
+        num--;
+        for (;;)
+                {
+                if (num <= 0) break;
+                if ((c != '.') && (c != ' '))
+                        {
+                        ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_SEPARATOR);
+                        goto err;
+                        }
+                l=0;
+                use_bn = 0;
+                for (;;)
+                        {
+                        if (num <= 0) break;
+                        num--;
+                        c= *(p++);
+                        if ((c == ' ') || (c == '.'))
+                                break;
+                        if ((c < '0') || (c > '9'))
+                                {
+                                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
+                                goto err;
+                                }
+                        if (!use_bn && l > (ULONG_MAX / 10L))
+                                {
+                                use_bn = 1;
+                                if (!bl)
+                                        bl = BN_new();
+                                if (!bl || !BN_set_word(bl, l))
+                                        goto err;
+                                }
+                        if (use_bn)
+                                {
+                                if (!BN_mul_word(bl, 10L)
+                                        || !BN_add_word(bl, c-'0'))
+                                        goto err;
+                                }
+                        else
+                                l=l*10L+(long)(c-'0');
+                        }
+                if (len == 0)
+                        {
+                        if ((first < 2) && (l >= 40))
+                                {
+                                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE);
+                                goto err;
+                                }
+                        if (use_bn)
+                                {
+                                if (!BN_add_word(bl, first * 40))
+                                        goto err;
+                                }
+                        else
+                                l+=(long)first*40;
+                        }
+                i=0;
+                if (use_bn)
+                        {
+                        int blsize;
+                        blsize = BN_num_bits(bl);
+                        blsize = (blsize + 6)/7;
+                        if (blsize > tmpsize)
+                                {
+                                if (tmp != ftmp)
+                                        OPENSSL_free(tmp);
+                                tmpsize = blsize + 32;
+                                tmp = OPENSSL_malloc(tmpsize);
+                                if (!tmp)
+                                        goto err;
+                                }
+                        while(blsize--)
+                                tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L);
+                        }
+                else
+                        {
+                                        
+                        for (;;)
+                                {
+                                tmp[i++]=(unsigned char)l&0x7f;
+                                l>>=7L;
+                                if (l == 0L) break;
+                                }
+
+                        }
+                if (out != NULL)
+                        {
+                        if (len+i > olen)
+                                {
+                                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_BUFFER_TOO_SMALL);
+                                goto err;
+                                }
+                        while (--i > 0)
+                                out[len++]=tmp[i]|0x80;
+                        out[len++]=tmp[0];
+                        }
+                else
+                        len+=i;
+                }
+        if (tmp != ftmp)
+                OPENSSL_free(tmp);
+        if (bl)
+                BN_free(bl);
+        return(len);
+err:
+        if (tmp != ftmp)
+                OPENSSL_free(tmp);
+        if (bl)
+                BN_free(bl);
+        return(0);
+        }
+
+int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
+{
+        return OBJ_obj2txt(buf, buf_len, a, 0);
+}
+
+int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
+        {
+        char buf[80], *p = buf;
+        int i;
+
+        if ((a == NULL) || (a->data == NULL))
+                return(BIO_write(bp,"NULL",4));
+        i=i2t_ASN1_OBJECT(buf,sizeof buf,a);
+        if (i > (int)(sizeof(buf) - 1))
+                {
+                p = OPENSSL_malloc(i + 1);
+                if (!p)
+                        return -1;
+                i2t_ASN1_OBJECT(p,i + 1,a);
+                }
+        if (i <= 0)
+                return BIO_write(bp, "<INVALID>", 9);
+        BIO_write(bp,p,i);
+        if (p != buf)
+                OPENSSL_free(p);
+        return(i);
+        }
+
+ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+             long length)
+{
+        const unsigned char *p;
+        long len;
+        int tag,xclass;
+        int inf,i;
+        ASN1_OBJECT *ret = NULL;
+        p= *pp;
+        inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+        if (inf & 0x80)
+                {
+                i=ASN1_R_BAD_OBJECT_HEADER;
+                goto err;
+                }
+
+        if (tag != V_ASN1_OBJECT)
+                {
+                i=ASN1_R_EXPECTING_AN_OBJECT;
+                goto err;
+                }
+        ret = c2i_ASN1_OBJECT(a, &p, len);
+        if(ret) *pp = p;
+        return ret;
+err:
+        ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                ASN1_OBJECT_free(ret);
+        return(NULL);
+}
+ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+             long len)
+        {
+        ASN1_OBJECT *ret=NULL;
+        const unsigned char *p;
+        int i;
+
+        /* only the ASN1_OBJECTs from the 'table' will have values
+         * for ->sn or ->ln */
+        if ((a == NULL) || ((*a) == NULL) ||
+                !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
+                {
+                if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
+                }
+        else    ret=(*a);
+
+        p= *pp;
+        if ((ret->data == NULL) || (ret->length < len))
+                {
+                if (ret->data != NULL) OPENSSL_free(ret->data);
+                ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1);
+                ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+                if (ret->data == NULL)
+                        { i=ERR_R_MALLOC_FAILURE; goto err; }
+                }
+        memcpy(ret->data,p,(int)len);
+        ret->length=(int)len;
+        ret->sn=NULL;
+        ret->ln=NULL;
+        /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
+        p+=len;
+
+        if (a != NULL) (*a)=ret;
+        *pp=p;
+        return(ret);
+err:
+        ASN1err(ASN1_F_C2I_ASN1_OBJECT,i);
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                ASN1_OBJECT_free(ret);
+        return(NULL);
+        }
+
+ASN1_OBJECT *ASN1_OBJECT_new(void)
+        {
+        ASN1_OBJECT *ret;
+
+        ret=(ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT));
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        ret->length=0;
+        ret->data=NULL;
+        ret->nid=0;
+        ret->sn=NULL;
+        ret->ln=NULL;
+        ret->flags=ASN1_OBJECT_FLAG_DYNAMIC;
+        return(ret);
+        }
+
+void ASN1_OBJECT_free(ASN1_OBJECT *a)
+        {
+        if (a == NULL) return;
+        if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS)
+                {
+#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause memory leaks */
+                if (a->sn != NULL) OPENSSL_free((void *)a->sn);
+                if (a->ln != NULL) OPENSSL_free((void *)a->ln);
+#endif
+                a->sn=a->ln=NULL;
+                }
+        if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA)
+                {
+                if (a->data != NULL) OPENSSL_free(a->data);
+                a->data=NULL;
+                a->length=0;
+                }
+        if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
+                OPENSSL_free(a);
+        }
+
+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
+             const char *sn, const char *ln)
+        {
+        ASN1_OBJECT o;
+
+        o.sn=sn;
+        o.ln=ln;
+        o.data=data;
+        o.nid=nid;
+        o.length=len;
+        o.flags=ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
+                ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+        return(OBJ_dup(&o));
+        }
+
+IMPLEMENT_STACK_OF(ASN1_OBJECT)
+IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT)
diff --git a/src/lib/libcrypto/asn1/a_octet.c b/src/lib/libcrypto/asn1/a_octet.c
new file mode 100644
index 0000000000..24fd0f8e5a
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_octet.c
@@ -0,0 +1,71 @@
+/* crypto/asn1/a_octet.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x)
+{ return M_ASN1_OCTET_STRING_dup(x); }
+
+int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b)
+{ return M_ASN1_OCTET_STRING_cmp(a, b); }
+
+int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len)
+{ return M_ASN1_OCTET_STRING_set(x, d, len); }
+
diff --git a/src/lib/libcrypto/asn1/a_print.c b/src/lib/libcrypto/asn1/a_print.c
new file mode 100644
index 0000000000..d18e772320
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_print.c
@@ -0,0 +1,127 @@
+/* crypto/asn1/a_print.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+int ASN1_PRINTABLE_type(const unsigned char *s, int len)
+        {
+        int c;
+        int ia5=0;
+        int t61=0;
+
+        if (len <= 0) len= -1;
+        if (s == NULL) return(V_ASN1_PRINTABLESTRING);
+
+        while ((*s) && (len-- != 0))
+                {
+                c= *(s++);
+#ifndef CHARSET_EBCDIC
+                if (!(  ((c >= 'a') && (c <= 'z')) ||
+                        ((c >= 'A') && (c <= 'Z')) ||
+                        (c == ' ') ||
+                        ((c >= '0') && (c <= '9')) ||
+                        (c == ' ') || (c == '\'') ||
+                        (c == '(') || (c == ')') ||
+                        (c == '+') || (c == ',') ||
+                        (c == '-') || (c == '.') ||
+                        (c == '/') || (c == ':') ||
+                        (c == '=') || (c == '?')))
+                        ia5=1;
+                if (c&0x80)
+                        t61=1;
+#else
+                if (!isalnum(c) && (c != ' ') &&
+                    strchr("'()+,-./:=?", c) == NULL)
+                        ia5=1;
+                if (os_toascii[c] & 0x80)
+                        t61=1;
+#endif
+                }
+        if (t61) return(V_ASN1_T61STRING);
+        if (ia5) return(V_ASN1_IA5STRING);
+        return(V_ASN1_PRINTABLESTRING);
+        }
+
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
+        {
+        int i;
+        unsigned char *p;
+
+        if (s->type != V_ASN1_UNIVERSALSTRING) return(0);
+        if ((s->length%4) != 0) return(0);
+        p=s->data;
+        for (i=0; i<s->length; i+=4)
+                {
+                if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0'))
+                        break;
+                else
+                        p+=4;
+                }
+        if (i < s->length) return(0);
+        p=s->data;
+        for (i=3; i<s->length; i+=4)
+                {
+                *(p++)=s->data[i];
+                }
+        *(p)='\0';
+        s->length/=4;
+        s->type=ASN1_PRINTABLE_type(s->data,s->length);
+        return(1);
+        }
diff --git a/src/lib/libcrypto/asn1/a_set.c b/src/lib/libcrypto/asn1/a_set.c
new file mode 100644
index 0000000000..958558c204
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_set.c
@@ -0,0 +1,238 @@
+/* crypto/asn1/a_set.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1_mac.h>
+
+#ifndef NO_ASN1_OLD
+
+typedef struct
+    {
+    unsigned char *pbData;
+    int cbData;
+    } MYBLOB;
+
+/* SetBlobCmp
+ * This function compares two elements of SET_OF block
+ */
+static int SetBlobCmp(const void *elem1, const void *elem2 )
+    {
+    const MYBLOB *b1 = (const MYBLOB *)elem1;
+    const MYBLOB *b2 = (const MYBLOB *)elem2;
+    int r;
+
+    r = memcmp(b1->pbData, b2->pbData,
+               b1->cbData < b2->cbData ? b1->cbData : b2->cbData);
+    if(r != 0)
+        return r;
+    return b1->cbData-b2->cbData;
+    }
+
+/* int is_set:  if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)    */
+int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
+                 int ex_class, int is_set)
+        {
+        int ret=0,r;
+        int i;
+        unsigned char *p;
+        unsigned char *pStart, *pTempMem;
+        MYBLOB *rgSetBlob;
+        int totSize;
+
+        if (a == NULL) return(0);
+        for (i=sk_num(a)-1; i>=0; i--)
+                ret+=i2d(sk_value(a,i),NULL);
+        r=ASN1_object_size(1,ret,ex_tag);
+        if (pp == NULL) return(r);
+
+        p= *pp;
+        ASN1_put_object(&p,1,ret,ex_tag,ex_class);
+
+/* Modified by gp@nsj.co.jp */
+        /* And then again by Ben */
+        /* And again by Steve */
+
+        if(!is_set || (sk_num(a) < 2))
+                {
+                for (i=0; i<sk_num(a); i++)
+                        i2d(sk_value(a,i),&p);
+
+                *pp=p;
+                return(r);
+                }
+
+        pStart  = p; /* Catch the beg of Setblobs*/
+                /* In this array we will store the SET blobs */
+                rgSetBlob = (MYBLOB *)OPENSSL_malloc(sk_num(a) * sizeof(MYBLOB));
+                if (rgSetBlob == NULL)
+                        {
+                        ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+
+        for (i=0; i<sk_num(a); i++)
+                {
+                rgSetBlob[i].pbData = p;  /* catch each set encode blob */
+                i2d(sk_value(a,i),&p);
+                rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
+SetBlob
+*/
+                }
+        *pp=p;
+        totSize = p - pStart; /* This is the total size of all set blobs */
+
+ /* Now we have to sort the blobs. I am using a simple algo.
+    *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
+        qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
+                if (!(pTempMem = OPENSSL_malloc(totSize)))
+                        {
+                        ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+
+/* Copy to temp mem */
+        p = pTempMem;
+        for(i=0; i<sk_num(a); ++i)
+                {
+                memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
+                p += rgSetBlob[i].cbData;
+                }
+
+/* Copy back to user mem*/
+        memcpy(pStart, pTempMem, totSize);
+        OPENSSL_free(pTempMem);
+        OPENSSL_free(rgSetBlob);
+
+        return(r);
+        }
+
+STACK *d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
+                    d2i_of_void *d2i, void (*free_func)(void *), int ex_tag,
+                    int ex_class)
+        {
+        ASN1_const_CTX c;
+        STACK *ret=NULL;
+
+        if ((a == NULL) || ((*a) == NULL))
+                {
+                if ((ret=sk_new_null()) == NULL)
+                        {
+                        ASN1err(ASN1_F_D2I_ASN1_SET,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                }
+        else
+                ret=(*a);
+
+        c.p= *pp;
+        c.max=(length == 0)?0:(c.p+length);
+
+        c.inf=ASN1_get_object(&c.p,&c.slen,&c.tag,&c.xclass,c.max-c.p);
+        if (c.inf & 0x80) goto err;
+        if (ex_class != c.xclass)
+                {
+                ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_BAD_CLASS);
+                goto err;
+                }
+        if (ex_tag != c.tag)
+                {
+                ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_BAD_TAG);
+                goto err;
+                }
+        if ((c.slen+c.p) > c.max)
+                {
+                ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_LENGTH_ERROR);
+                goto err;
+                }
+        /* check for infinite constructed - it can be as long
+         * as the amount of data passed to us */
+        if (c.inf == (V_ASN1_CONSTRUCTED+1))
+                c.slen=length+ *pp-c.p;
+        c.max=c.p+c.slen;
+
+        while (c.p < c.max)
+                {
+                char *s;
+
+                if (M_ASN1_D2I_end_sequence()) break;
+                /* XXX: This was called with 4 arguments, incorrectly, it seems
+                   if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) */
+                if ((s=d2i(NULL,&c.p,c.slen)) == NULL)
+                        {
+                        ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_ERROR_PARSING_SET_ELEMENT);
+                        asn1_add_error(*pp,(int)(c.q- *pp));
+                        goto err;
+                        }
+                if (!sk_push(ret,s)) goto err;
+                }
+        if (a != NULL) (*a)=ret;
+        *pp=c.p;
+        return(ret);
+err:
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                {
+                if (free_func != NULL)
+                        sk_pop_free(ret,free_func);
+                else
+                        sk_free(ret);
+                }
+        return(NULL);
+        }
+
+#endif
diff --git a/src/lib/libcrypto/asn1/a_sign.c b/src/lib/libcrypto/asn1/a_sign.c
new file mode 100644
index 0000000000..1081950518
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_sign.c
@@ -0,0 +1,295 @@
+/* crypto/asn1/a_sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <time.h>
+
+#include "cryptlib.h"
+
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
+              ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
+              const EVP_MD *type)
+        {
+        EVP_MD_CTX ctx;
+        unsigned char *p,*buf_in=NULL,*buf_out=NULL;
+        int i,inl=0,outl=0,outll=0;
+        X509_ALGOR *a;
+
+        EVP_MD_CTX_init(&ctx);
+        for (i=0; i<2; i++)
+                {
+                if (i == 0)
+                        a=algor1;
+                else
+                        a=algor2;
+                if (a == NULL) continue;
+                if (type->pkey_type == NID_dsaWithSHA1)
+                        {
+                        /* special case: RFC 2459 tells us to omit 'parameters'
+                         * with id-dsa-with-sha1 */
+                        ASN1_TYPE_free(a->parameter);
+                        a->parameter = NULL;
+                        }
+                else if ((a->parameter == NULL) || 
+                        (a->parameter->type != V_ASN1_NULL))
+                        {
+                        ASN1_TYPE_free(a->parameter);
+                        if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
+                        a->parameter->type=V_ASN1_NULL;
+                        }
+                ASN1_OBJECT_free(a->algorithm);
+                a->algorithm=OBJ_nid2obj(type->pkey_type);
+                if (a->algorithm == NULL)
+                        {
+                        ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
+                        goto err;
+                        }
+                if (a->algorithm->length == 0)
+                        {
+                        ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+                        goto err;
+                        }
+                }
+        inl=i2d(data,NULL);
+        buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl);
+        outll=outl=EVP_PKEY_size(pkey);
+        buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
+        if ((buf_in == NULL) || (buf_out == NULL))
+                {
+                outl=0;
+                ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        p=buf_in;
+
+        i2d(data,&p);
+        EVP_SignInit_ex(&ctx,type, NULL);
+        EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
+        if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
+                        (unsigned int *)&outl,pkey))
+                {
+                outl=0;
+                ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
+                goto err;
+                }
+        if (signature->data != NULL) OPENSSL_free(signature->data);
+        signature->data=buf_out;
+        buf_out=NULL;
+        signature->length=outl;
+        /* In the interests of compatibility, I'll make sure that
+         * the bit string has a 'not-used bits' value of 0
+         */
+        signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+        signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+err:
+        EVP_MD_CTX_cleanup(&ctx);
+        if (buf_in != NULL)
+                { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
+        if (buf_out != NULL)
+                { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
+        return(outl);
+        }
+
+#endif
+
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
+             ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey,
+             const EVP_MD *type)
+        {
+        EVP_MD_CTX ctx;
+        unsigned char *buf_in=NULL,*buf_out=NULL;
+        int i,inl=0,outl=0,outll=0;
+        X509_ALGOR *a;
+
+        EVP_MD_CTX_init(&ctx);
+        for (i=0; i<2; i++)
+                {
+                if (i == 0)
+                        a=algor1;
+                else
+                        a=algor2;
+                if (a == NULL) continue;
+                if (type->pkey_type == NID_dsaWithSHA1 ||
+                        type->pkey_type == NID_ecdsa_with_SHA1)
+                        {
+                        /* special case: RFC 3279 tells us to omit 'parameters'
+                         * with id-dsa-with-sha1 and ecdsa-with-SHA1 */
+                        ASN1_TYPE_free(a->parameter);
+                        a->parameter = NULL;
+                        }
+                else if ((a->parameter == NULL) || 
+                        (a->parameter->type != V_ASN1_NULL))
+                        {
+                        ASN1_TYPE_free(a->parameter);
+                        if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
+                        a->parameter->type=V_ASN1_NULL;
+                        }
+                ASN1_OBJECT_free(a->algorithm);
+                a->algorithm=OBJ_nid2obj(type->pkey_type);
+                if (a->algorithm == NULL)
+                        {
+                        ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
+                        goto err;
+                        }
+                if (a->algorithm->length == 0)
+                        {
+                        ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+                        goto err;
+                        }
+                }
+        inl=ASN1_item_i2d(asn,&buf_in, it);
+        outll=outl=EVP_PKEY_size(pkey);
+        buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
+        if ((buf_in == NULL) || (buf_out == NULL))
+                {
+                outl=0;
+                ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        EVP_SignInit_ex(&ctx,type, NULL);
+        EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
+        if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
+                        (unsigned int *)&outl,pkey))
+                {
+                outl=0;
+                ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB);
+                goto err;
+                }
+        if (signature->data != NULL) OPENSSL_free(signature->data);
+        signature->data=buf_out;
+        buf_out=NULL;
+        signature->length=outl;
+        /* In the interests of compatibility, I'll make sure that
+         * the bit string has a 'not-used bits' value of 0
+         */
+        signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+        signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+err:
+        EVP_MD_CTX_cleanup(&ctx);
+        if (buf_in != NULL)
+                { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
+        if (buf_out != NULL)
+                { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
+        return(outl);
+        }
diff --git a/src/lib/libcrypto/asn1/a_strex.c b/src/lib/libcrypto/asn1/a_strex.c
new file mode 100644
index 0000000000..c2dbb6f9a5
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_strex.c
@@ -0,0 +1,567 @@
+/* a_strex.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+
+#include "charmap.h"
+
+/* ASN1_STRING_print_ex() and X509_NAME_print_ex().
+ * Enhanced string and name printing routines handling
+ * multibyte characters, RFC2253 and a host of other
+ * options.
+ */
+
+
+#define CHARTYPE_BS_ESC         (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
+
+
+/* Three IO functions for sending data to memory, a BIO and
+ * and a FILE pointer.
+ */
+#if 0                           /* never used */
+static int send_mem_chars(void *arg, const void *buf, int len)
+{
+        unsigned char **out = arg;
+        if(!out) return 1;
+        memcpy(*out, buf, len);
+        *out += len;
+        return 1;
+}
+#endif
+
+static int send_bio_chars(void *arg, const void *buf, int len)
+{
+        if(!arg) return 1;
+        if(BIO_write(arg, buf, len) != len) return 0;
+        return 1;
+}
+
+static int send_fp_chars(void *arg, const void *buf, int len)
+{
+        if(!arg) return 1;
+        if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;
+        return 1;
+}
+
+typedef int char_io(void *arg, const void *buf, int len);
+
+/* This function handles display of
+ * strings, one character at a time.
+ * It is passed an unsigned long for each
+ * character because it could come from 2 or even
+ * 4 byte forms.
+ */
+
+static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg)
+{
+        unsigned char chflgs, chtmp;
+        char tmphex[HEX_SIZE(long)+3];
+
+        if(c > 0xffffffffL)
+                return -1;
+        if(c > 0xffff) {
+                BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c);
+                if(!io_ch(arg, tmphex, 10)) return -1;
+                return 10;
+        }
+        if(c > 0xff) {
+                BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c);
+                if(!io_ch(arg, tmphex, 6)) return -1;
+                return 6;
+        }
+        chtmp = (unsigned char)c;
+        if(chtmp > 0x7f) chflgs = flags & ASN1_STRFLGS_ESC_MSB;
+        else chflgs = char_type[chtmp] & flags;
+        if(chflgs & CHARTYPE_BS_ESC) {
+                /* If we don't escape with quotes, signal we need quotes */
+                if(chflgs & ASN1_STRFLGS_ESC_QUOTE) {
+                        if(do_quotes) *do_quotes = 1;
+                        if(!io_ch(arg, &chtmp, 1)) return -1;
+                        return 1;
+                }
+                if(!io_ch(arg, "\\", 1)) return -1;
+                if(!io_ch(arg, &chtmp, 1)) return -1;
+                return 2;
+        }
+        if(chflgs & (ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_ESC_MSB)) {
+                BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
+                if(!io_ch(arg, tmphex, 3)) return -1;
+                return 3;
+        }
+        if(!io_ch(arg, &chtmp, 1)) return -1;
+        return 1;
+}
+
+#define BUF_TYPE_WIDTH_MASK     0x7
+#define BUF_TYPE_CONVUTF8       0x8
+
+/* This function sends each character in a buffer to
+ * do_esc_char(). It interprets the content formats
+ * and converts to or from UTF8 as appropriate.
+ */
+
+static int do_buf(unsigned char *buf, int buflen,
+                        int type, unsigned char flags, char *quotes, char_io *io_ch, void *arg)
+{
+        int i, outlen, len;
+        unsigned char orflags, *p, *q;
+        unsigned long c;
+        p = buf;
+        q = buf + buflen;
+        outlen = 0;
+        while(p != q) {
+                if(p == buf && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_FIRST_ESC_2253;
+                else orflags = 0;
+                switch(type & BUF_TYPE_WIDTH_MASK) {
+                        case 4:
+                        c = ((unsigned long)*p++) << 24;
+                        c |= ((unsigned long)*p++) << 16;
+                        c |= ((unsigned long)*p++) << 8;
+                        c |= *p++;
+                        break;
+
+                        case 2:
+                        c = ((unsigned long)*p++) << 8;
+                        c |= *p++;
+                        break;
+
+                        case 1:
+                        c = *p++;
+                        break;
+                        
+                        case 0:
+                        i = UTF8_getc(p, buflen, &c);
+                        if(i < 0) return -1;    /* Invalid UTF8String */
+                        p += i;
+                        break;
+                        default:
+                        return -1;      /* invalid width */
+                }
+                if (p == q && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_LAST_ESC_2253;
+                if(type & BUF_TYPE_CONVUTF8) {
+                        unsigned char utfbuf[6];
+                        int utflen;
+                        utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
+                        for(i = 0; i < utflen; i++) {
+                                /* We don't need to worry about setting orflags correctly
+                                 * because if utflen==1 its value will be correct anyway 
+                                 * otherwise each character will be > 0x7f and so the 
+                                 * character will never be escaped on first and last.
+                                 */
+                                len = do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), quotes, io_ch, arg);
+                                if(len < 0) return -1;
+                                outlen += len;
+                        }
+                } else {
+                        len = do_esc_char(c, (unsigned char)(flags | orflags), quotes, io_ch, arg);
+                        if(len < 0) return -1;
+                        outlen += len;
+                }
+        }
+        return outlen;
+}
+
+/* This function hex dumps a buffer of characters */
+
+static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen)
+{
+        static const char hexdig[] = "0123456789ABCDEF";
+        unsigned char *p, *q;
+        char hextmp[2];
+        if(arg) {
+                p = buf;
+                q = buf + buflen;
+                while(p != q) {
+                        hextmp[0] = hexdig[*p >> 4];
+                        hextmp[1] = hexdig[*p & 0xf];
+                        if(!io_ch(arg, hextmp, 2)) return -1;
+                        p++;
+                }
+        }
+        return buflen << 1;
+}
+
+/* "dump" a string. This is done when the type is unknown,
+ * or the flags request it. We can either dump the content
+ * octets or the entire DER encoding. This uses the RFC2253
+ * #01234 format.
+ */
+
+static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
+{
+        /* Placing the ASN1_STRING in a temp ASN1_TYPE allows
+         * the DER encoding to readily obtained
+         */
+        ASN1_TYPE t;
+        unsigned char *der_buf, *p;
+        int outlen, der_len;
+
+        if(!io_ch(arg, "#", 1)) return -1;
+        /* If we don't dump DER encoding just dump content octets */
+        if(!(lflags & ASN1_STRFLGS_DUMP_DER)) {
+                outlen = do_hex_dump(io_ch, arg, str->data, str->length);
+                if(outlen < 0) return -1;
+                return outlen + 1;
+        }
+        t.type = str->type;
+        t.value.ptr = (char *)str;
+        der_len = i2d_ASN1_TYPE(&t, NULL);
+        der_buf = OPENSSL_malloc(der_len);
+        if(!der_buf) return -1;
+        p = der_buf;
+        i2d_ASN1_TYPE(&t, &p);
+        outlen = do_hex_dump(io_ch, arg, der_buf, der_len);
+        OPENSSL_free(der_buf);
+        if(outlen < 0) return -1;
+        return outlen + 1;
+}
+
+/* Lookup table to convert tags to character widths,
+ * 0 = UTF8 encoded, -1 is used for non string types
+ * otherwise it is the number of bytes per character
+ */
+
+static const signed char tag2nbyte[] = {
+        -1, -1, -1, -1, -1,     /* 0-4 */
+        -1, -1, -1, -1, -1,     /* 5-9 */
+        -1, -1, 0, -1,          /* 10-13 */
+        -1, -1, -1, -1,         /* 15-17 */
+        -1, 1, 1,               /* 18-20 */
+        -1, 1, 1, 1,            /* 21-24 */
+        -1, 1, -1,              /* 25-27 */
+        4, -1, 2                /* 28-30 */
+};
+
+#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
+                  ASN1_STRFLGS_ESC_QUOTE | \
+                  ASN1_STRFLGS_ESC_CTRL | \
+                  ASN1_STRFLGS_ESC_MSB)
+
+/* This is the main function, print out an
+ * ASN1_STRING taking note of various escape
+ * and display options. Returns number of
+ * characters written or -1 if an error
+ * occurred.
+ */
+
+static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STRING *str)
+{
+        int outlen, len;
+        int type;
+        char quotes;
+        unsigned char flags;
+        quotes = 0;
+        /* Keep a copy of escape flags */
+        flags = (unsigned char)(lflags & ESC_FLAGS);
+
+        type = str->type;
+
+        outlen = 0;
+
+
+        if(lflags & ASN1_STRFLGS_SHOW_TYPE) {
+                const char *tagname;
+                tagname = ASN1_tag2str(type);
+                outlen += strlen(tagname);
+                if(!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) return -1; 
+                outlen++;
+        }
+
+        /* Decide what to do with type, either dump content or display it */
+
+        /* Dump everything */
+        if(lflags & ASN1_STRFLGS_DUMP_ALL) type = -1;
+        /* Ignore the string type */
+        else if(lflags & ASN1_STRFLGS_IGNORE_TYPE) type = 1;
+        else {
+                /* Else determine width based on type */
+                if((type > 0) && (type < 31)) type = tag2nbyte[type];
+                else type = -1;
+                if((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) type = 1;
+        }
+
+        if(type == -1) {
+                len = do_dump(lflags, io_ch, arg, str);
+                if(len < 0) return -1;
+                outlen += len;
+                return outlen;
+        }
+
+        if(lflags & ASN1_STRFLGS_UTF8_CONVERT) {
+                /* Note: if string is UTF8 and we want
+                 * to convert to UTF8 then we just interpret
+                 * it as 1 byte per character to avoid converting
+                 * twice.
+                 */
+                if(!type) type = 1;
+                else type |= BUF_TYPE_CONVUTF8;
+        }
+
+        len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);
+        if(len < 0) return -1;
+        outlen += len;
+        if(quotes) outlen += 2;
+        if(!arg) return outlen;
+        if(quotes && !io_ch(arg, "\"", 1)) return -1;
+        if(do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0)
+                return -1;
+        if(quotes && !io_ch(arg, "\"", 1)) return -1;
+        return outlen;
+}
+
+/* Used for line indenting: print 'indent' spaces */
+
+static int do_indent(char_io *io_ch, void *arg, int indent)
+{
+        int i;
+        for(i = 0; i < indent; i++)
+                        if(!io_ch(arg, " ", 1)) return 0;
+        return 1;
+}
+
+#define FN_WIDTH_LN     25
+#define FN_WIDTH_SN     10
+
+static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
+                                int indent, unsigned long flags)
+{
+        int i, prev = -1, orflags, cnt;
+        int fn_opt, fn_nid;
+        ASN1_OBJECT *fn;
+        ASN1_STRING *val;
+        X509_NAME_ENTRY *ent;
+        char objtmp[80];
+        const char *objbuf;
+        int outlen, len;
+        char *sep_dn, *sep_mv, *sep_eq;
+        int sep_dn_len, sep_mv_len, sep_eq_len;
+        if(indent < 0) indent = 0;
+        outlen = indent;
+        if(!do_indent(io_ch, arg, indent)) return -1;
+        switch (flags & XN_FLAG_SEP_MASK)
+        {
+                case XN_FLAG_SEP_MULTILINE:
+                sep_dn = "\n";
+                sep_dn_len = 1;
+                sep_mv = " + ";
+                sep_mv_len = 3;
+                break;
+
+                case XN_FLAG_SEP_COMMA_PLUS:
+                sep_dn = ",";
+                sep_dn_len = 1;
+                sep_mv = "+";
+                sep_mv_len = 1;
+                indent = 0;
+                break;
+
+                case XN_FLAG_SEP_CPLUS_SPC:
+                sep_dn = ", ";
+                sep_dn_len = 2;
+                sep_mv = " + ";
+                sep_mv_len = 3;
+                indent = 0;
+                break;
+
+                case XN_FLAG_SEP_SPLUS_SPC:
+                sep_dn = "; ";
+                sep_dn_len = 2;
+                sep_mv = " + ";
+                sep_mv_len = 3;
+                indent = 0;
+                break;
+
+                default:
+                return -1;
+        }
+
+        if(flags & XN_FLAG_SPC_EQ) {
+                sep_eq = " = ";
+                sep_eq_len = 3;
+        } else {
+                sep_eq = "=";
+                sep_eq_len = 1;
+        }
+
+        fn_opt = flags & XN_FLAG_FN_MASK;
+
+        cnt = X509_NAME_entry_count(n); 
+        for(i = 0; i < cnt; i++) {
+                if(flags & XN_FLAG_DN_REV)
+                                ent = X509_NAME_get_entry(n, cnt - i - 1);
+                else ent = X509_NAME_get_entry(n, i);
+                if(prev != -1) {
+                        if(prev == ent->set) {
+                                if(!io_ch(arg, sep_mv, sep_mv_len)) return -1;
+                                outlen += sep_mv_len;
+                        } else {
+                                if(!io_ch(arg, sep_dn, sep_dn_len)) return -1;
+                                outlen += sep_dn_len;
+                                if(!do_indent(io_ch, arg, indent)) return -1;
+                                outlen += indent;
+                        }
+                }
+                prev = ent->set;
+                fn = X509_NAME_ENTRY_get_object(ent);
+                val = X509_NAME_ENTRY_get_data(ent);
+                fn_nid = OBJ_obj2nid(fn);
+                if(fn_opt != XN_FLAG_FN_NONE) {
+                        int objlen, fld_len;
+                        if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) {
+                                OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
+                                fld_len = 0; /* XXX: what should this be? */
+                                objbuf = objtmp;
+                        } else {
+                                if(fn_opt == XN_FLAG_FN_SN) {
+                                        fld_len = FN_WIDTH_SN;
+                                        objbuf = OBJ_nid2sn(fn_nid);
+                                } else if(fn_opt == XN_FLAG_FN_LN) {
+                                        fld_len = FN_WIDTH_LN;
+                                        objbuf = OBJ_nid2ln(fn_nid);
+                                } else {
+                                        fld_len = 0; /* XXX: what should this be? */
+                                        objbuf = "";
+                                }
+                        }
+                        objlen = strlen(objbuf);
+                        if(!io_ch(arg, objbuf, objlen)) return -1;
+                        if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
+                                if (!do_indent(io_ch, arg, fld_len - objlen)) return -1;
+                                outlen += fld_len - objlen;
+                        }
+                        if(!io_ch(arg, sep_eq, sep_eq_len)) return -1;
+                        outlen += objlen + sep_eq_len;
+                }
+                /* If the field name is unknown then fix up the DER dump
+                 * flag. We might want to limit this further so it will
+                 * DER dump on anything other than a few 'standard' fields.
+                 */
+                if((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS)) 
+                                        orflags = ASN1_STRFLGS_DUMP_ALL;
+                else orflags = 0;
+     
+                len = do_print_ex(io_ch, arg, flags | orflags, val);
+                if(len < 0) return -1;
+                outlen += len;
+        }
+        return outlen;
+}
+
+/* Wrappers round the main functions */
+
+int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags)
+{
+        if(flags == XN_FLAG_COMPAT)
+                return X509_NAME_print(out, nm, indent);
+        return do_name_ex(send_bio_chars, out, nm, indent, flags);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags)
+{
+        if(flags == XN_FLAG_COMPAT)
+                {
+                BIO *btmp;
+                int ret;
+                btmp = BIO_new_fp(fp, BIO_NOCLOSE);
+                if(!btmp) return -1;
+                ret = X509_NAME_print(btmp, nm, indent);
+                BIO_free(btmp);
+                return ret;
+                }
+        return do_name_ex(send_fp_chars, fp, nm, indent, flags);
+}
+#endif
+
+int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags)
+{
+        return do_print_ex(send_bio_chars, out, flags, str);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags)
+{
+        return do_print_ex(send_fp_chars, fp, flags, str);
+}
+#endif
+
+/* Utility function: convert any string type to UTF8, returns number of bytes
+ * in output string or a negative error code
+ */
+
+int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
+{
+        ASN1_STRING stmp, *str = &stmp;
+        int mbflag, type, ret;
+        if(!in) return -1;
+        type = in->type;
+        if((type < 0) || (type > 30)) return -1;
+        mbflag = tag2nbyte[type];
+        if(mbflag == -1) return -1;
+        mbflag |= MBSTRING_FLAG;
+        stmp.data = NULL;
+        ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
+        if(ret < 0) return ret;
+        *out = stmp.data;
+        return stmp.length;
+}
diff --git a/src/lib/libcrypto/asn1/a_strnid.c b/src/lib/libcrypto/asn1/a_strnid.c
new file mode 100644
index 0000000000..613bbc4a7d
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_strnid.c
@@ -0,0 +1,290 @@
+/* a_strnid.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+
+
+static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
+static void st_free(ASN1_STRING_TABLE *tbl);
+static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
+                        const ASN1_STRING_TABLE * const *b);
+static int table_cmp(const void *a, const void *b);
+
+
+/* This is the global mask for the mbstring functions: this is use to
+ * mask out certain types (such as BMPString and UTF8String) because
+ * certain software (e.g. Netscape) has problems with them.
+ */
+
+static unsigned long global_mask = 0xFFFFFFFFL;
+
+void ASN1_STRING_set_default_mask(unsigned long mask)
+{
+        global_mask = mask;
+}
+
+unsigned long ASN1_STRING_get_default_mask(void)
+{
+        return global_mask;
+}
+
+/* This function sets the default to various "flavours" of configuration.
+ * based on an ASCII string. Currently this is:
+ * MASK:XXXX : a numerical mask value.
+ * nobmp : Don't use BMPStrings (just Printable, T61).
+ * pkix : PKIX recommendation in RFC2459.
+ * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004).
+ * default:   the default value, Printable, T61, BMP.
+ */
+
+int ASN1_STRING_set_default_mask_asc(char *p)
+{
+        unsigned long mask;
+        char *end;
+        if(!strncmp(p, "MASK:", 5)) {
+                if(!p[5]) return 0;
+                mask = strtoul(p + 5, &end, 0);
+                if(*end) return 0;
+        } else if(!strcmp(p, "nombstr"))
+                         mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING));
+        else if(!strcmp(p, "pkix"))
+                        mask = ~((unsigned long)B_ASN1_T61STRING);
+        else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING;
+        else if(!strcmp(p, "default"))
+            mask = 0xFFFFFFFFL;
+        else return 0;
+        ASN1_STRING_set_default_mask(mask);
+        return 1;
+}
+
+/* The following function generates an ASN1_STRING based on limits in a table.
+ * Frequently the types and length of an ASN1_STRING are restricted by a 
+ * corresponding OID. For example certificates and certificate requests.
+ */
+
+ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
+                                        int inlen, int inform, int nid)
+{
+        ASN1_STRING_TABLE *tbl;
+        ASN1_STRING *str = NULL;
+        unsigned long mask;
+        int ret;
+        if(!out) out = &str;
+        tbl = ASN1_STRING_TABLE_get(nid);
+        if(tbl) {
+                mask = tbl->mask;
+                if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask;
+                ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
+                                        tbl->minsize, tbl->maxsize);
+        } else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask);
+        if(ret <= 0) return NULL;
+        return *out;
+}
+
+/* Now the tables and helper functions for the string table:
+ */
+
+/* size limits: this stuff is taken straight from RFC3280 */
+
+#define ub_name                         32768
+#define ub_common_name                  64
+#define ub_locality_name                128
+#define ub_state_name                   128
+#define ub_organization_name            64
+#define ub_organization_unit_name       64
+#define ub_title                        64
+#define ub_email_address                128
+#define ub_serial_number                64
+
+
+/* This table must be kept in NID order */
+
+static ASN1_STRING_TABLE tbl_standard[] = {
+{NID_commonName,                1, ub_common_name, DIRSTRING_TYPE, 0},
+{NID_countryName,               2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+{NID_localityName,              1, ub_locality_name, DIRSTRING_TYPE, 0},
+{NID_stateOrProvinceName,       1, ub_state_name, DIRSTRING_TYPE, 0},
+{NID_organizationName,          1, ub_organization_name, DIRSTRING_TYPE, 0},
+{NID_organizationalUnitName,    1, ub_organization_unit_name, DIRSTRING_TYPE, 0},
+{NID_pkcs9_emailAddress,        1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK},
+{NID_pkcs9_unstructuredName,    1, -1, PKCS9STRING_TYPE, 0},
+{NID_pkcs9_challengePassword,   1, -1, PKCS9STRING_TYPE, 0},
+{NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0},
+{NID_givenName,                 1, ub_name, DIRSTRING_TYPE, 0},
+{NID_surname,                   1, ub_name, DIRSTRING_TYPE, 0},
+{NID_initials,                  1, ub_name, DIRSTRING_TYPE, 0},
+{NID_serialNumber,              1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+{NID_friendlyName,              -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
+{NID_name,                      1, ub_name, DIRSTRING_TYPE, 0},
+{NID_dnQualifier,               -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+{NID_domainComponent,           1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
+{NID_ms_csp_name,               -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
+};
+
+static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
+                        const ASN1_STRING_TABLE * const *b)
+{
+        return (*a)->nid - (*b)->nid;
+}
+
+static int table_cmp(const void *a, const void *b)
+{
+        const ASN1_STRING_TABLE *sa = a, *sb = b;
+        return sa->nid - sb->nid;
+}
+
+ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
+{
+        int idx;
+        ASN1_STRING_TABLE *ttmp;
+        ASN1_STRING_TABLE fnd;
+        fnd.nid = nid;
+        ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd,
+                                        (char *)tbl_standard, 
+                        sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
+                        sizeof(ASN1_STRING_TABLE), table_cmp);
+        if(ttmp) return ttmp;
+        if(!stable) return NULL;
+        idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
+        if(idx < 0) return NULL;
+        return sk_ASN1_STRING_TABLE_value(stable, idx);
+}
+        
+int ASN1_STRING_TABLE_add(int nid,
+                 long minsize, long maxsize, unsigned long mask,
+                                unsigned long flags)
+{
+        ASN1_STRING_TABLE *tmp;
+        char new_nid = 0;
+        flags &= ~STABLE_FLAGS_MALLOC;
+        if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
+        if(!stable) {
+                ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        if(!(tmp = ASN1_STRING_TABLE_get(nid))) {
+                tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE));
+                if(!tmp) {
+                        ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD,
+                                                        ERR_R_MALLOC_FAILURE);
+                        return 0;
+                }
+                tmp->flags = flags | STABLE_FLAGS_MALLOC;
+                tmp->nid = nid;
+                new_nid = 1;
+        } else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags;
+        if(minsize != -1) tmp->minsize = minsize;
+        if(maxsize != -1) tmp->maxsize = maxsize;
+        tmp->mask = mask;
+        if(new_nid) sk_ASN1_STRING_TABLE_push(stable, tmp);
+        return 1;
+}
+
+void ASN1_STRING_TABLE_cleanup(void)
+{
+        STACK_OF(ASN1_STRING_TABLE) *tmp;
+        tmp = stable;
+        if(!tmp) return;
+        stable = NULL;
+        sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
+}
+
+static void st_free(ASN1_STRING_TABLE *tbl)
+{
+        if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl);
+}
+
+
+IMPLEMENT_STACK_OF(ASN1_STRING_TABLE)
+
+#ifdef STRING_TABLE_TEST
+
+main()
+{
+        ASN1_STRING_TABLE *tmp;
+        int i, last_nid = -1;
+
+        for (tmp = tbl_standard, i = 0;
+                i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)
+                {
+                        if (tmp->nid < last_nid)
+                                {
+                                last_nid = 0;
+                                break;
+                                }
+                        last_nid = tmp->nid;
+                }
+
+        if (last_nid != 0)
+                {
+                printf("Table order OK\n");
+                exit(0);
+                }
+
+        for (tmp = tbl_standard, i = 0;
+                i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)
+                        printf("Index %d, NID %d, Name=%s\n", i, tmp->nid,
+                                                        OBJ_nid2ln(tmp->nid));
+
+}
+
+#endif
diff --git a/src/lib/libcrypto/asn1/a_time.c b/src/lib/libcrypto/asn1/a_time.c
new file mode 100644
index 0000000000..159681fbcb
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_time.c
@@ -0,0 +1,164 @@
+/* crypto/asn1/a_time.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+/* This is an implementation of the ASN1 Time structure which is:
+ *    Time ::= CHOICE {
+ *      utcTime        UTCTime,
+ *      generalTime    GeneralizedTime }
+ * written by Steve Henson.
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "o_time.h"
+#include <openssl/asn1t.h>
+
+IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
+
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
+
+#if 0
+int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
+        {
+#ifdef CHARSET_EBCDIC
+        /* KLUDGE! We convert to ascii before writing DER */
+        char tmp[24];
+        ASN1_STRING tmpstr;
+
+        if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) {
+            int len;
+
+            tmpstr = *(ASN1_STRING *)a;
+            len = tmpstr.length;
+            ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
+            tmpstr.data = tmp;
+            a = (ASN1_GENERALIZEDTIME *) &tmpstr;
+        }
+#endif
+        if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME)
+                                return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+                                     a->type ,V_ASN1_UNIVERSAL));
+        ASN1err(ASN1_F_I2D_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
+        return -1;
+        }
+#endif
+
+
+ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
+        {
+        struct tm *ts;
+        struct tm data;
+
+        ts=OPENSSL_gmtime(&t,&data);
+        if (ts == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME);
+                return NULL;
+                }
+        if((ts->tm_year >= 50) && (ts->tm_year < 150))
+                                        return ASN1_UTCTIME_set(s, t);
+        return ASN1_GENERALIZEDTIME_set(s,t);
+        }
+
+int ASN1_TIME_check(ASN1_TIME *t)
+        {
+        if (t->type == V_ASN1_GENERALIZEDTIME)
+                return ASN1_GENERALIZEDTIME_check(t);
+        else if (t->type == V_ASN1_UTCTIME)
+                return ASN1_UTCTIME_check(t);
+        return 0;
+        }
+
+/* Convert an ASN1_TIME structure to GeneralizedTime */
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
+        {
+        ASN1_GENERALIZEDTIME *ret;
+        char *str;
+        int newlen;
+
+        if (!ASN1_TIME_check(t)) return NULL;
+
+        if (!out || !*out)
+                {
+                if (!(ret = ASN1_GENERALIZEDTIME_new ()))
+                        return NULL;
+                if (out) *out = ret;
+                }
+        else ret = *out;
+
+        /* If already GeneralizedTime just copy across */
+        if (t->type == V_ASN1_GENERALIZEDTIME)
+                {
+                if(!ASN1_STRING_set(ret, t->data, t->length))
+                        return NULL;
+                return ret;
+                }
+
+        /* grow the string */
+        if (!ASN1_STRING_set(ret, NULL, t->length + 2))
+                return NULL;
+        /* ASN1_STRING_set() allocated 'len + 1' bytes. */
+        newlen = t->length + 2 + 1;
+        str = (char *)ret->data;
+        /* Work out the century and prepend */
+        if (t->data[0] >= '5') BUF_strlcpy(str, "19", newlen);
+        else BUF_strlcpy(str, "20", newlen);
+
+        BUF_strlcat(str, (char *)t->data, newlen);
+
+        return ret;
+        }
diff --git a/src/lib/libcrypto/asn1/a_type.c b/src/lib/libcrypto/asn1/a_type.c
new file mode 100644
index 0000000000..36beceacdb
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_type.c
@@ -0,0 +1,110 @@
+/* crypto/asn1/a_type.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+
+int ASN1_TYPE_get(ASN1_TYPE *a)
+        {
+        if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
+                return(a->type);
+        else
+                return(0);
+        }
+
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
+        {
+        if (a->value.ptr != NULL)
+                {
+                ASN1_TYPE **tmp_a = &a;
+                ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
+                }
+        a->type=type;
+        a->value.ptr=value;
+        }
+
+int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
+        {
+        if (!value || (type == V_ASN1_BOOLEAN))
+                {
+                void *p = (void *)value;
+                ASN1_TYPE_set(a, type, p);
+                }
+        else if (type == V_ASN1_OBJECT)
+                {
+                ASN1_OBJECT *odup;
+                odup = OBJ_dup(value);
+                if (!odup)
+                        return 0;
+                ASN1_TYPE_set(a, type, odup);
+                }
+        else
+                {
+                ASN1_STRING *sdup;
+                sdup = ASN1_STRING_dup((ASN1_STRING *)value);
+                if (!sdup)
+                        return 0;
+                ASN1_TYPE_set(a, type, sdup);
+                }
+        return 1;
+        }
+
+IMPLEMENT_STACK_OF(ASN1_TYPE)
+IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
diff --git a/src/lib/libcrypto/asn1/a_utctm.c b/src/lib/libcrypto/asn1/a_utctm.c
new file mode 100644
index 0000000000..d31c028193
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_utctm.c
@@ -0,0 +1,303 @@
+/* crypto/asn1/a_utctm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "o_time.h"
+#include <openssl/asn1.h>
+
+#if 0
+int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
+        {
+#ifndef CHARSET_EBCDIC
+        return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+                V_ASN1_UTCTIME,V_ASN1_UNIVERSAL));
+#else
+        /* KLUDGE! We convert to ascii before writing DER */
+        int len;
+        char tmp[24];
+        ASN1_STRING x = *(ASN1_STRING *)a;
+
+        len = x.length;
+        ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len);
+        x.data = tmp;
+        return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);
+#endif
+        }
+
+
+ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp,
+             long length)
+        {
+        ASN1_UTCTIME *ret=NULL;
+
+        ret=(ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length,
+                V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ERR_R_NESTED_ASN1_ERROR);
+                return(NULL);
+                }
+#ifdef CHARSET_EBCDIC
+        ascii2ebcdic(ret->data, ret->data, ret->length);
+#endif
+        if (!ASN1_UTCTIME_check(ret))
+                {
+                ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_INVALID_TIME_FORMAT);
+                goto err;
+                }
+
+        return(ret);
+err:
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                M_ASN1_UTCTIME_free(ret);
+        return(NULL);
+        }
+
+#endif
+
+int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
+        {
+        static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
+        static int max[8]={99,12,31,23,59,59,12,59};
+        char *a;
+        int n,i,l,o;
+
+        if (d->type != V_ASN1_UTCTIME) return(0);
+        l=d->length;
+        a=(char *)d->data;
+        o=0;
+
+        if (l < 11) goto err;
+        for (i=0; i<6; i++)
+                {
+                if ((i == 5) && ((a[o] == 'Z') ||
+                        (a[o] == '+') || (a[o] == '-')))
+                        { i++; break; }
+                if ((a[o] < '0') || (a[o] > '9')) goto err;
+                n= a[o]-'0';
+                if (++o > l) goto err;
+
+                if ((a[o] < '0') || (a[o] > '9')) goto err;
+                n=(n*10)+ a[o]-'0';
+                if (++o > l) goto err;
+
+                if ((n < min[i]) || (n > max[i])) goto err;
+                }
+        if (a[o] == 'Z')
+                o++;
+        else if ((a[o] == '+') || (a[o] == '-'))
+                {
+                o++;
+                if (o+4 > l) goto err;
+                for (i=6; i<8; i++)
+                        {
+                        if ((a[o] < '0') || (a[o] > '9')) goto err;
+                        n= a[o]-'0';
+                        o++;
+                        if ((a[o] < '0') || (a[o] > '9')) goto err;
+                        n=(n*10)+ a[o]-'0';
+                        if ((n < min[i]) || (n > max[i])) goto err;
+                        o++;
+                        }
+                }
+        return(o == l);
+err:
+        return(0);
+        }
+
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
+        {
+        ASN1_UTCTIME t;
+
+        t.type=V_ASN1_UTCTIME;
+        t.length=strlen(str);
+        t.data=(unsigned char *)str;
+        if (ASN1_UTCTIME_check(&t))
+                {
+                if (s != NULL)
+                        {
+                        if (!ASN1_STRING_set((ASN1_STRING *)s,
+                                (unsigned char *)str,t.length))
+                                return 0;
+                        s->type = V_ASN1_UTCTIME;
+                        }
+                return(1);
+                }
+        else
+                return(0);
+        }
+
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
+        {
+        char *p;
+        struct tm *ts;
+        struct tm data;
+        size_t len = 20;
+
+        if (s == NULL)
+                s=M_ASN1_UTCTIME_new();
+        if (s == NULL)
+                return(NULL);
+
+        ts=OPENSSL_gmtime(&t, &data);
+        if (ts == NULL)
+                return(NULL);
+
+        p=(char *)s->data;
+        if ((p == NULL) || ((size_t)s->length < len))
+                {
+                p=OPENSSL_malloc(len);
+                if (p == NULL)
+                        {
+                        ASN1err(ASN1_F_ASN1_UTCTIME_SET,ERR_R_MALLOC_FAILURE);
+                        return(NULL);
+                        }
+                if (s->data != NULL)
+                        OPENSSL_free(s->data);
+                s->data=(unsigned char *)p;
+                }
+
+        BIO_snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
+                     ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+        s->length=strlen(p);
+        s->type=V_ASN1_UTCTIME;
+#ifdef CHARSET_EBCDIC_not
+        ebcdic2ascii(s->data, s->data, s->length);
+#endif
+        return(s);
+        }
+
+
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
+        {
+        struct tm *tm;
+        struct tm data;
+        int offset;
+        int year;
+
+#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
+
+        if (s->data[12] == 'Z')
+                offset=0;
+        else
+                {
+                offset = g2(s->data+13)*60+g2(s->data+15);
+                if (s->data[12] == '-')
+                        offset = -offset;
+                }
+
+        t -= offset*60; /* FIXME: may overflow in extreme cases */
+
+        tm = OPENSSL_gmtime(&t, &data);
+        
+#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
+        year = g2(s->data);
+        if (year < 50)
+                year += 100;
+        return_cmp(year,              tm->tm_year);
+        return_cmp(g2(s->data+2) - 1, tm->tm_mon);
+        return_cmp(g2(s->data+4),     tm->tm_mday);
+        return_cmp(g2(s->data+6),     tm->tm_hour);
+        return_cmp(g2(s->data+8),     tm->tm_min);
+        return_cmp(g2(s->data+10),    tm->tm_sec);
+#undef g2
+#undef return_cmp
+
+        return 0;
+        }
+
+
+#if 0
+time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
+        {
+        struct tm tm;
+        int offset;
+
+        memset(&tm,'\0',sizeof tm);
+
+#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
+        tm.tm_year=g2(s->data);
+        if(tm.tm_year < 50)
+                tm.tm_year+=100;
+        tm.tm_mon=g2(s->data+2)-1;
+        tm.tm_mday=g2(s->data+4);
+        tm.tm_hour=g2(s->data+6);
+        tm.tm_min=g2(s->data+8);
+        tm.tm_sec=g2(s->data+10);
+        if(s->data[12] == 'Z')
+                offset=0;
+        else
+                {
+                offset=g2(s->data+13)*60+g2(s->data+15);
+                if(s->data[12] == '-')
+                        offset= -offset;
+                }
+#undef g2
+
+        return mktime(&tm)-offset*60; /* FIXME: mktime assumes the current timezone
+                                       * instead of UTC, and unless we rewrite OpenSSL
+                                       * in Lisp we cannot locally change the timezone
+                                       * without possibly interfering with other parts
+                                       * of the program. timegm, which uses UTC, is
+                                       * non-standard.
+                                       * Also time_t is inappropriate for general
+                                       * UTC times because it may a 32 bit type. */
+        }
+#endif
diff --git a/src/lib/libcrypto/asn1/a_utf8.c b/src/lib/libcrypto/asn1/a_utf8.c
new file mode 100644
index 0000000000..508e11e527
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_utf8.c
@@ -0,0 +1,211 @@
+/* crypto/asn1/a_utf8.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+
+/* UTF8 utilities */
+
+/* This parses a UTF8 string one character at a time. It is passed a pointer
+ * to the string and the length of the string. It sets 'value' to the value of
+ * the current character. It returns the number of characters read or a
+ * negative error code:
+ * -1 = string too short
+ * -2 = illegal character
+ * -3 = subsequent characters not of the form 10xxxxxx
+ * -4 = character encoded incorrectly (not minimal length).
+ */
+
+int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
+{
+        const unsigned char *p;
+        unsigned long value;
+        int ret;
+        if(len <= 0) return 0;
+        p = str;
+
+        /* Check syntax and work out the encoded value (if correct) */
+        if((*p & 0x80) == 0) {
+                value = *p++ & 0x7f;
+                ret = 1;
+        } else if((*p & 0xe0) == 0xc0) {
+                if(len < 2) return -1;
+                if((p[1] & 0xc0) != 0x80) return -3;
+                value = (*p++ & 0x1f) << 6;
+                value |= *p++ & 0x3f;
+                if(value < 0x80) return -4;
+                ret = 2;
+        } else if((*p & 0xf0) == 0xe0) {
+                if(len < 3) return -1;
+                if( ((p[1] & 0xc0) != 0x80)
+                   || ((p[2] & 0xc0) != 0x80) ) return -3;
+                value = (*p++ & 0xf) << 12;
+                value |= (*p++ & 0x3f) << 6;
+                value |= *p++ & 0x3f;
+                if(value < 0x800) return -4;
+                ret = 3;
+        } else if((*p & 0xf8) == 0xf0) {
+                if(len < 4) return -1;
+                if( ((p[1] & 0xc0) != 0x80)
+                   || ((p[2] & 0xc0) != 0x80) 
+                   || ((p[3] & 0xc0) != 0x80) ) return -3;
+                value = ((unsigned long)(*p++ & 0x7)) << 18;
+                value |= (*p++ & 0x3f) << 12;
+                value |= (*p++ & 0x3f) << 6;
+                value |= *p++ & 0x3f;
+                if(value < 0x10000) return -4;
+                ret = 4;
+        } else if((*p & 0xfc) == 0xf8) {
+                if(len < 5) return -1;
+                if( ((p[1] & 0xc0) != 0x80)
+                   || ((p[2] & 0xc0) != 0x80) 
+                   || ((p[3] & 0xc0) != 0x80) 
+                   || ((p[4] & 0xc0) != 0x80) ) return -3;
+                value = ((unsigned long)(*p++ & 0x3)) << 24;
+                value |= ((unsigned long)(*p++ & 0x3f)) << 18;
+                value |= ((unsigned long)(*p++ & 0x3f)) << 12;
+                value |= (*p++ & 0x3f) << 6;
+                value |= *p++ & 0x3f;
+                if(value < 0x200000) return -4;
+                ret = 5;
+        } else if((*p & 0xfe) == 0xfc) {
+                if(len < 6) return -1;
+                if( ((p[1] & 0xc0) != 0x80)
+                   || ((p[2] & 0xc0) != 0x80) 
+                   || ((p[3] & 0xc0) != 0x80) 
+                   || ((p[4] & 0xc0) != 0x80) 
+                   || ((p[5] & 0xc0) != 0x80) ) return -3;
+                value = ((unsigned long)(*p++ & 0x1)) << 30;
+                value |= ((unsigned long)(*p++ & 0x3f)) << 24;
+                value |= ((unsigned long)(*p++ & 0x3f)) << 18;
+                value |= ((unsigned long)(*p++ & 0x3f)) << 12;
+                value |= (*p++ & 0x3f) << 6;
+                value |= *p++ & 0x3f;
+                if(value < 0x4000000) return -4;
+                ret = 6;
+        } else return -2;
+        *val = value;
+        return ret;
+}
+
+/* This takes a character 'value' and writes the UTF8 encoded value in
+ * 'str' where 'str' is a buffer containing 'len' characters. Returns
+ * the number of characters written or -1 if 'len' is too small. 'str' can
+ * be set to NULL in which case it just returns the number of characters.
+ * It will need at most 6 characters.
+ */
+
+int UTF8_putc(unsigned char *str, int len, unsigned long value)
+{
+        if(!str) len = 6;       /* Maximum we will need */
+        else if(len <= 0) return -1;
+        if(value < 0x80) {
+                if(str) *str = (unsigned char)value;
+                return 1;
+        }
+        if(value < 0x800) {
+                if(len < 2) return -1;
+                if(str) {
+                        *str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0);
+                        *str = (unsigned char)((value & 0x3f) | 0x80);
+                }
+                return 2;
+        }
+        if(value < 0x10000) {
+                if(len < 3) return -1;
+                if(str) {
+                        *str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0);
+                        *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+                        *str = (unsigned char)((value & 0x3f) | 0x80);
+                }
+                return 3;
+        }
+        if(value < 0x200000) {
+                if(len < 4) return -1;
+                if(str) {
+                        *str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0);
+                        *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+                        *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+                        *str = (unsigned char)((value & 0x3f) | 0x80);
+                }
+                return 4;
+        }
+        if(value < 0x4000000) {
+                if(len < 5) return -1;
+                if(str) {
+                        *str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8);
+                        *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
+                        *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+                        *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+                        *str = (unsigned char)((value & 0x3f) | 0x80);
+                }
+                return 5;
+        }
+        if(len < 6) return -1;
+        if(str) {
+                *str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc);
+                *str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80);
+                *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
+                *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+                *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+                *str = (unsigned char)((value & 0x3f) | 0x80);
+        }
+        return 6;
+}
diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c
new file mode 100644
index 0000000000..fdce6e4380
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_verify.c
@@ -0,0 +1,181 @@
+/* crypto/asn1/a_verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+
+#include "cryptlib.h"
+
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
+                char *data, EVP_PKEY *pkey)
+        {
+        EVP_MD_CTX ctx;
+        const EVP_MD *type;
+        unsigned char *p,*buf_in=NULL;
+        int ret= -1,i,inl;
+
+        EVP_MD_CTX_init(&ctx);
+        i=OBJ_obj2nid(a->algorithm);
+        type=EVP_get_digestbyname(OBJ_nid2sn(i));
+        if (type == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+                goto err;
+                }
+        
+        inl=i2d(data,NULL);
+        buf_in=OPENSSL_malloc((unsigned int)inl);
+        if (buf_in == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        p=buf_in;
+
+        i2d(data,&p);
+        EVP_VerifyInit_ex(&ctx,type, NULL);
+        EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+
+        OPENSSL_cleanse(buf_in,(unsigned int)inl);
+        OPENSSL_free(buf_in);
+
+        if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+                        (unsigned int)signature->length,pkey) <= 0)
+                {
+                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+                ret=0;
+                goto err;
+                }
+        /* we don't need to zero the 'ctx' because we just checked
+         * public information */
+        /* memset(&ctx,0,sizeof(ctx)); */
+        ret=1;
+err:
+        EVP_MD_CTX_cleanup(&ctx);
+        return(ret);
+        }
+
+#endif
+
+
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,
+             void *asn, EVP_PKEY *pkey)
+        {
+        EVP_MD_CTX ctx;
+        const EVP_MD *type;
+        unsigned char *buf_in=NULL;
+        int ret= -1,i,inl;
+
+        EVP_MD_CTX_init(&ctx);
+        i=OBJ_obj2nid(a->algorithm);
+        type=EVP_get_digestbyname(OBJ_nid2sn(i));
+        if (type == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+                goto err;
+                }
+
+        if (!EVP_VerifyInit_ex(&ctx,type, NULL))
+                {
+                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
+                ret=0;
+                goto err;
+                }
+
+        inl = ASN1_item_i2d(asn, &buf_in, it);
+        
+        if (buf_in == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+
+        OPENSSL_cleanse(buf_in,(unsigned int)inl);
+        OPENSSL_free(buf_in);
+
+        if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+                        (unsigned int)signature->length,pkey) <= 0)
+                {
+                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
+                ret=0;
+                goto err;
+                }
+        /* we don't need to zero the 'ctx' because we just checked
+         * public information */
+        /* memset(&ctx,0,sizeof(ctx)); */
+        ret=1;
+err:
+        EVP_MD_CTX_cleanup(&ctx);
+        return(ret);
+        }
+
+
diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h
new file mode 100644
index 0000000000..424cd348bb
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn1.h
@@ -0,0 +1,1326 @@
+/* crypto/asn1/asn1.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_ASN1_H
+#define HEADER_ASN1_H
+
+#include <time.h>
+#include <openssl/e_os2.h>
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#include <openssl/stack.h>
+#include <openssl/safestack.h>
+
+#include <openssl/symhacks.h>
+
+#include <openssl/ossl_typ.h>
+#ifndef OPENSSL_NO_DEPRECATED
+#include <openssl/bn.h>
+#endif
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#define V_ASN1_UNIVERSAL                0x00
+#define V_ASN1_APPLICATION              0x40
+#define V_ASN1_CONTEXT_SPECIFIC         0x80
+#define V_ASN1_PRIVATE                  0xc0
+
+#define V_ASN1_CONSTRUCTED              0x20
+#define V_ASN1_PRIMITIVE_TAG            0x1f
+#define V_ASN1_PRIMATIVE_TAG            0x1f
+
+#define V_ASN1_APP_CHOOSE               -2      /* let the recipient choose */
+#define V_ASN1_OTHER                    -3      /* used in ASN1_TYPE */
+#define V_ASN1_ANY                      -4      /* used in ASN1 template code */
+
+#define V_ASN1_NEG                      0x100   /* negative flag */
+
+#define V_ASN1_UNDEF                    -1
+#define V_ASN1_EOC                      0
+#define V_ASN1_BOOLEAN                  1       /**/
+#define V_ASN1_INTEGER                  2
+#define V_ASN1_NEG_INTEGER              (2 | V_ASN1_NEG)
+#define V_ASN1_BIT_STRING               3
+#define V_ASN1_OCTET_STRING             4
+#define V_ASN1_NULL                     5
+#define V_ASN1_OBJECT                   6
+#define V_ASN1_OBJECT_DESCRIPTOR        7
+#define V_ASN1_EXTERNAL                 8
+#define V_ASN1_REAL                     9
+#define V_ASN1_ENUMERATED               10
+#define V_ASN1_NEG_ENUMERATED           (10 | V_ASN1_NEG)
+#define V_ASN1_UTF8STRING               12
+#define V_ASN1_SEQUENCE                 16
+#define V_ASN1_SET                      17
+#define V_ASN1_NUMERICSTRING            18      /**/
+#define V_ASN1_PRINTABLESTRING          19
+#define V_ASN1_T61STRING                20
+#define V_ASN1_TELETEXSTRING            20      /* alias */
+#define V_ASN1_VIDEOTEXSTRING           21      /**/
+#define V_ASN1_IA5STRING                22
+#define V_ASN1_UTCTIME                  23
+#define V_ASN1_GENERALIZEDTIME          24      /**/
+#define V_ASN1_GRAPHICSTRING            25      /**/
+#define V_ASN1_ISO64STRING              26      /**/
+#define V_ASN1_VISIBLESTRING            26      /* alias */
+#define V_ASN1_GENERALSTRING            27      /**/
+#define V_ASN1_UNIVERSALSTRING          28      /**/
+#define V_ASN1_BMPSTRING                30
+
+/* For use with d2i_ASN1_type_bytes() */
+#define B_ASN1_NUMERICSTRING    0x0001
+#define B_ASN1_PRINTABLESTRING  0x0002
+#define B_ASN1_T61STRING        0x0004
+#define B_ASN1_TELETEXSTRING    0x0004
+#define B_ASN1_VIDEOTEXSTRING   0x0008
+#define B_ASN1_IA5STRING        0x0010
+#define B_ASN1_GRAPHICSTRING    0x0020
+#define B_ASN1_ISO64STRING      0x0040
+#define B_ASN1_VISIBLESTRING    0x0040
+#define B_ASN1_GENERALSTRING    0x0080
+#define B_ASN1_UNIVERSALSTRING  0x0100
+#define B_ASN1_OCTET_STRING     0x0200
+#define B_ASN1_BIT_STRING       0x0400
+#define B_ASN1_BMPSTRING        0x0800
+#define B_ASN1_UNKNOWN          0x1000
+#define B_ASN1_UTF8STRING       0x2000
+#define B_ASN1_UTCTIME          0x4000
+#define B_ASN1_GENERALIZEDTIME  0x8000
+#define B_ASN1_SEQUENCE         0x10000
+
+/* For use with ASN1_mbstring_copy() */
+#define MBSTRING_FLAG           0x1000
+#define MBSTRING_UTF8           (MBSTRING_FLAG)
+#define MBSTRING_ASC            (MBSTRING_FLAG|1)
+#define MBSTRING_BMP            (MBSTRING_FLAG|2)
+#define MBSTRING_UNIV           (MBSTRING_FLAG|4)
+
+#define SMIME_OLDMIME           0x400
+#define SMIME_CRLFEOL           0x800
+#define SMIME_STREAM            0x1000
+
+struct X509_algor_st;
+DECLARE_STACK_OF(X509_ALGOR)
+
+#define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */
+#define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */
+
+/* We MUST make sure that, except for constness, asn1_ctx_st and
+   asn1_const_ctx are exactly the same.  Fortunately, as soon as
+   the old ASN1 parsing macros are gone, we can throw this away
+   as well... */
+typedef struct asn1_ctx_st
+        {
+        unsigned char *p;/* work char pointer */
+        int eos;        /* end of sequence read for indefinite encoding */
+        int error;      /* error code to use when returning an error */
+        int inf;        /* constructed if 0x20, indefinite is 0x21 */
+        int tag;        /* tag from last 'get object' */
+        int xclass;     /* class from last 'get object' */
+        long slen;      /* length of last 'get object' */
+        unsigned char *max; /* largest value of p allowed */
+        unsigned char *q;/* temporary variable */
+        unsigned char **pp;/* variable */
+        int line;       /* used in error processing */
+        } ASN1_CTX;
+
+typedef struct asn1_const_ctx_st
+        {
+        const unsigned char *p;/* work char pointer */
+        int eos;        /* end of sequence read for indefinite encoding */
+        int error;      /* error code to use when returning an error */
+        int inf;        /* constructed if 0x20, indefinite is 0x21 */
+        int tag;        /* tag from last 'get object' */
+        int xclass;     /* class from last 'get object' */
+        long slen;      /* length of last 'get object' */
+        const unsigned char *max; /* largest value of p allowed */
+        const unsigned char *q;/* temporary variable */
+        const unsigned char **pp;/* variable */
+        int line;       /* used in error processing */
+        } ASN1_const_CTX;
+
+/* These are used internally in the ASN1_OBJECT to keep track of
+ * whether the names and data need to be free()ed */
+#define ASN1_OBJECT_FLAG_DYNAMIC         0x01   /* internal use */
+#define ASN1_OBJECT_FLAG_CRITICAL        0x02   /* critical x509v3 object id */
+#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04   /* internal use */
+#define ASN1_OBJECT_FLAG_DYNAMIC_DATA    0x08   /* internal use */
+typedef struct asn1_object_st
+        {
+        const char *sn,*ln;
+        int nid;
+        int length;
+        unsigned char *data;
+        int flags;      /* Should we free this one */
+        } ASN1_OBJECT;
+
+#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
+/* This indicates that the ASN1_STRING is not a real value but just a place
+ * holder for the location where indefinite length constructed data should
+ * be inserted in the memory buffer 
+ */
+#define ASN1_STRING_FLAG_NDEF 0x010 
+
+/* This flag is used by the CMS code to indicate that a string is not
+ * complete and is a place holder for content when it had all been 
+ * accessed. The flag will be reset when content has been written to it.
+ */
+#define ASN1_STRING_FLAG_CONT 0x020 
+
+/* This is the base type that holds just about everything :-) */
+typedef struct asn1_string_st
+        {
+        int length;
+        int type;
+        unsigned char *data;
+        /* The value of the following field depends on the type being
+         * held.  It is mostly being used for BIT_STRING so if the
+         * input data has a non-zero 'unused bits' value, it will be
+         * handled correctly */
+        long flags;
+        } ASN1_STRING;
+
+/* ASN1_ENCODING structure: this is used to save the received
+ * encoding of an ASN1 type. This is useful to get round
+ * problems with invalid encodings which can break signatures.
+ */
+
+typedef struct ASN1_ENCODING_st
+        {
+        unsigned char *enc;     /* DER encoding */
+        long len;               /* Length of encoding */
+        int modified;            /* set to 1 if 'enc' is invalid */
+        } ASN1_ENCODING;
+
+/* Used with ASN1 LONG type: if a long is set to this it is omitted */
+#define ASN1_LONG_UNDEF 0x7fffffffL
+
+#define STABLE_FLAGS_MALLOC     0x01
+#define STABLE_NO_MASK          0x02
+#define DIRSTRING_TYPE  \
+ (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)
+#define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING)
+
+typedef struct asn1_string_table_st {
+        int nid;
+        long minsize;
+        long maxsize;
+        unsigned long mask;
+        unsigned long flags;
+} ASN1_STRING_TABLE;
+
+DECLARE_STACK_OF(ASN1_STRING_TABLE)
+
+/* size limits: this stuff is taken straight from RFC2459 */
+
+#define ub_name                         32768
+#define ub_common_name                  64
+#define ub_locality_name                128
+#define ub_state_name                   128
+#define ub_organization_name            64
+#define ub_organization_unit_name       64
+#define ub_title                        64
+#define ub_email_address                128
+
+/* Declarations for template structures: for full definitions
+ * see asn1t.h
+ */
+typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
+typedef struct ASN1_ITEM_st ASN1_ITEM;
+typedef struct ASN1_TLC_st ASN1_TLC;
+/* This is just an opaque pointer */
+typedef struct ASN1_VALUE_st ASN1_VALUE;
+
+/* Declare ASN1 functions: the implement macro in in asn1t.h */
+
+#define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
+
+#define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \
+        DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type)
+
+#define DECLARE_ASN1_FUNCTIONS_name(type, name) \
+        DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+        DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
+
+#define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
+        DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+        DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
+
+#define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
+        type *d2i_##name(type **a, const unsigned char **in, long len); \
+        int i2d_##name(type *a, unsigned char **out); \
+        DECLARE_ASN1_ITEM(itname)
+
+#define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \
+        type *d2i_##name(type **a, const unsigned char **in, long len); \
+        int i2d_##name(const type *a, unsigned char **out); \
+        DECLARE_ASN1_ITEM(name)
+
+#define DECLARE_ASN1_NDEF_FUNCTION(name) \
+        int i2d_##name##_NDEF(name *a, unsigned char **out);
+
+#define DECLARE_ASN1_FUNCTIONS_const(name) \
+        DECLARE_ASN1_ALLOC_FUNCTIONS(name) \
+        DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name)
+
+#define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+        type *name##_new(void); \
+        void name##_free(type *a);
+
+#define D2I_OF(type) type *(*)(type **,const unsigned char **,long)
+#define I2D_OF(type) int (*)(type *,unsigned char **)
+#define I2D_OF_const(type) int (*)(const type *,unsigned char **)
+
+#define CHECKED_D2I_OF(type, d2i) \
+    ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0)))
+#define CHECKED_I2D_OF(type, i2d) \
+    ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0)))
+#define CHECKED_NEW_OF(type, xnew) \
+    ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0)))
+#define CHECKED_PTR_OF(type, p) \
+    ((void*) (1 ? p : (type*)0))
+#define CHECKED_PPTR_OF(type, p) \
+    ((void**) (1 ? p : (type**)0))
+
+#define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long)
+#define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **)
+#define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type)
+
+TYPEDEF_D2I2D_OF(void);
+
+/* The following macros and typedefs allow an ASN1_ITEM
+ * to be embedded in a structure and referenced. Since
+ * the ASN1_ITEM pointers need to be globally accessible
+ * (possibly from shared libraries) they may exist in
+ * different forms. On platforms that support it the
+ * ASN1_ITEM structure itself will be globally exported.
+ * Other platforms will export a function that returns
+ * an ASN1_ITEM pointer.
+ *
+ * To handle both cases transparently the macros below
+ * should be used instead of hard coding an ASN1_ITEM
+ * pointer in a structure.
+ *
+ * The structure will look like this:
+ *
+ * typedef struct SOMETHING_st {
+ *      ...
+ *      ASN1_ITEM_EXP *iptr;
+ *      ...
+ * } SOMETHING; 
+ *
+ * It would be initialised as e.g.:
+ *
+ * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};
+ *
+ * and the actual pointer extracted with:
+ *
+ * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);
+ *
+ * Finally an ASN1_ITEM pointer can be extracted from an
+ * appropriate reference with: ASN1_ITEM_rptr(X509). This
+ * would be used when a function takes an ASN1_ITEM * argument.
+ *
+ */
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM ASN1_ITEM_EXP;
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+#define ASN1_ITEM_ptr(iptr) (iptr)
+
+/* Macro to include ASN1_ITEM pointer from base type */
+#define ASN1_ITEM_ref(iptr) (&(iptr##_it))
+
+#define ASN1_ITEM_rptr(ref) (&(ref##_it))
+
+#define DECLARE_ASN1_ITEM(name) \
+        OPENSSL_EXTERN const ASN1_ITEM name##_it;
+
+#else
+
+/* Platforms that can't easily handle shared global variables are declared
+ * as functions returning ASN1_ITEM pointers.
+ */
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM * ASN1_ITEM_EXP(void);
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+#define ASN1_ITEM_ptr(iptr) (iptr())
+
+/* Macro to include ASN1_ITEM pointer from base type */
+#define ASN1_ITEM_ref(iptr) (iptr##_it)
+
+#define ASN1_ITEM_rptr(ref) (ref##_it())
+
+#define DECLARE_ASN1_ITEM(name) \
+        const ASN1_ITEM * name##_it(void);
+
+#endif
+
+/* Parameters used by ASN1_STRING_print_ex() */
+
+/* These determine which characters to escape:
+ * RFC2253 special characters, control characters and
+ * MSB set characters
+ */
+
+#define ASN1_STRFLGS_ESC_2253           1
+#define ASN1_STRFLGS_ESC_CTRL           2
+#define ASN1_STRFLGS_ESC_MSB            4
+
+
+/* This flag determines how we do escaping: normally
+ * RC2253 backslash only, set this to use backslash and
+ * quote.
+ */
+
+#define ASN1_STRFLGS_ESC_QUOTE          8
+
+
+/* These three flags are internal use only. */
+
+/* Character is a valid PrintableString character */
+#define CHARTYPE_PRINTABLESTRING        0x10
+/* Character needs escaping if it is the first character */
+#define CHARTYPE_FIRST_ESC_2253         0x20
+/* Character needs escaping if it is the last character */
+#define CHARTYPE_LAST_ESC_2253          0x40
+
+/* NB the internal flags are safely reused below by flags
+ * handled at the top level.
+ */
+
+/* If this is set we convert all character strings
+ * to UTF8 first 
+ */
+
+#define ASN1_STRFLGS_UTF8_CONVERT       0x10
+
+/* If this is set we don't attempt to interpret content:
+ * just assume all strings are 1 byte per character. This
+ * will produce some pretty odd looking output!
+ */
+
+#define ASN1_STRFLGS_IGNORE_TYPE        0x20
+
+/* If this is set we include the string type in the output */
+#define ASN1_STRFLGS_SHOW_TYPE          0x40
+
+/* This determines which strings to display and which to
+ * 'dump' (hex dump of content octets or DER encoding). We can
+ * only dump non character strings or everything. If we
+ * don't dump 'unknown' they are interpreted as character
+ * strings with 1 octet per character and are subject to
+ * the usual escaping options.
+ */
+
+#define ASN1_STRFLGS_DUMP_ALL           0x80
+#define ASN1_STRFLGS_DUMP_UNKNOWN       0x100
+
+/* These determine what 'dumping' does, we can dump the
+ * content octets or the DER encoding: both use the
+ * RFC2253 #XXXXX notation.
+ */
+
+#define ASN1_STRFLGS_DUMP_DER           0x200
+
+/* All the string flags consistent with RFC2253,
+ * escaping control characters isn't essential in
+ * RFC2253 but it is advisable anyway.
+ */
+
+#define ASN1_STRFLGS_RFC2253    (ASN1_STRFLGS_ESC_2253 | \
+                                ASN1_STRFLGS_ESC_CTRL | \
+                                ASN1_STRFLGS_ESC_MSB | \
+                                ASN1_STRFLGS_UTF8_CONVERT | \
+                                ASN1_STRFLGS_DUMP_UNKNOWN | \
+                                ASN1_STRFLGS_DUMP_DER)
+
+DECLARE_STACK_OF(ASN1_INTEGER)
+DECLARE_ASN1_SET_OF(ASN1_INTEGER)
+
+DECLARE_STACK_OF(ASN1_GENERALSTRING)
+
+typedef struct asn1_type_st
+        {
+        int type;
+        union   {
+                char *ptr;
+                ASN1_BOOLEAN            boolean;
+                ASN1_STRING *           asn1_string;
+                ASN1_OBJECT *           object;
+                ASN1_INTEGER *          integer;
+                ASN1_ENUMERATED *       enumerated;
+                ASN1_BIT_STRING *       bit_string;
+                ASN1_OCTET_STRING *     octet_string;
+                ASN1_PRINTABLESTRING *  printablestring;
+                ASN1_T61STRING *        t61string;
+                ASN1_IA5STRING *        ia5string;
+                ASN1_GENERALSTRING *    generalstring;
+                ASN1_BMPSTRING *        bmpstring;
+                ASN1_UNIVERSALSTRING *  universalstring;
+                ASN1_UTCTIME *          utctime;
+                ASN1_GENERALIZEDTIME *  generalizedtime;
+                ASN1_VISIBLESTRING *    visiblestring;
+                ASN1_UTF8STRING *       utf8string;
+                /* set and sequence are left complete and still
+                 * contain the set or sequence bytes */
+                ASN1_STRING *           set;
+                ASN1_STRING *           sequence;
+                ASN1_VALUE  *           asn1_value;
+                } value;
+        } ASN1_TYPE;
+
+DECLARE_STACK_OF(ASN1_TYPE)
+DECLARE_ASN1_SET_OF(ASN1_TYPE)
+
+typedef struct asn1_method_st
+        {
+        i2d_of_void *i2d;
+        d2i_of_void *d2i;
+        void *(*create)(void);
+        void (*destroy)(void *);
+        } ASN1_METHOD;
+
+/* This is used when parsing some Netscape objects */
+typedef struct asn1_header_st
+        {
+        ASN1_OCTET_STRING *header;
+        void *data;
+        ASN1_METHOD *meth;
+        } ASN1_HEADER;
+
+/* This is used to contain a list of bit names */
+typedef struct BIT_STRING_BITNAME_st {
+        int bitnum;
+        const char *lname;
+        const char *sname;
+} BIT_STRING_BITNAME;
+
+
+#define M_ASN1_STRING_length(x) ((x)->length)
+#define M_ASN1_STRING_length_set(x, n)  ((x)->length = (n))
+#define M_ASN1_STRING_type(x)   ((x)->type)
+#define M_ASN1_STRING_data(x)   ((x)->data)
+
+/* Macros for string operations */
+#define M_ASN1_BIT_STRING_new() (ASN1_BIT_STRING *)\
+                ASN1_STRING_type_new(V_ASN1_BIT_STRING)
+#define M_ASN1_BIT_STRING_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\
+                ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\
+                (ASN1_STRING *)a,(ASN1_STRING *)b)
+#define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
+
+#define M_ASN1_INTEGER_new()    (ASN1_INTEGER *)\
+                ASN1_STRING_type_new(V_ASN1_INTEGER)
+#define M_ASN1_INTEGER_free(a)          ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\
+                (ASN1_STRING *)a,(ASN1_STRING *)b)
+
+#define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\
+                ASN1_STRING_type_new(V_ASN1_ENUMERATED)
+#define M_ASN1_ENUMERATED_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_ENUMERATED_cmp(a,b)      ASN1_STRING_cmp(\
+                (ASN1_STRING *)a,(ASN1_STRING *)b)
+
+#define M_ASN1_OCTET_STRING_new()       (ASN1_OCTET_STRING *)\
+                ASN1_STRING_type_new(V_ASN1_OCTET_STRING)
+#define M_ASN1_OCTET_STRING_free(a)     ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\
+                ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\
+                (ASN1_STRING *)a,(ASN1_STRING *)b)
+#define M_ASN1_OCTET_STRING_set(a,b,c)  ASN1_STRING_set((ASN1_STRING *)a,b,c)
+#define M_ASN1_OCTET_STRING_print(a,b)  ASN1_STRING_print(a,(ASN1_STRING *)b)
+#define M_i2d_ASN1_OCTET_STRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\
+                V_ASN1_UNIVERSAL)
+
+#define B_ASN1_TIME \
+                        B_ASN1_UTCTIME | \
+                        B_ASN1_GENERALIZEDTIME
+
+#define B_ASN1_PRINTABLE \
+                        B_ASN1_PRINTABLESTRING| \
+                        B_ASN1_T61STRING| \
+                        B_ASN1_IA5STRING| \
+                        B_ASN1_BIT_STRING| \
+                        B_ASN1_UNIVERSALSTRING|\
+                        B_ASN1_BMPSTRING|\
+                        B_ASN1_UTF8STRING|\
+                        B_ASN1_SEQUENCE|\
+                        B_ASN1_UNKNOWN
+
+#define B_ASN1_DIRECTORYSTRING \
+                        B_ASN1_PRINTABLESTRING| \
+                        B_ASN1_TELETEXSTRING|\
+                        B_ASN1_BMPSTRING|\
+                        B_ASN1_UNIVERSALSTRING|\
+                        B_ASN1_UTF8STRING
+
+#define B_ASN1_DISPLAYTEXT \
+                        B_ASN1_IA5STRING| \
+                        B_ASN1_VISIBLESTRING| \
+                        B_ASN1_BMPSTRING|\
+                        B_ASN1_UTF8STRING
+
+#define M_ASN1_PRINTABLE_new()  ASN1_STRING_type_new(V_ASN1_T61STRING)
+#define M_ASN1_PRINTABLE_free(a)        ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+                pp,a->type,V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_PRINTABLE(a,pp,l) \
+                d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+                        B_ASN1_PRINTABLE)
+
+#define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
+#define M_DIRECTORYSTRING_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+                                                pp,a->type,V_ASN1_UNIVERSAL)
+#define M_d2i_DIRECTORYSTRING(a,pp,l) \
+                d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+                        B_ASN1_DIRECTORYSTRING)
+
+#define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
+#define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+                                                pp,a->type,V_ASN1_UNIVERSAL)
+#define M_d2i_DISPLAYTEXT(a,pp,l) \
+                d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+                        B_ASN1_DISPLAYTEXT)
+
+#define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\
+                ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
+#define M_ASN1_PRINTABLESTRING_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_PRINTABLESTRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\
+                V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \
+                (ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\
+                ((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING)
+
+#define M_ASN1_T61STRING_new()  (ASN1_T61STRING *)\
+                ASN1_STRING_type_new(V_ASN1_T61STRING)
+#define M_ASN1_T61STRING_free(a)        ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_T61STRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\
+                V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_T61STRING(a,pp,l) \
+                (ASN1_T61STRING *)d2i_ASN1_type_bytes\
+                ((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING)
+
+#define M_ASN1_IA5STRING_new()  (ASN1_IA5STRING *)\
+                ASN1_STRING_type_new(V_ASN1_IA5STRING)
+#define M_ASN1_IA5STRING_free(a)        ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_IA5STRING_dup(a) \
+                        (ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_i2d_ASN1_IA5STRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\
+                        V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_IA5STRING(a,pp,l) \
+                (ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\
+                        B_ASN1_IA5STRING)
+
+#define M_ASN1_UTCTIME_new()    (ASN1_UTCTIME *)\
+                ASN1_STRING_type_new(V_ASN1_UTCTIME)
+#define M_ASN1_UTCTIME_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a)
+
+#define M_ASN1_GENERALIZEDTIME_new()    (ASN1_GENERALIZEDTIME *)\
+                ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME)
+#define M_ASN1_GENERALIZEDTIME_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\
+        (ASN1_STRING *)a)
+
+#define M_ASN1_TIME_new()       (ASN1_TIME *)\
+                ASN1_STRING_type_new(V_ASN1_UTCTIME)
+#define M_ASN1_TIME_free(a)     ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a)
+
+#define M_ASN1_GENERALSTRING_new()      (ASN1_GENERALSTRING *)\
+                ASN1_STRING_type_new(V_ASN1_GENERALSTRING)
+#define M_ASN1_GENERALSTRING_free(a)    ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_GENERALSTRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\
+                        V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_GENERALSTRING(a,pp,l) \
+                (ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\
+                ((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING)
+
+#define M_ASN1_UNIVERSALSTRING_new()    (ASN1_UNIVERSALSTRING *)\
+                ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING)
+#define M_ASN1_UNIVERSALSTRING_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\
+                        V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \
+                (ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\
+                ((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING)
+
+#define M_ASN1_BMPSTRING_new()  (ASN1_BMPSTRING *)\
+                ASN1_STRING_type_new(V_ASN1_BMPSTRING)
+#define M_ASN1_BMPSTRING_free(a)        ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_BMPSTRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\
+                        V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_BMPSTRING(a,pp,l) \
+                (ASN1_BMPSTRING *)d2i_ASN1_type_bytes\
+                ((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING)
+
+#define M_ASN1_VISIBLESTRING_new()      (ASN1_VISIBLESTRING *)\
+                ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
+#define M_ASN1_VISIBLESTRING_free(a)    ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_VISIBLESTRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\
+                        V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \
+                (ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\
+                ((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING)
+
+#define M_ASN1_UTF8STRING_new() (ASN1_UTF8STRING *)\
+                ASN1_STRING_type_new(V_ASN1_UTF8STRING)
+#define M_ASN1_UTF8STRING_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_UTF8STRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\
+                        V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_UTF8STRING(a,pp,l) \
+                (ASN1_UTF8STRING *)d2i_ASN1_type_bytes\
+                ((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING)
+
+  /* for the is_set parameter to i2d_ASN1_SET */
+#define IS_SEQUENCE     0
+#define IS_SET          1
+
+DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
+int ASN1_TYPE_get(ASN1_TYPE *a);
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
+int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
+
+ASN1_OBJECT *   ASN1_OBJECT_new(void );
+void            ASN1_OBJECT_free(ASN1_OBJECT *a);
+int             i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
+ASN1_OBJECT *   c2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp,
+                        long length);
+ASN1_OBJECT *   d2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp,
+                        long length);
+
+DECLARE_ASN1_ITEM(ASN1_OBJECT)
+
+DECLARE_STACK_OF(ASN1_OBJECT)
+DECLARE_ASN1_SET_OF(ASN1_OBJECT)
+
+ASN1_STRING *   ASN1_STRING_new(void);
+void            ASN1_STRING_free(ASN1_STRING *a);
+ASN1_STRING *   ASN1_STRING_dup(ASN1_STRING *a);
+ASN1_STRING *   ASN1_STRING_type_new(int type );
+int             ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
+  /* Since this is used to store all sorts of things, via macros, for now, make
+     its data void * */
+int             ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
+void            ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
+int ASN1_STRING_length(ASN1_STRING *x);
+void ASN1_STRING_length_set(ASN1_STRING *x, int n);
+int ASN1_STRING_type(ASN1_STRING *x);
+unsigned char * ASN1_STRING_data(ASN1_STRING *x);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
+int             i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,const unsigned char **pp,
+                        long length);
+int             ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
+                        int length );
+int             ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
+int             ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
+
+#ifndef OPENSSL_NO_BIO
+int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
+                                BIT_STRING_BITNAME *tbl, int indent);
+#endif
+int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl);
+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
+                                BIT_STRING_BITNAME *tbl);
+
+int             i2d_ASN1_BOOLEAN(int a,unsigned char **pp);
+int             d2i_ASN1_BOOLEAN(int *a,const unsigned char **pp,long length);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
+int             i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,const unsigned char **pp,
+                        long length);
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,const unsigned char **pp,
+                        long length);
+ASN1_INTEGER *  ASN1_INTEGER_dup(ASN1_INTEGER *x);
+int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
+
+int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
+#if 0
+time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
+#endif
+
+int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
+ASN1_OCTET_STRING *     ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a);
+int     ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b);
+int     ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_NULL)
+DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
+
+int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
+int UTF8_putc(unsigned char *str, int len, unsigned long value);
+
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
+
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
+
+DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)
+
+ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
+int ASN1_TIME_check(ASN1_TIME *t);
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
+
+int i2d_ASN1_SET(STACK *a, unsigned char **pp,
+                 i2d_of_void *i2d, int ex_tag, int ex_class, int is_set);
+STACK * d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
+                     d2i_of_void *d2i, void (*free_func)(void *),
+                     int ex_tag, int ex_class);
+
+#ifndef OPENSSL_NO_BIO
+int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
+int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
+int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
+int a2i_ASN1_ENUMERATED(BIO *bp,ASN1_ENUMERATED *bs,char *buf,int size);
+int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a);
+int a2i_ASN1_STRING(BIO *bp,ASN1_STRING *bs,char *buf,int size);
+int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type);
+#endif
+int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a);
+
+int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num);
+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,
+        const char *sn, const char *ln);
+
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
+long ASN1_INTEGER_get(ASN1_INTEGER *a);
+ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
+BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);
+
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
+long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a);
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai);
+BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn);
+
+/* General */
+/* given a string, return the correct type, max is the maximum length */
+int ASN1_PRINTABLE_type(const unsigned char *s, int max);
+
+int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);
+ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
+        long length, int Ptag, int Pclass);
+unsigned long ASN1_tag2bit(int tag);
+/* type is one or more of the B_ASN1_ values. */
+ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,const unsigned char **pp,
+                long length,int type);
+
+/* PARSING */
+int asn1_Finish(ASN1_CTX *c);
+int asn1_const_Finish(ASN1_const_CTX *c);
+
+/* SPECIALS */
+int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
+        int *pclass, long omax);
+int ASN1_check_infinite_end(unsigned char **p,long len);
+int ASN1_const_check_infinite_end(const unsigned char **p,long len);
+void ASN1_put_object(unsigned char **pp, int constructed, int length,
+        int tag, int xclass);
+int ASN1_put_eoc(unsigned char **pp);
+int ASN1_object_size(int constructed, int length, int tag);
+
+/* Used to implement other functions */
+void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x);
+
+#define ASN1_dup_of(type,i2d,d2i,x) \
+    ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
+                     CHECKED_D2I_OF(type, d2i), \
+                     CHECKED_PTR_OF(type, x)))
+
+#define ASN1_dup_of_const(type,i2d,d2i,x) \
+    ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \
+                     CHECKED_D2I_OF(type, d2i), \
+                     CHECKED_PTR_OF(const type, x)))
+
+void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
+
+/* ASN1 alloc/free macros for when a type is only used internally */
+
+#define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type))
+#define M_ASN1_free_of(x, type) \
+                ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type))
+
+#ifndef OPENSSL_NO_FP_API
+void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x);
+
+#define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \
+    ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \
+                        CHECKED_D2I_OF(type, d2i), \
+                        in, \
+                        CHECKED_PPTR_OF(type, x)))
+
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
+int ASN1_i2d_fp(i2d_of_void *i2d,FILE *out,void *x);
+
+#define ASN1_i2d_fp_of(type,i2d,out,x) \
+    (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \
+                 out, \
+                 CHECKED_PTR_OF(type, x)))
+
+#define ASN1_i2d_fp_of_const(type,i2d,out,x) \
+    (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \
+                 out, \
+                 CHECKED_PTR_OF(const type, x)))
+
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
+int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
+#endif
+
+int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
+
+#ifndef OPENSSL_NO_BIO
+void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x);
+
+#define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \
+    ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \
+                          CHECKED_D2I_OF(type, d2i), \
+                          in, \
+                          CHECKED_PPTR_OF(type, x)))
+
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
+int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x);
+
+#define ASN1_i2d_bio_of(type,i2d,out,x) \
+    (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \
+                  out, \
+                  CHECKED_PTR_OF(type, x)))
+
+#define ASN1_i2d_bio_of_const(type,i2d,out,x) \
+    (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \
+                  out, \
+                  CHECKED_PTR_OF(const type, x)))
+
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
+int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
+int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
+int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
+int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);
+int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
+int ASN1_parse(BIO *bp,const unsigned char *pp,long len,int indent);
+int ASN1_parse_dump(BIO *bp,const unsigned char *pp,long len,int indent,int dump);
+#endif
+const char *ASN1_tag2str(int tag);
+
+/* Used to load and write netscape format cert/key */
+int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp);
+ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,const unsigned char **pp, long length);
+ASN1_HEADER *ASN1_HEADER_new(void );
+void ASN1_HEADER_free(ASN1_HEADER *a);
+
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
+
+/* Not used that much at this point, except for the first two */
+ASN1_METHOD *X509_asn1_meth(void);
+ASN1_METHOD *RSAPrivateKey_asn1_meth(void);
+ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void);
+ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void);
+
+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a,
+        unsigned char *data, int len);
+int ASN1_TYPE_get_octetstring(ASN1_TYPE *a,
+        unsigned char *data, int max_len);
+int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
+        unsigned char *data, int len);
+int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
+        unsigned char *data, int max_len);
+
+STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
+                       d2i_of_void *d2i, void (*free_func)(void *));
+unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d,
+                             unsigned char **buf, int *len );
+void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i);
+void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
+ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d,
+                              ASN1_OCTET_STRING **oct);
+
+#define ASN1_pack_string_of(type,obj,i2d,oct) \
+    (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \
+                      CHECKED_I2D_OF(type, i2d), \
+                      oct))
+
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
+
+void ASN1_STRING_set_default_mask(unsigned long mask);
+int ASN1_STRING_set_default_mask_asc(char *p);
+unsigned long ASN1_STRING_get_default_mask(void);
+int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
+                                        int inform, unsigned long mask);
+int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
+                                        int inform, unsigned long mask, 
+                                        long minsize, long maxsize);
+
+ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, 
+                const unsigned char *in, int inlen, int inform, int nid);
+ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
+int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long);
+void ASN1_STRING_TABLE_cleanup(void);
+
+/* ASN1 template functions */
+
+/* Old API compatible functions */
+ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
+void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
+ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it);
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
+int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
+
+void ASN1_add_oid_module(void);
+
+ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
+ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
+
+typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+                                        const ASN1_ITEM *it);
+
+int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+                                int ctype_nid, int econt_nid,
+                                STACK_OF(X509_ALGOR) *mdalgs,
+                                asn1_output_data_fn *data_fn,
+                                const ASN1_ITEM *it);
+ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_ASN1_strings(void);
+
+/* Error codes for the ASN1 functions. */
+
+/* Function codes. */
+#define ASN1_F_A2D_ASN1_OBJECT                           100
+#define ASN1_F_A2I_ASN1_ENUMERATED                       101
+#define ASN1_F_A2I_ASN1_INTEGER                          102
+#define ASN1_F_A2I_ASN1_STRING                           103
+#define ASN1_F_APPEND_EXP                                176
+#define ASN1_F_ASN1_BIT_STRING_SET_BIT                   183
+#define ASN1_F_ASN1_CB                                   177
+#define ASN1_F_ASN1_CHECK_TLEN                           104
+#define ASN1_F_ASN1_COLLATE_PRIMITIVE                    105
+#define ASN1_F_ASN1_COLLECT                              106
+#define ASN1_F_ASN1_D2I_EX_PRIMITIVE                     108
+#define ASN1_F_ASN1_D2I_FP                               109
+#define ASN1_F_ASN1_D2I_READ_BIO                         107
+#define ASN1_F_ASN1_DIGEST                               184
+#define ASN1_F_ASN1_DO_ADB                               110
+#define ASN1_F_ASN1_DUP                                  111
+#define ASN1_F_ASN1_ENUMERATED_SET                       112
+#define ASN1_F_ASN1_ENUMERATED_TO_BN                     113
+#define ASN1_F_ASN1_EX_C2I                               204
+#define ASN1_F_ASN1_FIND_END                             190
+#define ASN1_F_ASN1_GENERALIZEDTIME_SET                  185
+#define ASN1_F_ASN1_GENERATE_V3                          178
+#define ASN1_F_ASN1_GET_OBJECT                           114
+#define ASN1_F_ASN1_HEADER_NEW                           115
+#define ASN1_F_ASN1_I2D_BIO                              116
+#define ASN1_F_ASN1_I2D_FP                               117
+#define ASN1_F_ASN1_INTEGER_SET                          118
+#define ASN1_F_ASN1_INTEGER_TO_BN                        119
+#define ASN1_F_ASN1_ITEM_D2I_FP                          206
+#define ASN1_F_ASN1_ITEM_DUP                             191
+#define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW                  121
+#define ASN1_F_ASN1_ITEM_EX_D2I                          120
+#define ASN1_F_ASN1_ITEM_I2D_BIO                         192
+#define ASN1_F_ASN1_ITEM_I2D_FP                          193
+#define ASN1_F_ASN1_ITEM_PACK                            198
+#define ASN1_F_ASN1_ITEM_SIGN                            195
+#define ASN1_F_ASN1_ITEM_UNPACK                          199
+#define ASN1_F_ASN1_ITEM_VERIFY                          197
+#define ASN1_F_ASN1_MBSTRING_NCOPY                       122
+#define ASN1_F_ASN1_OBJECT_NEW                           123
+#define ASN1_F_ASN1_OUTPUT_DATA                          207
+#define ASN1_F_ASN1_PACK_STRING                          124
+#define ASN1_F_ASN1_PCTX_NEW                             205
+#define ASN1_F_ASN1_PKCS5_PBE_SET                        125
+#define ASN1_F_ASN1_SEQ_PACK                             126
+#define ASN1_F_ASN1_SEQ_UNPACK                           127
+#define ASN1_F_ASN1_SIGN                                 128
+#define ASN1_F_ASN1_STR2TYPE                             179
+#define ASN1_F_ASN1_STRING_SET                           186
+#define ASN1_F_ASN1_STRING_TABLE_ADD                     129
+#define ASN1_F_ASN1_STRING_TYPE_NEW                      130
+#define ASN1_F_ASN1_TEMPLATE_EX_D2I                      132
+#define ASN1_F_ASN1_TEMPLATE_NEW                         133
+#define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I                   131
+#define ASN1_F_ASN1_TIME_SET                             175
+#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING             134
+#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING                 135
+#define ASN1_F_ASN1_UNPACK_STRING                        136
+#define ASN1_F_ASN1_UTCTIME_SET                          187
+#define ASN1_F_ASN1_VERIFY                               137
+#define ASN1_F_B64_READ_ASN1                             208
+#define ASN1_F_B64_WRITE_ASN1                            209
+#define ASN1_F_BITSTR_CB                                 180
+#define ASN1_F_BN_TO_ASN1_ENUMERATED                     138
+#define ASN1_F_BN_TO_ASN1_INTEGER                        139
+#define ASN1_F_C2I_ASN1_BIT_STRING                       189
+#define ASN1_F_C2I_ASN1_INTEGER                          194
+#define ASN1_F_C2I_ASN1_OBJECT                           196
+#define ASN1_F_COLLECT_DATA                              140
+#define ASN1_F_D2I_ASN1_BIT_STRING                       141
+#define ASN1_F_D2I_ASN1_BOOLEAN                          142
+#define ASN1_F_D2I_ASN1_BYTES                            143
+#define ASN1_F_D2I_ASN1_GENERALIZEDTIME                  144
+#define ASN1_F_D2I_ASN1_HEADER                           145
+#define ASN1_F_D2I_ASN1_INTEGER                          146
+#define ASN1_F_D2I_ASN1_OBJECT                           147
+#define ASN1_F_D2I_ASN1_SET                              148
+#define ASN1_F_D2I_ASN1_TYPE_BYTES                       149
+#define ASN1_F_D2I_ASN1_UINTEGER                         150
+#define ASN1_F_D2I_ASN1_UTCTIME                          151
+#define ASN1_F_D2I_NETSCAPE_RSA                          152
+#define ASN1_F_D2I_NETSCAPE_RSA_2                        153
+#define ASN1_F_D2I_PRIVATEKEY                            154
+#define ASN1_F_D2I_PUBLICKEY                             155
+#define ASN1_F_D2I_RSA_NET                               200
+#define ASN1_F_D2I_RSA_NET_2                             201
+#define ASN1_F_D2I_X509                                  156
+#define ASN1_F_D2I_X509_CINF                             157
+#define ASN1_F_D2I_X509_PKEY                             159
+#define ASN1_F_I2D_ASN1_SET                              188
+#define ASN1_F_I2D_ASN1_TIME                             160
+#define ASN1_F_I2D_DSA_PUBKEY                            161
+#define ASN1_F_I2D_EC_PUBKEY                             181
+#define ASN1_F_I2D_PRIVATEKEY                            163
+#define ASN1_F_I2D_PUBLICKEY                             164
+#define ASN1_F_I2D_RSA_NET                               162
+#define ASN1_F_I2D_RSA_PUBKEY                            165
+#define ASN1_F_LONG_C2I                                  166
+#define ASN1_F_OID_MODULE_INIT                           174
+#define ASN1_F_PARSE_TAGGING                             182
+#define ASN1_F_PKCS5_PBE2_SET                            167
+#define ASN1_F_PKCS5_PBE_SET                             202
+#define ASN1_F_SMIME_READ_ASN1                           210
+#define ASN1_F_SMIME_TEXT                                211
+#define ASN1_F_X509_CINF_NEW                             168
+#define ASN1_F_X509_CRL_ADD0_REVOKED                     169
+#define ASN1_F_X509_INFO_NEW                             170
+#define ASN1_F_X509_NAME_ENCODE                          203
+#define ASN1_F_X509_NAME_EX_D2I                          158
+#define ASN1_F_X509_NAME_EX_NEW                          171
+#define ASN1_F_X509_NEW                                  172
+#define ASN1_F_X509_PKEY_NEW                             173
+
+/* Reason codes. */
+#define ASN1_R_ADDING_OBJECT                             171
+#define ASN1_R_ASN1_PARSE_ERROR                          198
+#define ASN1_R_ASN1_SIG_PARSE_ERROR                      199
+#define ASN1_R_AUX_ERROR                                 100
+#define ASN1_R_BAD_CLASS                                 101
+#define ASN1_R_BAD_OBJECT_HEADER                         102
+#define ASN1_R_BAD_PASSWORD_READ                         103
+#define ASN1_R_BAD_TAG                                   104
+#define ASN1_R_BN_LIB                                    105
+#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                   106
+#define ASN1_R_BUFFER_TOO_SMALL                          107
+#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER           108
+#define ASN1_R_DATA_IS_WRONG                             109
+#define ASN1_R_DECODE_ERROR                              110
+#define ASN1_R_DECODING_ERROR                            111
+#define ASN1_R_DEPTH_EXCEEDED                            174
+#define ASN1_R_ENCODE_ERROR                              112
+#define ASN1_R_ERROR_GETTING_TIME                        173
+#define ASN1_R_ERROR_LOADING_SECTION                     172
+#define ASN1_R_ERROR_PARSING_SET_ELEMENT                 113
+#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS               114
+#define ASN1_R_EXPECTING_AN_INTEGER                      115
+#define ASN1_R_EXPECTING_AN_OBJECT                       116
+#define ASN1_R_EXPECTING_A_BOOLEAN                       117
+#define ASN1_R_EXPECTING_A_TIME                          118
+#define ASN1_R_EXPLICIT_LENGTH_MISMATCH                  119
+#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED              120
+#define ASN1_R_FIELD_MISSING                             121
+#define ASN1_R_FIRST_NUM_TOO_LARGE                       122
+#define ASN1_R_HEADER_TOO_LONG                           123
+#define ASN1_R_ILLEGAL_BITSTRING_FORMAT                  175
+#define ASN1_R_ILLEGAL_BOOLEAN                           176
+#define ASN1_R_ILLEGAL_CHARACTERS                        124
+#define ASN1_R_ILLEGAL_FORMAT                            177
+#define ASN1_R_ILLEGAL_HEX                               178
+#define ASN1_R_ILLEGAL_IMPLICIT_TAG                      179
+#define ASN1_R_ILLEGAL_INTEGER                           180
+#define ASN1_R_ILLEGAL_NESTED_TAGGING                    181
+#define ASN1_R_ILLEGAL_NULL                              125
+#define ASN1_R_ILLEGAL_NULL_VALUE                        182
+#define ASN1_R_ILLEGAL_OBJECT                            183
+#define ASN1_R_ILLEGAL_OPTIONAL_ANY                      126
+#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE          170
+#define ASN1_R_ILLEGAL_TAGGED_ANY                        127
+#define ASN1_R_ILLEGAL_TIME_VALUE                        184
+#define ASN1_R_INTEGER_NOT_ASCII_FORMAT                  185
+#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG                128
+#define ASN1_R_INVALID_BMPSTRING_LENGTH                  129
+#define ASN1_R_INVALID_DIGIT                             130
+#define ASN1_R_INVALID_MIME_TYPE                         200
+#define ASN1_R_INVALID_MODIFIER                          186
+#define ASN1_R_INVALID_NUMBER                            187
+#define ASN1_R_INVALID_SEPARATOR                         131
+#define ASN1_R_INVALID_TIME_FORMAT                       132
+#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH            133
+#define ASN1_R_INVALID_UTF8STRING                        134
+#define ASN1_R_IV_TOO_LARGE                              135
+#define ASN1_R_LENGTH_ERROR                              136
+#define ASN1_R_LIST_ERROR                                188
+#define ASN1_R_MIME_NO_CONTENT_TYPE                      201
+#define ASN1_R_MIME_PARSE_ERROR                          202
+#define ASN1_R_MIME_SIG_PARSE_ERROR                      203
+#define ASN1_R_MISSING_EOC                               137
+#define ASN1_R_MISSING_SECOND_NUMBER                     138
+#define ASN1_R_MISSING_VALUE                             189
+#define ASN1_R_MSTRING_NOT_UNIVERSAL                     139
+#define ASN1_R_MSTRING_WRONG_TAG                         140
+#define ASN1_R_NESTED_ASN1_STRING                        197
+#define ASN1_R_NON_HEX_CHARACTERS                        141
+#define ASN1_R_NOT_ASCII_FORMAT                          190
+#define ASN1_R_NOT_ENOUGH_DATA                           142
+#define ASN1_R_NO_CONTENT_TYPE                           204
+#define ASN1_R_NO_MATCHING_CHOICE_TYPE                   143
+#define ASN1_R_NO_MULTIPART_BODY_FAILURE                 205
+#define ASN1_R_NO_MULTIPART_BOUNDARY                     206
+#define ASN1_R_NO_SIG_CONTENT_TYPE                       207
+#define ASN1_R_NULL_IS_WRONG_LENGTH                      144
+#define ASN1_R_OBJECT_NOT_ASCII_FORMAT                   191
+#define ASN1_R_ODD_NUMBER_OF_CHARS                       145
+#define ASN1_R_PRIVATE_KEY_HEADER_MISSING                146
+#define ASN1_R_SECOND_NUMBER_TOO_LARGE                   147
+#define ASN1_R_SEQUENCE_LENGTH_MISMATCH                  148
+#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED                  149
+#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG              192
+#define ASN1_R_SHORT_LINE                                150
+#define ASN1_R_SIG_INVALID_MIME_TYPE                     208
+#define ASN1_R_STREAMING_NOT_SUPPORTED                   209
+#define ASN1_R_STRING_TOO_LONG                           151
+#define ASN1_R_STRING_TOO_SHORT                          152
+#define ASN1_R_TAG_VALUE_TOO_HIGH                        153
+#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
+#define ASN1_R_TIME_NOT_ASCII_FORMAT                     193
+#define ASN1_R_TOO_LONG                                  155
+#define ASN1_R_TYPE_NOT_CONSTRUCTED                      156
+#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY                  157
+#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY          158
+#define ASN1_R_UNEXPECTED_EOC                            159
+#define ASN1_R_UNKNOWN_FORMAT                            160
+#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM          161
+#define ASN1_R_UNKNOWN_OBJECT_TYPE                       162
+#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE                   163
+#define ASN1_R_UNKNOWN_TAG                               194
+#define ASN1_R_UNKOWN_FORMAT                             195
+#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE           164
+#define ASN1_R_UNSUPPORTED_CIPHER                        165
+#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM          166
+#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE               167
+#define ASN1_R_UNSUPPORTED_TYPE                          196
+#define ASN1_R_WRONG_TAG                                 168
+#define ASN1_R_WRONG_TYPE                                169
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c
new file mode 100644
index 0000000000..f8a3e2e6cd
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn1_err.c
@@ -0,0 +1,315 @@
+/* crypto/asn1/asn1_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/asn1.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason)
+
+static ERR_STRING_DATA ASN1_str_functs[]=
+        {
+{ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT),      "a2d_ASN1_OBJECT"},
+{ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED),  "a2i_ASN1_ENUMERATED"},
+{ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER),     "a2i_ASN1_INTEGER"},
+{ERR_FUNC(ASN1_F_A2I_ASN1_STRING),      "a2i_ASN1_STRING"},
+{ERR_FUNC(ASN1_F_APPEND_EXP),   "APPEND_EXP"},
+{ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT),      "ASN1_BIT_STRING_set_bit"},
+{ERR_FUNC(ASN1_F_ASN1_CB),      "ASN1_CB"},
+{ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN),      "ASN1_CHECK_TLEN"},
+{ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE),       "ASN1_COLLATE_PRIMITIVE"},
+{ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"},
+{ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE),        "ASN1_D2I_EX_PRIMITIVE"},
+{ERR_FUNC(ASN1_F_ASN1_D2I_FP),  "ASN1_d2i_fp"},
+{ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO),    "ASN1_D2I_READ_BIO"},
+{ERR_FUNC(ASN1_F_ASN1_DIGEST),  "ASN1_digest"},
+{ERR_FUNC(ASN1_F_ASN1_DO_ADB),  "ASN1_DO_ADB"},
+{ERR_FUNC(ASN1_F_ASN1_DUP),     "ASN1_dup"},
+{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET),  "ASN1_ENUMERATED_set"},
+{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN),        "ASN1_ENUMERATED_to_BN"},
+{ERR_FUNC(ASN1_F_ASN1_EX_C2I),  "ASN1_EX_C2I"},
+{ERR_FUNC(ASN1_F_ASN1_FIND_END),        "ASN1_FIND_END"},
+{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET),     "ASN1_GENERALIZEDTIME_set"},
+{ERR_FUNC(ASN1_F_ASN1_GENERATE_V3),     "ASN1_generate_v3"},
+{ERR_FUNC(ASN1_F_ASN1_GET_OBJECT),      "ASN1_get_object"},
+{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW),      "ASN1_HEADER_new"},
+{ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"},
+{ERR_FUNC(ASN1_F_ASN1_I2D_FP),  "ASN1_i2d_fp"},
+{ERR_FUNC(ASN1_F_ASN1_INTEGER_SET),     "ASN1_INTEGER_set"},
+{ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN),   "ASN1_INTEGER_to_BN"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP),     "ASN1_item_d2i_fp"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_DUP),        "ASN1_item_dup"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW),     "ASN1_ITEM_EX_COMBINE_NEW"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I),     "ASN1_ITEM_EX_D2I"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO),    "ASN1_item_i2d_bio"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP),     "ASN1_item_i2d_fp"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_PACK),       "ASN1_item_pack"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN),       "ASN1_item_sign"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK),     "ASN1_item_unpack"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY),     "ASN1_item_verify"},
+{ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY),  "ASN1_mbstring_ncopy"},
+{ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW),      "ASN1_OBJECT_new"},
+{ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA),     "ASN1_OUTPUT_DATA"},
+{ERR_FUNC(ASN1_F_ASN1_PACK_STRING),     "ASN1_pack_string"},
+{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW),        "ASN1_PCTX_NEW"},
+{ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET),   "ASN1_PKCS5_PBE_SET"},
+{ERR_FUNC(ASN1_F_ASN1_SEQ_PACK),        "ASN1_seq_pack"},
+{ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK),      "ASN1_seq_unpack"},
+{ERR_FUNC(ASN1_F_ASN1_SIGN),    "ASN1_sign"},
+{ERR_FUNC(ASN1_F_ASN1_STR2TYPE),        "ASN1_STR2TYPE"},
+{ERR_FUNC(ASN1_F_ASN1_STRING_SET),      "ASN1_STRING_set"},
+{ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD),        "ASN1_STRING_TABLE_add"},
+{ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"},
+{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"},
+{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW),    "ASN1_TEMPLATE_NEW"},
+{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I),      "ASN1_TEMPLATE_NOEXP_D2I"},
+{ERR_FUNC(ASN1_F_ASN1_TIME_SET),        "ASN1_TIME_set"},
+{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING),        "ASN1_TYPE_get_int_octetstring"},
+{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING),    "ASN1_TYPE_get_octetstring"},
+{ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING),   "ASN1_unpack_string"},
+{ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET),     "ASN1_UTCTIME_set"},
+{ERR_FUNC(ASN1_F_ASN1_VERIFY),  "ASN1_verify"},
+{ERR_FUNC(ASN1_F_B64_READ_ASN1),        "B64_READ_ASN1"},
+{ERR_FUNC(ASN1_F_B64_WRITE_ASN1),       "B64_WRITE_ASN1"},
+{ERR_FUNC(ASN1_F_BITSTR_CB),    "BITSTR_CB"},
+{ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED),        "BN_to_ASN1_ENUMERATED"},
+{ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER),   "BN_to_ASN1_INTEGER"},
+{ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING),  "c2i_ASN1_BIT_STRING"},
+{ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER),     "c2i_ASN1_INTEGER"},
+{ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT),      "c2i_ASN1_OBJECT"},
+{ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING),  "D2I_ASN1_BIT_STRING"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN),     "d2i_ASN1_BOOLEAN"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_BYTES),       "d2i_ASN1_bytes"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME),     "D2I_ASN1_GENERALIZEDTIME"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER),      "d2i_ASN1_HEADER"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER),     "D2I_ASN1_INTEGER"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT),      "d2i_ASN1_OBJECT"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES),  "d2i_ASN1_type_bytes"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER),    "d2i_ASN1_UINTEGER"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME),     "D2I_ASN1_UTCTIME"},
+{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA),     "d2i_Netscape_RSA"},
+{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2),   "D2I_NETSCAPE_RSA_2"},
+{ERR_FUNC(ASN1_F_D2I_PRIVATEKEY),       "d2i_PrivateKey"},
+{ERR_FUNC(ASN1_F_D2I_PUBLICKEY),        "d2i_PublicKey"},
+{ERR_FUNC(ASN1_F_D2I_RSA_NET),  "d2i_RSA_NET"},
+{ERR_FUNC(ASN1_F_D2I_RSA_NET_2),        "D2I_RSA_NET_2"},
+{ERR_FUNC(ASN1_F_D2I_X509),     "D2I_X509"},
+{ERR_FUNC(ASN1_F_D2I_X509_CINF),        "D2I_X509_CINF"},
+{ERR_FUNC(ASN1_F_D2I_X509_PKEY),        "d2i_X509_PKEY"},
+{ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
+{ERR_FUNC(ASN1_F_I2D_ASN1_TIME),        "I2D_ASN1_TIME"},
+{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY),       "i2d_DSA_PUBKEY"},
+{ERR_FUNC(ASN1_F_I2D_EC_PUBKEY),        "i2d_EC_PUBKEY"},
+{ERR_FUNC(ASN1_F_I2D_PRIVATEKEY),       "i2d_PrivateKey"},
+{ERR_FUNC(ASN1_F_I2D_PUBLICKEY),        "i2d_PublicKey"},
+{ERR_FUNC(ASN1_F_I2D_RSA_NET),  "i2d_RSA_NET"},
+{ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY),       "i2d_RSA_PUBKEY"},
+{ERR_FUNC(ASN1_F_LONG_C2I),     "LONG_C2I"},
+{ERR_FUNC(ASN1_F_OID_MODULE_INIT),      "OID_MODULE_INIT"},
+{ERR_FUNC(ASN1_F_PARSE_TAGGING),        "PARSE_TAGGING"},
+{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET),       "PKCS5_pbe2_set"},
+{ERR_FUNC(ASN1_F_PKCS5_PBE_SET),        "PKCS5_pbe_set"},
+{ERR_FUNC(ASN1_F_SMIME_READ_ASN1),      "SMIME_read_ASN1"},
+{ERR_FUNC(ASN1_F_SMIME_TEXT),   "SMIME_text"},
+{ERR_FUNC(ASN1_F_X509_CINF_NEW),        "X509_CINF_NEW"},
+{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED),        "X509_CRL_add0_revoked"},
+{ERR_FUNC(ASN1_F_X509_INFO_NEW),        "X509_INFO_new"},
+{ERR_FUNC(ASN1_F_X509_NAME_ENCODE),     "X509_NAME_ENCODE"},
+{ERR_FUNC(ASN1_F_X509_NAME_EX_D2I),     "X509_NAME_EX_D2I"},
+{ERR_FUNC(ASN1_F_X509_NAME_EX_NEW),     "X509_NAME_EX_NEW"},
+{ERR_FUNC(ASN1_F_X509_NEW),     "X509_NEW"},
+{ERR_FUNC(ASN1_F_X509_PKEY_NEW),        "X509_PKEY_new"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA ASN1_str_reasons[]=
+        {
+{ERR_REASON(ASN1_R_ADDING_OBJECT)        ,"adding object"},
+{ERR_REASON(ASN1_R_ASN1_PARSE_ERROR)     ,"asn1 parse error"},
+{ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR) ,"asn1 sig parse error"},
+{ERR_REASON(ASN1_R_AUX_ERROR)            ,"aux error"},
+{ERR_REASON(ASN1_R_BAD_CLASS)            ,"bad class"},
+{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER)    ,"bad object header"},
+{ERR_REASON(ASN1_R_BAD_PASSWORD_READ)    ,"bad password read"},
+{ERR_REASON(ASN1_R_BAD_TAG)              ,"bad tag"},
+{ERR_REASON(ASN1_R_BN_LIB)               ,"bn lib"},
+{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
+{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL)     ,"buffer too small"},
+{ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},
+{ERR_REASON(ASN1_R_DATA_IS_WRONG)        ,"data is wrong"},
+{ERR_REASON(ASN1_R_DECODE_ERROR)         ,"decode error"},
+{ERR_REASON(ASN1_R_DECODING_ERROR)       ,"decoding error"},
+{ERR_REASON(ASN1_R_DEPTH_EXCEEDED)       ,"depth exceeded"},
+{ERR_REASON(ASN1_R_ENCODE_ERROR)         ,"encode error"},
+{ERR_REASON(ASN1_R_ERROR_GETTING_TIME)   ,"error getting time"},
+{ERR_REASON(ASN1_R_ERROR_LOADING_SECTION),"error loading section"},
+{ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT),"error parsing set element"},
+{ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS),"error setting cipher params"},
+{ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER) ,"expecting an integer"},
+{ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT)  ,"expecting an object"},
+{ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN)  ,"expecting a boolean"},
+{ERR_REASON(ASN1_R_EXPECTING_A_TIME)     ,"expecting a time"},
+{ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH),"explicit length mismatch"},
+{ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),"explicit tag not constructed"},
+{ERR_REASON(ASN1_R_FIELD_MISSING)        ,"field missing"},
+{ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE)  ,"first num too large"},
+{ERR_REASON(ASN1_R_HEADER_TOO_LONG)      ,"header too long"},
+{ERR_REASON(ASN1_R_ILLEGAL_BITSTRING_FORMAT),"illegal bitstring format"},
+{ERR_REASON(ASN1_R_ILLEGAL_BOOLEAN)      ,"illegal boolean"},
+{ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS)   ,"illegal characters"},
+{ERR_REASON(ASN1_R_ILLEGAL_FORMAT)       ,"illegal format"},
+{ERR_REASON(ASN1_R_ILLEGAL_HEX)          ,"illegal hex"},
+{ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG) ,"illegal implicit tag"},
+{ERR_REASON(ASN1_R_ILLEGAL_INTEGER)      ,"illegal integer"},
+{ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING),"illegal nested tagging"},
+{ERR_REASON(ASN1_R_ILLEGAL_NULL)         ,"illegal null"},
+{ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE)   ,"illegal null value"},
+{ERR_REASON(ASN1_R_ILLEGAL_OBJECT)       ,"illegal object"},
+{ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY) ,"illegal optional any"},
+{ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),"illegal options on item template"},
+{ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY)   ,"illegal tagged any"},
+{ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE)   ,"illegal time value"},
+{ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"},
+{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
+{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
+{ERR_REASON(ASN1_R_INVALID_DIGIT)        ,"invalid digit"},
+{ERR_REASON(ASN1_R_INVALID_MIME_TYPE)    ,"invalid mime type"},
+{ERR_REASON(ASN1_R_INVALID_MODIFIER)     ,"invalid modifier"},
+{ERR_REASON(ASN1_R_INVALID_NUMBER)       ,"invalid number"},
+{ERR_REASON(ASN1_R_INVALID_SEPARATOR)    ,"invalid separator"},
+{ERR_REASON(ASN1_R_INVALID_TIME_FORMAT)  ,"invalid time format"},
+{ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"},
+{ERR_REASON(ASN1_R_INVALID_UTF8STRING)   ,"invalid utf8string"},
+{ERR_REASON(ASN1_R_IV_TOO_LARGE)         ,"iv too large"},
+{ERR_REASON(ASN1_R_LENGTH_ERROR)         ,"length error"},
+{ERR_REASON(ASN1_R_LIST_ERROR)           ,"list error"},
+{ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE) ,"mime no content type"},
+{ERR_REASON(ASN1_R_MIME_PARSE_ERROR)     ,"mime parse error"},
+{ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR) ,"mime sig parse error"},
+{ERR_REASON(ASN1_R_MISSING_EOC)          ,"missing eoc"},
+{ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"},
+{ERR_REASON(ASN1_R_MISSING_VALUE)        ,"missing value"},
+{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL),"mstring not universal"},
+{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG)    ,"mstring wrong tag"},
+{ERR_REASON(ASN1_R_NESTED_ASN1_STRING)   ,"nested asn1 string"},
+{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS)   ,"non hex characters"},
+{ERR_REASON(ASN1_R_NOT_ASCII_FORMAT)     ,"not ascii format"},
+{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA)      ,"not enough data"},
+{ERR_REASON(ASN1_R_NO_CONTENT_TYPE)      ,"no content type"},
+{ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"},
+{ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
+{ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
+{ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE)  ,"no sig content type"},
+{ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"},
+{ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT),"object not ascii format"},
+{ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS)  ,"odd number of chars"},
+{ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING),"private key header missing"},
+{ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE),"second number too large"},
+{ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH),"sequence length mismatch"},
+{ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"},
+{ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),"sequence or set needs config"},
+{ERR_REASON(ASN1_R_SHORT_LINE)           ,"short line"},
+{ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"},
+{ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED),"streaming not supported"},
+{ERR_REASON(ASN1_R_STRING_TOO_LONG)      ,"string too long"},
+{ERR_REASON(ASN1_R_STRING_TOO_SHORT)     ,"string too short"},
+{ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH)   ,"tag value too high"},
+{ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
+{ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT),"time not ascii format"},
+{ERR_REASON(ASN1_R_TOO_LONG)             ,"too long"},
+{ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"},
+{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
+{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
+{ERR_REASON(ASN1_R_UNEXPECTED_EOC)       ,"unexpected eoc"},
+{ERR_REASON(ASN1_R_UNKNOWN_FORMAT)       ,"unknown format"},
+{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
+{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE)  ,"unknown object type"},
+{ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
+{ERR_REASON(ASN1_R_UNKNOWN_TAG)          ,"unknown tag"},
+{ERR_REASON(ASN1_R_UNKOWN_FORMAT)        ,"unkown format"},
+{ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
+{ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER)   ,"unsupported cipher"},
+{ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},
+{ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),"unsupported public key type"},
+{ERR_REASON(ASN1_R_UNSUPPORTED_TYPE)     ,"unsupported type"},
+{ERR_REASON(ASN1_R_WRONG_TAG)            ,"wrong tag"},
+{ERR_REASON(ASN1_R_WRONG_TYPE)           ,"wrong type"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_ASN1_strings(void)
+        {
+#ifndef OPENSSL_NO_ERR
+
+        if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL)
+                {
+                ERR_load_strings(0,ASN1_str_functs);
+                ERR_load_strings(0,ASN1_str_reasons);
+                }
+#endif
+        }
diff --git a/src/lib/libcrypto/asn1/asn1_gen.c b/src/lib/libcrypto/asn1/asn1_gen.c
new file mode 100644
index 0000000000..26c832781e
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn1_gen.c
@@ -0,0 +1,848 @@
+/* asn1_gen.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/x509v3.h>
+
+#define ASN1_GEN_FLAG           0x10000
+#define ASN1_GEN_FLAG_IMP       (ASN1_GEN_FLAG|1)
+#define ASN1_GEN_FLAG_EXP       (ASN1_GEN_FLAG|2)
+#define ASN1_GEN_FLAG_TAG       (ASN1_GEN_FLAG|3)
+#define ASN1_GEN_FLAG_BITWRAP   (ASN1_GEN_FLAG|4)
+#define ASN1_GEN_FLAG_OCTWRAP   (ASN1_GEN_FLAG|5)
+#define ASN1_GEN_FLAG_SEQWRAP   (ASN1_GEN_FLAG|6)
+#define ASN1_GEN_FLAG_SETWRAP   (ASN1_GEN_FLAG|7)
+#define ASN1_GEN_FLAG_FORMAT    (ASN1_GEN_FLAG|8)
+
+#define ASN1_GEN_STR(str,val)   {str, sizeof(str) - 1, val}
+
+#define ASN1_FLAG_EXP_MAX       20
+
+/* Input formats */
+
+/* ASCII: default */
+#define ASN1_GEN_FORMAT_ASCII   1
+/* UTF8 */
+#define ASN1_GEN_FORMAT_UTF8    2
+/* Hex */
+#define ASN1_GEN_FORMAT_HEX     3
+/* List of bits */
+#define ASN1_GEN_FORMAT_BITLIST 4
+
+
+struct tag_name_st
+        {
+        const char *strnam;
+        int len;
+        int tag;
+        };
+
+typedef struct
+        {
+        int exp_tag;
+        int exp_class;
+        int exp_constructed;
+        int exp_pad;
+        long exp_len;
+        } tag_exp_type;
+
+typedef struct
+        {
+        int imp_tag;
+        int imp_class;
+        int utype;
+        int format;
+        const char *str;
+        tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];
+        int exp_count;
+        } tag_exp_arg;
+
+static int bitstr_cb(const char *elem, int len, void *bitstr);
+static int asn1_cb(const char *elem, int len, void *bitstr);
+static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok);
+static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass);
+static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);
+static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
+static int asn1_str2tag(const char *tagstr, int len);
+
+ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
+        {
+        X509V3_CTX cnf;
+
+        if (!nconf)
+                return ASN1_generate_v3(str, NULL);
+
+        X509V3_set_nconf(&cnf, nconf);
+        return ASN1_generate_v3(str, &cnf);
+        }
+
+ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
+        {
+        ASN1_TYPE *ret;
+        tag_exp_arg asn1_tags;
+        tag_exp_type *etmp;
+
+        int i, len;
+
+        unsigned char *orig_der = NULL, *new_der = NULL;
+        const unsigned char *cpy_start;
+        unsigned char *p;
+        const unsigned char *cp;
+        int cpy_len;
+        long hdr_len;
+        int hdr_constructed = 0, hdr_tag, hdr_class;
+        int r;
+
+        asn1_tags.imp_tag = -1;
+        asn1_tags.imp_class = -1;
+        asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
+        asn1_tags.exp_count = 0;
+        if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
+                return NULL;
+
+        if ((asn1_tags.utype == V_ASN1_SEQUENCE) || (asn1_tags.utype == V_ASN1_SET))
+                {
+                if (!cnf)
+                        {
+                        ASN1err(ASN1_F_ASN1_GENERATE_V3, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
+                        return NULL;
+                        }
+                ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
+                }
+        else
+                ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
+
+        if (!ret)
+                return NULL;
+
+        /* If no tagging return base type */
+        if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))
+                return ret;
+
+        /* Generate the encoding */
+        cpy_len = i2d_ASN1_TYPE(ret, &orig_der);
+        ASN1_TYPE_free(ret);
+        ret = NULL;
+        /* Set point to start copying for modified encoding */
+        cpy_start = orig_der;
+
+        /* Do we need IMPLICIT tagging? */
+        if (asn1_tags.imp_tag != -1)
+                {
+                /* If IMPLICIT we will replace the underlying tag */
+                /* Skip existing tag+len */
+                r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, cpy_len);
+                if (r & 0x80)
+                        goto err;
+                /* Update copy length */
+                cpy_len -= cpy_start - orig_der;
+                /* For IMPLICIT tagging the length should match the
+                 * original length and constructed flag should be
+                 * consistent.
+                 */
+                if (r & 0x1)
+                        {
+                        /* Indefinite length constructed */
+                        hdr_constructed = 2;
+                        hdr_len = 0;
+                        }
+                else
+                        /* Just retain constructed flag */
+                        hdr_constructed = r & V_ASN1_CONSTRUCTED;
+                /* Work out new length with IMPLICIT tag: ignore constructed
+                 * because it will mess up if indefinite length
+                 */
+                len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);
+                }
+        else
+                len = cpy_len;
+
+        /* Work out length in any EXPLICIT, starting from end */
+
+        for(i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; i < asn1_tags.exp_count; i++, etmp--)
+                {
+                /* Content length: number of content octets + any padding */
+                len += etmp->exp_pad;
+                etmp->exp_len = len;
+                /* Total object length: length including new header */
+                len = ASN1_object_size(0, len, etmp->exp_tag);
+                }
+
+        /* Allocate buffer for new encoding */
+
+        new_der = OPENSSL_malloc(len);
+
+        /* Generate tagged encoding */
+
+        p = new_der;
+
+        /* Output explicit tags first */
+
+        for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; i++, etmp++)
+                {
+                ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,
+                                        etmp->exp_tag, etmp->exp_class);
+                if (etmp->exp_pad)
+                        *p++ = 0;
+                }
+
+        /* If IMPLICIT, output tag */
+
+        if (asn1_tags.imp_tag != -1)
+                ASN1_put_object(&p, hdr_constructed, hdr_len,
+                                        asn1_tags.imp_tag, asn1_tags.imp_class);
+
+        /* Copy across original encoding */
+        memcpy(p, cpy_start, cpy_len);
+
+        cp = new_der;
+
+        /* Obtain new ASN1_TYPE structure */
+        ret = d2i_ASN1_TYPE(NULL, &cp, len);
+
+        err:
+        if (orig_der)
+                OPENSSL_free(orig_der);
+        if (new_der)
+                OPENSSL_free(new_der);
+
+        return ret;
+
+        }
+
+static int asn1_cb(const char *elem, int len, void *bitstr)
+        {
+        tag_exp_arg *arg = bitstr;
+        int i;
+        int utype;
+        int vlen = 0;
+        const char *p, *vstart = NULL;
+
+        int tmp_tag, tmp_class;
+
+        for(i = 0, p = elem; i < len; p++, i++)
+                {
+                /* Look for the ':' in name value pairs */
+                if (*p == ':')
+                        {
+                        vstart = p + 1;
+                        vlen = len - (vstart - elem);
+                        len = p - elem;
+                        break;
+                        }
+                }
+
+        utype = asn1_str2tag(elem, len);
+
+        if (utype == -1)
+                {
+                ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG);
+                ERR_add_error_data(2, "tag=", elem);
+                return -1;
+                }
+
+        /* If this is not a modifier mark end of string and exit */
+        if (!(utype & ASN1_GEN_FLAG))
+                {
+                arg->utype = utype;
+                arg->str = vstart;
+                /* If no value and not end of string, error */
+                if (!vstart && elem[len])
+                        {
+                        ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE);
+                        return -1;
+                        }
+                return 0;
+                }
+
+        switch(utype)
+                {
+
+                case ASN1_GEN_FLAG_IMP:
+                /* Check for illegal multiple IMPLICIT tagging */
+                if (arg->imp_tag != -1)
+                        {
+                        ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING);
+                        return -1;
+                        }
+                if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))
+                        return -1;
+                break;
+
+                case ASN1_GEN_FLAG_EXP:
+
+                if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))
+                        return -1;
+                if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))
+                        return -1;
+                break;
+
+                case ASN1_GEN_FLAG_SEQWRAP:
+                if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))
+                        return -1;
+                break;
+
+                case ASN1_GEN_FLAG_SETWRAP:
+                if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))
+                        return -1;
+                break;
+
+                case ASN1_GEN_FLAG_BITWRAP:
+                if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))
+                        return -1;
+                break;
+
+                case ASN1_GEN_FLAG_OCTWRAP:
+                if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))
+                        return -1;
+                break;
+
+                case ASN1_GEN_FLAG_FORMAT:
+                if (!strncmp(vstart, "ASCII", 5))
+                        arg->format = ASN1_GEN_FORMAT_ASCII;
+                else if (!strncmp(vstart, "UTF8", 4))
+                        arg->format = ASN1_GEN_FORMAT_UTF8;
+                else if (!strncmp(vstart, "HEX", 3))
+                        arg->format = ASN1_GEN_FORMAT_HEX;
+                else if (!strncmp(vstart, "BITLIST", 3))
+                        arg->format = ASN1_GEN_FORMAT_BITLIST;
+                else
+                        {
+                        ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT);
+                        return -1;
+                        }
+                break;
+
+                }
+
+        return 1;
+
+        }
+
+static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
+        {
+        char erch[2];
+        long tag_num;
+        char *eptr;
+        if (!vstart)
+                return 0;
+        tag_num = strtoul(vstart, &eptr, 10);
+        /* Check we haven't gone past max length: should be impossible */
+        if (eptr && *eptr && (eptr > vstart + vlen))
+                return 0;
+        if (tag_num < 0)
+                {
+                ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER);
+                return 0;
+                }
+        *ptag = tag_num;
+        /* If we have non numeric characters, parse them */
+        if (eptr)
+                vlen -= eptr - vstart;
+        else 
+                vlen = 0;
+        if (vlen)
+                {
+                switch (*eptr)
+                        {
+
+                        case 'U':
+                        *pclass = V_ASN1_UNIVERSAL;
+                        break;
+
+                        case 'A':
+                        *pclass = V_ASN1_APPLICATION;
+                        break;
+
+                        case 'P':
+                        *pclass = V_ASN1_PRIVATE;
+                        break;
+
+                        case 'C':
+                        *pclass = V_ASN1_CONTEXT_SPECIFIC;
+                        break;
+
+                        default:
+                        erch[0] = *eptr;
+                        erch[1] = 0;
+                        ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER);
+                        ERR_add_error_data(2, "Char=", erch);
+                        return 0;
+                        break;
+
+                        }
+                }
+        else
+                *pclass = V_ASN1_CONTEXT_SPECIFIC;
+
+        return 1;
+
+        }
+
+/* Handle multiple types: SET and SEQUENCE */
+
+static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
+        {
+        ASN1_TYPE *ret = NULL, *typ = NULL;
+        STACK_OF(ASN1_TYPE) *sk = NULL;
+        STACK_OF(CONF_VALUE) *sect = NULL;
+        unsigned char *der = NULL, *p;
+        int derlen;
+        int i, is_set;
+        sk = sk_ASN1_TYPE_new_null();
+        if (section)
+                {
+                if (!cnf)
+                        goto bad;
+                sect = X509V3_get_section(cnf, (char *)section);
+                if (!sect)
+                        goto bad;
+                for (i = 0; i < sk_CONF_VALUE_num(sect); i++)
+                        {
+                        typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
+                        if (!typ)
+                                goto bad;
+                        sk_ASN1_TYPE_push(sk, typ);
+                        typ = NULL;
+                        }
+                }
+
+        /* Now we has a STACK of the components, convert to the correct form */
+
+        if (utype == V_ASN1_SET)
+                is_set = 1;
+        else
+                is_set = 0;
+
+
+        derlen = i2d_ASN1_SET_OF_ASN1_TYPE(sk, NULL, i2d_ASN1_TYPE, utype,
+                                           V_ASN1_UNIVERSAL, is_set);
+        der = OPENSSL_malloc(derlen);
+        p = der;
+        i2d_ASN1_SET_OF_ASN1_TYPE(sk, &p, i2d_ASN1_TYPE, utype,
+                                  V_ASN1_UNIVERSAL, is_set);
+
+        if (!(ret = ASN1_TYPE_new()))
+                goto bad;
+
+        if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))
+                goto bad;
+
+        ret->type = utype;
+
+        ret->value.asn1_string->data = der;
+        ret->value.asn1_string->length = derlen;
+
+        der = NULL;
+
+        bad:
+
+        if (der)
+                OPENSSL_free(der);
+
+        if (sk)
+                sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
+        if (typ)
+                ASN1_TYPE_free(typ);
+        if (sect)
+                X509V3_section_free(cnf, sect);
+
+        return ret;
+        }
+
+static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok)
+        {
+        tag_exp_type *exp_tmp;
+        /* Can only have IMPLICIT if permitted */
+        if ((arg->imp_tag != -1) && !imp_ok)
+                {
+                ASN1err(ASN1_F_APPEND_EXP, ASN1_R_ILLEGAL_IMPLICIT_TAG);
+                return 0;
+                }
+
+        if (arg->exp_count == ASN1_FLAG_EXP_MAX)
+                {
+                ASN1err(ASN1_F_APPEND_EXP, ASN1_R_DEPTH_EXCEEDED);
+                return 0;
+                }
+
+        exp_tmp = &arg->exp_list[arg->exp_count++];
+
+        /* If IMPLICIT set tag to implicit value then
+         * reset implicit tag since it has been used.
+         */
+        if (arg->imp_tag != -1)
+                {
+                exp_tmp->exp_tag = arg->imp_tag;
+                exp_tmp->exp_class = arg->imp_class;
+                arg->imp_tag = -1;
+                arg->imp_class = -1;
+                }
+        else
+                {
+                exp_tmp->exp_tag = exp_tag;
+                exp_tmp->exp_class = exp_class;
+                }
+        exp_tmp->exp_constructed = exp_constructed;
+        exp_tmp->exp_pad = exp_pad;
+
+        return 1;
+        }
+
+
+static int asn1_str2tag(const char *tagstr, int len)
+        {
+        unsigned int i;
+        static struct tag_name_st *tntmp, tnst [] = {
+                ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
+                ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
+                ASN1_GEN_STR("NULL", V_ASN1_NULL),
+                ASN1_GEN_STR("INT", V_ASN1_INTEGER),
+                ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),
+                ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),
+                ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),
+                ASN1_GEN_STR("OID", V_ASN1_OBJECT),
+                ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),
+                ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),
+                ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),
+                ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),
+                ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),
+                ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),
+                ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),
+                ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),
+                ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),
+                ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),
+                ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),
+                ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),
+                ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),
+                ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),
+                ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),
+                ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),
+                ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),
+                ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),
+                ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),
+                ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),
+                ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),
+                ASN1_GEN_STR("T61", V_ASN1_T61STRING),
+                ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),
+                ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),
+                ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),
+                ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),
+
+                /* Special cases */
+                ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),
+                ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),
+                ASN1_GEN_STR("SET", V_ASN1_SET),
+                /* type modifiers */
+                /* Explicit tag */
+                ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),
+                ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),
+                /* Implicit tag */
+                ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),
+                ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),
+                /* OCTET STRING wrapper */
+                ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),
+                /* SEQUENCE wrapper */
+                ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),
+                /* SET wrapper */
+                ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),
+                /* BIT STRING wrapper */
+                ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),
+                ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),
+                ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),
+        };
+
+        if (len == -1)
+                len = strlen(tagstr);
+        
+        tntmp = tnst;   
+        for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++)
+                {
+                if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))
+                        return tntmp->tag;
+                }
+        
+        return -1;
+        }
+
+static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
+        {
+        ASN1_TYPE *atmp = NULL;
+
+        CONF_VALUE vtmp;
+
+        unsigned char *rdata;
+        long rdlen;
+
+        int no_unused = 1;
+
+        if (!(atmp = ASN1_TYPE_new()))
+                {
+                ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+
+        if (!str)
+                str = "";
+
+        switch(utype)
+                {
+
+                case V_ASN1_NULL:
+                if (str && *str)
+                        {
+                        ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE);
+                        goto bad_form;
+                        }
+                break;
+                
+                case V_ASN1_BOOLEAN:
+                if (format != ASN1_GEN_FORMAT_ASCII)
+                        {
+                        ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT);
+                        goto bad_form;
+                        }
+                vtmp.name = NULL;
+                vtmp.section = NULL;
+                vtmp.value = (char *)str;
+                if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean))
+                        {
+                        ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN);
+                        goto bad_str;
+                        }
+                break;
+
+                case V_ASN1_INTEGER:
+                case V_ASN1_ENUMERATED:
+                if (format != ASN1_GEN_FORMAT_ASCII)
+                        {
+                        ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT);
+                        goto bad_form;
+                        }
+                if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str)))
+                        {
+                        ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER);
+                        goto bad_str;
+                        }
+                break;
+
+                case V_ASN1_OBJECT:
+                if (format != ASN1_GEN_FORMAT_ASCII)
+                        {
+                        ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT);
+                        goto bad_form;
+                        }
+                if (!(atmp->value.object = OBJ_txt2obj(str, 0)))
+                        {
+                        ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT);
+                        goto bad_str;
+                        }
+                break;
+
+                case V_ASN1_UTCTIME:
+                case V_ASN1_GENERALIZEDTIME:
+                if (format != ASN1_GEN_FORMAT_ASCII)
+                        {
+                        ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT);
+                        goto bad_form;
+                        }
+                if (!(atmp->value.asn1_string = ASN1_STRING_new()))
+                        {
+                        ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+                        goto bad_str;
+                        }
+                if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1))
+                        {
+                        ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+                        goto bad_str;
+                        }
+                atmp->value.asn1_string->type = utype;
+                if (!ASN1_TIME_check(atmp->value.asn1_string))
+                        {
+                        ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE);
+                        goto bad_str;
+                        }
+
+                break;
+
+                case V_ASN1_BMPSTRING:
+                case V_ASN1_PRINTABLESTRING:
+                case V_ASN1_IA5STRING:
+                case V_ASN1_T61STRING:
+                case V_ASN1_UTF8STRING:
+                case V_ASN1_VISIBLESTRING:
+                case V_ASN1_UNIVERSALSTRING:
+                case V_ASN1_GENERALSTRING:
+
+                if (format == ASN1_GEN_FORMAT_ASCII)
+                        format = MBSTRING_ASC;
+                else if (format == ASN1_GEN_FORMAT_UTF8)
+                        format = MBSTRING_UTF8;
+                else
+                        {
+                        ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT);
+                        goto bad_form;
+                        }
+
+
+                if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,
+                                                -1, format, ASN1_tag2bit(utype)) <= 0)
+                        {
+                        ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+                        goto bad_str;
+                        }
+                
+
+                break;
+
+                case V_ASN1_BIT_STRING:
+
+                case V_ASN1_OCTET_STRING:
+
+                if (!(atmp->value.asn1_string = ASN1_STRING_new()))
+                        {
+                        ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+                        goto bad_form;
+                        }
+
+                if (format == ASN1_GEN_FORMAT_HEX)
+                        {
+
+                        if (!(rdata = string_to_hex((char *)str, &rdlen)))
+                                {
+                                ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX);
+                                goto bad_str;
+                                }
+
+                        atmp->value.asn1_string->data = rdata;
+                        atmp->value.asn1_string->length = rdlen;
+                        atmp->value.asn1_string->type = utype;
+
+                        }
+                else if (format == ASN1_GEN_FORMAT_ASCII)
+                        ASN1_STRING_set(atmp->value.asn1_string, str, -1);
+                else if ((format == ASN1_GEN_FORMAT_BITLIST) && (utype == V_ASN1_BIT_STRING))
+                        {
+                        if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string))
+                                {
+                                ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR);
+                                goto bad_str;
+                                }
+                        no_unused = 0;
+                        
+                        }
+                else 
+                        {
+                        ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT);
+                        goto bad_form;
+                        }
+
+                if ((utype == V_ASN1_BIT_STRING) && no_unused)
+                        {
+                        atmp->value.asn1_string->flags
+                                &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+                        atmp->value.asn1_string->flags
+                                |= ASN1_STRING_FLAG_BITS_LEFT;
+                        }
+
+
+                break;
+
+                default:
+                ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE);
+                goto bad_str;
+                break;
+                }
+
+
+        atmp->type = utype;
+        return atmp;
+
+
+        bad_str:
+        ERR_add_error_data(2, "string=", str);
+        bad_form:
+
+        ASN1_TYPE_free(atmp);
+        return NULL;
+
+        }
+
+static int bitstr_cb(const char *elem, int len, void *bitstr)
+        {
+        long bitnum;
+        char *eptr;
+        if (!elem)
+                return 0;
+        bitnum = strtoul(elem, &eptr, 10);
+        if (eptr && *eptr && (eptr != elem + len))
+                return 0;
+        if (bitnum < 0)
+                {
+                ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER);
+                return 0;
+                }
+        if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1))
+                {
+                ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        return 1;
+        }
+
diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c
new file mode 100644
index 0000000000..5af559ef8d
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn1_lib.c
@@ -0,0 +1,470 @@
+/* crypto/asn1/asn1_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+
+static int asn1_get_length(const unsigned char **pp,int *inf,long *rl,int max);
+static void asn1_put_length(unsigned char **pp, int length);
+const char ASN1_version[]="ASN.1" OPENSSL_VERSION_PTEXT;
+
+static int _asn1_check_infinite_end(const unsigned char **p, long len)
+        {
+        /* If there is 0 or 1 byte left, the length check should pick
+         * things up */
+        if (len <= 0)
+                return(1);
+        else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0))
+                {
+                (*p)+=2;
+                return(1);
+                }
+        return(0);
+        }
+
+int ASN1_check_infinite_end(unsigned char **p, long len)
+        {
+        return _asn1_check_infinite_end((const unsigned char **)p, len);
+        }
+
+int ASN1_const_check_infinite_end(const unsigned char **p, long len)
+        {
+        return _asn1_check_infinite_end(p, len);
+        }
+
+
+int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
+        int *pclass, long omax)
+        {
+        int i,ret;
+        long l;
+        const unsigned char *p= *pp;
+        int tag,xclass,inf;
+        long max=omax;
+
+        if (!max) goto err;
+        ret=(*p&V_ASN1_CONSTRUCTED);
+        xclass=(*p&V_ASN1_PRIVATE);
+        i= *p&V_ASN1_PRIMITIVE_TAG;
+        if (i == V_ASN1_PRIMITIVE_TAG)
+                {               /* high-tag */
+                p++;
+                if (--max == 0) goto err;
+                l=0;
+                while (*p&0x80)
+                        {
+                        l<<=7L;
+                        l|= *(p++)&0x7f;
+                        if (--max == 0) goto err;
+                        if (l > (INT_MAX >> 7L)) goto err;
+                        }
+                l<<=7L;
+                l|= *(p++)&0x7f;
+                tag=(int)l;
+                if (--max == 0) goto err;
+                }
+        else
+                { 
+                tag=i;
+                p++;
+                if (--max == 0) goto err;
+                }
+        *ptag=tag;
+        *pclass=xclass;
+        if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err;
+
+#if 0
+        fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d  (%d > %d)\n", 
+                (int)p,*plength,omax,(int)*pp,(int)(p+ *plength),
+                (int)(omax+ *pp));
+
+#endif
+        if (*plength > (omax - (p - *pp)))
+                {
+                ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
+                /* Set this so that even if things are not long enough
+                 * the values are set correctly */
+                ret|=0x80;
+                }
+        *pp=p;
+        return(ret|inf);
+err:
+        ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_HEADER_TOO_LONG);
+        return(0x80);
+        }
+
+static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, int max)
+        {
+        const unsigned char *p= *pp;
+        unsigned long ret=0;
+        unsigned int i;
+
+        if (max-- < 1) return(0);
+        if (*p == 0x80)
+                {
+                *inf=1;
+                ret=0;
+                p++;
+                }
+        else
+                {
+                *inf=0;
+                i= *p&0x7f;
+                if (*(p++) & 0x80)
+                        {
+                        if (i > sizeof(long))
+                                return 0;
+                        if (max-- == 0) return(0);
+                        while (i-- > 0)
+                                {
+                                ret<<=8L;
+                                ret|= *(p++);
+                                if (max-- == 0) return(0);
+                                }
+                        }
+                else
+                        ret=i;
+                }
+        if (ret > LONG_MAX)
+                return 0;
+        *pp=p;
+        *rl=(long)ret;
+        return(1);
+        }
+
+/* class 0 is constructed
+ * constructed == 2 for indefinite length constructed */
+void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
+             int xclass)
+        {
+        unsigned char *p= *pp;
+        int i, ttag;
+
+        i=(constructed)?V_ASN1_CONSTRUCTED:0;
+        i|=(xclass&V_ASN1_PRIVATE);
+        if (tag < 31)
+                *(p++)=i|(tag&V_ASN1_PRIMITIVE_TAG);
+        else
+                {
+                *(p++)=i|V_ASN1_PRIMITIVE_TAG;
+                for(i = 0, ttag = tag; ttag > 0; i++) ttag >>=7;
+                ttag = i;
+                while(i-- > 0)
+                        {
+                        p[i] = tag & 0x7f;
+                        if(i != (ttag - 1)) p[i] |= 0x80;
+                        tag >>= 7;
+                        }
+                p += ttag;
+                }
+        if (constructed == 2)
+                *(p++)=0x80;
+        else
+                asn1_put_length(&p,length);
+        *pp=p;
+        }
+
+int ASN1_put_eoc(unsigned char **pp)
+        {
+        unsigned char *p = *pp;
+        *p++ = 0;
+        *p++ = 0;
+        *pp = p;
+        return 2;
+        }
+
+static void asn1_put_length(unsigned char **pp, int length)
+        {
+        unsigned char *p= *pp;
+        int i,l;
+        if (length <= 127)
+                *(p++)=(unsigned char)length;
+        else
+                {
+                l=length;
+                for (i=0; l > 0; i++)
+                        l>>=8;
+                *(p++)=i|0x80;
+                l=i;
+                while (i-- > 0)
+                        {
+                        p[i]=length&0xff;
+                        length>>=8;
+                        }
+                p+=l;
+                }
+        *pp=p;
+        }
+
+int ASN1_object_size(int constructed, int length, int tag)
+        {
+        int ret;
+
+        ret=length;
+        ret++;
+        if (tag >= 31)
+                {
+                while (tag > 0)
+                        {
+                        tag>>=7;
+                        ret++;
+                        }
+                }
+        if (constructed == 2)
+                return ret + 3;
+        ret++;
+        if (length > 127)
+                {
+                while (length > 0)
+                        {
+                        length>>=8;
+                        ret++;
+                        }
+                }
+        return(ret);
+        }
+
+static int _asn1_Finish(ASN1_const_CTX *c)
+        {
+        if ((c->inf == (1|V_ASN1_CONSTRUCTED)) && (!c->eos))
+                {
+                if (!ASN1_const_check_infinite_end(&c->p,c->slen))
+                        {
+                        c->error=ERR_R_MISSING_ASN1_EOS;
+                        return(0);
+                        }
+                }
+        if (    ((c->slen != 0) && !(c->inf & 1)) ||
+                ((c->slen < 0) && (c->inf & 1)))
+                {
+                c->error=ERR_R_ASN1_LENGTH_MISMATCH;
+                return(0);
+                }
+        return(1);
+        }
+
+int asn1_Finish(ASN1_CTX *c)
+        {
+        return _asn1_Finish((ASN1_const_CTX *)c);
+        }
+
+int asn1_const_Finish(ASN1_const_CTX *c)
+        {
+        return _asn1_Finish(c);
+        }
+
+int asn1_GetSequence(ASN1_const_CTX *c, long *length)
+        {
+        const unsigned char *q;
+
+        q=c->p;
+        c->inf=ASN1_get_object(&(c->p),&(c->slen),&(c->tag),&(c->xclass),
+                *length);
+        if (c->inf & 0x80)
+                {
+                c->error=ERR_R_BAD_GET_ASN1_OBJECT_CALL;
+                return(0);
+                }
+        if (c->tag != V_ASN1_SEQUENCE)
+                {
+                c->error=ERR_R_EXPECTING_AN_ASN1_SEQUENCE;
+                return(0);
+                }
+        (*length)-=(c->p-q);
+        if (c->max && (*length < 0))
+                {
+                c->error=ERR_R_ASN1_LENGTH_MISMATCH;
+                return(0);
+                }
+        if (c->inf == (1|V_ASN1_CONSTRUCTED))
+                c->slen= *length+ *(c->pp)-c->p;
+        c->eos=0;
+        return(1);
+        }
+
+ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *str)
+        {
+        ASN1_STRING *ret;
+
+        if (str == NULL) return(NULL);
+        if ((ret=ASN1_STRING_type_new(str->type)) == NULL)
+                return(NULL);
+        if (!ASN1_STRING_set(ret,str->data,str->length))
+                {
+                ASN1_STRING_free(ret);
+                return(NULL);
+                }
+        ret->flags = str->flags;
+        return(ret);
+        }
+
+int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
+        {
+        unsigned char *c;
+        const char *data=_data;
+
+        if (len < 0)
+                {
+                if (data == NULL)
+                        return(0);
+                else
+                        len=strlen(data);
+                }
+        if ((str->length < len) || (str->data == NULL))
+                {
+                c=str->data;
+                if (c == NULL)
+                        str->data=OPENSSL_malloc(len+1);
+                else
+                        str->data=OPENSSL_realloc(c,len+1);
+
+                if (str->data == NULL)
+                        {
+                        ASN1err(ASN1_F_ASN1_STRING_SET,ERR_R_MALLOC_FAILURE);
+                        str->data=c;
+                        return(0);
+                        }
+                }
+        str->length=len;
+        if (data != NULL)
+                {
+                memcpy(str->data,data,len);
+                /* an allowance for strings :-) */
+                str->data[len]='\0';
+                }
+        return(1);
+        }
+
+void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len)
+        {
+        if (str->data)
+                OPENSSL_free(str->data);
+        str->data = data;
+        str->length = len;
+        }
+
+ASN1_STRING *ASN1_STRING_new(void)
+        {
+        return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
+        }
+
+
+ASN1_STRING *ASN1_STRING_type_new(int type)
+        {
+        ASN1_STRING *ret;
+
+        ret=(ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING));
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        ret->length=0;
+        ret->type=type;
+        ret->data=NULL;
+        ret->flags=0;
+        return(ret);
+        }
+
+void ASN1_STRING_free(ASN1_STRING *a)
+        {
+        if (a == NULL) return;
+        if (a->data != NULL) OPENSSL_free(a->data);
+        OPENSSL_free(a);
+        }
+
+int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
+        {
+        int i;
+
+        i=(a->length-b->length);
+        if (i == 0)
+                {
+                i=memcmp(a->data,b->data,a->length);
+                if (i == 0)
+                        return(a->type-b->type);
+                else
+                        return(i);
+                }
+        else
+                return(i);
+        }
+
+void asn1_add_error(const unsigned char *address, int offset)
+        {
+        char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
+
+        BIO_snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address);
+        BIO_snprintf(buf2,sizeof buf2,"%d",offset);
+        ERR_add_error_data(4,"address=",buf1," offset=",buf2);
+        }
+
+int ASN1_STRING_length(ASN1_STRING *x)
+{ return M_ASN1_STRING_length(x); }
+
+void ASN1_STRING_length_set(ASN1_STRING *x, int len)
+{ M_ASN1_STRING_length_set(x, len); return; }
+
+int ASN1_STRING_type(ASN1_STRING *x)
+{ return M_ASN1_STRING_type(x); }
+
+unsigned char * ASN1_STRING_data(ASN1_STRING *x)
+{ return M_ASN1_STRING_data(x); }
diff --git a/src/lib/libcrypto/asn1/asn1_mac.h b/src/lib/libcrypto/asn1/asn1_mac.h
new file mode 100644
index 0000000000..d958ca60d9
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn1_mac.h
@@ -0,0 +1,571 @@
+/* crypto/asn1/asn1_mac.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_ASN1_MAC_H
+#define HEADER_ASN1_MAC_H
+
+#include <openssl/asn1.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifndef ASN1_MAC_ERR_LIB
+#define ASN1_MAC_ERR_LIB        ERR_LIB_ASN1
+#endif 
+
+#define ASN1_MAC_H_err(f,r,line) \
+        ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
+
+#define M_ASN1_D2I_vars(a,type,func) \
+        ASN1_const_CTX c; \
+        type ret=NULL; \
+        \
+        c.pp=(const unsigned char **)pp; \
+        c.q= *(const unsigned char **)pp; \
+        c.error=ERR_R_NESTED_ASN1_ERROR; \
+        if ((a == NULL) || ((*a) == NULL)) \
+                { if ((ret=(type)func()) == NULL) \
+                        { c.line=__LINE__; goto err; } } \
+        else    ret=(*a);
+
+#define M_ASN1_D2I_Init() \
+        c.p= *(const unsigned char **)pp; \
+        c.max=(length == 0)?0:(c.p+length);
+
+#define M_ASN1_D2I_Finish_2(a) \
+        if (!asn1_const_Finish(&c)) \
+                { c.line=__LINE__; goto err; } \
+        *(const unsigned char **)pp=c.p; \
+        if (a != NULL) (*a)=ret; \
+        return(ret);
+
+#define M_ASN1_D2I_Finish(a,func,e) \
+        M_ASN1_D2I_Finish_2(a); \
+err:\
+        ASN1_MAC_H_err((e),c.error,c.line); \
+        asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \
+        if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
+        return(NULL)
+
+#define M_ASN1_D2I_start_sequence() \
+        if (!asn1_GetSequence(&c,&length)) \
+                { c.line=__LINE__; goto err; }
+/* Begin reading ASN1 without a surrounding sequence */
+#define M_ASN1_D2I_begin() \
+        c.slen = length;
+
+/* End reading ASN1 with no check on length */
+#define M_ASN1_D2I_Finish_nolen(a, func, e) \
+        *pp=c.p; \
+        if (a != NULL) (*a)=ret; \
+        return(ret); \
+err:\
+        ASN1_MAC_H_err((e),c.error,c.line); \
+        asn1_add_error(*pp,(int)(c.q- *pp)); \
+        if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
+        return(NULL)
+
+#define M_ASN1_D2I_end_sequence() \
+        (((c.inf&1) == 0)?(c.slen <= 0): \
+                (c.eos=ASN1_const_check_infinite_end(&c.p,c.slen)))
+
+/* Don't use this with d2i_ASN1_BOOLEAN() */
+#define M_ASN1_D2I_get(b, func) \
+        c.q=c.p; \
+        if (func(&(b),&c.p,c.slen) == NULL) \
+                {c.line=__LINE__; goto err; } \
+        c.slen-=(c.p-c.q);
+
+/* Don't use this with d2i_ASN1_BOOLEAN() */
+#define M_ASN1_D2I_get_x(type,b,func) \
+        c.q=c.p; \
+        if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \
+                {c.line=__LINE__; goto err; } \
+        c.slen-=(c.p-c.q);
+
+/* use this instead () */
+#define M_ASN1_D2I_get_int(b,func) \
+        c.q=c.p; \
+        if (func(&(b),&c.p,c.slen) < 0) \
+                {c.line=__LINE__; goto err; } \
+        c.slen-=(c.p-c.q);
+
+#define M_ASN1_D2I_get_opt(b,func,type) \
+        if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \
+                == (V_ASN1_UNIVERSAL|(type)))) \
+                { \
+                M_ASN1_D2I_get(b,func); \
+                }
+
+#define M_ASN1_D2I_get_imp(b,func, type) \
+        M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
+        c.q=c.p; \
+        if (func(&(b),&c.p,c.slen) == NULL) \
+                {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \
+        c.slen-=(c.p-c.q);\
+        M_ASN1_next_prev=_tmp;
+
+#define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \
+        if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \
+                (V_ASN1_CONTEXT_SPECIFIC|(tag)))) \
+                { \
+                unsigned char _tmp = M_ASN1_next; \
+                M_ASN1_D2I_get_imp(b,func, type);\
+                }
+
+#define M_ASN1_D2I_get_set(r,func,free_func) \
+                M_ASN1_D2I_get_imp_set(r,func,free_func, \
+                        V_ASN1_SET,V_ASN1_UNIVERSAL);
+
+#define M_ASN1_D2I_get_set_type(type,r,func,free_func) \
+                M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \
+                        V_ASN1_SET,V_ASN1_UNIVERSAL);
+
+#define M_ASN1_D2I_get_set_opt(r,func,free_func) \
+        if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+                V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
+                { M_ASN1_D2I_get_set(r,func,free_func); }
+
+#define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \
+        if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+                V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
+                { M_ASN1_D2I_get_set_type(type,r,func,free_func); }
+
+#define M_ASN1_I2D_len_SET_opt(a,f) \
+        if ((a != NULL) && (sk_num(a) != 0)) \
+                M_ASN1_I2D_len_SET(a,f);
+
+#define M_ASN1_I2D_put_SET_opt(a,f) \
+        if ((a != NULL) && (sk_num(a) != 0)) \
+                M_ASN1_I2D_put_SET(a,f);
+
+#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
+        if ((a != NULL) && (sk_num(a) != 0)) \
+                M_ASN1_I2D_put_SEQUENCE(a,f);
+
+#define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \
+        if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+                M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
+
+#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
+        if ((c.slen != 0) && \
+                (M_ASN1_next == \
+                (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
+                { \
+                M_ASN1_D2I_get_imp_set(b,func,free_func,\
+                        tag,V_ASN1_CONTEXT_SPECIFIC); \
+                }
+
+#define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \
+        if ((c.slen != 0) && \
+                (M_ASN1_next == \
+                (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
+                { \
+                M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\
+                        tag,V_ASN1_CONTEXT_SPECIFIC); \
+                }
+
+#define M_ASN1_D2I_get_seq(r,func,free_func) \
+                M_ASN1_D2I_get_imp_set(r,func,free_func,\
+                        V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+
+#define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \
+                M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
+                                            V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
+
+#define M_ASN1_D2I_get_seq_opt(r,func,free_func) \
+        if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+                V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
+                { M_ASN1_D2I_get_seq(r,func,free_func); }
+
+#define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \
+        if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+                V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
+                { M_ASN1_D2I_get_seq_type(type,r,func,free_func); }
+
+#define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \
+                M_ASN1_D2I_get_imp_set(r,func,free_func,\
+                        x,V_ASN1_CONTEXT_SPECIFIC);
+
+#define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \
+                M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
+                        x,V_ASN1_CONTEXT_SPECIFIC);
+
+#define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \
+        c.q=c.p; \
+        if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\
+                (void (*)())free_func,a,b) == NULL) \
+                { c.line=__LINE__; goto err; } \
+        c.slen-=(c.p-c.q);
+
+#define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \
+        c.q=c.p; \
+        if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\
+                                   free_func,a,b) == NULL) \
+                { c.line=__LINE__; goto err; } \
+        c.slen-=(c.p-c.q);
+
+#define M_ASN1_D2I_get_set_strings(r,func,a,b) \
+        c.q=c.p; \
+        if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \
+                { c.line=__LINE__; goto err; } \
+        c.slen-=(c.p-c.q);
+
+#define M_ASN1_D2I_get_EXP_opt(r,func,tag) \
+        if ((c.slen != 0L) && (M_ASN1_next == \
+                (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
+                { \
+                int Tinf,Ttag,Tclass; \
+                long Tlen; \
+                \
+                c.q=c.p; \
+                Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
+                if (Tinf & 0x80) \
+                        { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
+                        c.line=__LINE__; goto err; } \
+                if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
+                                        Tlen = c.slen - (c.p - c.q) - 2; \
+                if (func(&(r),&c.p,Tlen) == NULL) \
+                        { c.line=__LINE__; goto err; } \
+                if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
+                        Tlen = c.slen - (c.p - c.q); \
+                        if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \
+                                { c.error=ERR_R_MISSING_ASN1_EOS; \
+                                c.line=__LINE__; goto err; } \
+                }\
+                c.slen-=(c.p-c.q); \
+                }
+
+#define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \
+        if ((c.slen != 0) && (M_ASN1_next == \
+                (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
+                { \
+                int Tinf,Ttag,Tclass; \
+                long Tlen; \
+                \
+                c.q=c.p; \
+                Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
+                if (Tinf & 0x80) \
+                        { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
+                        c.line=__LINE__; goto err; } \
+                if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
+                                        Tlen = c.slen - (c.p - c.q) - 2; \
+                if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \
+                        (void (*)())free_func, \
+                        b,V_ASN1_UNIVERSAL) == NULL) \
+                        { c.line=__LINE__; goto err; } \
+                if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
+                        Tlen = c.slen - (c.p - c.q); \
+                        if(!ASN1_check_infinite_end(&c.p, Tlen)) \
+                                { c.error=ERR_R_MISSING_ASN1_EOS; \
+                                c.line=__LINE__; goto err; } \
+                }\
+                c.slen-=(c.p-c.q); \
+                }
+
+#define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \
+        if ((c.slen != 0) && (M_ASN1_next == \
+                (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
+                { \
+                int Tinf,Ttag,Tclass; \
+                long Tlen; \
+                \
+                c.q=c.p; \
+                Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
+                if (Tinf & 0x80) \
+                        { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
+                        c.line=__LINE__; goto err; } \
+                if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
+                                        Tlen = c.slen - (c.p - c.q) - 2; \
+                if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \
+                        free_func,b,V_ASN1_UNIVERSAL) == NULL) \
+                        { c.line=__LINE__; goto err; } \
+                if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
+                        Tlen = c.slen - (c.p - c.q); \
+                        if(!ASN1_check_infinite_end(&c.p, Tlen)) \
+                                { c.error=ERR_R_MISSING_ASN1_EOS; \
+                                c.line=__LINE__; goto err; } \
+                }\
+                c.slen-=(c.p-c.q); \
+                }
+
+/* New macros */
+#define M_ASN1_New_Malloc(ret,type) \
+        if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \
+                { c.line=__LINE__; goto err2; }
+
+#define M_ASN1_New(arg,func) \
+        if (((arg)=func()) == NULL) return(NULL)
+
+#define M_ASN1_New_Error(a) \
+/*      err:    ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
+                return(NULL);*/ \
+        err2:   ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \
+                return(NULL)
+
+
+/* BIG UGLY WARNING!  This is so damn ugly I wanna puke.  Unfortunately,
+   some macros that use ASN1_const_CTX still insist on writing in the input
+   stream.  ARGH!  ARGH!  ARGH!  Let's get rid of this macro package.
+   Please?                                              -- Richard Levitte */
+#define M_ASN1_next             (*((unsigned char *)(c.p)))
+#define M_ASN1_next_prev        (*((unsigned char *)(c.q)))
+
+/*************************************************/
+
+#define M_ASN1_I2D_vars(a)      int r=0,ret=0; \
+                                unsigned char *p; \
+                                if (a == NULL) return(0)
+
+/* Length Macros */
+#define M_ASN1_I2D_len(a,f)     ret+=f(a,NULL)
+#define M_ASN1_I2D_len_IMP_opt(a,f)     if (a != NULL) M_ASN1_I2D_len(a,f)
+
+#define M_ASN1_I2D_len_SET(a,f) \
+                ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
+
+#define M_ASN1_I2D_len_SET_type(type,a,f) \
+                ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \
+                                            V_ASN1_UNIVERSAL,IS_SET);
+
+#define M_ASN1_I2D_len_SEQUENCE(a,f) \
+                ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
+                                  IS_SEQUENCE);
+
+#define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \
+                ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \
+                                            V_ASN1_UNIVERSAL,IS_SEQUENCE)
+
+#define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \
+                if ((a != NULL) && (sk_num(a) != 0)) \
+                        M_ASN1_I2D_len_SEQUENCE(a,f);
+
+#define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \
+                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+                        M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
+
+#define M_ASN1_I2D_len_IMP_SET(a,f,x) \
+                ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
+
+#define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \
+                ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
+                                            V_ASN1_CONTEXT_SPECIFIC,IS_SET);
+
+#define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \
+                if ((a != NULL) && (sk_num(a) != 0)) \
+                        ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+                                          IS_SET);
+
+#define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \
+                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+                        ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
+                                               V_ASN1_CONTEXT_SPECIFIC,IS_SET);
+
+#define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \
+                ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+                                  IS_SEQUENCE);
+
+#define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \
+                if ((a != NULL) && (sk_num(a) != 0)) \
+                        ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+                                          IS_SEQUENCE);
+
+#define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \
+                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+                        ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
+                                                    V_ASN1_CONTEXT_SPECIFIC, \
+                                                    IS_SEQUENCE);
+
+#define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \
+                if (a != NULL)\
+                        { \
+                        v=f(a,NULL); \
+                        ret+=ASN1_object_size(1,v,mtag); \
+                        }
+
+#define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \
+                if ((a != NULL) && (sk_num(a) != 0))\
+                        { \
+                        v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
+                        ret+=ASN1_object_size(1,v,mtag); \
+                        }
+
+#define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
+                if ((a != NULL) && (sk_num(a) != 0))\
+                        { \
+                        v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \
+                                       IS_SEQUENCE); \
+                        ret+=ASN1_object_size(1,v,mtag); \
+                        }
+
+#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
+                if ((a != NULL) && (sk_##type##_num(a) != 0))\
+                        { \
+                        v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
+                                                 V_ASN1_UNIVERSAL, \
+                                                 IS_SEQUENCE); \
+                        ret+=ASN1_object_size(1,v,mtag); \
+                        }
+
+/* Put Macros */
+#define M_ASN1_I2D_put(a,f)     f(a,&p)
+
+#define M_ASN1_I2D_put_IMP_opt(a,f,t)   \
+                if (a != NULL) \
+                        { \
+                        unsigned char *q=p; \
+                        f(a,&p); \
+                        *q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\
+                        }
+
+#define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\
+                        V_ASN1_UNIVERSAL,IS_SET)
+#define M_ASN1_I2D_put_SET_type(type,a,f) \
+     i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET)
+#define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
+                        V_ASN1_CONTEXT_SPECIFIC,IS_SET)
+#define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \
+     i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET)
+#define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
+                        V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE)
+
+#define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\
+                                             V_ASN1_UNIVERSAL,IS_SEQUENCE)
+
+#define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \
+     i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
+                            IS_SEQUENCE)
+
+#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
+                if ((a != NULL) && (sk_num(a) != 0)) \
+                        M_ASN1_I2D_put_SEQUENCE(a,f);
+
+#define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \
+                if ((a != NULL) && (sk_num(a) != 0)) \
+                        { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+                                       IS_SET); }
+
+#define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \
+                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+                        { i2d_ASN1_SET_OF_##type(a,&p,f,x, \
+                                                 V_ASN1_CONTEXT_SPECIFIC, \
+                                                 IS_SET); }
+
+#define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \
+                if ((a != NULL) && (sk_num(a) != 0)) \
+                        { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+                                       IS_SEQUENCE); }
+
+#define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \
+                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+                        { i2d_ASN1_SET_OF_##type(a,&p,f,x, \
+                                                 V_ASN1_CONTEXT_SPECIFIC, \
+                                                 IS_SEQUENCE); }
+
+#define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \
+                if (a != NULL) \
+                        { \
+                        ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \
+                        f(a,&p); \
+                        }
+
+#define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \
+                if ((a != NULL) && (sk_num(a) != 0)) \
+                        { \
+                        ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+                        i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
+                        }
+
+#define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
+                if ((a != NULL) && (sk_num(a) != 0)) \
+                        { \
+                        ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+                        i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \
+                        }
+
+#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
+                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+                        { \
+                        ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+                        i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
+                                               IS_SEQUENCE); \
+                        }
+
+#define M_ASN1_I2D_seq_total() \
+                r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
+                if (pp == NULL) return(r); \
+                p= *pp; \
+                ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
+
+#define M_ASN1_I2D_INF_seq_start(tag,ctx) \
+                *(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \
+                *(p++)=0x80
+
+#define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00
+
+#define M_ASN1_I2D_finish()     *pp=p; \
+                                return(r);
+
+int asn1_GetSequence(ASN1_const_CTX *c, long *length);
+void asn1_add_error(const unsigned char *address,int offset);
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/asn1/asn1_par.c b/src/lib/libcrypto/asn1/asn1_par.c
new file mode 100644
index 0000000000..501b62a4b1
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn1_par.c
@@ -0,0 +1,442 @@
+/* crypto/asn1/asn1_par.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
+
+static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,
+        int indent);
+static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
+        int offset, int depth, int indent, int dump);
+static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
+             int indent)
+        {
+        static const char fmt[]="%-18s";
+        static const char fmt2[]="%2d %-15s";
+        char str[128];
+        const char *p,*p2=NULL;
+
+        if (constructed & V_ASN1_CONSTRUCTED)
+                p="cons: ";
+        else
+                p="prim: ";
+        if (BIO_write(bp,p,6) < 6) goto err;
+        BIO_indent(bp,indent,128);
+
+        p=str;
+        if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
+                BIO_snprintf(str,sizeof str,"priv [ %d ] ",tag);
+        else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
+                BIO_snprintf(str,sizeof str,"cont [ %d ]",tag);
+        else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
+                BIO_snprintf(str,sizeof str,"appl [ %d ]",tag);
+        else if (tag > 30)
+                BIO_snprintf(str,sizeof str,"<ASN1 %d>",tag);
+        else
+                p = ASN1_tag2str(tag);
+
+        if (p2 != NULL)
+                {
+                if (BIO_printf(bp,fmt2,tag,p2) <= 0) goto err;
+                }
+        else
+                {
+                if (BIO_printf(bp,fmt,p) <= 0) goto err;
+                }
+        return(1);
+err:
+        return(0);
+        }
+
+int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent)
+        {
+        return(asn1_parse2(bp,&pp,len,0,0,indent,0));
+        }
+
+int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump)
+        {
+        return(asn1_parse2(bp,&pp,len,0,0,indent,dump));
+        }
+
+static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset,
+             int depth, int indent, int dump)
+        {
+        const unsigned char *p,*ep,*tot,*op,*opp;
+        long len;
+        int tag,xclass,ret=0;
+        int nl,hl,j,r;
+        ASN1_OBJECT *o=NULL;
+        ASN1_OCTET_STRING *os=NULL;
+        /* ASN1_BMPSTRING *bmp=NULL;*/
+        int dump_indent;
+
+#if 0
+        dump_indent = indent;
+#else
+        dump_indent = 6;        /* Because we know BIO_dump_indent() */
+#endif
+        p= *pp;
+        tot=p+length;
+        op=p-1;
+        while ((p < tot) && (op < p))
+                {
+                op=p;
+                j=ASN1_get_object(&p,&len,&tag,&xclass,length);
+#ifdef LINT
+                j=j;
+#endif
+                if (j & 0x80)
+                        {
+                        if (BIO_write(bp,"Error in encoding\n",18) <= 0)
+                                goto end;
+                        ret=0;
+                        goto end;
+                        }
+                hl=(p-op);
+                length-=hl;
+                /* if j == 0x21 it is a constructed indefinite length object */
+                if (BIO_printf(bp,"%5ld:",(long)offset+(long)(op- *pp))
+                        <= 0) goto end;
+
+                if (j != (V_ASN1_CONSTRUCTED | 1))
+                        {
+                        if (BIO_printf(bp,"d=%-2d hl=%ld l=%4ld ",
+                                depth,(long)hl,len) <= 0)
+                                goto end;
+                        }
+                else
+                        {
+                        if (BIO_printf(bp,"d=%-2d hl=%ld l=inf  ",
+                                depth,(long)hl) <= 0)
+                                goto end;
+                        }
+                if (!asn1_print_info(bp,tag,xclass,j,(indent)?depth:0))
+                        goto end;
+                if (j & V_ASN1_CONSTRUCTED)
+                        {
+                        ep=p+len;
+                        if (BIO_write(bp,"\n",1) <= 0) goto end;
+                        if (len > length)
+                                {
+                                BIO_printf(bp,
+                                        "length is greater than %ld\n",length);
+                                ret=0;
+                                goto end;
+                                }
+                        if ((j == 0x21) && (len == 0))
+                                {
+                                for (;;)
+                                        {
+                                        r=asn1_parse2(bp,&p,(long)(tot-p),
+                                                offset+(p - *pp),depth+1,
+                                                indent,dump);
+                                        if (r == 0) { ret=0; goto end; }
+                                        if ((r == 2) || (p >= tot)) break;
+                                        }
+                                }
+                        else
+                                while (p < ep)
+                                        {
+                                        r=asn1_parse2(bp,&p,(long)len,
+                                                offset+(p - *pp),depth+1,
+                                                indent,dump);
+                                        if (r == 0) { ret=0; goto end; }
+                                        }
+                        }
+                else if (xclass != 0)
+                        {
+                        p+=len;
+                        if (BIO_write(bp,"\n",1) <= 0) goto end;
+                        }
+                else
+                        {
+                        nl=0;
+                        if (    (tag == V_ASN1_PRINTABLESTRING) ||
+                                (tag == V_ASN1_T61STRING) ||
+                                (tag == V_ASN1_IA5STRING) ||
+                                (tag == V_ASN1_VISIBLESTRING) ||
+                                (tag == V_ASN1_UTCTIME) ||
+                                (tag == V_ASN1_GENERALIZEDTIME))
+                                {
+                                if (BIO_write(bp,":",1) <= 0) goto end;
+                                if ((len > 0) &&
+                                        BIO_write(bp,(const char *)p,(int)len)
+                                        != (int)len)
+                                        goto end;
+                                }
+                        else if (tag == V_ASN1_OBJECT)
+                                {
+                                opp=op;
+                                if (d2i_ASN1_OBJECT(&o,&opp,len+hl) != NULL)
+                                        {
+                                        if (BIO_write(bp,":",1) <= 0) goto end;
+                                        i2a_ASN1_OBJECT(bp,o);
+                                        }
+                                else
+                                        {
+                                        if (BIO_write(bp,":BAD OBJECT",11) <= 0)
+                                                goto end;
+                                        }
+                                }
+                        else if (tag == V_ASN1_BOOLEAN)
+                                {
+                                int ii;
+
+                                opp=op;
+                                ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl);
+                                if (ii < 0)
+                                        {
+                                        if (BIO_write(bp,"Bad boolean\n",12))
+                                                goto end;
+                                        }
+                                BIO_printf(bp,":%d",ii);
+                                }
+                        else if (tag == V_ASN1_BMPSTRING)
+                                {
+                                /* do the BMP thang */
+                                }
+                        else if (tag == V_ASN1_OCTET_STRING)
+                                {
+                                int i,printable=1;
+
+                                opp=op;
+                                os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl);
+                                if (os != NULL && os->length > 0)
+                                        {
+                                        opp = os->data;
+                                        /* testing whether the octet string is
+                                         * printable */
+                                        for (i=0; i<os->length; i++)
+                                                {
+                                                if ((   (opp[i] < ' ') &&
+                                                        (opp[i] != '\n') &&
+                                                        (opp[i] != '\r') &&
+                                                        (opp[i] != '\t')) ||
+                                                        (opp[i] > '~'))
+                                                        {
+                                                        printable=0;
+                                                        break;
+                                                        }
+                                                }
+                                        if (printable)
+                                        /* printable string */
+                                                {
+                                                if (BIO_write(bp,":",1) <= 0)
+                                                        goto end;
+                                                if (BIO_write(bp,(const char *)opp,
+                                                        os->length) <= 0)
+                                                        goto end;
+                                                }
+                                        else if (!dump)
+                                        /* not printable => print octet string
+                                         * as hex dump */
+                                                {
+                                                if (BIO_write(bp,"[HEX DUMP]:",11) <= 0)
+                                                        goto end;
+                                                for (i=0; i<os->length; i++)
+                                                        {
+                                                        if (BIO_printf(bp,"%02X"
+                                                                , opp[i]) <= 0)
+                                                                goto end;
+                                                        }
+                                                }
+                                        else
+                                        /* print the normal dump */
+                                                {
+                                                if (!nl) 
+                                                        {
+                                                        if (BIO_write(bp,"\n",1) <= 0)
+                                                                goto end;
+                                                        }
+                                                if (BIO_dump_indent(bp,
+                                                        (const char *)opp,
+                                                        ((dump == -1 || dump > 
+                                                        os->length)?os->length:dump),
+                                                        dump_indent) <= 0)
+                                                        goto end;
+                                                nl=1;
+                                                }
+                                        }
+                                if (os != NULL)
+                                        {
+                                        M_ASN1_OCTET_STRING_free(os);
+                                        os=NULL;
+                                        }
+                                }
+                        else if (tag == V_ASN1_INTEGER)
+                                {
+                                ASN1_INTEGER *bs;
+                                int i;
+
+                                opp=op;
+                                bs=d2i_ASN1_INTEGER(NULL,&opp,len+hl);
+                                if (bs != NULL)
+                                        {
+                                        if (BIO_write(bp,":",1) <= 0) goto end;
+                                        if (bs->type == V_ASN1_NEG_INTEGER)
+                                                if (BIO_write(bp,"-",1) <= 0)
+                                                        goto end;
+                                        for (i=0; i<bs->length; i++)
+                                                {
+                                                if (BIO_printf(bp,"%02X",
+                                                        bs->data[i]) <= 0)
+                                                        goto end;
+                                                }
+                                        if (bs->length == 0)
+                                                {
+                                                if (BIO_write(bp,"00",2) <= 0)
+                                                        goto end;
+                                                }
+                                        }
+                                else
+                                        {
+                                        if (BIO_write(bp,"BAD INTEGER",11) <= 0)
+                                                goto end;
+                                        }
+                                M_ASN1_INTEGER_free(bs);
+                                }
+                        else if (tag == V_ASN1_ENUMERATED)
+                                {
+                                ASN1_ENUMERATED *bs;
+                                int i;
+
+                                opp=op;
+                                bs=d2i_ASN1_ENUMERATED(NULL,&opp,len+hl);
+                                if (bs != NULL)
+                                        {
+                                        if (BIO_write(bp,":",1) <= 0) goto end;
+                                        if (bs->type == V_ASN1_NEG_ENUMERATED)
+                                                if (BIO_write(bp,"-",1) <= 0)
+                                                        goto end;
+                                        for (i=0; i<bs->length; i++)
+                                                {
+                                                if (BIO_printf(bp,"%02X",
+                                                        bs->data[i]) <= 0)
+                                                        goto end;
+                                                }
+                                        if (bs->length == 0)
+                                                {
+                                                if (BIO_write(bp,"00",2) <= 0)
+                                                        goto end;
+                                                }
+                                        }
+                                else
+                                        {
+                                        if (BIO_write(bp,"BAD ENUMERATED",11) <= 0)
+                                                goto end;
+                                        }
+                                M_ASN1_ENUMERATED_free(bs);
+                                }
+                        else if (len > 0 && dump)
+                                {
+                                if (!nl) 
+                                        {
+                                        if (BIO_write(bp,"\n",1) <= 0)
+                                                goto end;
+                                        }
+                                if (BIO_dump_indent(bp,(const char *)p,
+                                        ((dump == -1 || dump > len)?len:dump),
+                                        dump_indent) <= 0)
+                                        goto end;
+                                nl=1;
+                                }
+
+                        if (!nl) 
+                                {
+                                if (BIO_write(bp,"\n",1) <= 0) goto end;
+                                }
+                        p+=len;
+                        if ((tag == V_ASN1_EOC) && (xclass == 0))
+                                {
+                                ret=2; /* End of sequence */
+                                goto end;
+                                }
+                        }
+                length-=len;
+                }
+        ret=1;
+end:
+        if (o != NULL) ASN1_OBJECT_free(o);
+        if (os != NULL) M_ASN1_OCTET_STRING_free(os);
+        *pp=p;
+        return(ret);
+        }
+
+const char *ASN1_tag2str(int tag)
+{
+        static const char *tag2str[] = {
+         "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */
+         "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */
+         "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>",      /* 10-13 */
+        "<ASN1 14>", "<ASN1 15>", "SEQUENCE", "SET",                /* 15-17 */
+        "NUMERICSTRING", "PRINTABLESTRING", "T61STRING",            /* 18-20 */
+        "VIDEOTEXSTRING", "IA5STRING", "UTCTIME","GENERALIZEDTIME", /* 21-24 */
+        "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING",          /* 25-27 */
+        "UNIVERSALSTRING", "<ASN1 29>", "BMPSTRING"                 /* 28-30 */
+        };
+
+        if((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED))
+                                                        tag &= ~0x100;
+
+        if(tag < 0 || tag > 30) return "(unknown)";
+        return tag2str[tag];
+}
+
diff --git a/src/lib/libcrypto/asn1/asn1t.h b/src/lib/libcrypto/asn1/asn1t.h
new file mode 100644
index 0000000000..bf315e65ed
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn1t.h
@@ -0,0 +1,893 @@
+/* asn1t.h */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_ASN1T_H
+#define HEADER_ASN1T_H
+
+#include <stddef.h>
+#include <openssl/e_os2.h>
+#include <openssl/asn1.h>
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
+/* ASN1 template defines, structures and functions */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
+
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+#define ASN1_ITEM_start(itname) \
+        OPENSSL_GLOBAL const ASN1_ITEM itname##_it = {
+
+#define ASN1_ITEM_end(itname) \
+                };
+
+#else
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr()))
+
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+#define ASN1_ITEM_start(itname) \
+        const ASN1_ITEM * itname##_it(void) \
+        { \
+                static const ASN1_ITEM local_it = { 
+
+#define ASN1_ITEM_end(itname) \
+                }; \
+        return &local_it; \
+        }
+
+#endif
+
+
+/* Macros to aid ASN1 template writing */
+
+#define ASN1_ITEM_TEMPLATE(tname) \
+        static const ASN1_TEMPLATE tname##_item_tt 
+
+#define ASN1_ITEM_TEMPLATE_END(tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_PRIMITIVE,\
+                -1,\
+                &tname##_item_tt,\
+                0,\
+                NULL,\
+                0,\
+                #tname \
+        ASN1_ITEM_end(tname)
+
+
+/* This is a ASN1 type which just embeds a template */
+ 
+/* This pair helps declare a SEQUENCE. We can do:
+ *
+ *      ASN1_SEQUENCE(stname) = {
+ *              ... SEQUENCE components ...
+ *      } ASN1_SEQUENCE_END(stname)
+ *
+ *      This will produce an ASN1_ITEM called stname_it
+ *      for a structure called stname.
+ *
+ *      If you want the same structure but a different
+ *      name then use:
+ *
+ *      ASN1_SEQUENCE(itname) = {
+ *              ... SEQUENCE components ...
+ *      } ASN1_SEQUENCE_END_name(stname, itname)
+ *
+ *      This will create an item called itname_it using
+ *      a structure called stname.
+ */
+
+#define ASN1_SEQUENCE(tname) \
+        static const ASN1_TEMPLATE tname##_seq_tt[] 
+
+#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
+
+#define ASN1_SEQUENCE_END_name(stname, tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+#define ASN1_NDEF_SEQUENCE(tname) \
+        ASN1_SEQUENCE(tname)
+
+#define ASN1_NDEF_SEQUENCE_cb(tname, cb) \
+        ASN1_SEQUENCE_cb(tname, cb)
+
+#define ASN1_SEQUENCE_cb(tname, cb) \
+        static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+        ASN1_SEQUENCE(tname)
+
+#define ASN1_BROKEN_SEQUENCE(tname) \
+        static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
+        ASN1_SEQUENCE(tname)
+
+#define ASN1_SEQUENCE_ref(tname, cb, lck) \
+        static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \
+        ASN1_SEQUENCE(tname)
+
+#define ASN1_SEQUENCE_enc(tname, enc, cb) \
+        static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
+        ASN1_SEQUENCE(tname)
+
+#define ASN1_NDEF_SEQUENCE_END(tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_NDEF_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(tname),\
+                #tname \
+        ASN1_ITEM_end(tname)
+
+#define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
+
+#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+
+#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+
+#define ASN1_SEQUENCE_END_ref(stname, tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                &tname##_aux,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+
+/* This pair helps declare a CHOICE type. We can do:
+ *
+ *      ASN1_CHOICE(chname) = {
+ *              ... CHOICE options ...
+ *      ASN1_CHOICE_END(chname)
+ *
+ *      This will produce an ASN1_ITEM called chname_it
+ *      for a structure called chname. The structure
+ *      definition must look like this:
+ *      typedef struct {
+ *              int type;
+ *              union {
+ *                      ASN1_SOMETHING *opt1;
+ *                      ASN1_SOMEOTHER *opt2;
+ *              } value;
+ *      } chname;
+ *      
+ *      the name of the selector must be 'type'.
+ *      to use an alternative selector name use the
+ *      ASN1_CHOICE_END_selector() version.
+ */
+
+#define ASN1_CHOICE(tname) \
+        static const ASN1_TEMPLATE tname##_ch_tt[] 
+
+#define ASN1_CHOICE_cb(tname, cb) \
+        static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+        ASN1_CHOICE(tname)
+
+#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
+
+#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)
+
+#define ASN1_CHOICE_END_selector(stname, tname, selname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_CHOICE,\
+                offsetof(stname,selname) ,\
+                tname##_ch_tt,\
+                sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+#define ASN1_CHOICE_END_cb(stname, tname, selname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_CHOICE,\
+                offsetof(stname,selname) ,\
+                tname##_ch_tt,\
+                sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+                &tname##_aux,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+/* This helps with the template wrapper form of ASN1_ITEM */
+
+#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \
+        (flags), (tag), 0,\
+        #name, ASN1_ITEM_ref(type) }
+
+/* These help with SEQUENCE or CHOICE components */
+
+/* used to declare other types */
+
+#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \
+        (flags), (tag), offsetof(stname, field),\
+        #field, ASN1_ITEM_ref(type) }
+
+/* used when the structure is combined with the parent */
+
+#define ASN1_EX_COMBINE(flags, tag, type) { \
+        (flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) }
+
+/* implicit and explicit helper macros */
+
+#define ASN1_IMP_EX(stname, field, type, tag, ex) \
+                ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type)
+
+#define ASN1_EXP_EX(stname, field, type, tag, ex) \
+                ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type)
+
+/* Any defined by macros: the field used is in the table itself */
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+#else
+#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb }
+#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb }
+#endif
+/* Plain simple type */
+#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
+
+/* OPTIONAL simple type */
+#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* IMPLICIT tagged simple type */
+#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)
+
+/* IMPLICIT tagged OPTIONAL simple type */
+#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+
+/* Same as above but EXPLICIT */
+
+#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)
+#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+
+/* SEQUENCE OF type */
+#define ASN1_SEQUENCE_OF(stname, field, type) \
+                ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)
+
+/* OPTIONAL SEQUENCE OF */
+#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \
+                ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* Same as above but for SET OF */
+
+#define ASN1_SET_OF(stname, field, type) \
+                ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)
+
+#define ASN1_SET_OF_OPT(stname, field, type) \
+                ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */
+
+#define ASN1_IMP_SET_OF(stname, field, type, tag) \
+                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+
+#define ASN1_EXP_SET_OF(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+
+#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \
+                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+
+#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+
+#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \
+                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+
+#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \
+                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+
+#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+
+#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+
+/* EXPLICIT using indefinite length constructed form */
+#define ASN1_NDEF_EXP(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF)
+
+/* EXPLICIT OPTIONAL using indefinite length constructed form */
+#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF)
+
+/* Macros for the ASN1_ADB structure */
+
+#define ASN1_ADB(name) \
+        static const ASN1_ADB_TABLE name##_adbtbl[] 
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
+        ;\
+        static const ASN1_ADB name##_adb = {\
+                flags,\
+                offsetof(name, field),\
+                app_table,\
+                name##_adbtbl,\
+                sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+                def,\
+                none\
+        }
+
+#else
+
+#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
+        ;\
+        static const ASN1_ITEM *name##_adb(void) \
+        { \
+        static const ASN1_ADB internal_adb = \
+                {\
+                flags,\
+                offsetof(name, field),\
+                app_table,\
+                name##_adbtbl,\
+                sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+                def,\
+                none\
+                }; \
+                return (const ASN1_ITEM *) &internal_adb; \
+        } \
+        void dummy_function(void)
+
+#endif
+
+#define ADB_ENTRY(val, template) {val, template}
+
+#define ASN1_ADB_TEMPLATE(name) \
+        static const ASN1_TEMPLATE name##_tt 
+
+/* This is the ASN1 template structure that defines
+ * a wrapper round the actual type. It determines the
+ * actual position of the field in the value structure,
+ * various flags such as OPTIONAL and the field name.
+ */
+
+struct ASN1_TEMPLATE_st {
+unsigned long flags;            /* Various flags */
+long tag;                       /* tag, not used if no tagging */
+unsigned long offset;           /* Offset of this field in structure */
+#ifndef NO_ASN1_FIELD_NAMES
+const char *field_name;         /* Field name */
+#endif
+ASN1_ITEM_EXP *item;            /* Relevant ASN1_ITEM or ASN1_ADB */
+};
+
+/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */
+
+#define ASN1_TEMPLATE_item(t) (t->item_ptr)
+#define ASN1_TEMPLATE_adb(t) (t->item_ptr)
+
+typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE;
+typedef struct ASN1_ADB_st ASN1_ADB;
+
+struct ASN1_ADB_st {
+        unsigned long flags;    /* Various flags */
+        unsigned long offset;   /* Offset of selector field */
+        STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */
+        const ASN1_ADB_TABLE *tbl;      /* Table of possible types */
+        long tblcount;          /* Number of entries in tbl */
+        const ASN1_TEMPLATE *default_tt;  /* Type to use if no match */
+        const ASN1_TEMPLATE *null_tt;  /* Type to use if selector is NULL */
+};
+
+struct ASN1_ADB_TABLE_st {
+        long value;             /* NID for an object or value for an int */
+        const ASN1_TEMPLATE tt;         /* item for this value */
+};
+
+/* template flags */
+
+/* Field is optional */
+#define ASN1_TFLG_OPTIONAL      (0x1)
+
+/* Field is a SET OF */
+#define ASN1_TFLG_SET_OF        (0x1 << 1)
+
+/* Field is a SEQUENCE OF */
+#define ASN1_TFLG_SEQUENCE_OF   (0x2 << 1)
+
+/* Special case: this refers to a SET OF that
+ * will be sorted into DER order when encoded *and*
+ * the corresponding STACK will be modified to match
+ * the new order.
+ */
+#define ASN1_TFLG_SET_ORDER     (0x3 << 1)
+
+/* Mask for SET OF or SEQUENCE OF */
+#define ASN1_TFLG_SK_MASK       (0x3 << 1)
+
+/* These flags mean the tag should be taken from the
+ * tag field. If EXPLICIT then the underlying type
+ * is used for the inner tag.
+ */
+
+/* IMPLICIT tagging */
+#define ASN1_TFLG_IMPTAG        (0x1 << 3)
+
+
+/* EXPLICIT tagging, inner tag from underlying type */
+#define ASN1_TFLG_EXPTAG        (0x2 << 3)
+
+#define ASN1_TFLG_TAG_MASK      (0x3 << 3)
+
+/* context specific IMPLICIT */
+#define ASN1_TFLG_IMPLICIT      ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT
+
+/* context specific EXPLICIT */
+#define ASN1_TFLG_EXPLICIT      ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT
+
+/* If tagging is in force these determine the
+ * type of tag to use. Otherwise the tag is
+ * determined by the underlying type. These 
+ * values reflect the actual octet format.
+ */
+
+/* Universal tag */ 
+#define ASN1_TFLG_UNIVERSAL     (0x0<<6)
+/* Application tag */ 
+#define ASN1_TFLG_APPLICATION   (0x1<<6)
+/* Context specific tag */ 
+#define ASN1_TFLG_CONTEXT       (0x2<<6)
+/* Private tag */ 
+#define ASN1_TFLG_PRIVATE       (0x3<<6)
+
+#define ASN1_TFLG_TAG_CLASS     (0x3<<6)
+
+/* These are for ANY DEFINED BY type. In this case
+ * the 'item' field points to an ASN1_ADB structure
+ * which contains a table of values to decode the
+ * relevant type
+ */
+
+#define ASN1_TFLG_ADB_MASK      (0x3<<8)
+
+#define ASN1_TFLG_ADB_OID       (0x1<<8)
+
+#define ASN1_TFLG_ADB_INT       (0x1<<9)
+
+/* This flag means a parent structure is passed
+ * instead of the field: this is useful is a
+ * SEQUENCE is being combined with a CHOICE for
+ * example. Since this means the structure and
+ * item name will differ we need to use the
+ * ASN1_CHOICE_END_name() macro for example.
+ */
+
+#define ASN1_TFLG_COMBINE       (0x1<<10)
+
+/* This flag when present in a SEQUENCE OF, SET OF
+ * or EXPLICIT causes indefinite length constructed
+ * encoding to be used if required.
+ */
+
+#define ASN1_TFLG_NDEF          (0x1<<11)
+
+/* This is the actual ASN1 item itself */
+
+struct ASN1_ITEM_st {
+char itype;                     /* The item type, primitive, SEQUENCE, CHOICE or extern */
+long utype;                     /* underlying type */
+const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains the contents */
+long tcount;                    /* Number of templates if SEQUENCE or CHOICE */
+const void *funcs;              /* functions that handle this type */
+long size;                      /* Structure size (usually)*/
+#ifndef NO_ASN1_FIELD_NAMES
+const char *sname;              /* Structure name */
+#endif
+};
+
+/* These are values for the itype field and
+ * determine how the type is interpreted.
+ *
+ * For PRIMITIVE types the underlying type
+ * determines the behaviour if items is NULL.
+ *
+ * Otherwise templates must contain a single 
+ * template and the type is treated in the
+ * same way as the type specified in the template.
+ *
+ * For SEQUENCE types the templates field points
+ * to the members, the size field is the
+ * structure size.
+ *
+ * For CHOICE types the templates field points
+ * to each possible member (typically a union)
+ * and the 'size' field is the offset of the
+ * selector.
+ *
+ * The 'funcs' field is used for application
+ * specific functions. 
+ *
+ * For COMPAT types the funcs field gives a
+ * set of functions that handle this type, this
+ * supports the old d2i, i2d convention.
+ *
+ * The EXTERN type uses a new style d2i/i2d.
+ * The new style should be used where possible
+ * because it avoids things like the d2i IMPLICIT
+ * hack.
+ *
+ * MSTRING is a multiple string type, it is used
+ * for a CHOICE of character strings where the
+ * actual strings all occupy an ASN1_STRING
+ * structure. In this case the 'utype' field
+ * has a special meaning, it is used as a mask
+ * of acceptable types using the B_ASN1 constants.
+ *
+ * NDEF_SEQUENCE is the same as SEQUENCE except
+ * that it will use indefinite length constructed
+ * encoding if requested.
+ *
+ */
+
+#define ASN1_ITYPE_PRIMITIVE            0x0
+
+#define ASN1_ITYPE_SEQUENCE             0x1
+
+#define ASN1_ITYPE_CHOICE               0x2
+
+#define ASN1_ITYPE_COMPAT               0x3
+
+#define ASN1_ITYPE_EXTERN               0x4
+
+#define ASN1_ITYPE_MSTRING              0x5
+
+#define ASN1_ITYPE_NDEF_SEQUENCE        0x6
+
+/* Cache for ASN1 tag and length, so we
+ * don't keep re-reading it for things
+ * like CHOICE
+ */
+
+struct ASN1_TLC_st{
+        char valid;     /* Values below are valid */
+        int ret;        /* return value */
+        long plen;      /* length */
+        int ptag;       /* class value */
+        int pclass;     /* class value */
+        int hdrlen;     /* header length */
+};
+
+/* Typedefs for ASN1 function pointers */
+
+typedef ASN1_VALUE * ASN1_new_func(void);
+typedef void ASN1_free_func(ASN1_VALUE *a);
+typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, const unsigned char ** in, long length);
+typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in);
+
+typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,
+                                        int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+typedef struct ASN1_COMPAT_FUNCS_st {
+        ASN1_new_func *asn1_new;
+        ASN1_free_func *asn1_free;
+        ASN1_d2i_func *asn1_d2i;
+        ASN1_i2d_func *asn1_i2d;
+} ASN1_COMPAT_FUNCS;
+
+typedef struct ASN1_EXTERN_FUNCS_st {
+        void *app_data;
+        ASN1_ex_new_func *asn1_ex_new;
+        ASN1_ex_free_func *asn1_ex_free;
+        ASN1_ex_free_func *asn1_ex_clear;
+        ASN1_ex_d2i *asn1_ex_d2i;
+        ASN1_ex_i2d *asn1_ex_i2d;
+} ASN1_EXTERN_FUNCS;
+
+typedef struct ASN1_PRIMITIVE_FUNCS_st {
+        void *app_data;
+        unsigned long flags;
+        ASN1_ex_new_func *prim_new;
+        ASN1_ex_free_func *prim_free;
+        ASN1_ex_free_func *prim_clear;
+        ASN1_primitive_c2i *prim_c2i;
+        ASN1_primitive_i2c *prim_i2c;
+} ASN1_PRIMITIVE_FUNCS;
+
+/* This is the ASN1_AUX structure: it handles various
+ * miscellaneous requirements. For example the use of
+ * reference counts and an informational callback.
+ *
+ * The "informational callback" is called at various
+ * points during the ASN1 encoding and decoding. It can
+ * be used to provide minor customisation of the structures
+ * used. This is most useful where the supplied routines
+ * *almost* do the right thing but need some extra help
+ * at a few points. If the callback returns zero then
+ * it is assumed a fatal error has occurred and the 
+ * main operation should be abandoned.
+ *
+ * If major changes in the default behaviour are required
+ * then an external type is more appropriate.
+ */
+
+typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it);
+
+typedef struct ASN1_AUX_st {
+        void *app_data;
+        int flags;
+        int ref_offset;         /* Offset of reference value */
+        int ref_lock;           /* Lock type to use */
+        ASN1_aux_cb *asn1_cb;
+        int enc_offset;         /* Offset of ASN1_ENCODING structure */
+} ASN1_AUX;
+
+/* Flags in ASN1_AUX */
+
+/* Use a reference count */
+#define ASN1_AFLG_REFCOUNT      1
+/* Save the encoding of structure (useful for signatures) */
+#define ASN1_AFLG_ENCODING      2
+/* The Sequence length is invalid */
+#define ASN1_AFLG_BROKEN        4
+
+/* operation values for asn1_cb */
+
+#define ASN1_OP_NEW_PRE         0
+#define ASN1_OP_NEW_POST        1
+#define ASN1_OP_FREE_PRE        2
+#define ASN1_OP_FREE_POST       3
+#define ASN1_OP_D2I_PRE         4
+#define ASN1_OP_D2I_POST        5
+#define ASN1_OP_I2D_PRE         6
+#define ASN1_OP_I2D_POST        7
+
+/* Macro to implement a primitive type */
+#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
+#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \
+                                ASN1_ITEM_start(itname) \
+                                        ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \
+                                ASN1_ITEM_end(itname)
+
+/* Macro to implement a multi string type */
+#define IMPLEMENT_ASN1_MSTRING(itname, mask) \
+                                ASN1_ITEM_start(itname) \
+                                        ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
+                                ASN1_ITEM_end(itname)
+
+/* Macro to implement an ASN1_ITEM in terms of old style funcs */
+
+#define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE)
+
+#define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \
+        static const ASN1_COMPAT_FUNCS sname##_ff = { \
+                (ASN1_new_func *)sname##_new, \
+                (ASN1_free_func *)sname##_free, \
+                (ASN1_d2i_func *)d2i_##sname, \
+                (ASN1_i2d_func *)i2d_##sname, \
+        }; \
+        ASN1_ITEM_start(sname) \
+                ASN1_ITYPE_COMPAT, \
+                tag, \
+                NULL, \
+                0, \
+                &sname##_ff, \
+                0, \
+                #sname \
+        ASN1_ITEM_end(sname)
+
+#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
+        ASN1_ITEM_start(sname) \
+                ASN1_ITYPE_EXTERN, \
+                tag, \
+                NULL, \
+                0, \
+                &fptrs, \
+                0, \
+                #sname \
+        ASN1_ITEM_end(sname)
+
+/* Macro to implement standard functions in terms of ASN1_ITEM structures */
+
+#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
+
+#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)
+
+#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
+                        IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
+
+#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \
+                IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)
+
+#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
+        stname *fname##_new(void) \
+        { \
+                return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
+        } \
+        void fname##_free(stname *a) \
+        { \
+                ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
+        }
+
+#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \
+        IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+        IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+
+#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+        stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
+        { \
+                return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
+        } \
+        int i2d_##fname(stname *a, unsigned char **out) \
+        { \
+                return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+        } 
+
+#define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \
+        int i2d_##stname##_NDEF(stname *a, unsigned char **out) \
+        { \
+                return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\
+        } 
+
+/* This includes evil casts to remove const: they will go away when full
+ * ASN1 constification is done.
+ */
+#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+        stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
+        { \
+                return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
+        } \
+        int i2d_##fname(const stname *a, unsigned char **out) \
+        { \
+                return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+        } 
+
+#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \
+        stname * stname##_dup(stname *x) \
+        { \
+        return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
+        }
+
+#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
+                IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
+
+#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \
+        IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+        IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+
+/* external definitions for primitive types */
+
+DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
+DECLARE_ASN1_ITEM(CBIGNUM)
+DECLARE_ASN1_ITEM(BIGNUM)
+DECLARE_ASN1_ITEM(LONG)
+DECLARE_ASN1_ITEM(ZLONG)
+
+DECLARE_STACK_OF(ASN1_VALUE)
+
+/* Functions used internally by the ASN1 code */
+
+int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt);
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,
+                                int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt);
+void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it);
+
+ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr);
+
+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
+
+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/asn1/asn_mime.c b/src/lib/libcrypto/asn1/asn_mime.c
new file mode 100644
index 0000000000..bc80b20d63
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn_mime.c
@@ -0,0 +1,876 @@
+/* asn_mime.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+/* Generalised MIME like utilities for streaming ASN1. Although many
+ * have a PKCS7/CMS like flavour others are more general purpose.
+ */
+
+/* MIME format structures
+ * Note that all are translated to lower case apart from
+ * parameter values. Quotes are stripped off
+ */
+
+typedef struct {
+char *param_name;                       /* Param name e.g. "micalg" */
+char *param_value;                      /* Param value e.g. "sha1" */
+} MIME_PARAM;
+
+DECLARE_STACK_OF(MIME_PARAM)
+IMPLEMENT_STACK_OF(MIME_PARAM)
+
+typedef struct {
+char *name;                             /* Name of line e.g. "content-type" */
+char *value;                            /* Value of line e.g. "text/plain" */
+STACK_OF(MIME_PARAM) *params;           /* Zero or more parameters */
+} MIME_HEADER;
+
+DECLARE_STACK_OF(MIME_HEADER)
+IMPLEMENT_STACK_OF(MIME_HEADER)
+
+static char * strip_ends(char *name);
+static char * strip_start(char *name);
+static char * strip_end(char *name);
+static MIME_HEADER *mime_hdr_new(char *name, char *value);
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
+static int mime_hdr_cmp(const MIME_HEADER * const *a,
+                        const MIME_HEADER * const *b);
+static int mime_param_cmp(const MIME_PARAM * const *a,
+                        const MIME_PARAM * const *b);
+static void mime_param_free(MIME_PARAM *param);
+static int mime_bound_check(char *line, int linelen, char *bound, int blen);
+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
+static int strip_eol(char *linebuf, int *plen);
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
+static void mime_hdr_free(MIME_HEADER *hdr);
+
+#define MAX_SMLEN 1024
+#define mime_debug(x) /* x */
+
+/* Base 64 read and write of ASN1 structure */
+
+static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                                const ASN1_ITEM *it)
+        {
+        BIO *b64;
+        int r;
+        b64 = BIO_new(BIO_f_base64());
+        if(!b64)
+                {
+                ASN1err(ASN1_F_B64_WRITE_ASN1,ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        /* prepend the b64 BIO so all data is base64 encoded.
+         */
+        out = BIO_push(b64, out);
+        r = ASN1_item_i2d_bio(it, out, val);
+        (void)BIO_flush(out);
+        BIO_pop(out);
+        BIO_free(b64);
+        return r;
+        }
+
+static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
+{
+        BIO *b64;
+        ASN1_VALUE *val;
+        if(!(b64 = BIO_new(BIO_f_base64()))) {
+                ASN1err(ASN1_F_B64_READ_ASN1,ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        bio = BIO_push(b64, bio);
+        val = ASN1_item_d2i_bio(it, bio, NULL);
+        if(!val)
+                ASN1err(ASN1_F_B64_READ_ASN1,ASN1_R_DECODE_ERROR);
+        (void)BIO_flush(bio);
+        bio = BIO_pop(bio);
+        BIO_free(b64);
+        return val;
+}
+
+/* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */
+
+static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
+        {
+        const EVP_MD *md;
+        int i, have_unknown = 0, write_comma, md_nid;
+        have_unknown = 0;
+        write_comma = 0;
+        for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++)
+                {
+                if (write_comma)
+                        BIO_write(out, ",", 1);
+                write_comma = 1;
+                md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
+                md = EVP_get_digestbynid(md_nid);
+                switch(md_nid)
+                        {
+                        case NID_sha1:
+                        BIO_puts(out, "sha1");
+                        break;
+
+                        case NID_md5:
+                        BIO_puts(out, "md5");
+                        break;
+
+                        case NID_sha256:
+                        BIO_puts(out, "sha-256");
+                        break;
+
+                        case NID_sha384:
+                        BIO_puts(out, "sha-384");
+                        break;
+
+                        case NID_sha512:
+                        BIO_puts(out, "sha-512");
+                        break;
+
+                        default:
+                        if (have_unknown)
+                                write_comma = 0;
+                        else
+                                {
+                                BIO_puts(out, "unknown");
+                                have_unknown = 1;
+                                }
+                        break;
+
+                        }
+                }
+
+        return 1;
+
+        }
+
+/* SMIME sender */
+
+int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+                                int ctype_nid, int econt_nid,
+                                STACK_OF(X509_ALGOR) *mdalgs,
+                                asn1_output_data_fn *data_fn,
+                                const ASN1_ITEM *it)
+{
+        char bound[33], c;
+        int i;
+        const char *mime_prefix, *mime_eol, *cname = "smime.p7m";
+        const char *msg_type=NULL;
+        if (flags & SMIME_OLDMIME)
+                mime_prefix = "application/x-pkcs7-";
+        else
+                mime_prefix = "application/pkcs7-";
+
+        if (flags & SMIME_CRLFEOL)
+                mime_eol = "\r\n";
+        else
+                mime_eol = "\n";
+        if((flags & SMIME_DETACHED) && data) {
+        /* We want multipart/signed */
+                /* Generate a random boundary */
+                RAND_pseudo_bytes((unsigned char *)bound, 32);
+                for(i = 0; i < 32; i++) {
+                        c = bound[i] & 0xf;
+                        if(c < 10) c += '0';
+                        else c += 'A' - 10;
+                        bound[i] = c;
+                }
+                bound[32] = 0;
+                BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+                BIO_printf(bio, "Content-Type: multipart/signed;");
+                BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
+                BIO_puts(bio, " micalg=\"");
+                asn1_write_micalg(bio, mdalgs);
+                BIO_printf(bio, "\"; boundary=\"----%s\"%s%s",
+                                                bound, mime_eol, mime_eol);
+                BIO_printf(bio, "This is an S/MIME signed message%s%s",
+                                                mime_eol, mime_eol);
+                /* Now write out the first part */
+                BIO_printf(bio, "------%s%s", bound, mime_eol);
+                if (!data_fn(bio, data, val, flags, it))
+                        return 0;
+                BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
+
+                /* Headers for signature */
+
+                BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); 
+                BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
+                BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
+                                                                mime_eol);
+                BIO_printf(bio, "Content-Disposition: attachment;");
+                BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
+                                                        mime_eol, mime_eol);
+                B64_write_ASN1(bio, val, NULL, 0, it);
+                BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
+                                                        mime_eol, mime_eol);
+                return 1;
+        }
+
+        /* Determine smime-type header */
+
+        if (ctype_nid == NID_pkcs7_enveloped)
+                msg_type = "enveloped-data";
+        else if (ctype_nid == NID_pkcs7_signed)
+                {
+                if (econt_nid == NID_id_smime_ct_receipt)
+                        msg_type = "signed-receipt";
+                else if (sk_X509_ALGOR_num(mdalgs) >= 0)
+                        msg_type = "signed-data";
+                else
+                        msg_type = "certs-only";
+                }
+        else if (ctype_nid == NID_id_smime_ct_compressedData)
+                {
+                msg_type = "compressed-data";
+                cname = "smime.p7z";
+                }
+        /* MIME headers */
+        BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+        BIO_printf(bio, "Content-Disposition: attachment;");
+        BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol);
+        BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
+        if (msg_type)
+                BIO_printf(bio, " smime-type=%s;", msg_type);
+        BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol);
+        BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
+                                                mime_eol, mime_eol);
+        if (!B64_write_ASN1(bio, val, data, flags, it))
+                return 0;
+        BIO_printf(bio, "%s", mime_eol);
+        return 1;
+}
+
+#if 0
+
+/* Handle output of ASN1 data */
+
+
+static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+                                        const ASN1_ITEM *it)
+        {
+        BIO *tmpbio;
+        const ASN1_AUX *aux = it->funcs;
+        ASN1_STREAM_ARG sarg;
+
+        if (!(flags & SMIME_DETACHED))
+                {
+                SMIME_crlf_copy(data, out, flags);
+                return 1;
+                }
+
+        if (!aux || !aux->asn1_cb)
+                {
+                ASN1err(ASN1_F_ASN1_OUTPUT_DATA,
+                                        ASN1_R_STREAMING_NOT_SUPPORTED);
+                return 0;
+                }
+
+        sarg.out = out;
+        sarg.ndef_bio = NULL;
+        sarg.boundary = NULL;
+
+        /* Let ASN1 code prepend any needed BIOs */
+
+        if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0)
+                return 0;
+
+        /* Copy data across, passing through filter BIOs for processing */
+        SMIME_crlf_copy(data, sarg.ndef_bio, flags);
+
+        /* Finalize structure */
+        if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
+                return 0;
+
+        /* Now remove any digests prepended to the BIO */
+
+        while (sarg.ndef_bio != out)
+                {
+                tmpbio = BIO_pop(sarg.ndef_bio);
+                BIO_free(sarg.ndef_bio);
+                sarg.ndef_bio = tmpbio;
+                }
+
+        return 1;
+
+        }
+
+#endif
+
+/* SMIME reader: handle multipart/signed and opaque signing.
+ * in multipart case the content is placed in a memory BIO
+ * pointed to by "bcont". In opaque this is set to NULL
+ */
+
+ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
+{
+        BIO *asnin;
+        STACK_OF(MIME_HEADER) *headers = NULL;
+        STACK_OF(BIO) *parts = NULL;
+        MIME_HEADER *hdr;
+        MIME_PARAM *prm;
+        ASN1_VALUE *val;
+        int ret;
+
+        if(bcont) *bcont = NULL;
+
+        if (!(headers = mime_parse_hdr(bio))) {
+                ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_PARSE_ERROR);
+                return NULL;
+        }
+
+        if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE);
+                return NULL;
+        }
+
+        /* Handle multipart/signed */
+
+        if(!strcmp(hdr->value, "multipart/signed")) {
+                /* Split into two parts */
+                prm = mime_param_find(hdr, "boundary");
+                if(!prm || !prm->param_value) {
+                        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY);
+                        return NULL;
+                }
+                ret = multi_split(bio, prm->param_value, &parts);
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                if(!ret || (sk_BIO_num(parts) != 2) ) {
+                        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE);
+                        sk_BIO_pop_free(parts, BIO_vfree);
+                        return NULL;
+                }
+
+                /* Parse the signature piece */
+                asnin = sk_BIO_value(parts, 1);
+
+                if (!(headers = mime_parse_hdr(asnin))) {
+                        ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_SIG_PARSE_ERROR);
+                        sk_BIO_pop_free(parts, BIO_vfree);
+                        return NULL;
+                }
+
+                /* Get content type */
+
+                if(!(hdr = mime_hdr_find(headers, "content-type")) ||
+                                                                 !hdr->value) {
+                        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
+                        return NULL;
+                }
+
+                if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
+                        strcmp(hdr->value, "application/pkcs7-signature")) {
+                        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                        ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE);
+                        ERR_add_error_data(2, "type: ", hdr->value);
+                        sk_BIO_pop_free(parts, BIO_vfree);
+                        return NULL;
+                }
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                /* Read in ASN1 */
+                if(!(val = b64_read_asn1(asnin, it))) {
+                        ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_ASN1_SIG_PARSE_ERROR);
+                        sk_BIO_pop_free(parts, BIO_vfree);
+                        return NULL;
+                }
+
+                if(bcont) {
+                        *bcont = sk_BIO_value(parts, 0);
+                        BIO_free(asnin);
+                        sk_BIO_free(parts);
+                } else sk_BIO_pop_free(parts, BIO_vfree);
+                return val;
+        }
+                
+        /* OK, if not multipart/signed try opaque signature */
+
+        if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
+            strcmp (hdr->value, "application/pkcs7-mime")) {
+                ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_INVALID_MIME_TYPE);
+                ERR_add_error_data(2, "type: ", hdr->value);
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                return NULL;
+        }
+
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        
+        if(!(val = b64_read_asn1(bio, it))) {
+                ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR);
+                return NULL;
+        }
+        return val;
+
+}
+
+/* Copy text from one BIO to another making the output CRLF at EOL */
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
+{
+        BIO *bf;
+        char eol;
+        int len;
+        char linebuf[MAX_SMLEN];
+        /* Buffer output so we don't write one line at a time. This is
+         * useful when streaming as we don't end up with one OCTET STRING
+         * per line.
+         */
+        bf = BIO_new(BIO_f_buffer());
+        if (!bf)
+                return 0;
+        out = BIO_push(bf, out);
+        if(flags & SMIME_BINARY)
+                {
+                while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
+                                                BIO_write(out, linebuf, len);
+                }
+        else
+                {
+                if(flags & SMIME_TEXT)
+                        BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
+                while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0)
+                        {
+                        eol = strip_eol(linebuf, &len);
+                        if (len)
+                                BIO_write(out, linebuf, len);
+                        if(eol) BIO_write(out, "\r\n", 2);
+                        }
+                }
+        (void)BIO_flush(out);
+        BIO_pop(out);
+        BIO_free(bf);
+        return 1;
+}
+
+/* Strip off headers if they are text/plain */
+int SMIME_text(BIO *in, BIO *out)
+{
+        char iobuf[4096];
+        int len;
+        STACK_OF(MIME_HEADER) *headers;
+        MIME_HEADER *hdr;
+
+        if (!(headers = mime_parse_hdr(in))) {
+                ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_PARSE_ERROR);
+                return 0;
+        }
+        if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+                ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_NO_CONTENT_TYPE);
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                return 0;
+        }
+        if (strcmp (hdr->value, "text/plain")) {
+                ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_INVALID_MIME_TYPE);
+                ERR_add_error_data(2, "type: ", hdr->value);
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                return 0;
+        }
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
+                                                BIO_write(out, iobuf, len);
+        if (len < 0)
+                return 0;
+        return 1;
+}
+
+/* Split a multipart/XXX message body into component parts: result is
+ * canonical parts in a STACK of bios
+ */
+
+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
+{
+        char linebuf[MAX_SMLEN];
+        int len, blen;
+        int eol = 0, next_eol = 0;
+        BIO *bpart = NULL;
+        STACK_OF(BIO) *parts;
+        char state, part, first;
+
+        blen = strlen(bound);
+        part = 0;
+        state = 0;
+        first = 1;
+        parts = sk_BIO_new_null();
+        *ret = parts;
+        while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+                state = mime_bound_check(linebuf, len, bound, blen);
+                if(state == 1) {
+                        first = 1;
+                        part++;
+                } else if(state == 2) {
+                        sk_BIO_push(parts, bpart);
+                        return 1;
+                } else if(part) {
+                        /* Strip CR+LF from linebuf */
+                        next_eol = strip_eol(linebuf, &len);
+                        if(first) {
+                                first = 0;
+                                if(bpart) sk_BIO_push(parts, bpart);
+                                bpart = BIO_new(BIO_s_mem());
+                                BIO_set_mem_eof_return(bpart, 0);
+                        } else if (eol)
+                                BIO_write(bpart, "\r\n", 2);
+                        eol = next_eol;
+                        if (len)
+                                BIO_write(bpart, linebuf, len);
+                }
+        }
+        return 0;
+}
+
+/* This is the big one: parse MIME header lines up to message body */
+
+#define MIME_INVALID    0
+#define MIME_START      1
+#define MIME_TYPE       2
+#define MIME_NAME       3
+#define MIME_VALUE      4
+#define MIME_QUOTE      5
+#define MIME_COMMENT    6
+
+
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
+{
+        char *p, *q, c;
+        char *ntmp;
+        char linebuf[MAX_SMLEN];
+        MIME_HEADER *mhdr = NULL;
+        STACK_OF(MIME_HEADER) *headers;
+        int len, state, save_state = 0;
+
+        headers = sk_MIME_HEADER_new(mime_hdr_cmp);
+        while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+        /* If whitespace at line start then continuation line */
+        if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
+        else state = MIME_START;
+        ntmp = NULL;
+        /* Go through all characters */
+        for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
+
+        /* State machine to handle MIME headers
+         * if this looks horrible that's because it *is*
+         */
+
+                switch(state) {
+                        case MIME_START:
+                        if(c == ':') {
+                                state = MIME_TYPE;
+                                *p = 0;
+                                ntmp = strip_ends(q);
+                                q = p + 1;
+                        }
+                        break;
+
+                        case MIME_TYPE:
+                        if(c == ';') {
+                                mime_debug("Found End Value\n");
+                                *p = 0;
+                                mhdr = mime_hdr_new(ntmp, strip_ends(q));
+                                sk_MIME_HEADER_push(headers, mhdr);
+                                ntmp = NULL;
+                                q = p + 1;
+                                state = MIME_NAME;
+                        } else if(c == '(') {
+                                save_state = state;
+                                state = MIME_COMMENT;
+                        }
+                        break;
+
+                        case MIME_COMMENT:
+                        if(c == ')') {
+                                state = save_state;
+                        }
+                        break;
+
+                        case MIME_NAME:
+                        if(c == '=') {
+                                state = MIME_VALUE;
+                                *p = 0;
+                                ntmp = strip_ends(q);
+                                q = p + 1;
+                        }
+                        break ;
+
+                        case MIME_VALUE:
+                        if(c == ';') {
+                                state = MIME_NAME;
+                                *p = 0;
+                                mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+                                ntmp = NULL;
+                                q = p + 1;
+                        } else if (c == '"') {
+                                mime_debug("Found Quote\n");
+                                state = MIME_QUOTE;
+                        } else if(c == '(') {
+                                save_state = state;
+                                state = MIME_COMMENT;
+                        }
+                        break;
+
+                        case MIME_QUOTE:
+                        if(c == '"') {
+                                mime_debug("Found Match Quote\n");
+                                state = MIME_VALUE;
+                        }
+                        break;
+                }
+        }
+
+        if(state == MIME_TYPE) {
+                mhdr = mime_hdr_new(ntmp, strip_ends(q));
+                sk_MIME_HEADER_push(headers, mhdr);
+        } else if(state == MIME_VALUE)
+                         mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+        if(p == linebuf) break; /* Blank line means end of headers */
+}
+
+return headers;
+
+}
+
+static char *strip_ends(char *name)
+{
+        return strip_end(strip_start(name));
+}
+
+/* Strip a parameter of whitespace from start of param */
+static char *strip_start(char *name)
+{
+        char *p, c;
+        /* Look for first non white space or quote */
+        for(p = name; (c = *p) ;p++) {
+                if(c == '"') {
+                        /* Next char is start of string if non null */
+                        if(p[1]) return p + 1;
+                        /* Else null string */
+                        return NULL;
+                }
+                if(!isspace((unsigned char)c)) return p;
+        }
+        return NULL;
+}
+
+/* As above but strip from end of string : maybe should handle brackets? */
+static char *strip_end(char *name)
+{
+        char *p, c;
+        if(!name) return NULL;
+        /* Look for first non white space or quote */
+        for(p = name + strlen(name) - 1; p >= name ;p--) {
+                c = *p;
+                if(c == '"') {
+                        if(p - 1 == name) return NULL;
+                        *p = 0;
+                        return name;
+                }
+                if(isspace((unsigned char)c)) *p = 0;   
+                else return name;
+        }
+        return NULL;
+}
+
+static MIME_HEADER *mime_hdr_new(char *name, char *value)
+{
+        MIME_HEADER *mhdr;
+        char *tmpname, *tmpval, *p;
+        int c;
+        if(name) {
+                if(!(tmpname = BUF_strdup(name))) return NULL;
+                for(p = tmpname ; *p; p++) {
+                        c = *p;
+                        if(isupper(c)) {
+                                c = tolower(c);
+                                *p = c;
+                        }
+                }
+        } else tmpname = NULL;
+        if(value) {
+                if(!(tmpval = BUF_strdup(value))) return NULL;
+                for(p = tmpval ; *p; p++) {
+                        c = *p;
+                        if(isupper(c)) {
+                                c = tolower(c);
+                                *p = c;
+                        }
+                }
+        } else tmpval = NULL;
+        mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER));
+        if(!mhdr) return NULL;
+        mhdr->name = tmpname;
+        mhdr->value = tmpval;
+        if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL;
+        return mhdr;
+}
+                
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
+{
+        char *tmpname, *tmpval, *p;
+        int c;
+        MIME_PARAM *mparam;
+        if(name) {
+                tmpname = BUF_strdup(name);
+                if(!tmpname) return 0;
+                for(p = tmpname ; *p; p++) {
+                        c = *p;
+                        if(isupper(c)) {
+                                c = tolower(c);
+                                *p = c;
+                        }
+                }
+        } else tmpname = NULL;
+        if(value) {
+                tmpval = BUF_strdup(value);
+                if(!tmpval) return 0;
+        } else tmpval = NULL;
+        /* Parameter values are case sensitive so leave as is */
+        mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM));
+        if(!mparam) return 0;
+        mparam->param_name = tmpname;
+        mparam->param_value = tmpval;
+        sk_MIME_PARAM_push(mhdr->params, mparam);
+        return 1;
+}
+
+static int mime_hdr_cmp(const MIME_HEADER * const *a,
+                        const MIME_HEADER * const *b)
+{
+        return(strcmp((*a)->name, (*b)->name));
+}
+
+static int mime_param_cmp(const MIME_PARAM * const *a,
+                        const MIME_PARAM * const *b)
+{
+        return(strcmp((*a)->param_name, (*b)->param_name));
+}
+
+/* Find a header with a given name (if possible) */
+
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
+{
+        MIME_HEADER htmp;
+        int idx;
+        htmp.name = name;
+        idx = sk_MIME_HEADER_find(hdrs, &htmp);
+        if(idx < 0) return NULL;
+        return sk_MIME_HEADER_value(hdrs, idx);
+}
+
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
+{
+        MIME_PARAM param;
+        int idx;
+        param.param_name = name;
+        idx = sk_MIME_PARAM_find(hdr->params, &param);
+        if(idx < 0) return NULL;
+        return sk_MIME_PARAM_value(hdr->params, idx);
+}
+
+static void mime_hdr_free(MIME_HEADER *hdr)
+{
+        if(hdr->name) OPENSSL_free(hdr->name);
+        if(hdr->value) OPENSSL_free(hdr->value);
+        if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
+        OPENSSL_free(hdr);
+}
+
+static void mime_param_free(MIME_PARAM *param)
+{
+        if(param->param_name) OPENSSL_free(param->param_name);
+        if(param->param_value) OPENSSL_free(param->param_value);
+        OPENSSL_free(param);
+}
+
+/* Check for a multipart boundary. Returns:
+ * 0 : no boundary
+ * 1 : part boundary
+ * 2 : final boundary
+ */
+static int mime_bound_check(char *line, int linelen, char *bound, int blen)
+{
+        if(linelen == -1) linelen = strlen(line);
+        if(blen == -1) blen = strlen(bound);
+        /* Quickly eliminate if line length too short */
+        if(blen + 2 > linelen) return 0;
+        /* Check for part boundary */
+        if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
+                if(!strncmp(line + blen + 2, "--", 2)) return 2;
+                else return 1;
+        }
+        return 0;
+}
+
+static int strip_eol(char *linebuf, int *plen)
+        {
+        int len = *plen;
+        char *p, c;
+        int is_eol = 0;
+        p = linebuf + len - 1;
+        for (p = linebuf + len - 1; len > 0; len--, p--)
+                {
+                c = *p;
+                if (c == '\n')
+                        is_eol = 1;
+                else if (c != '\r')
+                        break;
+                }
+        *plen = len;
+        return is_eol;
+        }
diff --git a/src/lib/libcrypto/asn1/asn_moid.c b/src/lib/libcrypto/asn1/asn_moid.c
new file mode 100644
index 0000000000..9132350f10
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn_moid.c
@@ -0,0 +1,160 @@
+/* asn_moid.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001-2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+
+/* Simple ASN1 OID module: add all objects in a given section */
+
+static int do_create(char *value, char *name);
+
+static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
+        {
+        int i;
+        const char *oid_section;
+        STACK_OF(CONF_VALUE) *sktmp;
+        CONF_VALUE *oval;
+        oid_section = CONF_imodule_get_value(md);
+        if(!(sktmp = NCONF_get_section(cnf, oid_section)))
+                {
+                ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
+                return 0;
+                }
+        for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++)
+                {
+                oval = sk_CONF_VALUE_value(sktmp, i);
+                if(!do_create(oval->value, oval->name))
+                        {
+                        ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT);
+                        return 0;
+                        }
+                }
+        return 1;
+        }
+
+static void oid_module_finish(CONF_IMODULE *md)
+        {
+        OBJ_cleanup();
+        }
+
+void ASN1_add_oid_module(void)
+        {
+        CONF_module_add("oid_section", oid_module_init, oid_module_finish);
+        }
+
+/* Create an OID based on a name value pair. Accept two formats.
+ * shortname = 1.2.3.4
+ * shortname = some long name, 1.2.3.4
+ */
+
+
+static int do_create(char *value, char *name)
+        {
+        int nid;
+        ASN1_OBJECT *oid;
+        char *ln, *ostr, *p, *lntmp;
+        p = strrchr(value, ',');
+        if (!p)
+                {
+                ln = name;
+                ostr = value;
+                }
+        else
+                {
+                ln = NULL;
+                ostr = p + 1;
+                if (!*ostr)
+                        return 0;
+                while(isspace((unsigned char)*ostr)) ostr++;
+                }
+
+        nid = OBJ_create(ostr, name, ln);
+
+        if (nid == NID_undef)
+                return 0;
+
+        if (p)
+                {
+                ln = value;
+                while(isspace((unsigned char)*ln)) ln++;
+                p--;
+                while(isspace((unsigned char)*p))
+                        {
+                        if (p == ln)
+                                return 0;
+                        p--;
+                        }
+                p++;
+                lntmp = OPENSSL_malloc((p - ln) + 1);
+                if (lntmp == NULL)
+                        return 0;
+                memcpy(lntmp, ln, p - ln);
+                lntmp[p - ln] = 0;
+                oid = OBJ_nid2obj(nid);
+                oid->ln = lntmp;
+                }
+
+        return 1;
+        }
+                
+                
diff --git a/src/lib/libcrypto/asn1/asn_pack.c b/src/lib/libcrypto/asn1/asn_pack.c
new file mode 100644
index 0000000000..e8b671b7b5
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn_pack.c
@@ -0,0 +1,191 @@
+/* asn_pack.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+#ifndef NO_ASN1_OLD
+
+/* ASN1 packing and unpacking functions */
+
+/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
+
+STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
+                       d2i_of_void *d2i,void (*free_func)(void *))
+{
+    STACK *sk;
+    const unsigned char *pbuf;
+    pbuf =  buf;
+    if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
+                                        V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL)))
+                 ASN1err(ASN1_F_ASN1_SEQ_UNPACK,ASN1_R_DECODE_ERROR);
+    return sk;
+}
+
+/* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a
+ * OPENSSL_malloc'ed buffer
+ */
+
+unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d,
+                             unsigned char **buf, int *len)
+{
+        int safelen;
+        unsigned char *safe, *p;
+        if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE,
+                                              V_ASN1_UNIVERSAL, IS_SEQUENCE))) {
+                ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR);
+                return NULL;
+        }
+        if (!(safe = OPENSSL_malloc (safelen))) {
+                ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        p = safe;
+        i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
+                                                                 IS_SEQUENCE);
+        if (len) *len = safelen;
+        if (buf) *buf = safe;
+        return safe;
+}
+
+/* Extract an ASN1 object from an ASN1_STRING */
+
+void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i)
+{
+        const unsigned char *p;
+        char *ret;
+
+        p = oct->data;
+        if(!(ret = d2i(NULL, &p, oct->length)))
+                ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR);
+        return ret;
+}
+
+/* Pack an ASN1 object into an ASN1_STRING */
+
+ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct)
+{
+        unsigned char *p;
+        ASN1_STRING *octmp;
+
+        if (!oct || !*oct) {
+                if (!(octmp = ASN1_STRING_new ())) {
+                        ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+                        return NULL;
+                }
+                if (oct) *oct = octmp;
+        } else octmp = *oct;
+                
+        if (!(octmp->length = i2d(obj, NULL))) {
+                ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
+                return NULL;
+        }
+        if (!(p = OPENSSL_malloc (octmp->length))) {
+                ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        octmp->data = p;
+        i2d (obj, &p);
+        return octmp;
+}
+
+#endif
+
+/* ASN1_ITEM versions of the above */
+
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
+{
+        ASN1_STRING *octmp;
+
+        if (!oct || !*oct) {
+                if (!(octmp = ASN1_STRING_new ())) {
+                        ASN1err(ASN1_F_ASN1_ITEM_PACK,ERR_R_MALLOC_FAILURE);
+                        return NULL;
+                }
+                if (oct) *oct = octmp;
+        } else octmp = *oct;
+
+        if(octmp->data) {
+                OPENSSL_free(octmp->data);
+                octmp->data = NULL;
+        }
+                
+        if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) {
+                ASN1err(ASN1_F_ASN1_ITEM_PACK,ASN1_R_ENCODE_ERROR);
+                return NULL;
+        }
+        if (!octmp->data) {
+                ASN1err(ASN1_F_ASN1_ITEM_PACK,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        return octmp;
+}
+
+/* Extract an ASN1 object from an ASN1_STRING */
+
+void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it)
+{
+        const unsigned char *p;
+        void *ret;
+
+        p = oct->data;
+        if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))
+                ASN1err(ASN1_F_ASN1_ITEM_UNPACK,ASN1_R_DECODE_ERROR);
+        return ret;
+}
diff --git a/src/lib/libcrypto/asn1/charmap.h b/src/lib/libcrypto/asn1/charmap.h
new file mode 100644
index 0000000000..bd020a9562
--- /dev/null
+++ b/src/lib/libcrypto/asn1/charmap.h
@@ -0,0 +1,15 @@
+/* Auto generated with chartype.pl script.
+ * Mask of various character properties
+ */
+
+static unsigned char char_type[] = {
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+120, 0, 1,40, 0, 0, 0,16,16,16, 0,25,25,16,16,16,
+16,16,16,16,16,16,16,16,16,16,16, 9, 9,16, 9,16,
+ 0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,
+16,16,16,16,16,16,16,16,16,16,16, 0, 1, 0, 0, 0,
+ 0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,
+16,16,16,16,16,16,16,16,16,16,16, 0, 0, 0, 0, 2
+};
+
diff --git a/src/lib/libcrypto/asn1/charmap.pl b/src/lib/libcrypto/asn1/charmap.pl
new file mode 100644
index 0000000000..2875c59867
--- /dev/null
+++ b/src/lib/libcrypto/asn1/charmap.pl
@@ -0,0 +1,80 @@
+#!/usr/local/bin/perl -w
+
+use strict;
+
+my ($i, @arr);
+
+# Set up an array with the type of ASCII characters
+# Each set bit represents a character property.
+
+# RFC2253 character properties
+my $RFC2253_ESC = 1;    # Character escaped with \
+my $ESC_CTRL    = 2;    # Escaped control character
+# These are used with RFC1779 quoting using "
+my $NOESC_QUOTE = 8;    # Not escaped if quoted
+my $PSTRING_CHAR = 0x10;        # Valid PrintableString character
+my $RFC2253_FIRST_ESC = 0x20; # Escaped with \ if first character
+my $RFC2253_LAST_ESC = 0x40;  # Escaped with \ if last character
+
+for($i = 0; $i < 128; $i++) {
+        # Set the RFC2253 escape characters (control)
+        $arr[$i] = 0;
+        if(($i < 32) || ($i > 126)) {
+                $arr[$i] |= $ESC_CTRL;
+        }
+
+        # Some PrintableString characters
+        if(                ( ( $i >= ord("a")) && ( $i <= ord("z")) )
+                        || (  ( $i >= ord("A")) && ( $i <= ord("Z")) )
+                        || (  ( $i >= ord("0")) && ( $i <= ord("9")) )  ) {
+                $arr[$i] |= $PSTRING_CHAR;
+        }
+}
+
+# Now setup the rest
+
+# Remaining RFC2253 escaped characters
+
+$arr[ord(" ")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC | $RFC2253_LAST_ESC;
+$arr[ord("#")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC;
+
+$arr[ord(",")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord("+")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord("\"")] |= $RFC2253_ESC;
+$arr[ord("\\")] |= $RFC2253_ESC;
+$arr[ord("<")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord(">")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord(";")] |= $NOESC_QUOTE | $RFC2253_ESC;
+
+# Remaining PrintableString characters
+
+$arr[ord(" ")] |= $PSTRING_CHAR;
+$arr[ord("'")] |= $PSTRING_CHAR;
+$arr[ord("(")] |= $PSTRING_CHAR;
+$arr[ord(")")] |= $PSTRING_CHAR;
+$arr[ord("+")] |= $PSTRING_CHAR;
+$arr[ord(",")] |= $PSTRING_CHAR;
+$arr[ord("-")] |= $PSTRING_CHAR;
+$arr[ord(".")] |= $PSTRING_CHAR;
+$arr[ord("/")] |= $PSTRING_CHAR;
+$arr[ord(":")] |= $PSTRING_CHAR;
+$arr[ord("=")] |= $PSTRING_CHAR;
+$arr[ord("?")] |= $PSTRING_CHAR;
+
+# Now generate the C code
+
+print <<EOF;
+/* Auto generated with chartype.pl script.
+ * Mask of various character properties
+ */
+
+static unsigned char char_type[] = {
+EOF
+
+for($i = 0; $i < 128; $i++) {
+        print("\n") if($i && (($i % 16) == 0));
+        printf("%2d", $arr[$i]);
+        print(",") if ($i != 127);
+}
+print("\n};\n\n");
+
diff --git a/src/lib/libcrypto/asn1/d2i_pr.c b/src/lib/libcrypto/asn1/d2i_pr.c
new file mode 100644
index 0000000000..207ccda5ac
--- /dev/null
+++ b/src/lib/libcrypto/asn1/d2i_pr.c
@@ -0,0 +1,161 @@
+/* crypto/asn1/d2i_pr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#endif
+
+EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
+             long length)
+        {
+        EVP_PKEY *ret;
+
+        if ((a == NULL) || (*a == NULL))
+                {
+                if ((ret=EVP_PKEY_new()) == NULL)
+                        {
+                        ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_EVP_LIB);
+                        return(NULL);
+                        }
+                }
+        else    ret= *a;
+
+        ret->save_type=type;
+        ret->type=EVP_PKEY_type(type);
+        switch (ret->type)
+                {
+#ifndef OPENSSL_NO_RSA
+        case EVP_PKEY_RSA:
+                if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,
+                        (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
+                        {
+                        ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
+                        goto err;
+                        }
+                break;
+#endif
+#ifndef OPENSSL_NO_DSA
+        case EVP_PKEY_DSA:
+                if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,
+                        (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
+                        {
+                        ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
+                        goto err;
+                        }
+                break;
+#endif
+#ifndef OPENSSL_NO_EC
+        case EVP_PKEY_EC:
+                if ((ret->pkey.ec = d2i_ECPrivateKey(NULL, 
+                        (const unsigned char **)pp, length)) == NULL)
+                        {
+                        ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
+                        goto err;
+                        }
+                break;
+#endif
+        default:
+                ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+                goto err;
+                /* break; */
+                }
+        if (a != NULL) (*a)=ret;
+        return(ret);
+err:
+        if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret);
+        return(NULL);
+        }
+
+/* This works like d2i_PrivateKey() except it automatically works out the type */
+
+EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
+             long length)
+{
+        STACK_OF(ASN1_TYPE) *inkey;
+        const unsigned char *p;
+        int keytype;
+        p = *pp;
+        /* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE):
+         * by analyzing it we can determine the passed structure: this
+         * assumes the input is surrounded by an ASN1 SEQUENCE.
+         */
+        inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE, 
+                        ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+        /* Since we only need to discern "traditional format" RSA and DSA
+         * keys we can just count the elements.
+         */
+        if(sk_ASN1_TYPE_num(inkey) == 6) 
+                keytype = EVP_PKEY_DSA;
+        else if (sk_ASN1_TYPE_num(inkey) == 4)
+                keytype = EVP_PKEY_EC;
+        else keytype = EVP_PKEY_RSA;
+        sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
+        return d2i_PrivateKey(keytype, a, pp, length);
+}
diff --git a/src/lib/libcrypto/asn1/d2i_pu.c b/src/lib/libcrypto/asn1/d2i_pu.c
new file mode 100644
index 0000000000..3694f51a8c
--- /dev/null
+++ b/src/lib/libcrypto/asn1/d2i_pu.c
@@ -0,0 +1,135 @@
+/* crypto/asn1/d2i_pu.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#endif
+
+EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
+             long length)
+        {
+        EVP_PKEY *ret;
+
+        if ((a == NULL) || (*a == NULL))
+                {
+                if ((ret=EVP_PKEY_new()) == NULL)
+                        {
+                        ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB);
+                        return(NULL);
+                        }
+                }
+        else    ret= *a;
+
+        ret->save_type=type;
+        ret->type=EVP_PKEY_type(type);
+        switch (ret->type)
+                {
+#ifndef OPENSSL_NO_RSA
+        case EVP_PKEY_RSA:
+                if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,
+                        (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
+                        {
+                        ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
+                        goto err;
+                        }
+                break;
+#endif
+#ifndef OPENSSL_NO_DSA
+        case EVP_PKEY_DSA:
+                if (!d2i_DSAPublicKey(&(ret->pkey.dsa),
+                        (const unsigned char **)pp,length)) /* TMP UGLY CAST */
+                        {
+                        ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
+                        goto err;
+                        }
+                break;
+#endif
+#ifndef OPENSSL_NO_EC
+        case EVP_PKEY_EC:
+                if (!o2i_ECPublicKey(&(ret->pkey.ec),
+                                     (const unsigned char **)pp, length))
+                        {
+                        ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
+                        goto err;
+                        }
+        break;
+#endif
+        default:
+                ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+                goto err;
+                /* break; */
+                }
+        if (a != NULL) (*a)=ret;
+        return(ret);
+err:
+        if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret);
+        return(NULL);
+        }
+
diff --git a/src/lib/libcrypto/asn1/evp_asn1.c b/src/lib/libcrypto/asn1/evp_asn1.c
new file mode 100644
index 0000000000..f3d9804860
--- /dev/null
+++ b/src/lib/libcrypto/asn1/evp_asn1.c
@@ -0,0 +1,189 @@
+/* crypto/asn1/evp_asn1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+
+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
+        {
+        ASN1_STRING *os;
+
+        if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0);
+        if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0);
+        ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);
+        return(1);
+        }
+
+/* int max_len:  for returned value    */
+int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data,
+             int max_len)
+        {
+        int ret,num;
+        unsigned char *p;
+
+        if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL))
+                {
+                ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING,ASN1_R_DATA_IS_WRONG);
+                return(-1);
+                }
+        p=M_ASN1_STRING_data(a->value.octet_string);
+        ret=M_ASN1_STRING_length(a->value.octet_string);
+        if (ret < max_len)
+                num=ret;
+        else
+                num=max_len;
+        memcpy(data,p,num);
+        return(ret);
+        }
+
+int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
+             int len)
+        {
+        int n,size;
+        ASN1_OCTET_STRING os,*osp;
+        ASN1_INTEGER in;
+        unsigned char *p;
+        unsigned char buf[32]; /* when they have 256bit longs, 
+                                * I'll be in trouble */
+        in.data=buf;
+        in.length=32;
+        os.data=data;
+        os.type=V_ASN1_OCTET_STRING;
+        os.length=len;
+        ASN1_INTEGER_set(&in,num);
+        n =  i2d_ASN1_INTEGER(&in,NULL);
+        n+=M_i2d_ASN1_OCTET_STRING(&os,NULL);
+
+        size=ASN1_object_size(1,n,V_ASN1_SEQUENCE);
+
+        if ((osp=ASN1_STRING_new()) == NULL) return(0);
+        /* Grow the 'string' */
+        if (!ASN1_STRING_set(osp,NULL,size))
+                {
+                ASN1_STRING_free(osp);
+                return(0);
+                }
+
+        M_ASN1_STRING_length_set(osp, size);
+        p=M_ASN1_STRING_data(osp);
+
+        ASN1_put_object(&p,1,n,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+          i2d_ASN1_INTEGER(&in,&p);
+        M_i2d_ASN1_OCTET_STRING(&os,&p);
+
+        ASN1_TYPE_set(a,V_ASN1_SEQUENCE,osp);
+        return(1);
+        }
+
+/* we return the actual length..., num may be missing, in which
+ * case, set it to zero */
+/* int max_len:  for returned value    */
+int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data,
+             int max_len)
+        {
+        int ret= -1,n;
+        ASN1_INTEGER *ai=NULL;
+        ASN1_OCTET_STRING *os=NULL;
+        const unsigned char *p;
+        long length;
+        ASN1_const_CTX c;
+
+        if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL))
+                {
+                goto err;
+                }
+        p=M_ASN1_STRING_data(a->value.sequence);
+        length=M_ASN1_STRING_length(a->value.sequence);
+
+        c.pp= &p;
+        c.p=p;
+        c.max=p+length;
+        c.error=ASN1_R_DATA_IS_WRONG;
+
+        M_ASN1_D2I_start_sequence();
+        c.q=c.p;
+        if ((ai=d2i_ASN1_INTEGER(NULL,&c.p,c.slen)) == NULL) goto err;
+        c.slen-=(c.p-c.q);
+        c.q=c.p;
+        if ((os=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) goto err;
+        c.slen-=(c.p-c.q);
+        if (!M_ASN1_D2I_end_sequence()) goto err;
+
+        if (num != NULL)
+                *num=ASN1_INTEGER_get(ai);
+
+        ret=M_ASN1_STRING_length(os);
+        if (max_len > ret)
+                n=ret;
+        else
+                n=max_len;
+
+        if (data != NULL)
+                memcpy(data,M_ASN1_STRING_data(os),n);
+        if (0)
+                {
+err:
+                ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,ASN1_R_DATA_IS_WRONG);
+                }
+        if (os != NULL) M_ASN1_OCTET_STRING_free(os);
+        if (ai != NULL) M_ASN1_INTEGER_free(ai);
+        return(ret);
+        }
+
diff --git a/src/lib/libcrypto/asn1/f_enum.c b/src/lib/libcrypto/asn1/f_enum.c
new file mode 100644
index 0000000000..56e3cc8df2
--- /dev/null
+++ b/src/lib/libcrypto/asn1/f_enum.c
@@ -0,0 +1,207 @@
+/* crypto/asn1/f_enum.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+/* Based on a_int.c: equivalent ENUMERATED functions */
+
+int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a)
+        {
+        int i,n=0;
+        static const char *h="0123456789ABCDEF";
+        char buf[2];
+
+        if (a == NULL) return(0);
+
+        if (a->length == 0)
+                {
+                if (BIO_write(bp,"00",2) != 2) goto err;
+                n=2;
+                }
+        else
+                {
+                for (i=0; i<a->length; i++)
+                        {
+                        if ((i != 0) && (i%35 == 0))
+                                {
+                                if (BIO_write(bp,"\\\n",2) != 2) goto err;
+                                n+=2;
+                                }
+                        buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
+                        buf[1]=h[((unsigned char)a->data[i]   )&0x0f];
+                        if (BIO_write(bp,buf,2) != 2) goto err;
+                        n+=2;
+                        }
+                }
+        return(n);
+err:
+        return(-1);
+        }
+
+int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
+        {
+        int ret=0;
+        int i,j,k,m,n,again,bufsize;
+        unsigned char *s=NULL,*sp;
+        unsigned char *bufp;
+        int num=0,slen=0,first=1;
+
+        bs->type=V_ASN1_ENUMERATED;
+
+        bufsize=BIO_gets(bp,buf,size);
+        for (;;)
+                {
+                if (bufsize < 1) goto err_sl;
+                i=bufsize;
+                if (buf[i-1] == '\n') buf[--i]='\0';
+                if (i == 0) goto err_sl;
+                if (buf[i-1] == '\r') buf[--i]='\0';
+                if (i == 0) goto err_sl;
+                again=(buf[i-1] == '\\');
+
+                for (j=0; j<i; j++)
+                        {
+                        if (!(  ((buf[j] >= '0') && (buf[j] <= '9')) ||
+                                ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+                                ((buf[j] >= 'A') && (buf[j] <= 'F'))))
+                                {
+                                i=j;
+                                break;
+                                }
+                        }
+                buf[i]='\0';
+                /* We have now cleared all the crap off the end of the
+                 * line */
+                if (i < 2) goto err_sl;
+
+                bufp=(unsigned char *)buf;
+                if (first)
+                        {
+                        first=0;
+                        if ((bufp[0] == '0') && (buf[1] == '0'))
+                                {
+                                bufp+=2;
+                                i-=2;
+                                }
+                        }
+                k=0;
+                i-=again;
+                if (i%2 != 0)
+                        {
+                        ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_ODD_NUMBER_OF_CHARS);
+                        goto err;
+                        }
+                i/=2;
+                if (num+i > slen)
+                        {
+                        if (s == NULL)
+                                sp=(unsigned char *)OPENSSL_malloc(
+                                        (unsigned int)num+i*2);
+                        else
+                                sp=(unsigned char *)OPENSSL_realloc(s,
+                                        (unsigned int)num+i*2);
+                        if (sp == NULL)
+                                {
+                                ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
+                                if (s != NULL) OPENSSL_free(s);
+                                goto err;
+                                }
+                        s=sp;
+                        slen=num+i*2;
+                        }
+                for (j=0; j<i; j++,k+=2)
+                        {
+                        for (n=0; n<2; n++)
+                                {
+                                m=bufp[k+n];
+                                if ((m >= '0') && (m <= '9'))
+                                        m-='0';
+                                else if ((m >= 'a') && (m <= 'f'))
+                                        m=m-'a'+10;
+                                else if ((m >= 'A') && (m <= 'F'))
+                                        m=m-'A'+10;
+                                else
+                                        {
+                                        ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_NON_HEX_CHARACTERS);
+                                        goto err;
+                                        }
+                                s[num+j]<<=4;
+                                s[num+j]|=m;
+                                }
+                        }
+                num+=i;
+                if (again)
+                        bufsize=BIO_gets(bp,buf,size);
+                else
+                        break;
+                }
+        bs->length=num;
+        bs->data=s;
+        ret=1;
+err:
+        if (0)
+                {
+err_sl:
+                ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_SHORT_LINE);
+                }
+        return(ret);
+        }
+
diff --git a/src/lib/libcrypto/asn1/f_int.c b/src/lib/libcrypto/asn1/f_int.c
new file mode 100644
index 0000000000..9494e597ab
--- /dev/null
+++ b/src/lib/libcrypto/asn1/f_int.c
@@ -0,0 +1,219 @@
+/* crypto/asn1/f_int.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
+        {
+        int i,n=0;
+        static const char *h="0123456789ABCDEF";
+        char buf[2];
+
+        if (a == NULL) return(0);
+
+        if (a->type & V_ASN1_NEG)
+                {
+                if (BIO_write(bp, "-", 1) != 1) goto err;
+                n = 1;
+                }
+
+        if (a->length == 0)
+                {
+                if (BIO_write(bp,"00",2) != 2) goto err;
+                n += 2;
+                }
+        else
+                {
+                for (i=0; i<a->length; i++)
+                        {
+                        if ((i != 0) && (i%35 == 0))
+                                {
+                                if (BIO_write(bp,"\\\n",2) != 2) goto err;
+                                n+=2;
+                                }
+                        buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
+                        buf[1]=h[((unsigned char)a->data[i]   )&0x0f];
+                        if (BIO_write(bp,buf,2) != 2) goto err;
+                        n+=2;
+                        }
+                }
+        return(n);
+err:
+        return(-1);
+        }
+
+int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
+        {
+        int ret=0;
+        int i,j,k,m,n,again,bufsize;
+        unsigned char *s=NULL,*sp;
+        unsigned char *bufp;
+        int num=0,slen=0,first=1;
+
+        bs->type=V_ASN1_INTEGER;
+
+        bufsize=BIO_gets(bp,buf,size);
+        for (;;)
+                {
+                if (bufsize < 1) goto err_sl;
+                i=bufsize;
+                if (buf[i-1] == '\n') buf[--i]='\0';
+                if (i == 0) goto err_sl;
+                if (buf[i-1] == '\r') buf[--i]='\0';
+                if (i == 0) goto err_sl;
+                again=(buf[i-1] == '\\');
+
+                for (j=0; j<i; j++)
+                        {
+#ifndef CHARSET_EBCDIC
+                        if (!(  ((buf[j] >= '0') && (buf[j] <= '9')) ||
+                                ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+                                ((buf[j] >= 'A') && (buf[j] <= 'F'))))
+#else
+                        /* This #ifdef is not strictly necessary, since
+                         * the characters A...F a...f 0...9 are contiguous
+                         * (yes, even in EBCDIC - but not the whole alphabet).
+                         * Nevertheless, isxdigit() is faster.
+                         */
+                        if (!isxdigit(buf[j]))
+#endif
+                                {
+                                i=j;
+                                break;
+                                }
+                        }
+                buf[i]='\0';
+                /* We have now cleared all the crap off the end of the
+                 * line */
+                if (i < 2) goto err_sl;
+
+                bufp=(unsigned char *)buf;
+                if (first)
+                        {
+                        first=0;
+                        if ((bufp[0] == '0') && (buf[1] == '0'))
+                                {
+                                bufp+=2;
+                                i-=2;
+                                }
+                        }
+                k=0;
+                i-=again;
+                if (i%2 != 0)
+                        {
+                        ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_ODD_NUMBER_OF_CHARS);
+                        goto err;
+                        }
+                i/=2;
+                if (num+i > slen)
+                        {
+                        if (s == NULL)
+                                sp=(unsigned char *)OPENSSL_malloc(
+                                        (unsigned int)num+i*2);
+                        else
+                                sp=OPENSSL_realloc_clean(s,slen,num+i*2);
+                        if (sp == NULL)
+                                {
+                                ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+                                if (s != NULL) OPENSSL_free(s);
+                                goto err;
+                                }
+                        s=sp;
+                        slen=num+i*2;
+                        }
+                for (j=0; j<i; j++,k+=2)
+                        {
+                        for (n=0; n<2; n++)
+                                {
+                                m=bufp[k+n];
+                                if ((m >= '0') && (m <= '9'))
+                                        m-='0';
+                                else if ((m >= 'a') && (m <= 'f'))
+                                        m=m-'a'+10;
+                                else if ((m >= 'A') && (m <= 'F'))
+                                        m=m-'A'+10;
+                                else
+                                        {
+                                        ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_NON_HEX_CHARACTERS);
+                                        goto err;
+                                        }
+                                s[num+j]<<=4;
+                                s[num+j]|=m;
+                                }
+                        }
+                num+=i;
+                if (again)
+                        bufsize=BIO_gets(bp,buf,size);
+                else
+                        break;
+                }
+        bs->length=num;
+        bs->data=s;
+        ret=1;
+err:
+        if (0)
+                {
+err_sl:
+                ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_SHORT_LINE);
+                }
+        return(ret);
+        }
+
diff --git a/src/lib/libcrypto/asn1/f_string.c b/src/lib/libcrypto/asn1/f_string.c
new file mode 100644
index 0000000000..968698a798
--- /dev/null
+++ b/src/lib/libcrypto/asn1/f_string.c
@@ -0,0 +1,212 @@
+/* crypto/asn1/f_string.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type)
+        {
+        int i,n=0;
+        static const char *h="0123456789ABCDEF";
+        char buf[2];
+
+        if (a == NULL) return(0);
+
+        if (a->length == 0)
+                {
+                if (BIO_write(bp,"0",1) != 1) goto err;
+                n=1;
+                }
+        else
+                {
+                for (i=0; i<a->length; i++)
+                        {
+                        if ((i != 0) && (i%35 == 0))
+                                {
+                                if (BIO_write(bp,"\\\n",2) != 2) goto err;
+                                n+=2;
+                                }
+                        buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
+                        buf[1]=h[((unsigned char)a->data[i]   )&0x0f];
+                        if (BIO_write(bp,buf,2) != 2) goto err;
+                        n+=2;
+                        }
+                }
+        return(n);
+err:
+        return(-1);
+        }
+
+int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
+        {
+        int ret=0;
+        int i,j,k,m,n,again,bufsize;
+        unsigned char *s=NULL,*sp;
+        unsigned char *bufp;
+        int num=0,slen=0,first=1;
+
+        bufsize=BIO_gets(bp,buf,size);
+        for (;;)
+                {
+                if (bufsize < 1)
+                        {
+                        if (first)
+                                break;
+                        else
+                                goto err_sl;
+                        }
+                first=0;
+
+                i=bufsize;
+                if (buf[i-1] == '\n') buf[--i]='\0';
+                if (i == 0) goto err_sl;
+                if (buf[i-1] == '\r') buf[--i]='\0';
+                if (i == 0) goto err_sl;
+                again=(buf[i-1] == '\\');
+
+                for (j=i-1; j>0; j--)
+                        {
+#ifndef CHARSET_EBCDIC
+                        if (!(  ((buf[j] >= '0') && (buf[j] <= '9')) ||
+                                ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+                                ((buf[j] >= 'A') && (buf[j] <= 'F'))))
+#else
+                        /* This #ifdef is not strictly necessary, since
+                         * the characters A...F a...f 0...9 are contiguous
+                         * (yes, even in EBCDIC - but not the whole alphabet).
+                         * Nevertheless, isxdigit() is faster.
+                         */
+                        if (!isxdigit(buf[j]))
+#endif
+                                {
+                                i=j;
+                                break;
+                                }
+                        }
+                buf[i]='\0';
+                /* We have now cleared all the crap off the end of the
+                 * line */
+                if (i < 2) goto err_sl;
+
+                bufp=(unsigned char *)buf;
+
+                k=0;
+                i-=again;
+                if (i%2 != 0)
+                        {
+                        ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_ODD_NUMBER_OF_CHARS);
+                        goto err;
+                        }
+                i/=2;
+                if (num+i > slen)
+                        {
+                        if (s == NULL)
+                                sp=(unsigned char *)OPENSSL_malloc(
+                                        (unsigned int)num+i*2);
+                        else
+                                sp=(unsigned char *)OPENSSL_realloc(s,
+                                        (unsigned int)num+i*2);
+                        if (sp == NULL)
+                                {
+                                ASN1err(ASN1_F_A2I_ASN1_STRING,ERR_R_MALLOC_FAILURE);
+                                if (s != NULL) OPENSSL_free(s);
+                                goto err;
+                                }
+                        s=sp;
+                        slen=num+i*2;
+                        }
+                for (j=0; j<i; j++,k+=2)
+                        {
+                        for (n=0; n<2; n++)
+                                {
+                                m=bufp[k+n];
+                                if ((m >= '0') && (m <= '9'))
+                                        m-='0';
+                                else if ((m >= 'a') && (m <= 'f'))
+                                        m=m-'a'+10;
+                                else if ((m >= 'A') && (m <= 'F'))
+                                        m=m-'A'+10;
+                                else
+                                        {
+                                        ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_NON_HEX_CHARACTERS);
+                                        goto err;
+                                        }
+                                s[num+j]<<=4;
+                                s[num+j]|=m;
+                                }
+                        }
+                num+=i;
+                if (again)
+                        bufsize=BIO_gets(bp,buf,size);
+                else
+                        break;
+                }
+        bs->length=num;
+        bs->data=s;
+        ret=1;
+err:
+        if (0)
+                {
+err_sl:
+                ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_SHORT_LINE);
+                }
+        return(ret);
+        }
+
diff --git a/src/lib/libcrypto/asn1/i2d_pr.c b/src/lib/libcrypto/asn1/i2d_pr.c
new file mode 100644
index 0000000000..0be52c5b76
--- /dev/null
+++ b/src/lib/libcrypto/asn1/i2d_pr.c
@@ -0,0 +1,99 @@
+/* crypto/asn1/i2d_pr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#endif
+
+int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
+        {
+#ifndef OPENSSL_NO_RSA
+        if (a->type == EVP_PKEY_RSA)
+                {
+                return(i2d_RSAPrivateKey(a->pkey.rsa,pp));
+                }
+        else
+#endif
+#ifndef OPENSSL_NO_DSA
+        if (a->type == EVP_PKEY_DSA)
+                {
+                return(i2d_DSAPrivateKey(a->pkey.dsa,pp));
+                }
+#endif
+#ifndef OPENSSL_NO_EC
+        if (a->type == EVP_PKEY_EC)
+                {
+                return(i2d_ECPrivateKey(a->pkey.ec, pp));
+                }
+#endif
+
+        ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+        return(-1);
+        }
+
diff --git a/src/lib/libcrypto/asn1/i2d_pu.c b/src/lib/libcrypto/asn1/i2d_pu.c
new file mode 100644
index 0000000000..34286dbd35
--- /dev/null
+++ b/src/lib/libcrypto/asn1/i2d_pu.c
@@ -0,0 +1,95 @@
+/* crypto/asn1/i2d_pu.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#endif
+
+int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
+        {
+        switch (a->type)
+                {
+#ifndef OPENSSL_NO_RSA
+        case EVP_PKEY_RSA:
+                return(i2d_RSAPublicKey(a->pkey.rsa,pp));
+#endif
+#ifndef OPENSSL_NO_DSA
+        case EVP_PKEY_DSA:
+                return(i2d_DSAPublicKey(a->pkey.dsa,pp));
+#endif
+#ifndef OPENSSL_NO_EC
+        case EVP_PKEY_EC:
+                return(i2o_ECPublicKey(a->pkey.ec, pp));
+#endif
+        default:
+                ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+                return(-1);
+                }
+        }
+
diff --git a/src/lib/libcrypto/asn1/n_pkey.c b/src/lib/libcrypto/asn1/n_pkey.c
new file mode 100644
index 0000000000..60bc437938
--- /dev/null
+++ b/src/lib/libcrypto/asn1/n_pkey.c
@@ -0,0 +1,344 @@
+/* crypto/asn1/n_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/asn1t.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+
+#ifndef OPENSSL_NO_RC4
+
+typedef struct netscape_pkey_st
+        {
+        long version;
+        X509_ALGOR *algor;
+        ASN1_OCTET_STRING *private_key;
+        } NETSCAPE_PKEY;
+
+typedef struct netscape_encrypted_pkey_st
+        {
+        ASN1_OCTET_STRING *os;
+        /* This is the same structure as DigestInfo so use it:
+         * although this isn't really anything to do with
+         * digests.
+         */
+        X509_SIG *enckey;
+        } NETSCAPE_ENCRYPTED_PKEY;
+
+
+ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
+        ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
+} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
+
+ASN1_SEQUENCE(NETSCAPE_PKEY) = {
+        ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
+        ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
+        ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_PKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+
+static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
+                          int (*cb)(char *buf, int len, const char *prompt,
+                                    int verify),
+                          int sgckey);
+
+int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
+                     int (*cb)(char *buf, int len, const char *prompt,
+                               int verify))
+{
+        return i2d_RSA_NET(a, pp, cb, 0);
+}
+
+int i2d_RSA_NET(const RSA *a, unsigned char **pp,
+                int (*cb)(char *buf, int len, const char *prompt, int verify),
+                int sgckey)
+        {
+        int i, j, ret = 0;
+        int rsalen, pkeylen, olen;
+        NETSCAPE_PKEY *pkey = NULL;
+        NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
+        unsigned char buf[256],*zz;
+        unsigned char key[EVP_MAX_KEY_LENGTH];
+        EVP_CIPHER_CTX ctx;
+
+        if (a == NULL) return(0);
+
+        if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;
+        if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err;
+        pkey->version = 0;
+
+        pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
+        if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
+        pkey->algor->parameter->type=V_ASN1_NULL;
+
+        rsalen = i2d_RSAPrivateKey(a, NULL);
+
+        /* Fake some octet strings just for the initial length
+         * calculation.
+         */
+
+        pkey->private_key->length=rsalen;
+
+        pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);
+
+        enckey->enckey->digest->length = pkeylen;
+
+        enckey->os->length = 11;        /* "private-key" */
+
+        enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4);
+        if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
+        enckey->enckey->algor->parameter->type=V_ASN1_NULL;
+
+        if (pp == NULL)
+                {
+                olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
+                NETSCAPE_PKEY_free(pkey);
+                NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+                return olen;
+                }
+
+
+        /* Since its RC4 encrypted length is actual length */
+        if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL)
+                {
+                ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        pkey->private_key->data = zz;
+        /* Write out private key encoding */
+        i2d_RSAPrivateKey(a,&zz);
+
+        if ((zz=OPENSSL_malloc(pkeylen)) == NULL)
+                {
+                ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        if (!ASN1_STRING_set(enckey->os, "private-key", -1)) 
+                {
+                ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        enckey->enckey->digest->data = zz;
+        i2d_NETSCAPE_PKEY(pkey,&zz);
+
+        /* Wipe the private key encoding */
+        OPENSSL_cleanse(pkey->private_key->data, rsalen);
+                
+        if (cb == NULL)
+                cb=EVP_read_pw_string;
+        i=cb((char *)buf,256,"Enter Private Key password:",1);
+        if (i != 0)
+                {
+                ASN1err(ASN1_F_I2D_RSA_NET,ASN1_R_BAD_PASSWORD_READ);
+                goto err;
+                }
+        i = strlen((char *)buf);
+        /* If the key is used for SGC the algorithm is modified a little. */
+        if(sgckey) {
+                EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
+                memcpy(buf + 16, "SGCKEYSALT", 10);
+                i = 26;
+        }
+
+        EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+        OPENSSL_cleanse(buf,256);
+
+        /* Encrypt private key in place */
+        zz = enckey->enckey->digest->data;
+        EVP_CIPHER_CTX_init(&ctx);
+        EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL);
+        EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen);
+        EVP_EncryptFinal_ex(&ctx,zz + i,&j);
+        EVP_CIPHER_CTX_cleanup(&ctx);
+
+        ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
+err:
+        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+        NETSCAPE_PKEY_free(pkey);
+        return(ret);
+        }
+
+
+RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
+                      int (*cb)(char *buf, int len, const char *prompt,
+                                int verify))
+{
+        return d2i_RSA_NET(a, pp, length, cb, 0);
+}
+
+RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
+                 int (*cb)(char *buf, int len, const char *prompt, int verify),
+                 int sgckey)
+        {
+        RSA *ret=NULL;
+        const unsigned char *p, *kp;
+        NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
+
+        p = *pp;
+
+        enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
+        if(!enckey) {
+                ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_DECODING_ERROR);
+                return NULL;
+        }
+
+        if ((enckey->os->length != 11) || (strncmp("private-key",
+                (char *)enckey->os->data,11) != 0))
+                {
+                ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
+                NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+                return NULL;
+                }
+        if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4)
+                {
+                ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
+                goto err;
+        }
+        kp = enckey->enckey->digest->data;
+        if (cb == NULL)
+                cb=EVP_read_pw_string;
+        if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;
+
+        *pp = p;
+
+        err:
+        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+        return ret;
+
+        }
+
+static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
+                          int (*cb)(char *buf, int len, const char *prompt,
+                                    int verify), int sgckey)
+        {
+        NETSCAPE_PKEY *pkey=NULL;
+        RSA *ret=NULL;
+        int i,j;
+        unsigned char buf[256];
+        const unsigned char *zz;
+        unsigned char key[EVP_MAX_KEY_LENGTH];
+        EVP_CIPHER_CTX ctx;
+
+        i=cb((char *)buf,256,"Enter Private Key password:",0);
+        if (i != 0)
+                {
+                ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_BAD_PASSWORD_READ);
+                goto err;
+                }
+
+        i = strlen((char *)buf);
+        if(sgckey){
+                EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
+                memcpy(buf + 16, "SGCKEYSALT", 10);
+                i = 26;
+        }
+                
+        EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+        OPENSSL_cleanse(buf,256);
+
+        EVP_CIPHER_CTX_init(&ctx);
+        EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
+        EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
+        EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j);
+        EVP_CIPHER_CTX_cleanup(&ctx);
+        os->length=i+j;
+
+        zz=os->data;
+
+        if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL)
+                {
+                ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
+                goto err;
+                }
+                
+        zz=pkey->private_key->data;
+        if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL)
+                {
+                ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
+                goto err;
+                }
+err:
+        NETSCAPE_PKEY_free(pkey);
+        return(ret);
+        }
+
+#endif /* OPENSSL_NO_RC4 */
+
+#else /* !OPENSSL_NO_RSA */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
+#endif
diff --git a/src/lib/libcrypto/asn1/nsseq.c b/src/lib/libcrypto/asn1/nsseq.c
new file mode 100644
index 0000000000..50e2d4d07a
--- /dev/null
+++ b/src/lib/libcrypto/asn1/nsseq.c
@@ -0,0 +1,82 @@
+/* nsseq.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+
+static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        if(operation == ASN1_OP_NEW_POST) {
+                NETSCAPE_CERT_SEQUENCE *nsseq;
+                nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval;
+                nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence);
+        }
+        return 1;
+}
+
+/* Netscape certificate sequence structure */
+
+ASN1_SEQUENCE_cb(NETSCAPE_CERT_SEQUENCE, nsseq_cb) = {
+        ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT),
+        ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0)
+} ASN1_SEQUENCE_END_cb(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
+
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
diff --git a/src/lib/libcrypto/asn1/p5_pbe.c b/src/lib/libcrypto/asn1/p5_pbe.c
new file mode 100644
index 0000000000..da91170094
--- /dev/null
+++ b/src/lib/libcrypto/asn1/p5_pbe.c
@@ -0,0 +1,131 @@
+/* p5_pbe.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+/* PKCS#5 password based encryption structure */
+
+ASN1_SEQUENCE(PBEPARAM) = {
+        ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PBEPARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
+
+/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
+
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
+             int saltlen)
+{
+        PBEPARAM *pbe=NULL;
+        ASN1_OBJECT *al;
+        X509_ALGOR *algor;
+        ASN1_TYPE *astype=NULL;
+
+        if (!(pbe = PBEPARAM_new ())) {
+                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
+        if (!ASN1_INTEGER_set(pbe->iter, iter)) {
+                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        if (!saltlen) saltlen = PKCS5_SALT_LEN;
+        if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) {
+                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        pbe->salt->length = saltlen;
+        if (salt) memcpy (pbe->salt->data, salt, saltlen);
+        else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0)
+                goto err;
+
+        if (!(astype = ASN1_TYPE_new())) {
+                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+
+        astype->type = V_ASN1_SEQUENCE;
+        if(!ASN1_pack_string_of(PBEPARAM, pbe, i2d_PBEPARAM,
+                                &astype->value.sequence)) {
+                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        PBEPARAM_free (pbe);
+        pbe = NULL;
+        
+        al = OBJ_nid2obj(alg); /* never need to free al */
+        if (!(algor = X509_ALGOR_new())) {
+                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        ASN1_OBJECT_free(algor->algorithm);
+        algor->algorithm = al;
+        algor->parameter = astype;
+
+        return (algor);
+err:
+        if (pbe != NULL) PBEPARAM_free(pbe);
+        if (astype != NULL) ASN1_TYPE_free(astype);
+        return NULL;
+}
diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c
new file mode 100644
index 0000000000..c834a38ddf
--- /dev/null
+++ b/src/lib/libcrypto/asn1/p5_pbev2.c
@@ -0,0 +1,205 @@
+/* p5_pbev2.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999-2004.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+/* PKCS#5 v2.0 password based encryption structures */
+
+ASN1_SEQUENCE(PBE2PARAM) = {
+        ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR),
+        ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBE2PARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM)
+
+ASN1_SEQUENCE(PBKDF2PARAM) = {
+        ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY),
+        ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER),
+        ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER),
+        ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBKDF2PARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
+
+/* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
+ * yes I know this is horrible!
+ */
+
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+                                 unsigned char *salt, int saltlen)
+{
+        X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
+        int alg_nid;
+        EVP_CIPHER_CTX ctx;
+        unsigned char iv[EVP_MAX_IV_LENGTH];
+        PBKDF2PARAM *kdf = NULL;
+        PBE2PARAM *pbe2 = NULL;
+        ASN1_OCTET_STRING *osalt = NULL;
+        ASN1_OBJECT *obj;
+
+        alg_nid = EVP_CIPHER_type(cipher);
+        if(alg_nid == NID_undef) {
+                ASN1err(ASN1_F_PKCS5_PBE2_SET,
+                                ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+                goto err;
+        }
+        obj = OBJ_nid2obj(alg_nid);
+
+        if(!(pbe2 = PBE2PARAM_new())) goto merr;
+
+        /* Setup the AlgorithmIdentifier for the encryption scheme */
+        scheme = pbe2->encryption;
+
+        scheme->algorithm = obj;
+        if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
+
+        /* Create random IV */
+        if (EVP_CIPHER_iv_length(cipher) &&
+                RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+                goto err;
+
+        EVP_CIPHER_CTX_init(&ctx);
+
+        /* Dummy cipherinit to just setup the IV */
+        EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
+        if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
+                ASN1err(ASN1_F_PKCS5_PBE2_SET,
+                                        ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
+                EVP_CIPHER_CTX_cleanup(&ctx);
+                goto err;
+        }
+        EVP_CIPHER_CTX_cleanup(&ctx);
+
+        if(!(kdf = PBKDF2PARAM_new())) goto merr;
+        if(!(osalt = M_ASN1_OCTET_STRING_new())) goto merr;
+
+        if (!saltlen) saltlen = PKCS5_SALT_LEN;
+        if (!(osalt->data = OPENSSL_malloc (saltlen))) goto merr;
+        osalt->length = saltlen;
+        if (salt) memcpy (osalt->data, salt, saltlen);
+        else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) goto merr;
+
+        if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
+        if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;
+
+        /* Now include salt in kdf structure */
+        kdf->salt->value.octet_string = osalt;
+        kdf->salt->type = V_ASN1_OCTET_STRING;
+        osalt = NULL;
+
+        /* If its RC2 then we'd better setup the key length */
+
+        if(alg_nid == NID_rc2_cbc) {
+                if(!(kdf->keylength = M_ASN1_INTEGER_new())) goto merr;
+                if(!ASN1_INTEGER_set (kdf->keylength,
+                                 EVP_CIPHER_key_length(cipher))) goto merr;
+        }
+
+        /* prf can stay NULL because we are using hmacWithSHA1 */
+
+        /* Now setup the PBE2PARAM keyfunc structure */
+
+        pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
+
+        /* Encode PBKDF2PARAM into parameter of pbe2 */
+
+        if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr;
+
+        if(!ASN1_pack_string_of(PBKDF2PARAM, kdf, i2d_PBKDF2PARAM,
+                         &pbe2->keyfunc->parameter->value.sequence)) goto merr;
+        pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;
+
+        PBKDF2PARAM_free(kdf);
+        kdf = NULL;
+
+        /* Now set up top level AlgorithmIdentifier */
+
+        if(!(ret = X509_ALGOR_new())) goto merr;
+        if(!(ret->parameter = ASN1_TYPE_new())) goto merr;
+
+        ret->algorithm = OBJ_nid2obj(NID_pbes2);
+
+        /* Encode PBE2PARAM into parameter */
+
+        if(!ASN1_pack_string_of(PBE2PARAM, pbe2, i2d_PBE2PARAM,
+                                 &ret->parameter->value.sequence)) goto merr;
+        ret->parameter->type = V_ASN1_SEQUENCE;
+
+        PBE2PARAM_free(pbe2);
+        pbe2 = NULL;
+
+        return ret;
+
+        merr:
+        ASN1err(ASN1_F_PKCS5_PBE2_SET,ERR_R_MALLOC_FAILURE);
+
+        err:
+        PBE2PARAM_free(pbe2);
+        /* Note 'scheme' is freed as part of pbe2 */
+        M_ASN1_OCTET_STRING_free(osalt);
+        PBKDF2PARAM_free(kdf);
+        X509_ALGOR_free(kalg);
+        X509_ALGOR_free(ret);
+
+        return NULL;
+
+}
diff --git a/src/lib/libcrypto/asn1/p8_key.c b/src/lib/libcrypto/asn1/p8_key.c
new file mode 100644
index 0000000000..3a31248e14
--- /dev/null
+++ b/src/lib/libcrypto/asn1/p8_key.c
@@ -0,0 +1,131 @@
+/* crypto/asn1/p8_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/objects.h>
+
+int i2d_X509_KEY(X509 *a, unsigned char **pp)
+        {
+        M_ASN1_I2D_vars(a);
+
+        M_ASN1_I2D_len(a->cert_info,    i2d_X509_CINF);
+        M_ASN1_I2D_len(a->sig_alg,      i2d_X509_ALGOR);
+        M_ASN1_I2D_len(a->signature,    i2d_ASN1_BIT_STRING);
+
+        M_ASN1_I2D_seq_total();
+
+        M_ASN1_I2D_put(a->cert_info,    i2d_X509_CINF);
+        M_ASN1_I2D_put(a->sig_alg,      i2d_X509_ALGOR);
+        M_ASN1_I2D_put(a->signature,    i2d_ASN1_BIT_STRING);
+
+        M_ASN1_I2D_finish();
+        }
+
+X509 *d2i_X509_KEY(X509 **a, unsigned char **pp, long length)
+        {
+        M_ASN1_D2I_vars(a,X509 *,X509_new);
+
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF);
+        M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
+        M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
+        M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509);
+        }
+
+X509 *X509_KEY_new(void)
+        {
+        X509_KEY *ret=NULL;
+
+        M_ASN1_New_OPENSSL_malloc(ret,X509_KEY);
+        ret->references=1;
+        ret->type=NID
+        M_ASN1_New(ret->cert_info,X509_CINF_new);
+        M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
+        M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_X509_NEW);
+        }
+
+void X509_KEY_free(X509 *a)
+        {
+        int i;
+
+        if (a == NULL) return;
+
+        i=CRYPTO_add_lock(&a->references,-1,CRYPTO_LOCK_X509_KEY);
+#ifdef REF_PRINT
+        REF_PRINT("X509_KEY",a);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"X509_KEY_free, bad reference count\n");
+                abort();
+                }
+#endif
+
+        X509_CINF_free(a->cert_info);
+        X509_ALGOR_free(a->sig_alg);
+        ASN1_BIT_STRING_free(a->signature);
+        OPENSSL_free(a);
+        }
+
diff --git a/src/lib/libcrypto/asn1/p8_pkey.c b/src/lib/libcrypto/asn1/p8_pkey.c
new file mode 100644
index 0000000000..24b409132f
--- /dev/null
+++ b/src/lib/libcrypto/asn1/p8_pkey.c
@@ -0,0 +1,84 @@
+/* p8_pkey.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+/* Minor tweak to operation: zero private key data */
+static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
+        if(operation == ASN1_OP_FREE_PRE) {
+                PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
+                if (key->pkey->value.octet_string)
+                OPENSSL_cleanse(key->pkey->value.octet_string->data,
+                        key->pkey->value.octet_string->length);
+        }
+        return 1;
+}
+
+ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
+        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR),
+        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY),
+        ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0)
+} ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
diff --git a/src/lib/libcrypto/asn1/t_bitst.c b/src/lib/libcrypto/asn1/t_bitst.c
new file mode 100644
index 0000000000..397332d9b8
--- /dev/null
+++ b/src/lib/libcrypto/asn1/t_bitst.c
@@ -0,0 +1,102 @@
+/* t_bitst.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
+                                BIT_STRING_BITNAME *tbl, int indent)
+{
+        BIT_STRING_BITNAME *bnam;
+        char first = 1;
+        BIO_printf(out, "%*s", indent, "");
+        for(bnam = tbl; bnam->lname; bnam++) {
+                if(ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) {
+                        if(!first) BIO_puts(out, ", ");
+                        BIO_puts(out, bnam->lname);
+                        first = 0;
+                }
+        }
+        BIO_puts(out, "\n");
+        return 1;
+}
+
+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
+                                BIT_STRING_BITNAME *tbl)
+{
+        int bitnum;
+        bitnum = ASN1_BIT_STRING_num_asc(name, tbl);
+        if(bitnum < 0) return 0;
+        if(bs) {
+                if(!ASN1_BIT_STRING_set_bit(bs, bitnum, value))
+                        return 0;
+        }
+        return 1;
+}
+
+int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl)
+{
+        BIT_STRING_BITNAME *bnam;
+        for(bnam = tbl; bnam->lname; bnam++) {
+                if(!strcmp(bnam->sname, name) ||
+                        !strcmp(bnam->lname, name) ) return bnam->bitnum;
+        }
+        return -1;
+}
diff --git a/src/lib/libcrypto/asn1/t_crl.c b/src/lib/libcrypto/asn1/t_crl.c
new file mode 100644
index 0000000000..929b3e5904
--- /dev/null
+++ b/src/lib/libcrypto/asn1/t_crl.c
@@ -0,0 +1,134 @@
+/* t_crl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_NO_FP_API
+int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                X509err(X509_F_X509_CRL_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=X509_CRL_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int X509_CRL_print(BIO *out, X509_CRL *x)
+{
+        STACK_OF(X509_REVOKED) *rev;
+        X509_REVOKED *r;
+        long l;
+        int i, n;
+        char *p;
+
+        BIO_printf(out, "Certificate Revocation List (CRL):\n");
+        l = X509_CRL_get_version(x);
+        BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l);
+        i = OBJ_obj2nid(x->sig_alg->algorithm);
+        BIO_printf(out, "%8sSignature Algorithm: %s\n", "",
+                                 (i == NID_undef) ? "NONE" : OBJ_nid2ln(i));
+        p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0);
+        BIO_printf(out,"%8sIssuer: %s\n","",p);
+        OPENSSL_free(p);
+        BIO_printf(out,"%8sLast Update: ","");
+        ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x));
+        BIO_printf(out,"\n%8sNext Update: ","");
+        if (X509_CRL_get_nextUpdate(x))
+                 ASN1_TIME_print(out,X509_CRL_get_nextUpdate(x));
+        else BIO_printf(out,"NONE");
+        BIO_printf(out,"\n");
+
+        n=X509_CRL_get_ext_count(x);
+        X509V3_extensions_print(out, "CRL extensions",
+                                                x->crl->extensions, 0, 8);
+
+        rev = X509_CRL_get_REVOKED(x);
+
+        if(sk_X509_REVOKED_num(rev) > 0)
+            BIO_printf(out, "Revoked Certificates:\n");
+        else BIO_printf(out, "No Revoked Certificates.\n");
+
+        for(i = 0; i < sk_X509_REVOKED_num(rev); i++) {
+                r = sk_X509_REVOKED_value(rev, i);
+                BIO_printf(out,"    Serial Number: ");
+                i2a_ASN1_INTEGER(out,r->serialNumber);
+                BIO_printf(out,"\n        Revocation Date: ");
+                ASN1_TIME_print(out,r->revocationDate);
+                BIO_printf(out,"\n");
+                X509V3_extensions_print(out, "CRL entry extensions",
+                                                r->extensions, 0, 8);
+        }
+        X509_signature_print(out, x->sig_alg, x->signature);
+
+        return 1;
+
+}
diff --git a/src/lib/libcrypto/asn1/t_pkey.c b/src/lib/libcrypto/asn1/t_pkey.c
new file mode 100644
index 0000000000..afb95d6712
--- /dev/null
+++ b/src/lib/libcrypto/asn1/t_pkey.c
@@ -0,0 +1,839 @@
+/* crypto/asn1/t_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Binary polynomial ECC support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#endif
+
+static int print(BIO *fp,const char *str, const BIGNUM *num,
+                unsigned char *buf,int off);
+#ifndef OPENSSL_NO_EC
+static int print_bin(BIO *fp, const char *str, const unsigned char *num,
+                size_t len, int off);
+#endif
+#ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_FP_API
+int RSA_print_fp(FILE *fp, const RSA *x, int off)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=RSA_print(b,x,off);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int RSA_print(BIO *bp, const RSA *x, int off)
+        {
+        char str[128];
+        const char *s;
+        unsigned char *m=NULL;
+        int ret=0, mod_len = 0;
+        size_t buf_len=0, i;
+
+        if (x->n)
+                buf_len = (size_t)BN_num_bytes(x->n);
+        if (x->e)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->e)))
+                        buf_len = i;
+        if (x->d)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->d)))
+                        buf_len = i;
+        if (x->p)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->p)))
+                        buf_len = i;
+        if (x->q)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+                        buf_len = i;
+        if (x->dmp1)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1)))
+                        buf_len = i;
+        if (x->dmq1)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1)))
+                        buf_len = i;
+        if (x->iqmp)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp)))
+                        buf_len = i;
+
+        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+        if (m == NULL)
+                {
+                RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        if (x->n != NULL)
+                mod_len = BN_num_bits(x->n);
+
+        if (x->d != NULL)
+                {
+                if(!BIO_indent(bp,off,128))
+                   goto err;
+                if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len)
+                        <= 0) goto err;
+                }
+
+        if (x->d == NULL)
+                BIO_snprintf(str,sizeof str,"Modulus (%d bit):", mod_len);
+        else
+                BUF_strlcpy(str,"modulus:",sizeof str);
+        if (!print(bp,str,x->n,m,off)) goto err;
+        s=(x->d == NULL)?"Exponent:":"publicExponent:";
+        if ((x->e != NULL) && !print(bp,s,x->e,m,off))
+                goto err;
+        if ((x->d != NULL) && !print(bp,"privateExponent:",x->d,m,off))
+                goto err;
+        if ((x->p != NULL) && !print(bp,"prime1:",x->p,m,off))
+                goto err;
+        if ((x->q != NULL) && !print(bp,"prime2:",x->q,m,off))
+                goto err;
+        if ((x->dmp1 != NULL) && !print(bp,"exponent1:",x->dmp1,m,off))
+                goto err;
+        if ((x->dmq1 != NULL) && !print(bp,"exponent2:",x->dmq1,m,off))
+                goto err;
+        if ((x->iqmp != NULL) && !print(bp,"coefficient:",x->iqmp,m,off))
+                goto err;
+        ret=1;
+err:
+        if (m != NULL) OPENSSL_free(m);
+        return(ret);
+        }
+#endif /* OPENSSL_NO_RSA */
+
+#ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_FP_API
+int DSA_print_fp(FILE *fp, const DSA *x, int off)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=DSA_print(b,x,off);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int DSA_print(BIO *bp, const DSA *x, int off)
+        {
+        unsigned char *m=NULL;
+        int ret=0;
+        size_t buf_len=0,i;
+
+        if (x->p)
+                buf_len = (size_t)BN_num_bytes(x->p);
+        else
+                {
+                DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS);
+                goto err;
+                }
+        if (x->q)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+                        buf_len = i;
+        if (x->g)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+                        buf_len = i;
+        if (x->priv_key)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key)))
+                        buf_len = i;
+        if (x->pub_key)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key)))
+                        buf_len = i;
+
+        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+        if (m == NULL)
+                {
+                DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        if (x->priv_key != NULL)
+                {
+                if(!BIO_indent(bp,off,128))
+                   goto err;
+                if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p))
+                        <= 0) goto err;
+                }
+
+        if ((x->priv_key != NULL) && !print(bp,"priv:",x->priv_key,m,off))
+                goto err;
+        if ((x->pub_key  != NULL) && !print(bp,"pub: ",x->pub_key,m,off))
+                goto err;
+        if ((x->p != NULL) && !print(bp,"P:   ",x->p,m,off)) goto err;
+        if ((x->q != NULL) && !print(bp,"Q:   ",x->q,m,off)) goto err;
+        if ((x->g != NULL) && !print(bp,"G:   ",x->g,m,off)) goto err;
+        ret=1;
+err:
+        if (m != NULL) OPENSSL_free(m);
+        return(ret);
+        }
+#endif /* !OPENSSL_NO_DSA */
+
+#ifndef OPENSSL_NO_EC
+#ifndef OPENSSL_NO_FP_API
+int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                ECerr(EC_F_ECPKPARAMETERS_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b, fp, BIO_NOCLOSE);
+        ret = ECPKParameters_print(b, x, off);
+        BIO_free(b);
+        return(ret);
+        }
+
+int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off)
+        {
+        BIO *b;
+        int ret;
+ 
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB);
+                return(0);
+                }
+        BIO_set_fp(b, fp, BIO_NOCLOSE);
+        ret = EC_KEY_print(b, x, off);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
+        {
+        unsigned char *buffer=NULL;
+        size_t  buf_len=0, i;
+        int     ret=0, reason=ERR_R_BIO_LIB;
+        BN_CTX  *ctx=NULL;
+        const EC_POINT *point=NULL;
+        BIGNUM  *p=NULL, *a=NULL, *b=NULL, *gen=NULL,
+                *order=NULL, *cofactor=NULL;
+        const unsigned char *seed;
+        size_t  seed_len=0;
+        
+        static const char *gen_compressed = "Generator (compressed):";
+        static const char *gen_uncompressed = "Generator (uncompressed):";
+        static const char *gen_hybrid = "Generator (hybrid):";
+ 
+        if (!x)
+                {
+                reason = ERR_R_PASSED_NULL_PARAMETER;
+                goto err;
+                }
+
+        if (EC_GROUP_get_asn1_flag(x))
+                {
+                /* the curve parameter are given by an asn1 OID */
+                int nid;
+
+                if (!BIO_indent(bp, off, 128))
+                        goto err;
+
+                nid = EC_GROUP_get_curve_name(x);
+                if (nid == 0)
+                        goto err;
+
+                if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)
+                        goto err;
+                if (BIO_printf(bp, "\n") <= 0)
+                        goto err;
+                }
+        else
+                {
+                /* explicit parameters */
+                int is_char_two = 0;
+                point_conversion_form_t form;
+                int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x));
+
+                if (tmp_nid == NID_X9_62_characteristic_two_field)
+                        is_char_two = 1;
+
+                if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
+                        (b = BN_new()) == NULL || (order = BN_new()) == NULL ||
+                        (cofactor = BN_new()) == NULL)
+                        {
+                        reason = ERR_R_MALLOC_FAILURE;
+                        goto err;
+                        }
+
+                if (is_char_two)
+                        {
+                        if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx))
+                                {
+                                reason = ERR_R_EC_LIB;
+                                goto err;
+                                }
+                        }
+                else /* prime field */
+                        {
+                        if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx))
+                                {
+                                reason = ERR_R_EC_LIB;
+                                goto err;
+                                }
+                        }
+
+                if ((point = EC_GROUP_get0_generator(x)) == NULL)
+                        {
+                        reason = ERR_R_EC_LIB;
+                        goto err;
+                        }
+                if (!EC_GROUP_get_order(x, order, NULL) || 
+                        !EC_GROUP_get_cofactor(x, cofactor, NULL))
+                        {
+                        reason = ERR_R_EC_LIB;
+                        goto err;
+                        }
+                
+                form = EC_GROUP_get_point_conversion_form(x);
+
+                if ((gen = EC_POINT_point2bn(x, point, 
+                                form, NULL, ctx)) == NULL)
+                        {
+                        reason = ERR_R_EC_LIB;
+                        goto err;
+                        }
+
+                buf_len = (size_t)BN_num_bytes(p);
+                if (buf_len < (i = (size_t)BN_num_bytes(a)))
+                        buf_len = i;
+                if (buf_len < (i = (size_t)BN_num_bytes(b)))
+                        buf_len = i;
+                if (buf_len < (i = (size_t)BN_num_bytes(gen)))
+                        buf_len = i;
+                if (buf_len < (i = (size_t)BN_num_bytes(order)))
+                        buf_len = i;
+                if (buf_len < (i = (size_t)BN_num_bytes(cofactor))) 
+                        buf_len = i;
+
+                if ((seed = EC_GROUP_get0_seed(x)) != NULL)
+                        seed_len = EC_GROUP_get_seed_len(x);
+
+                buf_len += 10;
+                if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
+                        {
+                        reason = ERR_R_MALLOC_FAILURE;
+                        goto err;
+                        }
+
+                if (!BIO_indent(bp, off, 128))
+                        goto err;
+
+                /* print the 'short name' of the field type */
+                if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid))
+                        <= 0)
+                        goto err;  
+
+                if (is_char_two)
+                        {
+                        /* print the 'short name' of the base type OID */
+                        int basis_type = EC_GROUP_get_basis_type(x);
+                        if (basis_type == 0)
+                                goto err;
+
+                        if (!BIO_indent(bp, off, 128))
+                                goto err;
+
+                        if (BIO_printf(bp, "Basis Type: %s\n", 
+                                OBJ_nid2sn(basis_type)) <= 0)
+                                goto err;
+
+                        /* print the polynomial */
+                        if ((p != NULL) && !print(bp, "Polynomial:", p, buffer,
+                                off))
+                                goto err;
+                        }
+                else
+                        {
+                        if ((p != NULL) && !print(bp, "Prime:", p, buffer,off))
+                                goto err;
+                        }
+                if ((a != NULL) && !print(bp, "A:   ", a, buffer, off)) 
+                        goto err;
+                if ((b != NULL) && !print(bp, "B:   ", b, buffer, off))
+                        goto err;
+                if (form == POINT_CONVERSION_COMPRESSED)
+                        {
+                        if ((gen != NULL) && !print(bp, gen_compressed, gen,
+                                buffer, off))
+                                goto err;
+                        }
+                else if (form == POINT_CONVERSION_UNCOMPRESSED)
+                        {
+                        if ((gen != NULL) && !print(bp, gen_uncompressed, gen,
+                                buffer, off))
+                                goto err;
+                        }
+                else /* form == POINT_CONVERSION_HYBRID */
+                        {
+                        if ((gen != NULL) && !print(bp, gen_hybrid, gen,
+                                buffer, off))
+                                goto err;
+                        }
+                if ((order != NULL) && !print(bp, "Order: ", order, 
+                        buffer, off)) goto err;
+                if ((cofactor != NULL) && !print(bp, "Cofactor: ", cofactor, 
+                        buffer, off)) goto err;
+                if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
+                        goto err;
+                }
+        ret=1;
+err:
+        if (!ret)
+                ECerr(EC_F_ECPKPARAMETERS_PRINT, reason);
+        if (p) 
+                BN_free(p);
+        if (a) 
+                BN_free(a);
+        if (b)
+                BN_free(b);
+        if (gen)
+                BN_free(gen);
+        if (order)
+                BN_free(order);
+        if (cofactor)
+                BN_free(cofactor);
+        if (ctx)
+                BN_CTX_free(ctx);
+        if (buffer != NULL) 
+                OPENSSL_free(buffer);
+        return(ret);    
+        }
+
+int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
+        {
+        unsigned char *buffer=NULL;
+        size_t  buf_len=0, i;
+        int     ret=0, reason=ERR_R_BIO_LIB;
+        BIGNUM  *pub_key=NULL, *order=NULL;
+        BN_CTX  *ctx=NULL;
+        const EC_GROUP *group;
+        const EC_POINT *public_key;
+        const BIGNUM *priv_key;
+ 
+        if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL)
+                {
+                reason = ERR_R_PASSED_NULL_PARAMETER;
+                goto err;
+                }
+
+        public_key = EC_KEY_get0_public_key(x);
+        if ((pub_key = EC_POINT_point2bn(group, public_key,
+                EC_KEY_get_conv_form(x), NULL, ctx)) == NULL)
+                {
+                reason = ERR_R_EC_LIB;
+                goto err;
+                }
+
+        buf_len = (size_t)BN_num_bytes(pub_key);
+        priv_key = EC_KEY_get0_private_key(x);
+        if (priv_key != NULL)
+                {
+                if ((i = (size_t)BN_num_bytes(priv_key)) > buf_len)
+                        buf_len = i;
+                }
+
+        buf_len += 10;
+        if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
+                {
+                reason = ERR_R_MALLOC_FAILURE;
+                goto err;
+                }
+
+        if (priv_key != NULL)
+                {
+                if (!BIO_indent(bp, off, 128))
+                        goto err;
+                if ((order = BN_new()) == NULL)
+                        goto err;
+                if (!EC_GROUP_get_order(group, order, NULL))
+                        goto err;
+                if (BIO_printf(bp, "Private-Key: (%d bit)\n", 
+                        BN_num_bits(order)) <= 0) goto err;
+                }
+  
+        if ((priv_key != NULL) && !print(bp, "priv:", priv_key, 
+                buffer, off))
+                goto err;
+        if ((pub_key != NULL) && !print(bp, "pub: ", pub_key,
+                buffer, off))
+                goto err;
+        if (!ECPKParameters_print(bp, group, off))
+                goto err;
+        ret=1;
+err:
+        if (!ret)
+                ECerr(EC_F_EC_KEY_PRINT, reason);
+        if (pub_key) 
+                BN_free(pub_key);
+        if (order)
+                BN_free(order);
+        if (ctx)
+                BN_CTX_free(ctx);
+        if (buffer != NULL)
+                OPENSSL_free(buffer);
+        return(ret);
+        }
+#endif /* OPENSSL_NO_EC */
+
+static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *buf,
+             int off)
+        {
+        int n,i;
+        const char *neg;
+
+        if (num == NULL) return(1);
+        neg = (BN_is_negative(num))?"-":"";
+        if(!BIO_indent(bp,off,128))
+                return 0;
+        if (BN_is_zero(num))
+                {
+                if (BIO_printf(bp, "%s 0\n", number) <= 0)
+                        return 0;
+                return 1;
+                }
+
+        if (BN_num_bytes(num) <= BN_BYTES)
+                {
+                if (BIO_printf(bp,"%s %s%lu (%s0x%lx)\n",number,neg,
+                        (unsigned long)num->d[0],neg,(unsigned long)num->d[0])
+                        <= 0) return(0);
+                }
+        else
+                {
+                buf[0]=0;
+                if (BIO_printf(bp,"%s%s",number,
+                        (neg[0] == '-')?" (Negative)":"") <= 0)
+                        return(0);
+                n=BN_bn2bin(num,&buf[1]);
+        
+                if (buf[1] & 0x80)
+                        n++;
+                else    buf++;
+
+                for (i=0; i<n; i++)
+                        {
+                        if ((i%15) == 0)
+                                {
+                                if(BIO_puts(bp,"\n") <= 0
+                                   || !BIO_indent(bp,off+4,128))
+                                    return 0;
+                                }
+                        if (BIO_printf(bp,"%02x%s",buf[i],((i+1) == n)?"":":")
+                                <= 0) return(0);
+                        }
+                if (BIO_write(bp,"\n",1) <= 0) return(0);
+                }
+        return(1);
+        }
+
+#ifndef OPENSSL_NO_EC
+static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
+                size_t len, int off)
+        {
+        size_t i;
+        char str[128];
+
+        if (buf == NULL)
+                return 1;
+        if (off)
+                {
+                if (off > 128)
+                        off=128;
+                memset(str,' ',off);
+                if (BIO_write(fp, str, off) <= 0)
+                        return 0;
+                }
+
+        if (BIO_printf(fp,"%s", name) <= 0)
+                return 0;
+
+        for (i=0; i<len; i++)
+                {
+                if ((i%15) == 0)
+                        {
+                        str[0]='\n';
+                        memset(&(str[1]),' ',off+4);
+                        if (BIO_write(fp, str, off+1+4) <= 0)
+                                return 0;
+                        }
+                if (BIO_printf(fp,"%02x%s",buf[i],((i+1) == len)?"":":") <= 0)
+                        return 0;
+                }
+        if (BIO_write(fp,"\n",1) <= 0)
+                return 0;
+
+        return 1;
+        }
+#endif
+
+#ifndef OPENSSL_NO_DH
+#ifndef OPENSSL_NO_FP_API
+int DHparams_print_fp(FILE *fp, const DH *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=DHparams_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int DHparams_print(BIO *bp, const DH *x)
+        {
+        unsigned char *m=NULL;
+        int reason=ERR_R_BUF_LIB,ret=0;
+        size_t buf_len=0, i;
+
+        if (x->p)
+                buf_len = (size_t)BN_num_bytes(x->p);
+        else
+                {
+                reason = ERR_R_PASSED_NULL_PARAMETER;
+                goto err;
+                }
+        if (x->g)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+                        buf_len = i;
+        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+        if (m == NULL)
+                {
+                reason=ERR_R_MALLOC_FAILURE;
+                goto err;
+                }
+
+        if (BIO_printf(bp,"Diffie-Hellman-Parameters: (%d bit)\n",
+                BN_num_bits(x->p)) <= 0)
+                goto err;
+        if (!print(bp,"prime:",x->p,m,4)) goto err;
+        if (!print(bp,"generator:",x->g,m,4)) goto err;
+        if (x->length != 0)
+                {
+                if (BIO_printf(bp,"    recommended-private-length: %d bits\n",
+                        (int)x->length) <= 0) goto err;
+                }
+        ret=1;
+        if (0)
+                {
+err:
+                DHerr(DH_F_DHPARAMS_PRINT,reason);
+                }
+        if (m != NULL) OPENSSL_free(m);
+        return(ret);
+        }
+#endif
+
+#ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_FP_API
+int DSAparams_print_fp(FILE *fp, const DSA *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=DSAparams_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int DSAparams_print(BIO *bp, const DSA *x)
+        {
+        unsigned char *m=NULL;
+        int ret=0;
+        size_t buf_len=0,i;
+
+        if (x->p)
+                buf_len = (size_t)BN_num_bytes(x->p);
+        else
+                {
+                DSAerr(DSA_F_DSAPARAMS_PRINT,DSA_R_MISSING_PARAMETERS);
+                goto err;
+                }
+        if (x->q)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+                        buf_len = i;
+        if (x->g)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+                        buf_len = i;
+        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+        if (m == NULL)
+                {
+                DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        if (BIO_printf(bp,"DSA-Parameters: (%d bit)\n",
+                BN_num_bits(x->p)) <= 0)
+                goto err;
+        if (!print(bp,"p:",x->p,m,4)) goto err;
+        if ((x->q != NULL) && !print(bp,"q:",x->q,m,4)) goto err;
+        if ((x->g != NULL) && !print(bp,"g:",x->g,m,4)) goto err;
+        ret=1;
+err:
+        if (m != NULL) OPENSSL_free(m);
+        return(ret);
+        }
+
+#endif /* !OPENSSL_NO_DSA */
+
+#ifndef OPENSSL_NO_EC
+#ifndef OPENSSL_NO_FP_API
+int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
+        {
+        BIO *b;
+        int ret;
+ 
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);
+                return(0);
+                }
+        BIO_set_fp(b, fp, BIO_NOCLOSE);
+        ret = ECParameters_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int ECParameters_print(BIO *bp, const EC_KEY *x)
+        {
+        int     reason=ERR_R_EC_LIB, ret=0;
+        BIGNUM  *order=NULL;
+        const EC_GROUP *group;
+ 
+        if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL)
+                {
+                reason = ERR_R_PASSED_NULL_PARAMETER;;
+                goto err;
+                }
+
+        if ((order = BN_new()) == NULL)
+                {
+                reason = ERR_R_MALLOC_FAILURE;
+                goto err;
+                }
+
+        if (!EC_GROUP_get_order(group, order, NULL))
+                {
+                reason = ERR_R_EC_LIB;
+                goto err;
+                }
+ 
+        if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n", 
+                BN_num_bits(order)) <= 0)
+                goto err;
+        if (!ECPKParameters_print(bp, group, 4))
+                goto err;
+        ret=1;
+err:
+        if (order)
+                BN_free(order);
+        ECerr(EC_F_ECPARAMETERS_PRINT, reason);
+        return(ret);
+        }
+  
+#endif
diff --git a/src/lib/libcrypto/asn1/t_req.c b/src/lib/libcrypto/asn1/t_req.c
new file mode 100644
index 0000000000..5557e06584
--- /dev/null
+++ b/src/lib/libcrypto/asn1/t_req.c
@@ -0,0 +1,290 @@
+/* crypto/asn1/t_req.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+
+#ifndef OPENSSL_NO_FP_API
+int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                X509err(X509_F_X509_REQ_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=X509_REQ_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long cflag)
+        {
+        unsigned long l;
+        int i;
+        const char *neg;
+        X509_REQ_INFO *ri;
+        EVP_PKEY *pkey;
+        STACK_OF(X509_ATTRIBUTE) *sk;
+        STACK_OF(X509_EXTENSION) *exts;
+        char mlch = ' ';
+        int nmindent = 0;
+
+        if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+                mlch = '\n';
+                nmindent = 12;
+        }
+
+        if(nmflags == X509_FLAG_COMPAT)
+                nmindent = 16;
+
+
+        ri=x->req_info;
+        if(!(cflag & X509_FLAG_NO_HEADER))
+                {
+                if (BIO_write(bp,"Certificate Request:\n",21) <= 0) goto err;
+                if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
+                }
+        if(!(cflag & X509_FLAG_NO_VERSION))
+                {
+                neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
+                l=0;
+                for (i=0; i<ri->version->length; i++)
+                        { l<<=8; l+=ri->version->data[i]; }
+                if(BIO_printf(bp,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,
+                              l) <= 0)
+                    goto err;
+                }
+        if(!(cflag & X509_FLAG_NO_SUBJECT))
+                {
+                if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;
+                if (X509_NAME_print_ex(bp,ri->subject,nmindent, nmflags) < 0) goto err;
+                if (BIO_write(bp,"\n",1) <= 0) goto err;
+                }
+        if(!(cflag & X509_FLAG_NO_PUBKEY))
+                {
+                if (BIO_write(bp,"        Subject Public Key Info:\n",33) <= 0)
+                        goto err;
+                if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
+                        goto err;
+                if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0)
+                        goto err;
+                if (BIO_puts(bp, "\n") <= 0)
+                        goto err;
+
+                pkey=X509_REQ_get_pubkey(x);
+                if (pkey == NULL)
+                        {
+                        BIO_printf(bp,"%12sUnable to load Public Key\n","");
+                        ERR_print_errors(bp);
+                        }
+                else
+#ifndef OPENSSL_NO_RSA
+                if (pkey->type == EVP_PKEY_RSA)
+                        {
+                        BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+                        BN_num_bits(pkey->pkey.rsa->n));
+                        RSA_print(bp,pkey->pkey.rsa,16);
+                        }
+                else
+#endif
+#ifndef OPENSSL_NO_DSA
+                if (pkey->type == EVP_PKEY_DSA)
+                        {
+                        BIO_printf(bp,"%12sDSA Public Key:\n","");
+                        DSA_print(bp,pkey->pkey.dsa,16);
+                        }
+                else
+#endif
+#ifndef OPENSSL_NO_EC
+                if (pkey->type == EVP_PKEY_EC)
+                {
+                        BIO_printf(bp, "%12sEC Public Key: \n","");
+                        EC_KEY_print(bp, pkey->pkey.ec, 16);
+                }
+        else
+#endif
+                        BIO_printf(bp,"%12sUnknown Public Key:\n","");
+
+                EVP_PKEY_free(pkey);
+                }
+
+        if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
+                {
+                /* may not be */
+                if(BIO_printf(bp,"%8sAttributes:\n","") <= 0)
+                    goto err;
+
+                sk=x->req_info->attributes;
+                if (sk_X509_ATTRIBUTE_num(sk) == 0)
+                        {
+                        if(BIO_printf(bp,"%12sa0:00\n","") <= 0)
+                            goto err;
+                        }
+                else
+                        {
+                        for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
+                                {
+                                ASN1_TYPE *at;
+                                X509_ATTRIBUTE *a;
+                                ASN1_BIT_STRING *bs=NULL;
+                                ASN1_TYPE *t;
+                                int j,type=0,count=1,ii=0;
+
+                                a=sk_X509_ATTRIBUTE_value(sk,i);
+                                if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
+                                                                        continue;
+                                if(BIO_printf(bp,"%12s","") <= 0)
+                                    goto err;
+                                if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
+                                {
+                                if (a->single)
+                                        {
+                                        t=a->value.single;
+                                        type=t->type;
+                                        bs=t->value.bit_string;
+                                        }
+                                else
+                                        {
+                                        ii=0;
+                                        count=sk_ASN1_TYPE_num(a->value.set);
+get_next:
+                                        at=sk_ASN1_TYPE_value(a->value.set,ii);
+                                        type=at->type;
+                                        bs=at->value.asn1_string;
+                                        }
+                                }
+                                for (j=25-j; j>0; j--)
+                                        if (BIO_write(bp," ",1) != 1) goto err;
+                                if (BIO_puts(bp,":") <= 0) goto err;
+                                if (    (type == V_ASN1_PRINTABLESTRING) ||
+                                        (type == V_ASN1_T61STRING) ||
+                                        (type == V_ASN1_IA5STRING))
+                                        {
+                                        if (BIO_write(bp,(char *)bs->data,bs->length)
+                                                != bs->length)
+                                                goto err;
+                                        BIO_puts(bp,"\n");
+                                        }
+                                else
+                                        {
+                                        BIO_puts(bp,"unable to print attribute\n");
+                                        }
+                                if (++ii < count) goto get_next;
+                                }
+                        }
+                }
+        if(!(cflag & X509_FLAG_NO_EXTENSIONS))
+                {
+                exts = X509_REQ_get_extensions(x);
+                if(exts)
+                        {
+                        BIO_printf(bp,"%8sRequested Extensions:\n","");
+                        for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
+                                {
+                                ASN1_OBJECT *obj;
+                                X509_EXTENSION *ex;
+                                int j;
+                                ex=sk_X509_EXTENSION_value(exts, i);
+                                if (BIO_printf(bp,"%12s","") <= 0) goto err;
+                                obj=X509_EXTENSION_get_object(ex);
+                                i2a_ASN1_OBJECT(bp,obj);
+                                j=X509_EXTENSION_get_critical(ex);
+                                if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0)
+                                        goto err;
+                                if(!X509V3_EXT_print(bp, ex, cflag, 16))
+                                        {
+                                        BIO_printf(bp, "%16s", "");
+                                        M_ASN1_OCTET_STRING_print(bp,ex->value);
+                                        }
+                                if (BIO_write(bp,"\n",1) <= 0) goto err;
+                                }
+                        sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+                        }
+                }
+
+        if(!(cflag & X509_FLAG_NO_SIGDUMP))
+                {
+                if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
+                }
+
+        return(1);
+err:
+        X509err(X509_F_X509_REQ_PRINT_EX,ERR_R_BUF_LIB);
+        return(0);
+        }
+
+int X509_REQ_print(BIO *bp, X509_REQ *x)
+        {
+        return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+        }
diff --git a/src/lib/libcrypto/asn1/t_spki.c b/src/lib/libcrypto/asn1/t_spki.c
new file mode 100644
index 0000000000..c2a5797dd8
--- /dev/null
+++ b/src/lib/libcrypto/asn1/t_spki.c
@@ -0,0 +1,132 @@
+/* t_spki.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#include <openssl/bn.h>
+
+/* Print out an SPKI */
+
+int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
+{
+        EVP_PKEY *pkey;
+        ASN1_IA5STRING *chal;
+        int i, n;
+        char *s;
+        BIO_printf(out, "Netscape SPKI:\n");
+        i=OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm);
+        BIO_printf(out,"  Public Key Algorithm: %s\n",
+                                (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
+        pkey = X509_PUBKEY_get(spki->spkac->pubkey);
+        if(!pkey) BIO_printf(out, "  Unable to load public key\n");
+        else {
+#ifndef OPENSSL_NO_RSA
+                if (pkey->type == EVP_PKEY_RSA)
+                        {
+                        BIO_printf(out,"  RSA Public Key: (%d bit)\n",
+                                BN_num_bits(pkey->pkey.rsa->n));
+                        RSA_print(out,pkey->pkey.rsa,2);
+                        }
+                else 
+#endif
+#ifndef OPENSSL_NO_DSA
+                if (pkey->type == EVP_PKEY_DSA)
+                {
+                BIO_printf(out,"  DSA Public Key:\n");
+                DSA_print(out,pkey->pkey.dsa,2);
+                }
+                else
+#endif
+#ifndef OPENSSL_NO_EC
+                if (pkey->type == EVP_PKEY_EC)
+                {
+                        BIO_printf(out, "  EC Public Key:\n");
+                        EC_KEY_print(out, pkey->pkey.ec,2);
+                }
+                else
+#endif
+
+                        BIO_printf(out,"  Unknown Public Key:\n");
+                EVP_PKEY_free(pkey);
+        }
+        chal = spki->spkac->challenge;
+        if(chal->length)
+                BIO_printf(out, "  Challenge String: %s\n", chal->data);
+        i=OBJ_obj2nid(spki->sig_algor->algorithm);
+        BIO_printf(out,"  Signature Algorithm: %s",
+                                (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
+
+        n=spki->signature->length;
+        s=(char *)spki->signature->data;
+        for (i=0; i<n; i++)
+                {
+                if ((i%18) == 0) BIO_write(out,"\n      ",7);
+                BIO_printf(out,"%02x%s",(unsigned char)s[i],
+                                                ((i+1) == n)?"":":");
+                }
+        BIO_write(out,"\n",1);
+        return 1;
+}
diff --git a/src/lib/libcrypto/asn1/t_x509.c b/src/lib/libcrypto/asn1/t_x509.c
new file mode 100644
index 0000000000..cb76c32c8d
--- /dev/null
+++ b/src/lib/libcrypto/asn1/t_x509.c
@@ -0,0 +1,505 @@
+/* crypto/asn1/t_x509.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#endif
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_NO_FP_API
+int X509_print_fp(FILE *fp, X509 *x)
+        {
+        return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+        }
+
+int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                X509err(X509_F_X509_PRINT_EX_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=X509_print_ex(b, x, nmflag, cflag);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int X509_print(BIO *bp, X509 *x)
+{
+        return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
+
+int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
+        {
+        long l;
+        int ret=0,i;
+        char *m=NULL,mlch = ' ';
+        int nmindent = 0;
+        X509_CINF *ci;
+        ASN1_INTEGER *bs;
+        EVP_PKEY *pkey=NULL;
+        const char *neg;
+        ASN1_STRING *str=NULL;
+
+        if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+                        mlch = '\n';
+                        nmindent = 12;
+        }
+
+        if(nmflags == X509_FLAG_COMPAT)
+                nmindent = 16;
+
+        ci=x->cert_info;
+        if(!(cflag & X509_FLAG_NO_HEADER))
+                {
+                if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
+                if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
+                }
+        if(!(cflag & X509_FLAG_NO_VERSION))
+                {
+                l=X509_get_version(x);
+                if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
+                }
+        if(!(cflag & X509_FLAG_NO_SERIAL))
+                {
+
+                if (BIO_write(bp,"        Serial Number:",22) <= 0) goto err;
+
+                bs=X509_get_serialNumber(x);
+                if (bs->length <= 4)
+                        {
+                        l=ASN1_INTEGER_get(bs);
+                        if (l < 0)
+                                {
+                                l= -l;
+                                neg="-";
+                                }
+                        else
+                                neg="";
+                        if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
+                                goto err;
+                        }
+                else
+                        {
+                        neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
+                        if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
+
+                        for (i=0; i<bs->length; i++)
+                                {
+                                if (BIO_printf(bp,"%02x%c",bs->data[i],
+                                        ((i+1 == bs->length)?'\n':':')) <= 0)
+                                        goto err;
+                                }
+                        }
+
+                }
+
+        if(!(cflag & X509_FLAG_NO_SIGNAME))
+                {
+                if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0) 
+                        goto err;
+                if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0)
+                        goto err;
+                if (BIO_puts(bp, "\n") <= 0)
+                        goto err;
+                }
+
+        if(!(cflag & X509_FLAG_NO_ISSUER))
+                {
+                if (BIO_printf(bp,"        Issuer:%c",mlch) <= 0) goto err;
+                if (X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags) < 0) goto err;
+                if (BIO_write(bp,"\n",1) <= 0) goto err;
+                }
+        if(!(cflag & X509_FLAG_NO_VALIDITY))
+                {
+                if (BIO_write(bp,"        Validity\n",17) <= 0) goto err;
+                if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
+                if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
+                if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
+                if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
+                if (BIO_write(bp,"\n",1) <= 0) goto err;
+                }
+        if(!(cflag & X509_FLAG_NO_SUBJECT))
+                {
+                if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;
+                if (X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags) < 0) goto err;
+                if (BIO_write(bp,"\n",1) <= 0) goto err;
+                }
+        if(!(cflag & X509_FLAG_NO_PUBKEY))
+                {
+                if (BIO_write(bp,"        Subject Public Key Info:\n",33) <= 0)
+                        goto err;
+                if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
+                        goto err;
+                if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
+                        goto err;
+                if (BIO_puts(bp, "\n") <= 0)
+                        goto err;
+
+                pkey=X509_get_pubkey(x);
+                if (pkey == NULL)
+                        {
+                        BIO_printf(bp,"%12sUnable to load Public Key\n","");
+                        ERR_print_errors(bp);
+                        }
+                else
+#ifndef OPENSSL_NO_RSA
+                if (pkey->type == EVP_PKEY_RSA)
+                        {
+                        BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+                        BN_num_bits(pkey->pkey.rsa->n));
+                        RSA_print(bp,pkey->pkey.rsa,16);
+                        }
+                else
+#endif
+#ifndef OPENSSL_NO_DSA
+                if (pkey->type == EVP_PKEY_DSA)
+                        {
+                        BIO_printf(bp,"%12sDSA Public Key:\n","");
+                        DSA_print(bp,pkey->pkey.dsa,16);
+                        }
+                else
+#endif
+#ifndef OPENSSL_NO_EC
+                if (pkey->type == EVP_PKEY_EC)
+                        {
+                        BIO_printf(bp, "%12sEC Public Key:\n","");
+                        EC_KEY_print(bp, pkey->pkey.ec, 16);
+                        }
+                else
+#endif
+                        BIO_printf(bp,"%12sUnknown Public Key:\n","");
+
+                EVP_PKEY_free(pkey);
+                }
+
+        if (!(cflag & X509_FLAG_NO_EXTENSIONS))
+                X509V3_extensions_print(bp, "X509v3 extensions",
+                                        ci->extensions, cflag, 8);
+
+        if(!(cflag & X509_FLAG_NO_SIGDUMP))
+                {
+                if(X509_signature_print(bp, x->sig_alg, x->signature) <= 0) goto err;
+                }
+        if(!(cflag & X509_FLAG_NO_AUX))
+                {
+                if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err;
+                }
+        ret=1;
+err:
+        if (str != NULL) ASN1_STRING_free(str);
+        if (m != NULL) OPENSSL_free(m);
+        return(ret);
+        }
+
+int X509_ocspid_print (BIO *bp, X509 *x)
+        {
+        unsigned char *der=NULL ;
+        unsigned char *dertmp;
+        int derlen;
+        int i;
+        unsigned char SHA1md[SHA_DIGEST_LENGTH];
+
+        /* display the hash of the subject as it would appear
+           in OCSP requests */
+        if (BIO_printf(bp,"        Subject OCSP hash: ") <= 0)
+                goto err;
+        derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
+        if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL)
+                goto err;
+        i2d_X509_NAME(x->cert_info->subject, &dertmp);
+
+        EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL);
+        for (i=0; i < SHA_DIGEST_LENGTH; i++)
+                {
+                if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
+                }
+        OPENSSL_free (der);
+        der=NULL;
+
+        /* display the hash of the public key as it would appear
+           in OCSP requests */
+        if (BIO_printf(bp,"\n        Public key OCSP hash: ") <= 0)
+                goto err;
+
+        EVP_Digest(x->cert_info->key->public_key->data,
+                x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1(), NULL);
+        for (i=0; i < SHA_DIGEST_LENGTH; i++)
+                {
+                if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)
+                        goto err;
+                }
+        BIO_printf(bp,"\n");
+
+        return (1);
+err:
+        if (der != NULL) OPENSSL_free(der);
+        return(0);
+        }
+
+int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
+{
+        unsigned char *s;
+        int i, n;
+        if (BIO_puts(bp,"    Signature Algorithm: ") <= 0) return 0;
+        if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0;
+
+        n=sig->length;
+        s=sig->data;
+        for (i=0; i<n; i++)
+                {
+                if ((i%18) == 0)
+                        if (BIO_write(bp,"\n        ",9) <= 0) return 0;
+                        if (BIO_printf(bp,"%02x%s",s[i],
+                                ((i+1) == n)?"":":") <= 0) return 0;
+                }
+        if (BIO_write(bp,"\n",1) != 1) return 0;
+        return 1;
+}
+
+int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
+        {
+        int i,n;
+        char buf[80],*p;
+
+        if (v == NULL) return(0);
+        n=0;
+        p=(char *)v->data;
+        for (i=0; i<v->length; i++)
+                {
+                if ((p[i] > '~') || ((p[i] < ' ') &&
+                        (p[i] != '\n') && (p[i] != '\r')))
+                        buf[n]='.';
+                else
+                        buf[n]=p[i];
+                n++;
+                if (n >= 80)
+                        {
+                        if (BIO_write(bp,buf,n) <= 0)
+                                return(0);
+                        n=0;
+                        }
+                }
+        if (n > 0)
+                if (BIO_write(bp,buf,n) <= 0)
+                        return(0);
+        return(1);
+        }
+
+int ASN1_TIME_print(BIO *bp, ASN1_TIME *tm)
+{
+        if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm);
+        if(tm->type == V_ASN1_GENERALIZEDTIME)
+                                return ASN1_GENERALIZEDTIME_print(bp, tm);
+        BIO_write(bp,"Bad time value",14);
+        return(0);
+}
+
+static const char *mon[12]=
+    {
+    "Jan","Feb","Mar","Apr","May","Jun",
+    "Jul","Aug","Sep","Oct","Nov","Dec"
+    };
+
+int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm)
+        {
+        char *v;
+        int gmt=0;
+        int i;
+        int y=0,M=0,d=0,h=0,m=0,s=0;
+
+        i=tm->length;
+        v=(char *)tm->data;
+
+        if (i < 12) goto err;
+        if (v[i-1] == 'Z') gmt=1;
+        for (i=0; i<12; i++)
+                if ((v[i] > '9') || (v[i] < '0')) goto err;
+        y= (v[0]-'0')*1000+(v[1]-'0')*100 + (v[2]-'0')*10+(v[3]-'0');
+        M= (v[4]-'0')*10+(v[5]-'0');
+        if ((M > 12) || (M < 1)) goto err;
+        d= (v[6]-'0')*10+(v[7]-'0');
+        h= (v[8]-'0')*10+(v[9]-'0');
+        m=  (v[10]-'0')*10+(v[11]-'0');
+        if (i >= 14 &&
+            (v[12] >= '0') && (v[12] <= '9') &&
+            (v[13] >= '0') && (v[13] <= '9'))
+                s=  (v[12]-'0')*10+(v[13]-'0');
+
+        if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
+                mon[M-1],d,h,m,s,y,(gmt)?" GMT":"") <= 0)
+                return(0);
+        else
+                return(1);
+err:
+        BIO_write(bp,"Bad time value",14);
+        return(0);
+        }
+
+int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm)
+        {
+        char *v;
+        int gmt=0;
+        int i;
+        int y=0,M=0,d=0,h=0,m=0,s=0;
+
+        i=tm->length;
+        v=(char *)tm->data;
+
+        if (i < 10) goto err;
+        if (v[i-1] == 'Z') gmt=1;
+        for (i=0; i<10; i++)
+                if ((v[i] > '9') || (v[i] < '0')) goto err;
+        y= (v[0]-'0')*10+(v[1]-'0');
+        if (y < 50) y+=100;
+        M= (v[2]-'0')*10+(v[3]-'0');
+        if ((M > 12) || (M < 1)) goto err;
+        d= (v[4]-'0')*10+(v[5]-'0');
+        h= (v[6]-'0')*10+(v[7]-'0');
+        m=  (v[8]-'0')*10+(v[9]-'0');
+        if (i >=12 &&
+            (v[10] >= '0') && (v[10] <= '9') &&
+            (v[11] >= '0') && (v[11] <= '9'))
+                s=  (v[10]-'0')*10+(v[11]-'0');
+
+        if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
+                mon[M-1],d,h,m,s,y+1900,(gmt)?" GMT":"") <= 0)
+                return(0);
+        else
+                return(1);
+err:
+        BIO_write(bp,"Bad time value",14);
+        return(0);
+        }
+
+int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
+        {
+        char *s,*c,*b;
+        int ret=0,l,i;
+
+        l=80-2-obase;
+
+        b=X509_NAME_oneline(name,NULL,0);
+        if (!*b)
+                {
+                OPENSSL_free(b);
+                return 1;
+                }
+        s=b+1; /* skip the first slash */
+
+        c=s;
+        for (;;)
+                {
+#ifndef CHARSET_EBCDIC
+                if (    ((*s == '/') &&
+                                ((s[1] >= 'A') && (s[1] <= 'Z') && (
+                                        (s[2] == '=') ||
+                                        ((s[2] >= 'A') && (s[2] <= 'Z') &&
+                                        (s[3] == '='))
+                                 ))) ||
+                        (*s == '\0'))
+#else
+                if (    ((*s == '/') &&
+                                (isupper(s[1]) && (
+                                        (s[2] == '=') ||
+                                        (isupper(s[2]) &&
+                                        (s[3] == '='))
+                                 ))) ||
+                        (*s == '\0'))
+#endif
+                        {
+                        i=s-c;
+                        if (BIO_write(bp,c,i) != i) goto err;
+                        c=s+1;  /* skip following slash */
+                        if (*s != '\0')
+                                {
+                                if (BIO_write(bp,", ",2) != 2) goto err;
+                                }
+                        l--;
+                        }
+                if (*s == '\0') break;
+                s++;
+                l--;
+                }
+        
+        ret=1;
+        if (0)
+                {
+err:
+                X509err(X509_F_X509_NAME_PRINT,ERR_R_BUF_LIB);
+                }
+        OPENSSL_free(b);
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/asn1/t_x509a.c b/src/lib/libcrypto/asn1/t_x509a.c
new file mode 100644
index 0000000000..ffbbfb51f4
--- /dev/null
+++ b/src/lib/libcrypto/asn1/t_x509a.c
@@ -0,0 +1,110 @@
+/* t_x509a.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+
+/* X509_CERT_AUX and string set routines
+ */
+
+int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
+{
+        char oidstr[80], first;
+        int i;
+        if(!aux) return 1;
+        if(aux->trust) {
+                first = 1;
+                BIO_printf(out, "%*sTrusted Uses:\n%*s",
+                                                indent, "", indent + 2, "");
+                for(i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) {
+                        if(!first) BIO_puts(out, ", ");
+                        else first = 0;
+                        OBJ_obj2txt(oidstr, sizeof oidstr,
+                                sk_ASN1_OBJECT_value(aux->trust, i), 0);
+                        BIO_puts(out, oidstr);
+                }
+                BIO_puts(out, "\n");
+        } else BIO_printf(out, "%*sNo Trusted Uses.\n", indent, "");
+        if(aux->reject) {
+                first = 1;
+                BIO_printf(out, "%*sRejected Uses:\n%*s",
+                                                indent, "", indent + 2, "");
+                for(i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) {
+                        if(!first) BIO_puts(out, ", ");
+                        else first = 0;
+                        OBJ_obj2txt(oidstr, sizeof oidstr,
+                                sk_ASN1_OBJECT_value(aux->reject, i), 0);
+                        BIO_puts(out, oidstr);
+                }
+                BIO_puts(out, "\n");
+        } else BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
+        if(aux->alias) BIO_printf(out, "%*sAlias: %s\n", indent, "",
+                                                        aux->alias->data);
+        if(aux->keyid) {
+                BIO_printf(out, "%*sKey Id: ", indent, "");
+                for(i = 0; i < aux->keyid->length; i++) 
+                        BIO_printf(out, "%s%02X", 
+                                i ? ":" : "",
+                                aux->keyid->data[i]);
+                BIO_write(out,"\n",1);
+        }
+        return 1;
+}
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c
new file mode 100644
index 0000000000..0ee406231e
--- /dev/null
+++ b/src/lib/libcrypto/asn1/tasn_dec.c
@@ -0,0 +1,1322 @@
+/* tasn_dec.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+static int asn1_check_eoc(const unsigned char **in, long len);
+static int asn1_find_end(const unsigned char **in, long len, char inf);
+
+static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
+                                char inf, int tag, int aclass);
+
+static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen);
+
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
+                                char *inf, char *cst,
+                                const unsigned char **in, long len,
+                                int exptag, int expclass, char opt,
+                                ASN1_TLC *ctx);
+
+static int asn1_template_ex_d2i(ASN1_VALUE **pval,
+                                const unsigned char **in, long len,
+                                const ASN1_TEMPLATE *tt, char opt,
+                                ASN1_TLC *ctx);
+static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+                                const unsigned char **in, long len,
+                                const ASN1_TEMPLATE *tt, char opt,
+                                ASN1_TLC *ctx);
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
+                                const unsigned char **in, long len,
+                                const ASN1_ITEM *it,
+                                int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+/* Table to convert tags to bit values, used for MSTRING type */
+static const unsigned long tag2bit[32] = {
+0,      0,      0,      B_ASN1_BIT_STRING,      /* tags  0 -  3 */
+B_ASN1_OCTET_STRING,    0,      0,              B_ASN1_UNKNOWN,/* tags  4- 7 */
+B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags  8-11 */
+B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
+B_ASN1_SEQUENCE,0,B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */
+B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,       /* tags 20-22 */
+B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME,                        /* tags 23-24 */ 
+B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,  /* tags 25-27 */
+B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */
+        };
+
+unsigned long ASN1_tag2bit(int tag)
+        {
+        if ((tag < 0) || (tag > 30)) return 0;
+        return tag2bit[tag];
+        }
+
+/* Macro to initialize and invalidate the cache */
+
+#define asn1_tlc_clear(c)       if (c) (c)->valid = 0
+
+/* Decode an ASN1 item, this currently behaves just 
+ * like a standard 'd2i' function. 'in' points to 
+ * a buffer to read the data from, in future we will
+ * have more advanced versions that can input data
+ * a piece at a time and this will simply be a special
+ * case.
+ */
+
+ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
+                const unsigned char **in, long len, const ASN1_ITEM *it)
+        {
+        ASN1_TLC c;
+        ASN1_VALUE *ptmpval = NULL;
+        if (!pval)
+                pval = &ptmpval;
+        c.valid = 0;
+        if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
+                return *pval;
+        return NULL;
+        }
+
+int ASN1_template_d2i(ASN1_VALUE **pval,
+                const unsigned char **in, long len, const ASN1_TEMPLATE *tt)
+        {
+        ASN1_TLC c;
+        c.valid = 0;
+        return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
+        }
+
+
+/* Decode an item, taking care of IMPLICIT tagging, if any.
+ * If 'opt' set and tag mismatch return -1 to handle OPTIONAL
+ */
+
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+                        const ASN1_ITEM *it,
+                        int tag, int aclass, char opt, ASN1_TLC *ctx)
+        {
+        const ASN1_TEMPLATE *tt, *errtt = NULL;
+        const ASN1_COMPAT_FUNCS *cf;
+        const ASN1_EXTERN_FUNCS *ef;
+        const ASN1_AUX *aux = it->funcs;
+        ASN1_aux_cb *asn1_cb;
+        const unsigned char *p = NULL, *q;
+        unsigned char *wp=NULL; /* BIG FAT WARNING!  BREAKS CONST WHERE USED */
+        unsigned char imphack = 0, oclass;
+        char seq_eoc, seq_nolen, cst, isopt;
+        long tmplen;
+        int i;
+        int otag;
+        int ret = 0;
+        ASN1_VALUE *pchval, **pchptr, *ptmpval;
+        if (!pval)
+                return 0;
+        if (aux && aux->asn1_cb)
+                asn1_cb = aux->asn1_cb;
+        else asn1_cb = 0;
+
+        switch(it->itype)
+                {
+                case ASN1_ITYPE_PRIMITIVE:
+                if (it->templates)
+                        {
+                        /* tagging or OPTIONAL is currently illegal on an item
+                         * template because the flags can't get passed down.
+                         * In practice this isn't a problem: we include the
+                         * relevant flags from the item template in the
+                         * template itself.
+                         */
+                        if ((tag != -1) || opt)
+                                {
+                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                                ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
+                                goto err;
+                                }
+                        return asn1_template_ex_d2i(pval, in, len,
+                                        it->templates, opt, ctx);
+                }
+                return asn1_d2i_ex_primitive(pval, in, len, it,
+                                                tag, aclass, opt, ctx);
+                break;
+
+                case ASN1_ITYPE_MSTRING:
+                p = *in;
+                /* Just read in tag and class */
+                ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
+                                                &p, len, -1, 0, 1, ctx);
+                if (!ret)
+                        {
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                                        ERR_R_NESTED_ASN1_ERROR);
+                        goto err;
+                        }
+
+                /* Must be UNIVERSAL class */
+                if (oclass != V_ASN1_UNIVERSAL)
+                        {
+                        /* If OPTIONAL, assume this is OK */
+                        if (opt) return -1;
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                                        ASN1_R_MSTRING_NOT_UNIVERSAL);
+                        goto err;
+                        }
+                /* Check tag matches bit map */
+                if (!(ASN1_tag2bit(otag) & it->utype))
+                        {
+                        /* If OPTIONAL, assume this is OK */
+                        if (opt)
+                                return -1;
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                                        ASN1_R_MSTRING_WRONG_TAG);
+                        goto err;
+                        }
+                return asn1_d2i_ex_primitive(pval, in, len,
+                                                it, otag, 0, 0, ctx);
+
+                case ASN1_ITYPE_EXTERN:
+                /* Use new style d2i */
+                ef = it->funcs;
+                return ef->asn1_ex_d2i(pval, in, len,
+                                                it, tag, aclass, opt, ctx);
+
+                case ASN1_ITYPE_COMPAT:
+                /* we must resort to old style evil hackery */
+                cf = it->funcs;
+
+                /* If OPTIONAL see if it is there */
+                if (opt)
+                        {
+                        int exptag;
+                        p = *in;
+                        if (tag == -1)
+                                exptag = it->utype;
+                        else exptag = tag;
+                        /* Don't care about anything other than presence
+                         * of expected tag */
+
+                        ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL,
+                                        &p, len, exptag, aclass, 1, ctx);
+                        if (!ret)
+                                {
+                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                                        ERR_R_NESTED_ASN1_ERROR);
+                                goto err;
+                                }
+                        if (ret == -1)
+                                return -1;
+                        }
+
+                /* This is the old style evil hack IMPLICIT handling:
+                 * since the underlying code is expecting a tag and
+                 * class other than the one present we change the
+                 * buffer temporarily then change it back afterwards.
+                 * This doesn't and never did work for tags > 30.
+                 *
+                 * Yes this is *horrible* but it is only needed for
+                 * old style d2i which will hopefully not be around
+                 * for much longer.
+                 * FIXME: should copy the buffer then modify it so
+                 * the input buffer can be const: we should *always*
+                 * copy because the old style d2i might modify the
+                 * buffer.
+                 */
+
+                if (tag != -1)
+                        {
+                        wp = *(unsigned char **)in;
+                        imphack = *wp;
+                        if (p == NULL)
+                                {
+                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                                        ERR_R_NESTED_ASN1_ERROR);
+                                goto err;
+                                }
+                        *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED)
+                                                                | it->utype);
+                        }
+
+                ptmpval = cf->asn1_d2i(pval, in, len);
+
+                if (tag != -1)
+                        *wp = imphack;
+
+                if (ptmpval)
+                        return 1;
+
+                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                goto err;
+
+
+                case ASN1_ITYPE_CHOICE:
+                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+                                goto auxerr;
+
+                /* Allocate structure */
+                if (!*pval && !ASN1_item_ex_new(pval, it))
+                        {
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                                                ERR_R_NESTED_ASN1_ERROR);
+                        goto err;
+                        }
+                /* CHOICE type, try each possibility in turn */
+                pchval = NULL;
+                p = *in;
+                for (i = 0, tt=it->templates; i < it->tcount; i++, tt++)
+                        {
+                        pchptr = asn1_get_field_ptr(pval, tt);
+                        /* We mark field as OPTIONAL so its absence
+                         * can be recognised.
+                         */
+                        ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
+                        /* If field not present, try the next one */
+                        if (ret == -1)
+                                continue;
+                        /* If positive return, read OK, break loop */
+                        if (ret > 0)
+                                break;
+                        /* Otherwise must be an ASN1 parsing error */
+                        errtt = tt;
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                                                ERR_R_NESTED_ASN1_ERROR);
+                        goto err;
+                        }
+
+                /* Did we fall off the end without reading anything? */
+                if (i == it->tcount)
+                        {
+                        /* If OPTIONAL, this is OK */
+                        if (opt)
+                                {
+                                /* Free and zero it */
+                                ASN1_item_ex_free(pval, it);
+                                return -1;
+                                }
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                                        ASN1_R_NO_MATCHING_CHOICE_TYPE);
+                        goto err;
+                        }
+
+                asn1_set_choice_selector(pval, i, it);
+                *in = p;
+                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+                                goto auxerr;
+                return 1;
+
+                case ASN1_ITYPE_NDEF_SEQUENCE:
+                case ASN1_ITYPE_SEQUENCE:
+                p = *in;
+                tmplen = len;
+
+                /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+                if (tag == -1)
+                        {
+                        tag = V_ASN1_SEQUENCE;
+                        aclass = V_ASN1_UNIVERSAL;
+                        }
+                /* Get SEQUENCE length and update len, p */
+                ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst,
+                                        &p, len, tag, aclass, opt, ctx);
+                if (!ret)
+                        {
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                                        ERR_R_NESTED_ASN1_ERROR);
+                        goto err;
+                        }
+                else if (ret == -1)
+                        return -1;
+                if (aux && (aux->flags & ASN1_AFLG_BROKEN))
+                        {
+                        len = tmplen - (p - *in);
+                        seq_nolen = 1;
+                        }
+                /* If indefinite we don't do a length check */
+                else seq_nolen = seq_eoc;
+                if (!cst)
+                        {
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                                ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
+                        goto err;
+                        }
+
+                if (!*pval && !ASN1_item_ex_new(pval, it))
+                        {
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                                ERR_R_NESTED_ASN1_ERROR);
+                        goto err;
+                        }
+
+                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+                                goto auxerr;
+
+                /* Get each field entry */
+                for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
+                        {
+                        const ASN1_TEMPLATE *seqtt;
+                        ASN1_VALUE **pseqval;
+                        seqtt = asn1_do_adb(pval, tt, 1);
+                        if (!seqtt)
+                                goto err;
+                        pseqval = asn1_get_field_ptr(pval, seqtt);
+                        /* Have we ran out of data? */
+                        if (!len)
+                                break;
+                        q = p;
+                        if (asn1_check_eoc(&p, len))
+                                {
+                                if (!seq_eoc)
+                                        {
+                                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                                                        ASN1_R_UNEXPECTED_EOC);
+                                        goto err;
+                                        }
+                                len -= p - q;
+                                seq_eoc = 0;
+                                q = p;
+                                break;
+                                }
+                        /* This determines the OPTIONAL flag value. The field
+                         * cannot be omitted if it is the last of a SEQUENCE
+                         * and there is still data to be read. This isn't
+                         * strictly necessary but it increases efficiency in
+                         * some cases.
+                         */
+                        if (i == (it->tcount - 1))
+                                isopt = 0;
+                        else isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);
+                        /* attempt to read in field, allowing each to be
+                         * OPTIONAL */
+
+                        ret = asn1_template_ex_d2i(pseqval, &p, len,
+                                                        seqtt, isopt, ctx);
+                        if (!ret)
+                                {
+                                errtt = seqtt;
+                                goto err;
+                                }
+                        else if (ret == -1)
+                                {
+                                /* OPTIONAL component absent.
+                                 * Free and zero the field.
+                                 */
+                                ASN1_template_free(pseqval, seqtt);
+                                continue;
+                                }
+                        /* Update length */
+                        len -= p - q;
+                        }
+
+                /* Check for EOC if expecting one */
+                if (seq_eoc && !asn1_check_eoc(&p, len))
+                        {
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC);
+                        goto err;
+                        }
+                /* Check all data read */
+                if (!seq_nolen && len)
+                        {
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                                        ASN1_R_SEQUENCE_LENGTH_MISMATCH);
+                        goto err;
+                        }
+
+                /* If we get here we've got no more data in the SEQUENCE,
+                 * however we may not have read all fields so check all
+                 * remaining are OPTIONAL and clear any that are.
+                 */
+                for (; i < it->tcount; tt++, i++)
+                        {
+                        const ASN1_TEMPLATE *seqtt;
+                        seqtt = asn1_do_adb(pval, tt, 1);
+                        if (!seqtt)
+                                goto err;
+                        if (seqtt->flags & ASN1_TFLG_OPTIONAL)
+                                {
+                                ASN1_VALUE **pseqval;
+                                pseqval = asn1_get_field_ptr(pval, seqtt);
+                                ASN1_template_free(pseqval, seqtt);
+                                }
+                        else
+                                {
+                                errtt = seqtt;
+                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                                                        ASN1_R_FIELD_MISSING);
+                                goto err;
+                                }
+                        }
+                /* Save encoding */
+                if (!asn1_enc_save(pval, *in, p - *in, it))
+                        goto auxerr;
+                *in = p;
+                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+                                goto auxerr;
+                return 1;
+
+                default:
+                return 0;
+                }
+        auxerr:
+        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
+        err:
+        ASN1_item_ex_free(pval, it);
+        if (errtt)
+                ERR_add_error_data(4, "Field=", errtt->field_name,
+                                        ", Type=", it->sname);
+        else
+                ERR_add_error_data(2, "Type=", it->sname);
+        return 0;
+        }
+
+/* Templates are handled with two separate functions.
+ * One handles any EXPLICIT tag and the other handles the rest.
+ */
+
+static int asn1_template_ex_d2i(ASN1_VALUE **val,
+                                const unsigned char **in, long inlen,
+                                const ASN1_TEMPLATE *tt, char opt,
+                                                        ASN1_TLC *ctx)
+        {
+        int flags, aclass;
+        int ret;
+        long len;
+        const unsigned char *p, *q;
+        char exp_eoc;
+        if (!val)
+                return 0;
+        flags = tt->flags;
+        aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+        p = *in;
+
+        /* Check if EXPLICIT tag expected */
+        if (flags & ASN1_TFLG_EXPTAG)
+                {
+                char cst;
+                /* Need to work out amount of data available to the inner
+                 * content and where it starts: so read in EXPLICIT header to
+                 * get the info.
+                 */
+                ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst,
+                                        &p, inlen, tt->tag, aclass, opt, ctx);
+                q = p;
+                if (!ret)
+                        {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
+                                        ERR_R_NESTED_ASN1_ERROR);
+                        return 0;
+                        }
+                else if (ret == -1)
+                        return -1;
+                if (!cst)
+                        {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
+                                        ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
+                        return 0;
+                        }
+                /* We've found the field so it can't be OPTIONAL now */
+                ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
+                if (!ret)
+                        {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
+                                        ERR_R_NESTED_ASN1_ERROR);
+                        return 0;
+                        }
+                /* We read the field in OK so update length */
+                len -= p - q;
+                if (exp_eoc)
+                        {
+                        /* If NDEF we must have an EOC here */
+                        if (!asn1_check_eoc(&p, len))
+                                {
+                                ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
+                                                ASN1_R_MISSING_EOC);
+                                goto err;
+                                }
+                        }
+                else
+                        {
+                        /* Otherwise we must hit the EXPLICIT tag end or its
+                         * an error */
+                        if (len)
+                                {
+                                ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
+                                        ASN1_R_EXPLICIT_LENGTH_MISMATCH);
+                                goto err;
+                                }
+                        }
+                }
+                else 
+                        return asn1_template_noexp_d2i(val, in, inlen,
+                                                                tt, opt, ctx);
+
+        *in = p;
+        return 1;
+
+        err:
+        ASN1_template_free(val, tt);
+        *val = NULL;
+        return 0;
+        }
+
+static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+                                const unsigned char **in, long len,
+                                const ASN1_TEMPLATE *tt, char opt,
+                                ASN1_TLC *ctx)
+        {
+        int flags, aclass;
+        int ret;
+        const unsigned char *p, *q;
+        if (!val)
+                return 0;
+        flags = tt->flags;
+        aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+        p = *in;
+        q = p;
+
+        if (flags & ASN1_TFLG_SK_MASK)
+                {
+                /* SET OF, SEQUENCE OF */
+                int sktag, skaclass;
+                char sk_eoc;
+                /* First work out expected inner tag value */
+                if (flags & ASN1_TFLG_IMPTAG)
+                        {
+                        sktag = tt->tag;
+                        skaclass = aclass;
+                        }
+                else
+                        {
+                        skaclass = V_ASN1_UNIVERSAL;
+                        if (flags & ASN1_TFLG_SET_OF)
+                                sktag = V_ASN1_SET;
+                        else
+                                sktag = V_ASN1_SEQUENCE;
+                        }
+                /* Get the tag */
+                ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL,
+                                        &p, len, sktag, skaclass, opt, ctx);
+                if (!ret)
+                        {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+                                                ERR_R_NESTED_ASN1_ERROR);
+                        return 0;
+                        }
+                else if (ret == -1)
+                        return -1;
+                if (!*val)
+                        *val = (ASN1_VALUE *)sk_new_null();
+                else
+                        {
+                        /* We've got a valid STACK: free up any items present */
+                        STACK *sktmp = (STACK *)*val;
+                        ASN1_VALUE *vtmp;
+                        while(sk_num(sktmp) > 0)
+                                {
+                                vtmp = (ASN1_VALUE *)sk_pop(sktmp);
+                                ASN1_item_ex_free(&vtmp,
+                                                ASN1_ITEM_ptr(tt->item));
+                                }
+                        }
+                                
+                if (!*val)
+                        {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+                                                ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+
+                /* Read as many items as we can */
+                while(len > 0)
+                        {
+                        ASN1_VALUE *skfield;
+                        q = p;
+                        /* See if EOC found */
+                        if (asn1_check_eoc(&p, len))
+                                {
+                                if (!sk_eoc)
+                                        {
+                                        ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+                                                        ASN1_R_UNEXPECTED_EOC);
+                                        goto err;
+                                        }
+                                len -= p - q;
+                                sk_eoc = 0;
+                                break;
+                                }
+                        skfield = NULL;
+                        if (!ASN1_item_ex_d2i(&skfield, &p, len,
+                                                ASN1_ITEM_ptr(tt->item),
+                                                -1, 0, 0, ctx))
+                                {
+                                ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+                                        ERR_R_NESTED_ASN1_ERROR);
+                                goto err;
+                                }
+                        len -= p - q;
+                        if (!sk_push((STACK *)*val, (char *)skfield))
+                                {
+                                ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+                                                ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        }
+                if (sk_eoc)
+                        {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1_R_MISSING_EOC);
+                        goto err;
+                        }
+                }
+        else if (flags & ASN1_TFLG_IMPTAG)
+                {
+                /* IMPLICIT tagging */
+                ret = ASN1_item_ex_d2i(val, &p, len,
+                        ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx);
+                if (!ret)
+                        {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+                                                ERR_R_NESTED_ASN1_ERROR);
+                        goto err;
+                        }
+                else if (ret == -1)
+                        return -1;
+                }
+        else
+                {
+                /* Nothing special */
+                ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
+                                                        -1, 0, opt, ctx);
+                if (!ret)
+                        {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+                                        ERR_R_NESTED_ASN1_ERROR);
+                        goto err;
+                        }
+                else if (ret == -1)
+                        return -1;
+                }
+
+        *in = p;
+        return 1;
+
+        err:
+        ASN1_template_free(val, tt);
+        *val = NULL;
+        return 0;
+        }
+
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
+                                const unsigned char **in, long inlen, 
+                                const ASN1_ITEM *it,
+                                int tag, int aclass, char opt, ASN1_TLC *ctx)
+        {
+        int ret = 0, utype;
+        long plen;
+        char cst, inf, free_cont = 0;
+        const unsigned char *p;
+        BUF_MEM buf;
+        const unsigned char *cont = NULL;
+        long len; 
+        if (!pval)
+                {
+                ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);
+                return 0; /* Should never happen */
+                }
+
+        if (it->itype == ASN1_ITYPE_MSTRING)
+                {
+                utype = tag;
+                tag = -1;
+                }
+        else
+                utype = it->utype;
+
+        if (utype == V_ASN1_ANY)
+                {
+                /* If type is ANY need to figure out type from tag */
+                unsigned char oclass;
+                if (tag >= 0)
+                        {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+                                        ASN1_R_ILLEGAL_TAGGED_ANY);
+                        return 0;
+                        }
+                if (opt)
+                        {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+                                        ASN1_R_ILLEGAL_OPTIONAL_ANY);
+                        return 0;
+                        }
+                p = *in;
+                ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL,
+                                        &p, inlen, -1, 0, 0, ctx);
+                if (!ret)
+                        {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+                                        ERR_R_NESTED_ASN1_ERROR);
+                        return 0;
+                        }
+                if (oclass != V_ASN1_UNIVERSAL)
+                        utype = V_ASN1_OTHER;
+                }
+        if (tag == -1)
+                {
+                tag = utype;
+                aclass = V_ASN1_UNIVERSAL;
+                }
+        p = *in;
+        /* Check header */
+        ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst,
+                                &p, inlen, tag, aclass, opt, ctx);
+        if (!ret)
+                {
+                ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+                return 0;
+                }
+        else if (ret == -1)
+                return -1;
+        ret = 0;
+        /* SEQUENCE, SET and "OTHER" are left in encoded form */
+        if ((utype == V_ASN1_SEQUENCE)
+                || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER))
+                {
+                /* Clear context cache for type OTHER because the auto clear
+                 * when we have a exact match wont work
+                 */
+                if (utype == V_ASN1_OTHER)
+                        {
+                        asn1_tlc_clear(ctx);
+                        }
+                /* SEQUENCE and SET must be constructed */
+                else if (!cst)
+                        {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+                                ASN1_R_TYPE_NOT_CONSTRUCTED);
+                        return 0;
+                        }
+
+                cont = *in;
+                /* If indefinite length constructed find the real end */
+                if (inf)
+                        {
+                        if (!asn1_find_end(&p, plen, inf))
+                                 goto err;
+                        len = p - cont;
+                        }
+                else
+                        {
+                        len = p - cont + plen;
+                        p += plen;
+                        buf.data = NULL;
+                        }
+                }
+        else if (cst)
+                {
+                buf.length = 0;
+                buf.max = 0;
+                buf.data = NULL;
+                /* Should really check the internal tags are correct but
+                 * some things may get this wrong. The relevant specs
+                 * say that constructed string types should be OCTET STRINGs
+                 * internally irrespective of the type. So instead just check
+                 * for UNIVERSAL class and ignore the tag.
+                 */
+                if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL))
+                        {
+                        free_cont = 1;
+                        goto err;
+                        }
+                len = buf.length;
+                /* Append a final null to string */
+                if (!BUF_MEM_grow_clean(&buf, len + 1))
+                        {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+                                                ERR_R_MALLOC_FAILURE);
+                        return 0;
+                        }
+                buf.data[len] = 0;
+                cont = (const unsigned char *)buf.data;
+                free_cont = 1;
+                }
+        else
+                {
+                cont = p;
+                len = plen;
+                p += plen;
+                }
+
+        /* We now have content length and type: translate into a structure */
+        if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it))
+                goto err;
+
+        *in = p;
+        ret = 1;
+        err:
+        if (free_cont && buf.data) OPENSSL_free(buf.data);
+        return ret;
+        }
+
+/* Translate ASN1 content octets into a structure */
+
+int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                        int utype, char *free_cont, const ASN1_ITEM *it)
+        {
+        ASN1_VALUE **opval = NULL;
+        ASN1_STRING *stmp;
+        ASN1_TYPE *typ = NULL;
+        int ret = 0;
+        const ASN1_PRIMITIVE_FUNCS *pf;
+        ASN1_INTEGER **tint;
+        pf = it->funcs;
+
+        if (pf && pf->prim_c2i)
+                return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
+        /* If ANY type clear type and set pointer to internal value */
+        if (it->utype == V_ASN1_ANY)
+                {
+                if (!*pval)
+                        {
+                        typ = ASN1_TYPE_new();
+                        if (typ == NULL)
+                                goto err;
+                        *pval = (ASN1_VALUE *)typ;
+                        }
+                else
+                        typ = (ASN1_TYPE *)*pval;
+
+                if (utype != typ->type)
+                        ASN1_TYPE_set(typ, utype, NULL);
+                opval = pval;
+                pval = &typ->value.asn1_value;
+                }
+        switch(utype)
+                {
+                case V_ASN1_OBJECT:
+                if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len))
+                        goto err;
+                break;
+
+                case V_ASN1_NULL:
+                if (len)
+                        {
+                        ASN1err(ASN1_F_ASN1_EX_C2I,
+                                                ASN1_R_NULL_IS_WRONG_LENGTH);
+                        goto err;
+                        }
+                *pval = (ASN1_VALUE *)1;
+                break;
+
+                case V_ASN1_BOOLEAN:
+                if (len != 1)
+                        {
+                        ASN1err(ASN1_F_ASN1_EX_C2I,
+                                                ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
+                        goto err;
+                        }
+                else
+                        {
+                        ASN1_BOOLEAN *tbool;
+                        tbool = (ASN1_BOOLEAN *)pval;
+                        *tbool = *cont;
+                        }
+                break;
+
+                case V_ASN1_BIT_STRING:
+                if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len))
+                        goto err;
+                break;
+
+                case V_ASN1_INTEGER:
+                case V_ASN1_NEG_INTEGER:
+                case V_ASN1_ENUMERATED:
+                case V_ASN1_NEG_ENUMERATED:
+                tint = (ASN1_INTEGER **)pval;
+                if (!c2i_ASN1_INTEGER(tint, &cont, len))
+                        goto err;
+                /* Fixup type to match the expected form */
+                (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
+                break;
+
+                case V_ASN1_OCTET_STRING:
+                case V_ASN1_NUMERICSTRING:
+                case V_ASN1_PRINTABLESTRING:
+                case V_ASN1_T61STRING:
+                case V_ASN1_VIDEOTEXSTRING:
+                case V_ASN1_IA5STRING:
+                case V_ASN1_UTCTIME:
+                case V_ASN1_GENERALIZEDTIME:
+                case V_ASN1_GRAPHICSTRING:
+                case V_ASN1_VISIBLESTRING:
+                case V_ASN1_GENERALSTRING:
+                case V_ASN1_UNIVERSALSTRING:
+                case V_ASN1_BMPSTRING:
+                case V_ASN1_UTF8STRING:
+                case V_ASN1_OTHER:
+                case V_ASN1_SET:
+                case V_ASN1_SEQUENCE:
+                default:
+                /* All based on ASN1_STRING and handled the same */
+                if (!*pval)
+                        {
+                        stmp = ASN1_STRING_type_new(utype);
+                        if (!stmp)
+                                {
+                                ASN1err(ASN1_F_ASN1_EX_C2I,
+                                                        ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        *pval = (ASN1_VALUE *)stmp;
+                        }
+                else
+                        {
+                        stmp = (ASN1_STRING *)*pval;
+                        stmp->type = utype;
+                        }
+                /* If we've already allocated a buffer use it */
+                if (*free_cont)
+                        {
+                        if (stmp->data)
+                                OPENSSL_free(stmp->data);
+                        stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */
+                        stmp->length = len;
+                        *free_cont = 0;
+                        }
+                else
+                        {
+                        if (!ASN1_STRING_set(stmp, cont, len))
+                                {
+                                ASN1err(ASN1_F_ASN1_EX_C2I,
+                                                        ERR_R_MALLOC_FAILURE);
+                                ASN1_STRING_free(stmp); 
+                                *pval = NULL;
+                                goto err;
+                                }
+                        }
+                break;
+                }
+        /* If ASN1_ANY and NULL type fix up value */
+        if (typ && (utype == V_ASN1_NULL))
+                 typ->value.ptr = NULL;
+
+        ret = 1;
+        err:
+        if (!ret)
+                {
+                ASN1_TYPE_free(typ);
+                if (opval)
+                        *opval = NULL;
+                }
+        return ret;
+        }
+
+
+/* This function finds the end of an ASN1 structure when passed its maximum
+ * length, whether it is indefinite length and a pointer to the content.
+ * This is more efficient than calling asn1_collect because it does not
+ * recurse on each indefinite length header.
+ */
+
+static int asn1_find_end(const unsigned char **in, long len, char inf)
+        {
+        int expected_eoc;
+        long plen;
+        const unsigned char *p = *in, *q;
+        /* If not indefinite length constructed just add length */
+        if (inf == 0)
+                {
+                *in += len;
+                return 1;
+                }
+        expected_eoc = 1;
+        /* Indefinite length constructed form. Find the end when enough EOCs
+         * are found. If more indefinite length constructed headers
+         * are encountered increment the expected eoc count otherwise just
+         * skip to the end of the data.
+         */
+        while (len > 0)
+                {
+                if(asn1_check_eoc(&p, len))
+                        {
+                        expected_eoc--;
+                        if (expected_eoc == 0)
+                                break;
+                        len -= 2;
+                        continue;
+                        }
+                q = p;
+                /* Just read in a header: only care about the length */
+                if(!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
+                                -1, 0, 0, NULL))
+                        {
+                        ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
+                        return 0;
+                        }
+                if (inf)
+                        expected_eoc++;
+                else
+                        p += plen;
+                len -= p - q;
+                }
+        if (expected_eoc)
+                {
+                ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC);
+                return 0;
+                }
+        *in = p;
+        return 1;
+        }
+/* This function collects the asn1 data from a constructred string
+ * type into a buffer. The values of 'in' and 'len' should refer
+ * to the contents of the constructed type and 'inf' should be set
+ * if it is indefinite length.
+ */
+
+static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
+                                char inf, int tag, int aclass)
+        {
+        const unsigned char *p, *q;
+        long plen;
+        char cst, ininf;
+        p = *in;
+        inf &= 1;
+        /* If no buffer and not indefinite length constructed just pass over
+         * the encoded data */
+        if (!buf && !inf)
+                {
+                *in += len;
+                return 1;
+                }
+        while(len > 0)
+                {
+                q = p;
+                /* Check for EOC */
+                if (asn1_check_eoc(&p, len))
+                        {
+                        /* EOC is illegal outside indefinite length
+                         * constructed form */
+                        if (!inf)
+                                {
+                                ASN1err(ASN1_F_ASN1_COLLECT,
+                                        ASN1_R_UNEXPECTED_EOC);
+                                return 0;
+                                }
+                        inf = 0;
+                        break;
+                        }
+
+                if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p,
+                                        len, tag, aclass, 0, NULL))
+                        {
+                        ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR);
+                        return 0;
+                        }
+
+                /* If indefinite length constructed update max length */
+                if (cst)
+                        {
+#ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS
+                        if (!asn1_collect(buf, &p, plen, ininf, tag, aclass))
+                                return 0;
+#else
+                        ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING);
+                        return 0;
+#endif
+                        }
+                else if (plen && !collect_data(buf, &p, plen))
+                        return 0;
+                len -= p - q;
+                }
+        if (inf)
+                {
+                ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC);
+                return 0;
+                }
+        *in = p;
+        return 1;
+        }
+
+static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen)
+        {
+        int len;
+        if (buf)
+                {
+                len = buf->length;
+                if (!BUF_MEM_grow_clean(buf, len + plen))
+                        {
+                        ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
+                        return 0;
+                        }
+                memcpy(buf->data + len, *p, plen);
+                }
+        *p += plen;
+        return 1;
+        }
+
+/* Check for ASN1 EOC and swallow it if found */
+
+static int asn1_check_eoc(const unsigned char **in, long len)
+        {
+        const unsigned char *p;
+        if (len < 2) return 0;
+        p = *in;
+        if (!p[0] && !p[1])
+                {
+                *in += 2;
+                return 1;
+                }
+        return 0;
+        }
+
+/* Check an ASN1 tag and length: a bit like ASN1_get_object
+ * but it sets the length for indefinite length constructed
+ * form, we don't know the exact length but we can set an
+ * upper bound to the amount of data available minus the
+ * header length just read.
+ */
+
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
+                                char *inf, char *cst,
+                                const unsigned char **in, long len,
+                                int exptag, int expclass, char opt,
+                                ASN1_TLC *ctx)
+        {
+        int i;
+        int ptag, pclass;
+        long plen;
+        const unsigned char *p, *q;
+        p = *in;
+        q = p;
+
+        if (ctx && ctx->valid)
+                {
+                i = ctx->ret;
+                plen = ctx->plen;
+                pclass = ctx->pclass;
+                ptag = ctx->ptag;
+                p += ctx->hdrlen;
+                }
+        else
+                {
+                i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
+                if (ctx)
+                        {
+                        ctx->ret = i;
+                        ctx->plen = plen;
+                        ctx->pclass = pclass;
+                        ctx->ptag = ptag;
+                        ctx->hdrlen = p - q;
+                        ctx->valid = 1;
+                        /* If definite length, and no error, length +
+                         * header can't exceed total amount of data available. 
+                         */
+                        if (!(i & 0x81) && ((plen + ctx->hdrlen) > len))
+                                {
+                                ASN1err(ASN1_F_ASN1_CHECK_TLEN,
+                                                        ASN1_R_TOO_LONG);
+                                asn1_tlc_clear(ctx);
+                                return 0;
+                                }
+                        }
+                }
+
+        if (i & 0x80)
+                {
+                ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);
+                asn1_tlc_clear(ctx);
+                return 0;
+                }
+        if (exptag >= 0)
+                {
+                if ((exptag != ptag) || (expclass != pclass))
+                        {
+                        /* If type is OPTIONAL, not an error:
+                         * indicate missing type.
+                         */
+                        if (opt) return -1;
+                        asn1_tlc_clear(ctx);
+                        ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);
+                        return 0;
+                        }
+                /* We have a tag and class match:
+                 * assume we are going to do something with it */
+                asn1_tlc_clear(ctx);
+                }
+
+        if (i & 1)
+                plen = len - (p - q);
+
+        if (inf)
+                *inf = i & 1;
+
+        if (cst)
+                *cst = i & V_ASN1_CONSTRUCTED;
+
+        if (olen)
+                *olen = plen;
+
+        if (oclass)
+                *oclass = pclass;
+
+        if (otag)
+                *otag = ptag;
+
+        *in = p;
+        return 1;
+        }
diff --git a/src/lib/libcrypto/asn1/tasn_enc.c b/src/lib/libcrypto/asn1/tasn_enc.c
new file mode 100644
index 0000000000..be19b36acd
--- /dev/null
+++ b/src/lib/libcrypto/asn1/tasn_enc.c
@@ -0,0 +1,690 @@
+/* tasn_enc.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
+                                        const ASN1_ITEM *it,
+                                        int tag, int aclass);
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
+                                        int skcontlen, const ASN1_ITEM *item,
+                                        int do_sort, int iclass);
+static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+                                        const ASN1_TEMPLATE *tt,
+                                        int tag, int aclass);
+static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
+                                        const ASN1_ITEM *it, int flags);
+
+/* Top level i2d equivalents: the 'ndef' variant instructs the encoder
+ * to use indefinite length constructed encoding, where appropriate
+ */
+
+int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
+                                                const ASN1_ITEM *it)
+        {
+        return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF);
+        }
+
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
+        {
+        return asn1_item_flags_i2d(val, out, it, 0);
+        }
+
+/* Encode an ASN1 item, this is use by the
+ * standard 'i2d' function. 'out' points to 
+ * a buffer to output the data to.
+ *
+ * The new i2d has one additional feature. If the output
+ * buffer is NULL (i.e. *out == NULL) then a buffer is
+ * allocated and populated with the encoding.
+ */
+
+static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
+                                        const ASN1_ITEM *it, int flags)
+        {
+        if (out && !*out)
+                {
+                unsigned char *p, *buf;
+                int len;
+                len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags);
+                if (len <= 0)
+                        return len;
+                buf = OPENSSL_malloc(len);
+                if (!buf)
+                        return -1;
+                p = buf;
+                ASN1_item_ex_i2d(&val, &p, it, -1, flags);
+                *out = buf;
+                return len;
+                }
+
+        return ASN1_item_ex_i2d(&val, out, it, -1, flags);
+        }
+
+/* Encode an item, taking care of IMPLICIT tagging (if any).
+ * This function performs the normal item handling: it can be
+ * used in external types.
+ */
+
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+                        const ASN1_ITEM *it, int tag, int aclass)
+        {
+        const ASN1_TEMPLATE *tt = NULL;
+        unsigned char *p = NULL;
+        int i, seqcontlen, seqlen, ndef = 1;
+        const ASN1_COMPAT_FUNCS *cf;
+        const ASN1_EXTERN_FUNCS *ef;
+        const ASN1_AUX *aux = it->funcs;
+        ASN1_aux_cb *asn1_cb = 0;
+
+        if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
+                return 0;
+
+        if (aux && aux->asn1_cb)
+                 asn1_cb = aux->asn1_cb;
+
+        switch(it->itype)
+                {
+
+                case ASN1_ITYPE_PRIMITIVE:
+                if (it->templates)
+                        return asn1_template_ex_i2d(pval, out, it->templates,
+                                                                tag, aclass);
+                return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
+                break;
+
+                case ASN1_ITYPE_MSTRING:
+                return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
+
+                case ASN1_ITYPE_CHOICE:
+                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+                                return 0;
+                i = asn1_get_choice_selector(pval, it);
+                if ((i >= 0) && (i < it->tcount))
+                        {
+                        ASN1_VALUE **pchval;
+                        const ASN1_TEMPLATE *chtt;
+                        chtt = it->templates + i;
+                        pchval = asn1_get_field_ptr(pval, chtt);
+                        return asn1_template_ex_i2d(pchval, out, chtt,
+                                                                -1, aclass);
+                        }
+                /* Fixme: error condition if selector out of range */
+                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+                                return 0;
+                break;
+
+                case ASN1_ITYPE_EXTERN:
+                /* If new style i2d it does all the work */
+                ef = it->funcs;
+                return ef->asn1_ex_i2d(pval, out, it, tag, aclass);
+
+                case ASN1_ITYPE_COMPAT:
+                /* old style hackery... */
+                cf = it->funcs;
+                if (out)
+                        p = *out;
+                i = cf->asn1_i2d(*pval, out);
+                /* Fixup for IMPLICIT tag: note this messes up for tags > 30,
+                 * but so did the old code. Tags > 30 are very rare anyway.
+                 */
+                if (out && (tag != -1))
+                        *p = aclass | tag | (*p & V_ASN1_CONSTRUCTED);
+                return i;
+                
+                case ASN1_ITYPE_NDEF_SEQUENCE:
+                /* Use indefinite length constructed if requested */
+                if (aclass & ASN1_TFLG_NDEF) ndef = 2;
+                /* fall through */
+
+                case ASN1_ITYPE_SEQUENCE:
+                i = asn1_enc_restore(&seqcontlen, out, pval, it);
+                /* An error occurred */
+                if (i < 0)
+                        return 0;
+                /* We have a valid cached encoding... */
+                if (i > 0)
+                        return seqcontlen;
+                /* Otherwise carry on */
+                seqcontlen = 0;
+                /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+                if (tag == -1)
+                        {
+                        tag = V_ASN1_SEQUENCE;
+                        /* Retain any other flags in aclass */
+                        aclass = (aclass & ~ASN1_TFLG_TAG_CLASS)
+                                        | V_ASN1_UNIVERSAL;
+                        }
+                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+                                return 0;
+                /* First work out sequence content length */
+                for (i = 0, tt = it->templates; i < it->tcount; tt++, i++)
+                        {
+                        const ASN1_TEMPLATE *seqtt;
+                        ASN1_VALUE **pseqval;
+                        seqtt = asn1_do_adb(pval, tt, 1);
+                        if (!seqtt)
+                                return 0;
+                        pseqval = asn1_get_field_ptr(pval, seqtt);
+                        /* FIXME: check for errors in enhanced version */
+                        seqcontlen += asn1_template_ex_i2d(pseqval, NULL, seqtt,
+                                                                -1, aclass);
+                        }
+
+                seqlen = ASN1_object_size(ndef, seqcontlen, tag);
+                if (!out)
+                        return seqlen;
+                /* Output SEQUENCE header */
+                ASN1_put_object(out, ndef, seqcontlen, tag, aclass);
+                for (i = 0, tt = it->templates; i < it->tcount; tt++, i++)
+                        {
+                        const ASN1_TEMPLATE *seqtt;
+                        ASN1_VALUE **pseqval;
+                        seqtt = asn1_do_adb(pval, tt, 1);
+                        if (!seqtt)
+                                return 0;
+                        pseqval = asn1_get_field_ptr(pval, seqtt);
+                        /* FIXME: check for errors in enhanced version */
+                        asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass);
+                        }
+                if (ndef == 2)
+                        ASN1_put_eoc(out);
+                if (asn1_cb  && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+                                return 0;
+                return seqlen;
+
+                default:
+                return 0;
+
+                }
+        return 0;
+        }
+
+int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out,
+                                                        const ASN1_TEMPLATE *tt)
+        {
+        return asn1_template_ex_i2d(pval, out, tt, -1, 0);
+        }
+
+static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+                                const ASN1_TEMPLATE *tt, int tag, int iclass)
+        {
+        int i, ret, flags, ttag, tclass, ndef;
+        flags = tt->flags;
+        /* Work out tag and class to use: tagging may come
+         * either from the template or the arguments, not both
+         * because this would create ambiguity. Additionally
+         * the iclass argument may contain some additional flags
+         * which should be noted and passed down to other levels.
+         */
+        if (flags & ASN1_TFLG_TAG_MASK)
+                {
+                /* Error if argument and template tagging */
+                if (tag != -1)
+                        /* FIXME: error code here */
+                        return -1;
+                /* Get tagging from template */
+                ttag = tt->tag;
+                tclass = flags & ASN1_TFLG_TAG_CLASS;
+                }
+        else if (tag != -1)
+                {
+                /* No template tagging, get from arguments */
+                ttag = tag;
+                tclass = iclass & ASN1_TFLG_TAG_CLASS;
+                }
+        else
+                {
+                ttag = -1;
+                tclass = 0;
+                }
+        /* 
+         * Remove any class mask from iflag.
+         */
+        iclass &= ~ASN1_TFLG_TAG_CLASS;
+
+        /* At this point 'ttag' contains the outer tag to use,
+         * 'tclass' is the class and iclass is any flags passed
+         * to this function.
+         */
+
+        /* if template and arguments require ndef, use it */
+        if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF))
+                ndef = 2;
+        else ndef = 1;
+
+        if (flags & ASN1_TFLG_SK_MASK)
+                {
+                /* SET OF, SEQUENCE OF */
+                STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+                int isset, sktag, skaclass;
+                int skcontlen, sklen;
+                ASN1_VALUE *skitem;
+
+                if (!*pval)
+                        return 0;
+
+                if (flags & ASN1_TFLG_SET_OF)
+                        {
+                        isset = 1;
+                        /* 2 means we reorder */
+                        if (flags & ASN1_TFLG_SEQUENCE_OF)
+                                isset = 2;
+                        }
+                else isset = 0;
+
+                /* Work out inner tag value: if EXPLICIT
+                 * or no tagging use underlying type.
+                 */
+                if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG))
+                        {
+                        sktag = ttag;
+                        skaclass = tclass;
+                        }
+                else
+                        {
+                        skaclass = V_ASN1_UNIVERSAL;
+                        if (isset)
+                                sktag = V_ASN1_SET;
+                        else sktag = V_ASN1_SEQUENCE;
+                        }
+
+                /* Determine total length of items */
+                skcontlen = 0;
+                for (i = 0; i < sk_ASN1_VALUE_num(sk); i++)
+                        {
+                        skitem = sk_ASN1_VALUE_value(sk, i);
+                        skcontlen += ASN1_item_ex_i2d(&skitem, NULL,
+                                                ASN1_ITEM_ptr(tt->item),
+                                                        -1, iclass);
+                        }
+                sklen = ASN1_object_size(ndef, skcontlen, sktag);
+                /* If EXPLICIT need length of surrounding tag */
+                if (flags & ASN1_TFLG_EXPTAG)
+                        ret = ASN1_object_size(ndef, sklen, ttag);
+                else ret = sklen;
+
+                if (!out)
+                        return ret;
+
+                /* Now encode this lot... */
+                /* EXPLICIT tag */
+                if (flags & ASN1_TFLG_EXPTAG)
+                        ASN1_put_object(out, ndef, sklen, ttag, tclass);
+                /* SET or SEQUENCE and IMPLICIT tag */
+                ASN1_put_object(out, ndef, skcontlen, sktag, skaclass);
+                /* And the stuff itself */
+                asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item),
+                                                                isset, iclass);
+                if (ndef == 2)
+                        {
+                        ASN1_put_eoc(out);
+                        if (flags & ASN1_TFLG_EXPTAG)
+                                ASN1_put_eoc(out);
+                        }
+
+                return ret;
+                }
+
+        if (flags & ASN1_TFLG_EXPTAG)
+                {
+                /* EXPLICIT tagging */
+                /* Find length of tagged item */
+                i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item),
+                                                                -1, iclass);
+                if (!i)
+                        return 0;
+                /* Find length of EXPLICIT tag */
+                ret = ASN1_object_size(ndef, i, ttag);
+                if (out)
+                        {
+                        /* Output tag and item */
+                        ASN1_put_object(out, ndef, i, ttag, tclass);
+                        ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
+                                                                -1, iclass);
+                        if (ndef == 2)
+                                ASN1_put_eoc(out);
+                        }
+                return ret;
+                }
+
+        /* Either normal or IMPLICIT tagging: combine class and flags */
+        return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
+                                                ttag, tclass | iclass);
+
+}
+
+/* Temporary structure used to hold DER encoding of items for SET OF */
+
+typedef struct {
+        unsigned char *data;
+        int length;
+        ASN1_VALUE *field;
+} DER_ENC;
+
+static int der_cmp(const void *a, const void *b)
+        {
+        const DER_ENC *d1 = a, *d2 = b;
+        int cmplen, i;
+        cmplen = (d1->length < d2->length) ? d1->length : d2->length;
+        i = memcmp(d1->data, d2->data, cmplen);
+        if (i)
+                return i;
+        return d1->length - d2->length;
+        }
+
+/* Output the content octets of SET OF or SEQUENCE OF */
+
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
+                                        int skcontlen, const ASN1_ITEM *item,
+                                        int do_sort, int iclass)
+        {
+        int i;
+        ASN1_VALUE *skitem;
+        unsigned char *tmpdat = NULL, *p = NULL;
+        DER_ENC *derlst = NULL, *tder;
+        if (do_sort)
+                 {
+                /* Don't need to sort less than 2 items */
+                if (sk_ASN1_VALUE_num(sk) < 2)
+                        do_sort = 0;
+                else
+                        {
+                        derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
+                                                * sizeof(*derlst));
+                        tmpdat = OPENSSL_malloc(skcontlen);
+                        if (!derlst || !tmpdat)
+                                return 0;
+                        }
+                }
+        /* If not sorting just output each item */
+        if (!do_sort)
+                {
+                for (i = 0; i < sk_ASN1_VALUE_num(sk); i++)
+                        {
+                        skitem = sk_ASN1_VALUE_value(sk, i);
+                        ASN1_item_ex_i2d(&skitem, out, item, -1, iclass);
+                        }
+                return 1;
+                }
+        p = tmpdat;
+
+        /* Doing sort: build up a list of each member's DER encoding */
+        for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
+                {
+                skitem = sk_ASN1_VALUE_value(sk, i);
+                tder->data = p;
+                tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass);
+                tder->field = skitem;
+                }
+
+        /* Now sort them */
+        qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp);
+        /* Output sorted DER encoding */        
+        p = *out;
+        for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
+                {
+                memcpy(p, tder->data, tder->length);
+                p += tder->length;
+                }
+        *out = p;
+        /* If do_sort is 2 then reorder the STACK */
+        if (do_sort == 2)
+                {
+                for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk);
+                                                        i++, tder++)
+                        (void)sk_ASN1_VALUE_set(sk, i, tder->field);
+                }
+        OPENSSL_free(derlst);
+        OPENSSL_free(tmpdat);
+        return 1;
+        }
+
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
+                                const ASN1_ITEM *it, int tag, int aclass)
+        {
+        int len;
+        int utype;
+        int usetag;
+        int ndef = 0;
+
+        utype = it->utype;
+
+        /* Get length of content octets and maybe find
+         * out the underlying type.
+         */
+
+        len = asn1_ex_i2c(pval, NULL, &utype, it);
+
+        /* If SEQUENCE, SET or OTHER then header is
+         * included in pseudo content octets so don't
+         * include tag+length. We need to check here
+         * because the call to asn1_ex_i2c() could change
+         * utype.
+         */
+        if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
+           (utype == V_ASN1_OTHER))
+                usetag = 0;
+        else usetag = 1;
+
+        /* -1 means omit type */
+
+        if (len == -1)
+                return 0;
+
+        /* -2 return is special meaning use ndef */
+        if (len == -2)
+                {
+                ndef = 2;
+                len = 0;
+                }
+
+        /* If not implicitly tagged get tag from underlying type */
+        if (tag == -1) tag = utype;
+
+        /* Output tag+length followed by content octets */
+        if (out)
+                {
+                if (usetag)
+                        ASN1_put_object(out, ndef, len, tag, aclass);
+                asn1_ex_i2c(pval, *out, &utype, it);
+                if (ndef)
+                        ASN1_put_eoc(out);
+                else
+                        *out += len;
+                }
+
+        if (usetag)
+                return ASN1_object_size(ndef, len, tag);
+        return len;
+        }
+
+/* Produce content octets from a structure */
+
+int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
+                                const ASN1_ITEM *it)
+        {
+        ASN1_BOOLEAN *tbool = NULL;
+        ASN1_STRING *strtmp;
+        ASN1_OBJECT *otmp;
+        int utype;
+        unsigned char *cont, c;
+        int len;
+        const ASN1_PRIMITIVE_FUNCS *pf;
+        pf = it->funcs;
+        if (pf && pf->prim_i2c)
+                return pf->prim_i2c(pval, cout, putype, it);
+
+        /* Should type be omitted? */
+        if ((it->itype != ASN1_ITYPE_PRIMITIVE)
+                || (it->utype != V_ASN1_BOOLEAN))
+                {
+                if (!*pval) return -1;
+                }
+
+        if (it->itype == ASN1_ITYPE_MSTRING)
+                {
+                /* If MSTRING type set the underlying type */
+                strtmp = (ASN1_STRING *)*pval;
+                utype = strtmp->type;
+                *putype = utype;
+                }
+        else if (it->utype == V_ASN1_ANY)
+                {
+                /* If ANY set type and pointer to value */
+                ASN1_TYPE *typ;
+                typ = (ASN1_TYPE *)*pval;
+                utype = typ->type;
+                *putype = utype;
+                pval = &typ->value.asn1_value;
+                }
+        else utype = *putype;
+
+        switch(utype)
+                {
+                case V_ASN1_OBJECT:
+                otmp = (ASN1_OBJECT *)*pval;
+                cont = otmp->data;
+                len = otmp->length;
+                break;
+
+                case V_ASN1_NULL:
+                cont = NULL;
+                len = 0;
+                break;
+
+                case V_ASN1_BOOLEAN:
+                tbool = (ASN1_BOOLEAN *)pval;
+                if (*tbool == -1)
+                        return -1;
+                if (it->utype != V_ASN1_ANY)
+                        {
+                        /* Default handling if value == size field then omit */
+                        if (*tbool && (it->size > 0))
+                                return -1;
+                        if (!*tbool && !it->size)
+                                return -1;
+                        }
+                c = (unsigned char)*tbool;
+                cont = &c;
+                len = 1;
+                break;
+
+                case V_ASN1_BIT_STRING:
+                return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval,
+                                                        cout ? &cout : NULL);
+                break;
+
+                case V_ASN1_INTEGER:
+                case V_ASN1_NEG_INTEGER:
+                case V_ASN1_ENUMERATED:
+                case V_ASN1_NEG_ENUMERATED:
+                /* These are all have the same content format
+                 * as ASN1_INTEGER
+                 */
+                return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval,
+                                                        cout ? &cout : NULL);
+                break;
+
+                case V_ASN1_OCTET_STRING:
+                case V_ASN1_NUMERICSTRING:
+                case V_ASN1_PRINTABLESTRING:
+                case V_ASN1_T61STRING:
+                case V_ASN1_VIDEOTEXSTRING:
+                case V_ASN1_IA5STRING:
+                case V_ASN1_UTCTIME:
+                case V_ASN1_GENERALIZEDTIME:
+                case V_ASN1_GRAPHICSTRING:
+                case V_ASN1_VISIBLESTRING:
+                case V_ASN1_GENERALSTRING:
+                case V_ASN1_UNIVERSALSTRING:
+                case V_ASN1_BMPSTRING:
+                case V_ASN1_UTF8STRING:
+                case V_ASN1_SEQUENCE:
+                case V_ASN1_SET:
+                default:
+                /* All based on ASN1_STRING and handled the same */
+                strtmp = (ASN1_STRING *)*pval;
+                /* Special handling for NDEF */
+                if ((it->size == ASN1_TFLG_NDEF)
+                        && (strtmp->flags & ASN1_STRING_FLAG_NDEF))
+                        {
+                        if (cout)
+                                {
+                                strtmp->data = cout;
+                                strtmp->length = 0;
+                                }
+                        /* Special return code */
+                        return -2;
+                        }
+                cont = strtmp->data;
+                len = strtmp->length;
+
+                break;
+
+                }
+        if (cout && len)
+                memcpy(cout, cont, len);
+        return len;
+        }
diff --git a/src/lib/libcrypto/asn1/tasn_fre.c b/src/lib/libcrypto/asn1/tasn_fre.c
new file mode 100644
index 0000000000..bb7c1e2af4
--- /dev/null
+++ b/src/lib/libcrypto/asn1/tasn_fre.c
@@ -0,0 +1,266 @@
+/* tasn_fre.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+
+static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine);
+
+/* Free up an ASN1 structure */
+
+void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
+        {
+        asn1_item_combine_free(&val, it, 0);
+        }
+
+void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+        {
+        asn1_item_combine_free(pval, it, 0);
+        }
+
+static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
+        {
+        const ASN1_TEMPLATE *tt = NULL, *seqtt;
+        const ASN1_EXTERN_FUNCS *ef;
+        const ASN1_COMPAT_FUNCS *cf;
+        const ASN1_AUX *aux = it->funcs;
+        ASN1_aux_cb *asn1_cb;
+        int i;
+        if (!pval)
+                return;
+        if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
+                return;
+        if (aux && aux->asn1_cb)
+                asn1_cb = aux->asn1_cb;
+        else
+                asn1_cb = 0;
+
+        switch(it->itype)
+                {
+
+                case ASN1_ITYPE_PRIMITIVE:
+                if (it->templates)
+                        ASN1_template_free(pval, it->templates);
+                else
+                        ASN1_primitive_free(pval, it);
+                break;
+
+                case ASN1_ITYPE_MSTRING:
+                ASN1_primitive_free(pval, it);
+                break;
+
+                case ASN1_ITYPE_CHOICE:
+                if (asn1_cb)
+                        {
+                        i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+                        if (i == 2)
+                                return;
+                        }
+                i = asn1_get_choice_selector(pval, it);
+                if ((i >= 0) && (i < it->tcount))
+                        {
+                        ASN1_VALUE **pchval;
+                        tt = it->templates + i;
+                        pchval = asn1_get_field_ptr(pval, tt);
+                        ASN1_template_free(pchval, tt);
+                        }
+                if (asn1_cb)
+                        asn1_cb(ASN1_OP_FREE_POST, pval, it);
+                if (!combine)
+                        {
+                        OPENSSL_free(*pval);
+                        *pval = NULL;
+                        }
+                break;
+
+                case ASN1_ITYPE_COMPAT:
+                cf = it->funcs;
+                if (cf && cf->asn1_free)
+                        cf->asn1_free(*pval);
+                break;
+
+                case ASN1_ITYPE_EXTERN:
+                ef = it->funcs;
+                if (ef && ef->asn1_ex_free)
+                        ef->asn1_ex_free(pval, it);
+                break;
+
+                case ASN1_ITYPE_NDEF_SEQUENCE:
+                case ASN1_ITYPE_SEQUENCE:
+                if (asn1_do_lock(pval, -1, it) > 0)
+                        return;
+                if (asn1_cb)
+                        {
+                        i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+                        if (i == 2)
+                                return;
+                        }               
+                asn1_enc_free(pval, it);
+                /* If we free up as normal we will invalidate any
+                 * ANY DEFINED BY field and we wont be able to 
+                 * determine the type of the field it defines. So
+                 * free up in reverse order.
+                 */
+                tt = it->templates + it->tcount - 1;
+                for (i = 0; i < it->tcount; tt--, i++)
+                        {
+                        ASN1_VALUE **pseqval;
+                        seqtt = asn1_do_adb(pval, tt, 0);
+                        if (!seqtt)
+                                continue;
+                        pseqval = asn1_get_field_ptr(pval, seqtt);
+                        ASN1_template_free(pseqval, seqtt);
+                        }
+                if (asn1_cb)
+                        asn1_cb(ASN1_OP_FREE_POST, pval, it);
+                if (!combine)
+                        {
+                        OPENSSL_free(*pval);
+                        *pval = NULL;
+                        }
+                break;
+                }
+        }
+
+void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+        {
+        int i;
+        if (tt->flags & ASN1_TFLG_SK_MASK)
+                {
+                STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+                for (i = 0; i < sk_ASN1_VALUE_num(sk); i++)
+                        {
+                        ASN1_VALUE *vtmp;
+                        vtmp = sk_ASN1_VALUE_value(sk, i);
+                        asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item),
+                                                                        0);
+                        }
+                sk_ASN1_VALUE_free(sk);
+                *pval = NULL;
+                }
+        else
+                asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item),
+                                                tt->flags & ASN1_TFLG_COMBINE);
+        }
+
+void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+        {
+        int utype;
+        if (it)
+                {
+                const ASN1_PRIMITIVE_FUNCS *pf;
+                pf = it->funcs;
+                if (pf && pf->prim_free)
+                        {
+                        pf->prim_free(pval, it);
+                        return;
+                        }
+                }
+        /* Special case: if 'it' is NULL free contents of ASN1_TYPE */
+        if (!it)
+                {
+                ASN1_TYPE *typ = (ASN1_TYPE *)*pval;
+                utype = typ->type;
+                pval = &typ->value.asn1_value;
+                if (!*pval)
+                        return;
+                }
+        else if (it->itype == ASN1_ITYPE_MSTRING)
+                {
+                utype = -1;
+                if (!*pval)
+                        return;
+                }
+        else
+                {
+                utype = it->utype;
+                if ((utype != V_ASN1_BOOLEAN) && !*pval)
+                        return;
+                }
+
+        switch(utype)
+                {
+                case V_ASN1_OBJECT:
+                ASN1_OBJECT_free((ASN1_OBJECT *)*pval);
+                break;
+
+                case V_ASN1_BOOLEAN:
+                if (it)
+                        *(ASN1_BOOLEAN *)pval = it->size;
+                else
+                        *(ASN1_BOOLEAN *)pval = -1;
+                return;
+
+                case V_ASN1_NULL:
+                break;
+
+                case V_ASN1_ANY:
+                ASN1_primitive_free(pval, NULL);
+                OPENSSL_free(*pval);
+                break;
+
+                default:
+                ASN1_STRING_free((ASN1_STRING *)*pval);
+                *pval = NULL;
+                break;
+                }
+        *pval = NULL;
+        }
diff --git a/src/lib/libcrypto/asn1/tasn_new.c b/src/lib/libcrypto/asn1/tasn_new.c
new file mode 100644
index 0000000000..531dad365c
--- /dev/null
+++ b/src/lib/libcrypto/asn1/tasn_new.c
@@ -0,0 +1,395 @@
+/* tasn_new.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+#include <string.h>
+
+static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                                int combine);
+static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it)
+        {
+        ASN1_VALUE *ret = NULL;
+        if (ASN1_item_ex_new(&ret, it) > 0)
+                return ret;
+        return NULL;
+        }
+
+/* Allocate an ASN1 structure */
+
+int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+        {
+        return asn1_item_ex_combine_new(pval, it, 0);
+        }
+
+static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                                int combine)
+        {
+        const ASN1_TEMPLATE *tt = NULL;
+        const ASN1_COMPAT_FUNCS *cf;
+        const ASN1_EXTERN_FUNCS *ef;
+        const ASN1_AUX *aux = it->funcs;
+        ASN1_aux_cb *asn1_cb;
+        ASN1_VALUE **pseqval;
+        int i;
+        if (aux && aux->asn1_cb)
+                asn1_cb = aux->asn1_cb;
+        else
+                asn1_cb = 0;
+
+        if (!combine) *pval = NULL;
+
+#ifdef CRYPTO_MDEBUG
+        if (it->sname)
+                CRYPTO_push_info(it->sname);
+#endif
+
+        switch(it->itype)
+                {
+
+                case ASN1_ITYPE_EXTERN:
+                ef = it->funcs;
+                if (ef && ef->asn1_ex_new)
+                        {
+                        if (!ef->asn1_ex_new(pval, it))
+                                goto memerr;
+                        }
+                break;
+
+                case ASN1_ITYPE_COMPAT:
+                cf = it->funcs;
+                if (cf && cf->asn1_new) {
+                        *pval = cf->asn1_new();
+                        if (!*pval)
+                                goto memerr;
+                }
+                break;
+
+                case ASN1_ITYPE_PRIMITIVE:
+                if (it->templates)
+                        {
+                        if (!ASN1_template_new(pval, it->templates))
+                                goto memerr;
+                        }
+                else if (!ASN1_primitive_new(pval, it))
+                                goto memerr;
+                break;
+
+                case ASN1_ITYPE_MSTRING:
+                if (!ASN1_primitive_new(pval, it))
+                                goto memerr;
+                break;
+
+                case ASN1_ITYPE_CHOICE:
+                if (asn1_cb)
+                        {
+                        i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
+                        if (!i)
+                                goto auxerr;
+                        if (i==2)
+                                {
+#ifdef CRYPTO_MDEBUG
+                                if (it->sname)
+                                        CRYPTO_pop_info();
+#endif
+                                return 1;
+                                }
+                        }
+                if (!combine)
+                        {
+                        *pval = OPENSSL_malloc(it->size);
+                        if (!*pval)
+                                goto memerr;
+                        memset(*pval, 0, it->size);
+                        }
+                asn1_set_choice_selector(pval, -1, it);
+                if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+                                goto auxerr;
+                break;
+
+                case ASN1_ITYPE_NDEF_SEQUENCE:
+                case ASN1_ITYPE_SEQUENCE:
+                if (asn1_cb)
+                        {
+                        i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
+                        if (!i)
+                                goto auxerr;
+                        if (i==2)
+                                {
+#ifdef CRYPTO_MDEBUG
+                                if (it->sname)
+                                        CRYPTO_pop_info();
+#endif
+                                return 1;
+                                }
+                        }
+                if (!combine)
+                        {
+                        *pval = OPENSSL_malloc(it->size);
+                        if (!*pval)
+                                goto memerr;
+                        memset(*pval, 0, it->size);
+                        asn1_do_lock(pval, 0, it);
+                        asn1_enc_init(pval, it);
+                        }
+                for (i = 0, tt = it->templates; i < it->tcount; tt++, i++)
+                        {
+                        pseqval = asn1_get_field_ptr(pval, tt);
+                        if (!ASN1_template_new(pseqval, tt))
+                                goto memerr;
+                        }
+                if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+                                goto auxerr;
+                break;
+        }
+#ifdef CRYPTO_MDEBUG
+        if (it->sname) CRYPTO_pop_info();
+#endif
+        return 1;
+
+        memerr:
+        ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE);
+#ifdef CRYPTO_MDEBUG
+        if (it->sname) CRYPTO_pop_info();
+#endif
+        return 0;
+
+        auxerr:
+        ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR);
+        ASN1_item_ex_free(pval, it);
+#ifdef CRYPTO_MDEBUG
+        if (it->sname) CRYPTO_pop_info();
+#endif
+        return 0;
+
+        }
+
+static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+        {
+        const ASN1_EXTERN_FUNCS *ef;
+
+        switch(it->itype)
+                {
+
+                case ASN1_ITYPE_EXTERN:
+                ef = it->funcs;
+                if (ef && ef->asn1_ex_clear) 
+                        ef->asn1_ex_clear(pval, it);
+                else *pval = NULL;
+                break;
+
+
+                case ASN1_ITYPE_PRIMITIVE:
+                if (it->templates) 
+                        asn1_template_clear(pval, it->templates);
+                else
+                        asn1_primitive_clear(pval, it);
+                break;
+
+                case ASN1_ITYPE_MSTRING:
+                asn1_primitive_clear(pval, it);
+                break;
+
+                case ASN1_ITYPE_COMPAT:
+                case ASN1_ITYPE_CHOICE:
+                case ASN1_ITYPE_SEQUENCE:
+                case ASN1_ITYPE_NDEF_SEQUENCE:
+                *pval = NULL;
+                break;
+                }
+        }
+
+
+int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+        {
+        const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item);
+        int ret;
+        if (tt->flags & ASN1_TFLG_OPTIONAL)
+                {
+                asn1_template_clear(pval, tt);
+                return 1;
+                }
+        /* If ANY DEFINED BY nothing to do */
+
+        if (tt->flags & ASN1_TFLG_ADB_MASK)
+                {
+                *pval = NULL;
+                return 1;
+                }
+#ifdef CRYPTO_MDEBUG
+        if (tt->field_name)
+                CRYPTO_push_info(tt->field_name);
+#endif
+        /* If SET OF or SEQUENCE OF, its a STACK */
+        if (tt->flags & ASN1_TFLG_SK_MASK)
+                {
+                STACK_OF(ASN1_VALUE) *skval;
+                skval = sk_ASN1_VALUE_new_null();
+                if (!skval)
+                        {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE);
+                        ret = 0;
+                        goto done;
+                        }
+                *pval = (ASN1_VALUE *)skval;
+                ret = 1;
+                goto done;
+                }
+        /* Otherwise pass it back to the item routine */
+        ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);
+        done:
+#ifdef CRYPTO_MDEBUG
+        if (it->sname)
+                CRYPTO_pop_info();
+#endif
+        return ret;
+        }
+
+static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+        {
+        /* If ADB or STACK just NULL the field */
+        if (tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK)) 
+                *pval = NULL;
+        else
+                asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item));
+        }
+
+
+/* NB: could probably combine most of the real XXX_new() behaviour and junk
+ * all the old functions.
+ */
+
+int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+        {
+        ASN1_TYPE *typ;
+        int utype;
+
+        if (it && it->funcs)
+                {
+                const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
+                if (pf->prim_new)
+                        return pf->prim_new(pval, it);
+                }
+
+        if (!it || (it->itype == ASN1_ITYPE_MSTRING))
+                utype = -1;
+        else
+                utype = it->utype;
+        switch(utype)
+                {
+                case V_ASN1_OBJECT:
+                *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef);
+                return 1;
+
+                case V_ASN1_BOOLEAN:
+                if (it)
+                        *(ASN1_BOOLEAN *)pval = it->size;
+                else
+                        *(ASN1_BOOLEAN *)pval = -1;
+                return 1;
+
+                case V_ASN1_NULL:
+                *pval = (ASN1_VALUE *)1;
+                return 1;
+
+                case V_ASN1_ANY:
+                typ = OPENSSL_malloc(sizeof(ASN1_TYPE));
+                if (!typ)
+                        return 0;
+                typ->value.ptr = NULL;
+                typ->type = -1;
+                *pval = (ASN1_VALUE *)typ;
+                break;
+
+                default:
+                *pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype);
+                break;
+                }
+        if (*pval)
+                return 1;
+        return 0;
+        }
+
+void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+        {
+        int utype;
+        if (it && it->funcs)
+                {
+                const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
+                if (pf->prim_clear)
+                        pf->prim_clear(pval, it);
+                else 
+                        *pval = NULL;
+                return;
+                }
+        if (!it || (it->itype == ASN1_ITYPE_MSTRING))
+                utype = -1;
+        else
+                utype = it->utype;
+        if (utype == V_ASN1_BOOLEAN)
+                *(ASN1_BOOLEAN *)pval = it->size;
+        else *pval = NULL;
+        }
diff --git a/src/lib/libcrypto/asn1/tasn_prn.c b/src/lib/libcrypto/asn1/tasn_prn.c
new file mode 100644
index 0000000000..719639b511
--- /dev/null
+++ b/src/lib/libcrypto/asn1/tasn_prn.c
@@ -0,0 +1,198 @@
+/* tasn_prn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include <openssl/nasn.h>
+
+/* Print routines. Print out a whole structure from a template.
+ */
+
+static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name);
+
+int ASN1_item_print(BIO *out, void *fld, int indent, const ASN1_ITEM *it)
+{
+        return asn1_item_print_nm(out, fld, indent, it, it->sname);
+}
+
+static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name)
+{
+        ASN1_STRING *str;
+        const ASN1_TEMPLATE *tt;
+        void *tmpfld;
+        int i;
+        if(!fld) {
+                BIO_printf(out, "%*s%s ABSENT\n", indent, "", name);
+                return 1;
+        }
+        switch(it->itype) {
+
+                case ASN1_ITYPE_PRIMITIVE:
+                if(it->templates)
+                        return ASN1_template_print(out, fld, indent, it->templates);
+                return asn1_primitive_print(out, fld, it->utype, indent, name);
+                break;
+
+                case ASN1_ITYPE_MSTRING:
+                str = fld;
+                return asn1_primitive_print(out, fld, str->type, indent, name);
+
+                case ASN1_ITYPE_EXTERN:
+                BIO_printf(out, "%*s%s:EXTERNAL TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");
+                return 1;
+                case ASN1_ITYPE_COMPAT:
+                BIO_printf(out, "%*s%s:COMPATIBLE TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");
+                return 1;
+
+
+                case ASN1_ITYPE_CHOICE:
+                /* CHOICE type, get selector */
+                i = asn1_get_choice_selector(fld, it);
+                /* This should never happen... */
+                if((i < 0) || (i >= it->tcount)) {
+                        BIO_printf(out, "%s selector [%d] out of range\n", it->sname, i);
+                        return 1;
+                }
+                tt = it->templates + i;
+                tmpfld = asn1_get_field(fld, tt);
+                return ASN1_template_print(out, tmpfld, indent, tt);
+
+                case ASN1_ITYPE_SEQUENCE:
+                BIO_printf(out, "%*s%s {\n", indent, "", name);
+                /* Get each field entry */
+                for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+                        tmpfld = asn1_get_field(fld, tt);
+                        ASN1_template_print(out, tmpfld, indent + 2, tt);
+                }
+                BIO_printf(out, "%*s}\n", indent, "");
+                return 1;
+
+                default:
+                return 0;
+        }
+}
+
+int ASN1_template_print(BIO *out, void *fld, int indent, const ASN1_TEMPLATE *tt)
+{
+        int i, flags;
+#if 0
+        if(!fld) return 0; 
+#endif
+        flags = tt->flags;
+        if(flags & ASN1_TFLG_SK_MASK) {
+                char *tname;
+                void *skitem;
+                /* SET OF, SEQUENCE OF */
+                if(flags & ASN1_TFLG_SET_OF) tname = "SET";
+                else tname = "SEQUENCE";
+                if(fld) {
+                        BIO_printf(out, "%*s%s OF %s {\n", indent, "", tname, tt->field_name);
+                        for(i = 0; i < sk_num(fld); i++) {
+                                skitem = sk_value(fld, i);
+                                asn1_item_print_nm(out, skitem, indent + 2, tt->item, "");
+                        }
+                        BIO_printf(out, "%*s}\n", indent, "");
+                } else 
+                        BIO_printf(out, "%*s%s OF %s ABSENT\n", indent, "", tname, tt->field_name);
+                return 1;
+        }
+        return asn1_item_print_nm(out, fld, indent, tt->item, tt->field_name);
+}
+
+static int asn1_primitive_print(BIO *out, void *fld, long utype, int indent, const char *name)
+{
+        ASN1_STRING *str = fld;
+        if(fld) {
+                if(utype == V_ASN1_BOOLEAN) {
+                        int *bool = fld;
+if(*bool == -1) printf("BOOL MISSING\n");
+                        BIO_printf(out, "%*s%s:%s", indent, "", "BOOLEAN", *bool ? "TRUE" : "FALSE");
+                } else if((utype == V_ASN1_INTEGER) 
+                          || (utype == V_ASN1_ENUMERATED)) {
+                        char *s, *nm;
+                        s = i2s_ASN1_INTEGER(NULL, fld);
+                        if(utype == V_ASN1_INTEGER) nm = "INTEGER";
+                        else nm = "ENUMERATED";
+                        BIO_printf(out, "%*s%s:%s", indent, "", nm, s);
+                        OPENSSL_free(s);
+                } else if(utype == V_ASN1_NULL) {
+                        BIO_printf(out, "%*s%s", indent, "", "NULL");
+                } else if(utype == V_ASN1_UTCTIME) {
+                        BIO_printf(out, "%*s%s:%s:", indent, "", name, "UTCTIME");
+                        ASN1_UTCTIME_print(out, str);
+                } else if(utype == V_ASN1_GENERALIZEDTIME) {
+                        BIO_printf(out, "%*s%s:%s:", indent, "", name, "GENERALIZEDTIME");
+                        ASN1_GENERALIZEDTIME_print(out, str);
+                } else if(utype == V_ASN1_OBJECT) {
+                        char objbuf[80], *ln;
+                        ln = OBJ_nid2ln(OBJ_obj2nid(fld));
+                        if(!ln) ln = "";
+                        OBJ_obj2txt(objbuf, sizeof objbuf, fld, 1);
+                        BIO_printf(out, "%*s%s:%s (%s)", indent, "", "OBJECT", ln, objbuf);
+                } else {
+                        BIO_printf(out, "%*s%s:", indent, "", name);
+                        ASN1_STRING_print_ex(out, str, ASN1_STRFLGS_DUMP_UNKNOWN|ASN1_STRFLGS_SHOW_TYPE);
+                }
+                BIO_printf(out, "\n");
+        } else BIO_printf(out, "%*s%s [ABSENT]\n", indent, "", name);
+        return 1;
+}
diff --git a/src/lib/libcrypto/asn1/tasn_typ.c b/src/lib/libcrypto/asn1/tasn_typ.c
new file mode 100644
index 0000000000..6f17f1bec7
--- /dev/null
+++ b/src/lib/libcrypto/asn1/tasn_typ.c
@@ -0,0 +1,137 @@
+/* tasn_typ.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+/* Declarations for string types */
+
+
+IMPLEMENT_ASN1_TYPE(ASN1_INTEGER)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_INTEGER)
+
+IMPLEMENT_ASN1_TYPE(ASN1_ENUMERATED)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_ENUMERATED)
+
+IMPLEMENT_ASN1_TYPE(ASN1_BIT_STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_BIT_STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_OCTET_STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_NULL)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_NULL)
+
+IMPLEMENT_ASN1_TYPE(ASN1_OBJECT)
+
+IMPLEMENT_ASN1_TYPE(ASN1_UTF8STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTF8STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_PRINTABLESTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_T61STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_T61STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_IA5STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_IA5STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_GENERALSTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_UTCTIME)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTCTIME)
+
+IMPLEMENT_ASN1_TYPE(ASN1_GENERALIZEDTIME)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
+
+IMPLEMENT_ASN1_TYPE(ASN1_VISIBLESTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_UNIVERSALSTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_BMPSTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_BMPSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_ANY)
+
+/* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */
+IMPLEMENT_ASN1_TYPE(ASN1_SEQUENCE)
+
+IMPLEMENT_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
+/* Multistring types */
+
+IMPLEMENT_ASN1_MSTRING(ASN1_PRINTABLE, B_ASN1_PRINTABLE)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
+
+IMPLEMENT_ASN1_MSTRING(DISPLAYTEXT, B_ASN1_DISPLAYTEXT)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+
+IMPLEMENT_ASN1_MSTRING(DIRECTORYSTRING, B_ASN1_DIRECTORYSTRING)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+
+/* Three separate BOOLEAN type: normal, DEFAULT TRUE and DEFAULT FALSE */
+IMPLEMENT_ASN1_TYPE_ex(ASN1_BOOLEAN, ASN1_BOOLEAN, -1)
+IMPLEMENT_ASN1_TYPE_ex(ASN1_TBOOLEAN, ASN1_BOOLEAN, 1)
+IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0)
+
+/* Special, OCTET STRING with indefinite length constructed support */
+
+IMPLEMENT_ASN1_TYPE_ex(ASN1_OCTET_STRING_NDEF, ASN1_OCTET_STRING, ASN1_TFLG_NDEF)
diff --git a/src/lib/libcrypto/asn1/tasn_utl.c b/src/lib/libcrypto/asn1/tasn_utl.c
new file mode 100644
index 0000000000..34d520b180
--- /dev/null
+++ b/src/lib/libcrypto/asn1/tasn_utl.c
@@ -0,0 +1,279 @@
+/* tasn_utl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/err.h>
+
+/* Utility functions for manipulating fields and offsets */
+
+/* Add 'offset' to 'addr' */
+#define offset2ptr(addr, offset) (void *)(((char *) addr) + offset)
+
+/* Given an ASN1_ITEM CHOICE type return
+ * the selector value
+ */
+
+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it)
+        {
+        int *sel = offset2ptr(*pval, it->utype);
+        return *sel;
+        }
+
+/* Given an ASN1_ITEM CHOICE type set
+ * the selector value, return old value.
+ */
+
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it)
+        {       
+        int *sel, ret;
+        sel = offset2ptr(*pval, it->utype);
+        ret = *sel;
+        *sel = value;
+        return ret;
+        }
+
+/* Do reference counting. The value 'op' decides what to do. 
+ * if it is +1 then the count is incremented. If op is 0 count is
+ * set to 1. If op is -1 count is decremented and the return value
+ * is the current refrence count or 0 if no reference count exists.
+ */
+
+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
+        {
+        const ASN1_AUX *aux;
+        int *lck, ret;
+        if ((it->itype != ASN1_ITYPE_SEQUENCE)
+           && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE))
+                return 0;
+        aux = it->funcs;
+        if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT))
+                return 0;
+        lck = offset2ptr(*pval, aux->ref_offset);
+        if (op == 0)
+                {
+                *lck = 1;
+                return 1;
+                }
+        ret = CRYPTO_add(lck, op, aux->ref_lock);
+#ifdef REF_PRINT
+        fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck);
+#endif
+#ifdef REF_CHECK
+        if (ret < 0) 
+                fprintf(stderr, "%s, bad reference count\n", it->sname);
+#endif
+        return ret;
+        }
+
+static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it)
+        {
+        const ASN1_AUX *aux;
+        if (!pval || !*pval)
+                return NULL;
+        aux = it->funcs;
+        if (!aux || !(aux->flags & ASN1_AFLG_ENCODING))
+                return NULL;
+        return offset2ptr(*pval, aux->enc_offset);
+        }
+
+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it)
+        {
+        ASN1_ENCODING *enc;
+        enc = asn1_get_enc_ptr(pval, it);
+        if (enc)
+                {
+                enc->enc = NULL;
+                enc->len = 0;
+                enc->modified = 1;
+                }
+        }
+
+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+        {
+        ASN1_ENCODING *enc;
+        enc = asn1_get_enc_ptr(pval, it);
+        if (enc)
+                {
+                if (enc->enc)
+                        OPENSSL_free(enc->enc);
+                enc->enc = NULL;
+                enc->len = 0;
+                enc->modified = 1;
+                }
+        }
+
+int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
+                                                         const ASN1_ITEM *it)
+        {
+        ASN1_ENCODING *enc;
+        enc = asn1_get_enc_ptr(pval, it);
+        if (!enc)
+                return 1;
+
+        if (enc->enc)
+                OPENSSL_free(enc->enc);
+        enc->enc = OPENSSL_malloc(inlen);
+        if (!enc->enc)
+                return 0;
+        memcpy(enc->enc, in, inlen);
+        enc->len = inlen;
+        enc->modified = 0;
+
+        return 1;
+        }
+                
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
+                                                        const ASN1_ITEM *it)
+        {
+        ASN1_ENCODING *enc;
+        enc = asn1_get_enc_ptr(pval, it);
+        if (!enc || enc->modified)
+                return 0;
+        if (out)
+                {
+                memcpy(*out, enc->enc, enc->len);
+                *out += enc->len;
+                }
+        if (len)
+                *len = enc->len;
+        return 1;
+        }
+
+/* Given an ASN1_TEMPLATE get a pointer to a field */
+ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+        {
+        ASN1_VALUE **pvaltmp;
+        if (tt->flags & ASN1_TFLG_COMBINE)
+                return pval;
+        pvaltmp = offset2ptr(*pval, tt->offset);
+        /* NOTE for BOOLEAN types the field is just a plain
+         * int so we can't return int **, so settle for
+         * (int *).
+         */
+        return pvaltmp;
+        }
+
+/* Handle ANY DEFINED BY template, find the selector, look up
+ * the relevant ASN1_TEMPLATE in the table and return it.
+ */
+
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
+                                                                int nullerr)
+        {
+        const ASN1_ADB *adb;
+        const ASN1_ADB_TABLE *atbl;
+        long selector;
+        ASN1_VALUE **sfld;
+        int i;
+        if (!(tt->flags & ASN1_TFLG_ADB_MASK))
+                return tt;
+
+        /* Else ANY DEFINED BY ... get the table */
+        adb = ASN1_ADB_ptr(tt->item);
+
+        /* Get the selector field */
+        sfld = offset2ptr(*pval, adb->offset);
+
+        /* Check if NULL */
+        if (!sfld)
+                {
+                if (!adb->null_tt)
+                        goto err;
+                return adb->null_tt;
+                }
+
+        /* Convert type to a long:
+         * NB: don't check for NID_undef here because it
+         * might be a legitimate value in the table
+         */
+        if (tt->flags & ASN1_TFLG_ADB_OID) 
+                selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld);
+        else 
+                selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld);
+
+        /* Try to find matching entry in table
+         * Maybe should check application types first to
+         * allow application override? Might also be useful
+         * to have a flag which indicates table is sorted and
+         * we can do a binary search. For now stick to a
+         * linear search.
+         */
+
+        for (atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++)
+                if (atbl->value == selector)
+                        return &atbl->tt;
+
+        /* FIXME: need to search application table too */
+
+        /* No match, return default type */
+        if (!adb->default_tt)
+                goto err;               
+        return adb->default_tt;
+        
+        err:
+        /* FIXME: should log the value or OID of unsupported type */
+        if (nullerr)
+                ASN1err(ASN1_F_ASN1_DO_ADB,
+                        ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
+        return NULL;
+        }
diff --git a/src/lib/libcrypto/asn1/x_algor.c b/src/lib/libcrypto/asn1/x_algor.c
new file mode 100644
index 0000000000..33533aba86
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_algor.c
@@ -0,0 +1,130 @@
+/* x_algor.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stddef.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+ASN1_SEQUENCE(X509_ALGOR) = {
+        ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT),
+        ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
+} ASN1_SEQUENCE_END(X509_ALGOR)
+
+ASN1_ITEM_TEMPLATE(X509_ALGORS) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR)
+ASN1_ITEM_TEMPLATE_END(X509_ALGORS)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_ALGORS, X509_ALGORS, X509_ALGORS)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
+
+IMPLEMENT_STACK_OF(X509_ALGOR)
+IMPLEMENT_ASN1_SET_OF(X509_ALGOR)
+
+int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
+        {
+        if (!alg)
+                return 0;
+        if (ptype != V_ASN1_UNDEF)
+                {
+                if (alg->parameter == NULL)
+                        alg->parameter = ASN1_TYPE_new();
+                if (alg->parameter == NULL)
+                        return 0;
+                }
+        if (alg)
+                {
+                if (alg->algorithm)
+                        ASN1_OBJECT_free(alg->algorithm);
+                alg->algorithm = aobj;
+                }
+        if (ptype == 0)
+                return 1;       
+        if (ptype == V_ASN1_UNDEF)
+                {
+                if (alg->parameter)
+                        {
+                        ASN1_TYPE_free(alg->parameter);
+                        alg->parameter = NULL;
+                        }
+                }
+        else
+                ASN1_TYPE_set(alg->parameter, ptype, pval);
+        return 1;
+        }
+
+void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
+                                                X509_ALGOR *algor)
+        {
+        if (paobj)
+                *paobj = algor->algorithm;
+        if (pptype)
+                {
+                if (algor->parameter == NULL)
+                        {
+                        *pptype = V_ASN1_UNDEF;
+                        return;
+                        }
+                else
+                        *pptype = algor->parameter->type;
+                if (ppval)
+                        *ppval = algor->parameter->value.ptr;
+                }
+        }
+
diff --git a/src/lib/libcrypto/asn1/x_attrib.c b/src/lib/libcrypto/asn1/x_attrib.c
new file mode 100644
index 0000000000..1e3713f18f
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_attrib.c
@@ -0,0 +1,118 @@
+/* crypto/asn1/x_attrib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+/* X509_ATTRIBUTE: this has the following form:
+ *
+ * typedef struct x509_attributes_st
+ *      {
+ *      ASN1_OBJECT *object;
+ *      int single;
+ *      union   {
+ *              char            *ptr;
+ *              STACK_OF(ASN1_TYPE) *set;
+ *              ASN1_TYPE       *single;
+ *              } value;
+ *      } X509_ATTRIBUTE;
+ *
+ * this needs some extra thought because the CHOICE type is
+ * merged with the main structure and because the value can
+ * be anything at all we *must* try the SET OF first because
+ * the ASN1_ANY type will swallow anything including the whole
+ * SET OF structure.
+ */
+
+ASN1_CHOICE(X509_ATTRIBUTE_SET) = {
+        ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY),
+        ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY)
+} ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single)
+
+ASN1_SEQUENCE(X509_ATTRIBUTE) = {
+        ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
+        /* CHOICE type merged with parent */
+        ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET)
+} ASN1_SEQUENCE_END(X509_ATTRIBUTE)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
+        {
+        X509_ATTRIBUTE *ret=NULL;
+        ASN1_TYPE *val=NULL;
+
+        if ((ret=X509_ATTRIBUTE_new()) == NULL)
+                return(NULL);
+        ret->object=OBJ_nid2obj(nid);
+        ret->single=0;
+        if ((ret->value.set=sk_ASN1_TYPE_new_null()) == NULL) goto err;
+        if ((val=ASN1_TYPE_new()) == NULL) goto err;
+        if (!sk_ASN1_TYPE_push(ret->value.set,val)) goto err;
+
+        ASN1_TYPE_set(val,atrtype,value);
+        return(ret);
+err:
+        if (ret != NULL) X509_ATTRIBUTE_free(ret);
+        if (val != NULL) ASN1_TYPE_free(val);
+        return(NULL);
+        }
diff --git a/src/lib/libcrypto/asn1/x_bignum.c b/src/lib/libcrypto/asn1/x_bignum.c
new file mode 100644
index 0000000000..869c05d931
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_bignum.c
@@ -0,0 +1,139 @@
+/* x_bignum.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/bn.h>
+
+/* Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a
+ * BIGNUM directly. Currently it ignores the sign which isn't a problem since all
+ * BIGNUMs used are non negative and anything that looks negative is normally due
+ * to an encoding error.
+ */
+
+#define BN_SENSITIVE    1
+
+static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+static ASN1_PRIMITIVE_FUNCS bignum_pf = {
+        NULL, 0,
+        bn_new,
+        bn_free,
+        0,
+        bn_c2i,
+        bn_i2c
+};
+
+ASN1_ITEM_start(BIGNUM)
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
+ASN1_ITEM_end(BIGNUM)
+
+ASN1_ITEM_start(CBIGNUM)
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"
+ASN1_ITEM_end(CBIGNUM)
+
+static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        *pval = (ASN1_VALUE *)BN_new();
+        if(*pval) return 1;
+        else return 0;
+}
+
+static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        if(!*pval) return;
+        if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval);
+        else BN_free((BIGNUM *)*pval);
+        *pval = NULL;
+}
+
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+{
+        BIGNUM *bn;
+        int pad;
+        if(!*pval) return -1;
+        bn = (BIGNUM *)*pval;
+        /* If MSB set in an octet we need a padding byte */
+        if(BN_num_bits(bn) & 0x7) pad = 0;
+        else pad = 1;
+        if(cont) {
+                if(pad) *cont++ = 0;
+                BN_bn2bin(bn, cont);
+        }
+        return pad + BN_num_bytes(bn);
+}
+
+static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                  int utype, char *free_cont, const ASN1_ITEM *it)
+{
+        BIGNUM *bn;
+        if(!*pval) bn_new(pval, it);
+        bn  = (BIGNUM *)*pval;
+        if(!BN_bin2bn(cont, len, bn)) {
+                bn_free(pval, it);
+                return 0;
+        }
+        return 1;
+}
+
+
diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c
new file mode 100644
index 0000000000..70d56a67f2
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_crl.c
@@ -0,0 +1,140 @@
+/* crypto/asn1/x_crl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
+                                const X509_REVOKED * const *b);
+
+ASN1_SEQUENCE(X509_REVOKED) = {
+        ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
+        ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
+} ASN1_SEQUENCE_END(X509_REVOKED)
+
+/* The X509_CRL_INFO structure needs a bit of customisation.
+ * Since we cache the original encoding the signature wont be affected by
+ * reordering of the revoked field.
+ */
+static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
+
+        if(!a || !a->revoked) return 1;
+        switch(operation) {
+                /* Just set cmp function here. We don't sort because that
+                 * would affect the output of X509_CRL_print().
+                 */
+                case ASN1_OP_D2I_POST:
+                (void)sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);
+                break;
+        }
+        return 1;
+}
+
+
+ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
+        ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
+        ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),
+        ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
+        ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),
+        ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
+} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO)
+
+ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = {
+        ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
+        ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED)
+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
+
+static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
+                        const X509_REVOKED * const *b)
+        {
+        return(ASN1_STRING_cmp(
+                (ASN1_STRING *)(*a)->serialNumber,
+                (ASN1_STRING *)(*b)->serialNumber));
+        }
+
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
+{
+        X509_CRL_INFO *inf;
+        inf = crl->crl;
+        if(!inf->revoked)
+                inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
+        if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
+                ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        inf->enc.modified = 1;
+        return 1;
+}
+
+IMPLEMENT_STACK_OF(X509_REVOKED)
+IMPLEMENT_ASN1_SET_OF(X509_REVOKED)
+IMPLEMENT_STACK_OF(X509_CRL)
+IMPLEMENT_ASN1_SET_OF(X509_CRL)
diff --git a/src/lib/libcrypto/asn1/x_exten.c b/src/lib/libcrypto/asn1/x_exten.c
new file mode 100644
index 0000000000..1732e66712
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_exten.c
@@ -0,0 +1,76 @@
+/* x_exten.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stddef.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+ASN1_SEQUENCE(X509_EXTENSION) = {
+        ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
+        ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
+        ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_EXTENSION)
+
+ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
+ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION)
diff --git a/src/lib/libcrypto/asn1/x_info.c b/src/lib/libcrypto/asn1/x_info.c
new file mode 100644
index 0000000000..d44f6cdb01
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_info.c
@@ -0,0 +1,114 @@
+/* crypto/asn1/x_info.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+
+X509_INFO *X509_INFO_new(void)
+        {
+        X509_INFO *ret=NULL;
+
+        ret=(X509_INFO *)OPENSSL_malloc(sizeof(X509_INFO));
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_X509_INFO_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+ 
+        ret->enc_cipher.cipher=NULL;
+        ret->enc_len=0;
+        ret->enc_data=NULL;
+ 
+        ret->references=1;
+        ret->x509=NULL;
+        ret->crl=NULL;
+        ret->x_pkey=NULL;
+        return(ret);
+        }
+
+void X509_INFO_free(X509_INFO *x)
+        {
+        int i;
+
+        if (x == NULL) return;
+
+        i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_INFO);
+#ifdef REF_PRINT
+        REF_PRINT("X509_INFO",x);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"X509_INFO_free, bad reference count\n");
+                abort();
+                }
+#endif
+
+        if (x->x509 != NULL) X509_free(x->x509);
+        if (x->crl != NULL) X509_CRL_free(x->crl);
+        if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey);
+        if (x->enc_data != NULL) OPENSSL_free(x->enc_data);
+        OPENSSL_free(x);
+        }
+
+IMPLEMENT_STACK_OF(X509_INFO)
+
diff --git a/src/lib/libcrypto/asn1/x_long.c b/src/lib/libcrypto/asn1/x_long.c
new file mode 100644
index 0000000000..0db233cb95
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_long.c
@@ -0,0 +1,171 @@
+/* x_long.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/bn.h>
+
+/* Custom primitive type for long handling. This converts between an ASN1_INTEGER
+ * and a long directly.
+ */
+
+
+static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+static ASN1_PRIMITIVE_FUNCS long_pf = {
+        NULL, 0,
+        long_new,
+        long_free,
+        long_free,      /* Clear should set to initial value */
+        long_c2i,
+        long_i2c
+};
+
+ASN1_ITEM_start(LONG)
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
+ASN1_ITEM_end(LONG)
+
+ASN1_ITEM_start(ZLONG)
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
+ASN1_ITEM_end(ZLONG)
+
+static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        *(long *)pval = it->size;
+        return 1;
+}
+
+static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        *(long *)pval = it->size;
+}
+
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+{
+        long ltmp;
+        unsigned long utmp;
+        int clen, pad, i;
+        /* this exists to bypass broken gcc optimization */
+        char *cp = (char *)pval;
+
+        /* use memcpy, because we may not be long aligned */
+        memcpy(&ltmp, cp, sizeof(long));
+
+        if(ltmp == it->size) return -1;
+        /* Convert the long to positive: we subtract one if negative so
+         * we can cleanly handle the padding if only the MSB of the leading
+         * octet is set. 
+         */
+        if(ltmp < 0) utmp = -ltmp - 1;
+        else utmp = ltmp;
+        clen = BN_num_bits_word(utmp);
+        /* If MSB of leading octet set we need to pad */
+        if(!(clen & 0x7)) pad = 1;
+        else pad = 0;
+
+        /* Convert number of bits to number of octets */
+        clen = (clen + 7) >> 3;
+
+        if(cont) {
+                if(pad) *cont++ = (ltmp < 0) ? 0xff : 0;
+                for(i = clen - 1; i >= 0; i--) {
+                        cont[i] = (unsigned char)(utmp & 0xff);
+                        if(ltmp < 0) cont[i] ^= 0xff;
+                        utmp >>= 8;
+                }
+        }
+        return clen + pad;
+}
+
+static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                    int utype, char *free_cont, const ASN1_ITEM *it)
+{
+        int neg, i;
+        long ltmp;
+        unsigned long utmp = 0;
+        char *cp = (char *)pval;
+        if(len > (int)sizeof(long)) {
+                ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+                return 0;
+        }
+        /* Is it negative? */
+        if(len && (cont[0] & 0x80)) neg = 1;
+        else neg = 0;
+        utmp = 0;
+        for(i = 0; i < len; i++) {
+                utmp <<= 8;
+                if(neg) utmp |= cont[i] ^ 0xff;
+                else utmp |= cont[i];
+        }
+        ltmp = (long)utmp;
+        if(neg) {
+                ltmp++;
+                ltmp = -ltmp;
+        }
+        if(ltmp == it->size) {
+                ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+                return 0;
+        }
+        memcpy(cp, &ltmp, sizeof(long));
+        return 1;
+}
diff --git a/src/lib/libcrypto/asn1/x_name.c b/src/lib/libcrypto/asn1/x_name.c
new file mode 100644
index 0000000000..04380abc3f
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_name.c
@@ -0,0 +1,275 @@
+/* crypto/asn1/x_name.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it,
+                                        int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
+static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
+
+static int x509_name_encode(X509_NAME *a);
+
+ASN1_SEQUENCE(X509_NAME_ENTRY) = {
+        ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
+        ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)
+} ASN1_SEQUENCE_END(X509_NAME_ENTRY)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)
+
+/* For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY }
+ * so declare two template wrappers for this
+ */
+
+ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
+ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)
+
+ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
+ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
+
+/* Normally that's where it would end: we'd have two nested STACK structures
+ * representing the ASN1. Unfortunately X509_NAME uses a completely different
+ * form and caches encodings so we have to process the internal form and convert
+ * to the external form.
+ */
+
+const ASN1_EXTERN_FUNCS x509_name_ff = {
+        NULL,
+        x509_name_ex_new,
+        x509_name_ex_free,
+        0,      /* Default clear behaviour is OK */
+        x509_name_ex_d2i,
+        x509_name_ex_i2d
+};
+
+IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) 
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)
+
+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
+{
+        X509_NAME *ret = NULL;
+        ret = OPENSSL_malloc(sizeof(X509_NAME));
+        if(!ret) goto memerr;
+        if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL)
+                goto memerr;
+        if((ret->bytes = BUF_MEM_new()) == NULL) goto memerr;
+        ret->modified=1;
+        *val = (ASN1_VALUE *)ret;
+        return 1;
+
+ memerr:
+        ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
+        if (ret)
+                {
+                if (ret->entries)
+                        sk_X509_NAME_ENTRY_free(ret->entries);
+                OPENSSL_free(ret);
+                }
+        return 0;
+}
+
+static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        X509_NAME *a;
+        if(!pval || !*pval)
+            return;
+        a = (X509_NAME *)*pval;
+
+        BUF_MEM_free(a->bytes);
+        sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
+        OPENSSL_free(a);
+        *pval = NULL;
+}
+
+/* Used with sk_pop_free() to free up the internal representation.
+ * NB: we only free the STACK and not its contents because it is
+ * already present in the X509_NAME structure.
+ */
+
+static void sk_internal_free(void *a)
+{
+        sk_free(a);
+}
+
+static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it,
+                                        int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+        const unsigned char *p = *in, *q;
+        union { STACK *s; ASN1_VALUE *a; } intname = {NULL};
+        union { X509_NAME *x; ASN1_VALUE *a; } nm = {NULL};
+        int i, j, ret;
+        STACK_OF(X509_NAME_ENTRY) *entries;
+        X509_NAME_ENTRY *entry;
+        q = p;
+
+        /* Get internal representation of Name */
+        ret = ASN1_item_ex_d2i(&intname.a,
+                               &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
+                               tag, aclass, opt, ctx);
+        
+        if(ret <= 0) return ret;
+
+        if(*val) x509_name_ex_free(val, NULL);
+        if(!x509_name_ex_new(&nm.a, NULL)) goto err;
+        /* We've decoded it: now cache encoding */
+        if(!BUF_MEM_grow(nm.x->bytes, p - q)) goto err;
+        memcpy(nm.x->bytes->data, q, p - q);
+
+        /* Convert internal representation to X509_NAME structure */
+        for(i = 0; i < sk_num(intname.s); i++) {
+                entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname.s, i);
+                for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
+                        entry = sk_X509_NAME_ENTRY_value(entries, j);
+                        entry->set = i;
+                        if(!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
+                                goto err;
+                }
+                sk_X509_NAME_ENTRY_free(entries);
+        }
+        sk_free(intname.s);
+        nm.x->modified = 0;
+        *val = nm.a;
+        *in = p;
+        return ret;
+        err:
+        ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+        return 0;
+}
+
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
+{
+        int ret;
+        X509_NAME *a = (X509_NAME *)*val;
+        if(a->modified) {
+                ret = x509_name_encode((X509_NAME *)a);
+                if(ret < 0) return ret;
+        }
+        ret = a->bytes->length;
+        if(out != NULL) {
+                memcpy(*out,a->bytes->data,ret);
+                *out+=ret;
+        }
+        return ret;
+}
+
+static int x509_name_encode(X509_NAME *a)
+{
+        union { STACK *s; ASN1_VALUE *a; } intname = {NULL};
+        int len;
+        unsigned char *p;
+        STACK_OF(X509_NAME_ENTRY) *entries = NULL;
+        X509_NAME_ENTRY *entry;
+        int i, set = -1;
+        intname.s = sk_new_null();
+        if(!intname.s) goto memerr;
+        for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+                entry = sk_X509_NAME_ENTRY_value(a->entries, i);
+                if(entry->set != set) {
+                        entries = sk_X509_NAME_ENTRY_new_null();
+                        if(!entries) goto memerr;
+                        if(!sk_push(intname.s, (char *)entries)) goto memerr;
+                        set = entry->set;
+                }
+                if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
+        }
+        len = ASN1_item_ex_i2d(&intname.a, NULL,
+                               ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+        if (!BUF_MEM_grow(a->bytes,len)) goto memerr;
+        p=(unsigned char *)a->bytes->data;
+        ASN1_item_ex_i2d(&intname.a,
+                         &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+        sk_pop_free(intname.s, sk_internal_free);
+        a->modified = 0;
+        return len;
+        memerr:
+        sk_pop_free(intname.s, sk_internal_free);
+        ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
+        return -1;
+}
+
+
+int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
+        {
+        X509_NAME *in;
+
+        if (!xn || !name) return(0);
+
+        if (*xn != name)
+                {
+                in=X509_NAME_dup(name);
+                if (in != NULL)
+                        {
+                        X509_NAME_free(*xn);
+                        *xn=in;
+                        }
+                }
+        return(*xn != NULL);
+        }
+        
+IMPLEMENT_STACK_OF(X509_NAME_ENTRY)
+IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY)
diff --git a/src/lib/libcrypto/asn1/x_pkey.c b/src/lib/libcrypto/asn1/x_pkey.c
new file mode 100644
index 0000000000..8453618426
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_pkey.c
@@ -0,0 +1,151 @@
+/* crypto/asn1/x_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
+
+/* need to implement */
+int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp)
+        {
+        return(0);
+        }
+
+X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, long length)
+        {
+        int i;
+        M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new);
+
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get_x(X509_ALGOR,ret->enc_algor,d2i_X509_ALGOR);
+        M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->enc_pkey,d2i_ASN1_OCTET_STRING);
+
+        ret->cipher.cipher=EVP_get_cipherbyname(
+                OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm)));
+        if (ret->cipher.cipher == NULL)
+                {
+                c.error=ASN1_R_UNSUPPORTED_CIPHER;
+                c.line=__LINE__;
+                goto err;
+                }
+        if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) 
+                {
+                i=ret->enc_algor->parameter->value.octet_string->length;
+                if (i > EVP_MAX_IV_LENGTH)
+                        {
+                        c.error=ASN1_R_IV_TOO_LARGE;
+                        c.line=__LINE__;
+                        goto err;
+                        }
+                memcpy(ret->cipher.iv,
+                        ret->enc_algor->parameter->value.octet_string->data,i);
+                }
+        else
+                memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
+        M_ASN1_D2I_Finish(a,X509_PKEY_free,ASN1_F_D2I_X509_PKEY);
+        }
+
+X509_PKEY *X509_PKEY_new(void)
+        {
+        X509_PKEY *ret=NULL;
+        ASN1_CTX c;
+
+        M_ASN1_New_Malloc(ret,X509_PKEY);
+        ret->version=0;
+        M_ASN1_New(ret->enc_algor,X509_ALGOR_new);
+        M_ASN1_New(ret->enc_pkey,M_ASN1_OCTET_STRING_new);
+        ret->dec_pkey=NULL;
+        ret->key_length=0;
+        ret->key_data=NULL;
+        ret->key_free=0;
+        ret->cipher.cipher=NULL;
+        memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
+        ret->references=1;
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW);
+        }
+
+void X509_PKEY_free(X509_PKEY *x)
+        {
+        int i;
+
+        if (x == NULL) return;
+
+        i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("X509_PKEY",x);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"X509_PKEY_free, bad reference count\n");
+                abort();
+                }
+#endif
+
+        if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor);
+        if (x->enc_pkey != NULL) M_ASN1_OCTET_STRING_free(x->enc_pkey);
+        if (x->dec_pkey != NULL)EVP_PKEY_free(x->dec_pkey);
+        if ((x->key_data != NULL) && (x->key_free)) OPENSSL_free(x->key_data);
+        OPENSSL_free(x);
+        }
diff --git a/src/lib/libcrypto/asn1/x_pubkey.c b/src/lib/libcrypto/asn1/x_pubkey.c
new file mode 100644
index 0000000000..91c2756116
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_pubkey.c
@@ -0,0 +1,531 @@
+/* crypto/asn1/x_pubkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+
+/* Minor tweak to operation: free up EVP_PKEY */
+static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+        {
+        if (operation == ASN1_OP_FREE_POST)
+                {
+                X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
+                EVP_PKEY_free(pubkey->pkey);
+                }
+        return 1;
+        }
+
+ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
+        ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
+        ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
+
+int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
+        {
+        X509_PUBKEY *pk=NULL;
+        X509_ALGOR *a;
+        ASN1_OBJECT *o;
+        unsigned char *s,*p = NULL;
+        int i;
+
+        if (x == NULL) return(0);
+
+        if ((pk=X509_PUBKEY_new()) == NULL) goto err;
+        a=pk->algor;
+
+        /* set the algorithm id */
+        if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;
+        ASN1_OBJECT_free(a->algorithm);
+        a->algorithm=o;
+
+        /* Set the parameter list */
+        if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA))
+                {
+                if ((a->parameter == NULL) ||
+                        (a->parameter->type != V_ASN1_NULL))
+                        {
+                        ASN1_TYPE_free(a->parameter);
+                        if (!(a->parameter=ASN1_TYPE_new()))
+                                {
+                                X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        a->parameter->type=V_ASN1_NULL;
+                        }
+                }
+#ifndef OPENSSL_NO_DSA
+        else if (pkey->type == EVP_PKEY_DSA)
+                {
+                unsigned char *pp;
+                DSA *dsa;
+                
+                dsa=pkey->pkey.dsa;
+                dsa->write_params=0;
+                ASN1_TYPE_free(a->parameter);
+                if ((i=i2d_DSAparams(dsa,NULL)) <= 0)
+                        goto err;
+                if (!(p=(unsigned char *)OPENSSL_malloc(i)))
+                        {
+                        X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                pp=p;
+                i2d_DSAparams(dsa,&pp);
+                if (!(a->parameter=ASN1_TYPE_new()))
+                        {
+                        OPENSSL_free(p);
+                        X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                a->parameter->type=V_ASN1_SEQUENCE;
+                if (!(a->parameter->value.sequence=ASN1_STRING_new()))
+                        {
+                        OPENSSL_free(p);
+                        X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                if (!ASN1_STRING_set(a->parameter->value.sequence,p,i))
+                        {
+                        OPENSSL_free(p);
+                        X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                OPENSSL_free(p);
+                }
+#endif
+#ifndef OPENSSL_NO_EC
+        else if (pkey->type == EVP_PKEY_EC)
+                {
+                int nid=0;
+                unsigned char *pp;
+                EC_KEY *ec_key;
+                const EC_GROUP *group;
+                
+                ec_key = pkey->pkey.ec;
+                ASN1_TYPE_free(a->parameter);
+
+                if ((a->parameter = ASN1_TYPE_new()) == NULL)
+                        {
+                        X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
+                        goto err;
+                        }
+
+                group = EC_KEY_get0_group(ec_key);
+                if (EC_GROUP_get_asn1_flag(group)
+                     && (nid = EC_GROUP_get_curve_name(group)))
+                        {
+                        /* just set the OID */
+                        a->parameter->type = V_ASN1_OBJECT;
+                        a->parameter->value.object = OBJ_nid2obj(nid);
+                        }
+                else /* explicit parameters */
+                        {
+                        if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
+                                {
+                                X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
+                                goto err;
+                                }
+                        if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
+                                {
+                                X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }       
+                        pp = p;
+                        if (!i2d_ECParameters(ec_key, &pp))
+                                {
+                                X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
+                                OPENSSL_free(p);
+                                goto err;
+                                }
+                        a->parameter->type = V_ASN1_SEQUENCE;
+                        if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL)
+                                {
+                                X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
+                                OPENSSL_free(p);
+                                goto err;
+                                }
+                        ASN1_STRING_set(a->parameter->value.sequence, p, i);
+                        OPENSSL_free(p);
+                        }
+                }
+#endif
+        else if (1)
+                {
+                X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
+                goto err;
+                }
+
+        if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
+        if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL)
+                {
+                X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        p=s;
+        i2d_PublicKey(pkey,&p);
+        if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i))
+                {
+                X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        /* Set number of unused bits to zero */
+        pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+        pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+
+        OPENSSL_free(s);
+
+#if 0
+        CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+        pk->pkey=pkey;
+#endif
+
+        if (*x != NULL)
+                X509_PUBKEY_free(*x);
+
+        *x=pk;
+
+        return 1;
+err:
+        if (pk != NULL) X509_PUBKEY_free(pk);
+        return 0;
+        }
+
+EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
+        {
+        EVP_PKEY *ret=NULL;
+        long j;
+        int type;
+        const unsigned char *p;
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+        const unsigned char *cp;
+        X509_ALGOR *a;
+#endif
+
+        if (key == NULL) goto err;
+
+        if (key->pkey != NULL)
+                {
+                CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+                return(key->pkey);
+                }
+
+        if (key->public_key == NULL) goto err;
+
+        type=OBJ_obj2nid(key->algor->algorithm);
+        if ((ret = EVP_PKEY_new()) == NULL)
+                {
+                X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        ret->type = EVP_PKEY_type(type);
+
+        /* the parameters must be extracted before the public key (ECDSA!) */
+        
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+        a=key->algor;
+#endif
+
+        if (0)
+                ;
+#ifndef OPENSSL_NO_DSA
+        else if (ret->type == EVP_PKEY_DSA)
+                {
+                if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
+                        {
+                        if ((ret->pkey.dsa = DSA_new()) == NULL)
+                                {
+                                X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        ret->pkey.dsa->write_params=0;
+                        cp=p=a->parameter->value.sequence->data;
+                        j=a->parameter->value.sequence->length;
+                        if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j))
+                                goto err;
+                        }
+                ret->save_parameters=1;
+                }
+#endif
+#ifndef OPENSSL_NO_EC
+        else if (ret->type == EVP_PKEY_EC)
+                {
+                if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
+                        {
+                        /* type == V_ASN1_SEQUENCE => we have explicit parameters
+                         * (e.g. parameters in the X9_62_EC_PARAMETERS-structure )
+                         */
+                        if ((ret->pkey.ec= EC_KEY_new()) == NULL)
+                                {
+                                X509err(X509_F_X509_PUBKEY_GET, 
+                                        ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        cp = p = a->parameter->value.sequence->data;
+                        j = a->parameter->value.sequence->length;
+                        if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j))
+                                {
+                                X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB);
+                                goto err;
+                                }
+                        }
+                else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT))
+                        {
+                        /* type == V_ASN1_OBJECT => the parameters are given
+                         * by an asn1 OID
+                         */
+                        EC_KEY   *ec_key;
+                        EC_GROUP *group;
+
+                        if (ret->pkey.ec == NULL)
+                                ret->pkey.ec = EC_KEY_new();
+                        ec_key = ret->pkey.ec;
+                        if (ec_key == NULL)
+                                goto err;
+                        group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
+                        if (group == NULL)
+                                goto err;
+                        EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
+                        if (EC_KEY_set_group(ec_key, group) == 0)
+                                goto err;
+                        EC_GROUP_free(group);
+                        }
+                        /* the case implicitlyCA is currently not implemented */
+                ret->save_parameters = 1;
+                }
+#endif
+
+        p=key->public_key->data;
+        j=key->public_key->length;
+        if (!d2i_PublicKey(type, &ret, &p, (long)j))
+                {
+                X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB);
+                goto err;
+                }
+
+        key->pkey = ret;
+        CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
+        return(ret);
+err:
+        if (ret != NULL)
+                EVP_PKEY_free(ret);
+        return(NULL);
+        }
+
+/* Now two pseudo ASN1 routines that take an EVP_PKEY structure
+ * and encode or decode as X509_PUBKEY
+ */
+
+EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp,
+             long length)
+        {
+        X509_PUBKEY *xpk;
+        EVP_PKEY *pktmp;
+        xpk = d2i_X509_PUBKEY(NULL, pp, length);
+        if(!xpk) return NULL;
+        pktmp = X509_PUBKEY_get(xpk);
+        X509_PUBKEY_free(xpk);
+        if(!pktmp) return NULL;
+        if(a)
+                {
+                EVP_PKEY_free(*a);
+                *a = pktmp;
+                }
+        return pktmp;
+        }
+
+int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
+        {
+        X509_PUBKEY *xpk=NULL;
+        int ret;
+        if(!a) return 0;
+        if(!X509_PUBKEY_set(&xpk, a)) return 0;
+        ret = i2d_X509_PUBKEY(xpk, pp);
+        X509_PUBKEY_free(xpk);
+        return ret;
+        }
+
+/* The following are equivalents but which return RSA and DSA
+ * keys
+ */
+#ifndef OPENSSL_NO_RSA
+RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp,
+             long length)
+        {
+        EVP_PKEY *pkey;
+        RSA *key;
+        const unsigned char *q;
+        q = *pp;
+        pkey = d2i_PUBKEY(NULL, &q, length);
+        if (!pkey) return NULL;
+        key = EVP_PKEY_get1_RSA(pkey);
+        EVP_PKEY_free(pkey);
+        if (!key) return NULL;
+        *pp = q;
+        if (a)
+                {
+                RSA_free(*a);
+                *a = key;
+                }
+        return key;
+        }
+
+int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
+        {
+        EVP_PKEY *pktmp;
+        int ret;
+        if (!a) return 0;
+        pktmp = EVP_PKEY_new();
+        if (!pktmp)
+                {
+                ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        EVP_PKEY_set1_RSA(pktmp, a);
+        ret = i2d_PUBKEY(pktmp, pp);
+        EVP_PKEY_free(pktmp);
+        return ret;
+        }
+#endif
+
+#ifndef OPENSSL_NO_DSA
+DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp,
+             long length)
+        {
+        EVP_PKEY *pkey;
+        DSA *key;
+        const unsigned char *q;
+        q = *pp;
+        pkey = d2i_PUBKEY(NULL, &q, length);
+        if (!pkey) return NULL;
+        key = EVP_PKEY_get1_DSA(pkey);
+        EVP_PKEY_free(pkey);
+        if (!key) return NULL;
+        *pp = q;
+        if (a)
+                {
+                DSA_free(*a);
+                *a = key;
+                }
+        return key;
+        }
+
+int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
+        {
+        EVP_PKEY *pktmp;
+        int ret;
+        if(!a) return 0;
+        pktmp = EVP_PKEY_new();
+        if(!pktmp)
+                {
+                ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        EVP_PKEY_set1_DSA(pktmp, a);
+        ret = i2d_PUBKEY(pktmp, pp);
+        EVP_PKEY_free(pktmp);
+        return ret;
+        }
+#endif
+
+#ifndef OPENSSL_NO_EC
+EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
+        {
+        EVP_PKEY *pkey;
+        EC_KEY *key;
+        const unsigned char *q;
+        q = *pp;
+        pkey = d2i_PUBKEY(NULL, &q, length);
+        if (!pkey) return(NULL);
+        key = EVP_PKEY_get1_EC_KEY(pkey);
+        EVP_PKEY_free(pkey);
+        if (!key)  return(NULL);
+        *pp = q;
+        if (a)
+                {
+                EC_KEY_free(*a);
+                *a = key;
+                }
+        return(key);
+        }
+
+int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
+        {
+        EVP_PKEY *pktmp;
+        int ret;
+        if (!a) return(0);
+        if ((pktmp = EVP_PKEY_new()) == NULL)
+                {
+                ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        EVP_PKEY_set1_EC_KEY(pktmp, a);
+        ret = i2d_PUBKEY(pktmp, pp);
+        EVP_PKEY_free(pktmp);
+        return(ret);
+        }
+#endif
diff --git a/src/lib/libcrypto/asn1/x_req.c b/src/lib/libcrypto/asn1/x_req.c
new file mode 100644
index 0000000000..59ca8ce329
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_req.c
@@ -0,0 +1,112 @@
+/* crypto/asn1/x_req.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+/* X509_REQ_INFO is handled in an unusual way to get round
+ * invalid encodings. Some broken certificate requests don't
+ * encode the attributes field if it is empty. This is in
+ * violation of PKCS#10 but we need to tolerate it. We do
+ * this by making the attributes field OPTIONAL then using
+ * the callback to initialise it to an empty STACK. 
+ *
+ * This means that the field will be correctly encoded unless
+ * we NULL out the field.
+ *
+ * As a result we no longer need the req_kludge field because
+ * the information is now contained in the attributes field:
+ * 1. If it is NULL then it's the invalid omission.
+ * 2. If it is empty it is the correct encoding.
+ * 3. If it is not empty then some attributes are present.
+ *
+ */
+
+static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
+
+        if(operation == ASN1_OP_NEW_POST) {
+                rinf->attributes = sk_X509_ATTRIBUTE_new_null();
+                if(!rinf->attributes) return 0;
+        }
+        return 1;
+}
+
+ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = {
+        ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME),
+        ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY),
+        /* This isn't really OPTIONAL but it gets round invalid
+         * encodings
+         */
+        ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0)
+} ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO)
+
+ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_REQ) = {
+        ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO),
+        ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ)
diff --git a/src/lib/libcrypto/asn1/x_sig.c b/src/lib/libcrypto/asn1/x_sig.c
new file mode 100644
index 0000000000..42efa86c1c
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_sig.c
@@ -0,0 +1,69 @@
+/* crypto/asn1/x_sig.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+ASN1_SEQUENCE(X509_SIG) = {
+        ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),
+        ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_SIG)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_SIG)
diff --git a/src/lib/libcrypto/asn1/x_spki.c b/src/lib/libcrypto/asn1/x_spki.c
new file mode 100644
index 0000000000..2aece077c5
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_spki.c
@@ -0,0 +1,81 @@
+/* crypto/asn1/x_spki.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+ /* This module was send to me my Pat Richards <patr@x509.com> who
+  * wrote it.  It is under my Copyright with his permission
+  */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1t.h>
+
+ASN1_SEQUENCE(NETSCAPE_SPKAC) = {
+        ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY),
+        ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_SPKAC)
+
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
+
+ASN1_SEQUENCE(NETSCAPE_SPKI) = {
+        ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC),
+        ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR),
+        ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_SPKI)
+
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKI)
diff --git a/src/lib/libcrypto/asn1/x_val.c b/src/lib/libcrypto/asn1/x_val.c
new file mode 100644
index 0000000000..dc17c67758
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_val.c
@@ -0,0 +1,69 @@
+/* crypto/asn1/x_val.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+ASN1_SEQUENCE(X509_VAL) = {
+        ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME),
+        ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME)
+} ASN1_SEQUENCE_END(X509_VAL)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_VAL)
diff --git a/src/lib/libcrypto/asn1/x_x509.c b/src/lib/libcrypto/asn1/x_x509.c
new file mode 100644
index 0000000000..e118696625
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_x509.c
@@ -0,0 +1,202 @@
+/* crypto/asn1/x_x509.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(X509_CINF) = {
+        ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
+        ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
+        ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
+        ASN1_SIMPLE(X509_CINF, validity, X509_VAL),
+        ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
+        ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),
+        ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
+        ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
+        ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
+} ASN1_SEQUENCE_END(X509_CINF)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
+/* X509 top level structure needs a bit of customisation */
+
+extern void policy_cache_free(X509_POLICY_CACHE *cache);
+
+static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        X509 *ret = (X509 *)*pval;
+
+        switch(operation) {
+
+                case ASN1_OP_NEW_POST:
+                ret->valid=0;
+                ret->name = NULL;
+                ret->ex_flags = 0;
+                ret->ex_pathlen = -1;
+                ret->skid = NULL;
+                ret->akid = NULL;
+#ifndef OPENSSL_NO_RFC3779
+                ret->rfc3779_addr = NULL;
+                ret->rfc3779_asid = NULL;
+#endif
+                ret->aux = NULL;
+                CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+                break;
+
+                case ASN1_OP_D2I_POST:
+                if (ret->name != NULL) OPENSSL_free(ret->name);
+                ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
+                break;
+
+                case ASN1_OP_FREE_POST:
+                CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+                X509_CERT_AUX_free(ret->aux);
+                ASN1_OCTET_STRING_free(ret->skid);
+                AUTHORITY_KEYID_free(ret->akid);
+                policy_cache_free(ret->policy_cache);
+#ifndef OPENSSL_NO_RFC3779
+                sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
+                ASIdentifiers_free(ret->rfc3779_asid);
+#endif
+
+                if (ret->name != NULL) OPENSSL_free(ret->name);
+                break;
+
+        }
+
+        return 1;
+
+}
+
+ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
+        ASN1_SIMPLE(X509, cert_info, X509_CINF),
+        ASN1_SIMPLE(X509, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509, X509)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509)
+
+static ASN1_METHOD meth=
+    {
+    (I2D_OF(void))  i2d_X509,
+    (D2I_OF(void)) d2i_X509,
+    (void *(*)(void))X509_new,
+    (void (*)(void *)) X509_free
+    };
+
+ASN1_METHOD *X509_asn1_meth(void)
+        {
+        return(&meth);
+        }
+
+int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+        {
+        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
+                                new_func, dup_func, free_func);
+        }
+
+int X509_set_ex_data(X509 *r, int idx, void *arg)
+        {
+        return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
+        }
+
+void *X509_get_ex_data(X509 *r, int idx)
+        {
+        return(CRYPTO_get_ex_data(&r->ex_data,idx));
+        }
+
+/* X509_AUX ASN1 routines. X509_AUX is the name given to
+ * a certificate with extra info tagged on the end. Since these
+ * functions set how a certificate is trusted they should only
+ * be used when the certificate comes from a reliable source
+ * such as local storage.
+ *
+ */
+
+X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
+{
+        const unsigned char *q;
+        X509 *ret;
+        /* Save start position */
+        q = *pp;
+        ret = d2i_X509(a, pp, length);
+        /* If certificate unreadable then forget it */
+        if(!ret) return NULL;
+        /* update length */
+        length -= *pp - q;
+        if(!length) return ret;
+        if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err;
+        return ret;
+        err:
+        X509_free(ret);
+        return NULL;
+}
+
+int i2d_X509_AUX(X509 *a, unsigned char **pp)
+{
+        int length;
+        length = i2d_X509(a, pp);
+        if(a) length += i2d_X509_CERT_AUX(a->aux, pp);
+        return length;
+}
diff --git a/src/lib/libcrypto/asn1/x_x509a.c b/src/lib/libcrypto/asn1/x_x509a.c
new file mode 100644
index 0000000000..13db5fd03f
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_x509a.c
@@ -0,0 +1,180 @@
+/* a_x509a.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+/* X509_CERT_AUX routines. These are used to encode additional
+ * user modifiable data about a certificate. This data is
+ * appended to the X509 encoding when the *_X509_AUX routines
+ * are used. This means that the "traditional" X509 routines
+ * will simply ignore the extra data. 
+ */
+
+static X509_CERT_AUX *aux_get(X509 *x);
+
+ASN1_SEQUENCE(X509_CERT_AUX) = {
+        ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
+        ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),
+        ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),
+        ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),
+        ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)
+} ASN1_SEQUENCE_END(X509_CERT_AUX)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
+
+static X509_CERT_AUX *aux_get(X509 *x)
+{
+        if(!x) return NULL;
+        if(!x->aux && !(x->aux = X509_CERT_AUX_new())) return NULL;
+        return x->aux;
+}
+
+int X509_alias_set1(X509 *x, unsigned char *name, int len)
+{
+        X509_CERT_AUX *aux;
+        if (!name)
+                {
+                if (!x || !x->aux || !x->aux->alias)
+                        return 1;
+                ASN1_UTF8STRING_free(x->aux->alias);
+                x->aux->alias = NULL;
+                return 1;
+                }
+        if(!(aux = aux_get(x))) return 0;
+        if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0;
+        return ASN1_STRING_set(aux->alias, name, len);
+}
+
+int X509_keyid_set1(X509 *x, unsigned char *id, int len)
+{
+        X509_CERT_AUX *aux;
+        if (!id)
+                {
+                if (!x || !x->aux || !x->aux->keyid)
+                        return 1;
+                ASN1_OCTET_STRING_free(x->aux->keyid);
+                x->aux->keyid = NULL;
+                return 1;
+                }
+        if(!(aux = aux_get(x))) return 0;
+        if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0;
+        return ASN1_STRING_set(aux->keyid, id, len);
+}
+
+unsigned char *X509_alias_get0(X509 *x, int *len)
+{
+        if(!x->aux || !x->aux->alias) return NULL;
+        if(len) *len = x->aux->alias->length;
+        return x->aux->alias->data;
+}
+
+unsigned char *X509_keyid_get0(X509 *x, int *len)
+{
+        if(!x->aux || !x->aux->keyid) return NULL;
+        if(len) *len = x->aux->keyid->length;
+        return x->aux->keyid->data;
+}
+
+int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
+{
+        X509_CERT_AUX *aux;
+        ASN1_OBJECT *objtmp;
+        if(!(objtmp = OBJ_dup(obj))) return 0;
+        if(!(aux = aux_get(x))) return 0;
+        if(!aux->trust
+                && !(aux->trust = sk_ASN1_OBJECT_new_null())) return 0;
+        return sk_ASN1_OBJECT_push(aux->trust, objtmp);
+}
+
+int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)
+{
+        X509_CERT_AUX *aux;
+        ASN1_OBJECT *objtmp;
+        if(!(objtmp = OBJ_dup(obj))) return 0;
+        if(!(aux = aux_get(x))) return 0;
+        if(!aux->reject
+                && !(aux->reject = sk_ASN1_OBJECT_new_null())) return 0;
+        return sk_ASN1_OBJECT_push(aux->reject, objtmp);
+}
+
+void X509_trust_clear(X509 *x)
+{
+        if(x->aux && x->aux->trust) {
+                sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);
+                x->aux->trust = NULL;
+        }
+}
+
+void X509_reject_clear(X509 *x)
+{
+        if(x->aux && x->aux->reject) {
+                sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);
+                x->aux->reject = NULL;
+        }
+}
+
+ASN1_SEQUENCE(X509_CERT_PAIR) = {
+        ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0),
+        ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1)
+} ASN1_SEQUENCE_END(X509_CERT_PAIR)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_PAIR)