From Dirk

dissector for Novell's PKIS certificate extensions

from me
clean up the $Id$ tags
remove packet-pkis(-template).h
remove ASN.1 definitions that cause compiler warnings
   (OID, SecurityLabelType2)
move the dissector to the clean ASN.1 dissectors
support CMake build
change the name to novell_pkis

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9597

svn path=/trunk/; revision=54508

14 files changed, 1262 insertions, 0 deletions

diff --git a/asn1/CMakeLists.txt b/asn1/CMakeLists.txt
index 8a519a9508..dc86af264b 100644
--- a/asn1/CMakeLists.txt
+++ b/asn1/CMakeLists.txt
@@ -79,6 +79,7 @@ set(ASN1_SRC_DIRS
 	mpeg-pes
 	nbap
 	ns_cert_exts
+	novell_pkis
 	ocsp
 	p1
 	p22
diff --git a/asn1/Makefile.am b/asn1/Makefile.am
index 238c845144..0f62fe351d 100644
--- a/asn1/Makefile.am
+++ b/asn1/Makefile.am
@@ -80,6 +80,7 @@ SUBDIRS =		\
 	mpeg-audio	\
 	mpeg-pes	\
 	nbap		\
+	novell_pkis		\
 	ns_cert_exts	\
 	ocsp		\
 	p1		\
diff --git a/asn1/Makefile.nmake b/asn1/Makefile.nmake
index 1ab5f69239..213adbd2e9 100644
--- a/asn1/Makefile.nmake
+++ b/asn1/Makefile.nmake
@@ -78,6 +78,7 @@ BER_LIST= \
 	logotypecertextn	\
 	mms			\
 	ns_cert_exts		\
+	novell_pkis			\
 	ocsp			\
 	p1			\
 	p22			\
diff --git a/asn1/novell_pkis/CMakeLists.txt b/asn1/novell_pkis/CMakeLists.txt
new file mode 100644
index 0000000000..2895aefc36
--- /dev/null
+++ b/asn1/novell_pkis/CMakeLists.txt
@@ -0,0 +1,47 @@
+# CMakeLists.txt
+#
+# $Id$
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <gerald@wireshark.org>
+# Copyright 1998 Gerald Combs
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+set( PROTOCOL_NAME novell_pkis )
+
+set( EXT_ASN_FILE_LIST
+)
+
+set( ASN_FILE_LIST
+	${EXT_ASN_FILE_LIST}
+	${PROTOCOL_NAME}.asn
+)
+
+set( EXTRA_DIST
+	${ASN_FILE_LIST}
+	packet-${PROTOCOL_NAME}-template.c
+	${PROTOCOL_NAME}.cnf
+)
+
+set( SRC_FILES
+	${EXTRA_DIST}
+	${EXT_ASN_FILE_LIST}
+)
+
+set( A2W_FLAGS -b -u )
+
+ASN2WRS()
diff --git a/asn1/novell_pkis/Makefile.am b/asn1/novell_pkis/Makefile.am
new file mode 100644
index 0000000000..ff76388193
--- /dev/null
+++ b/asn1/novell_pkis/Makefile.am
@@ -0,0 +1,23 @@
+# $Id$
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <gerald@wireshark.org>
+# Copyright 1998 Gerald Combs
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+include ../Makefile.preinc
+include Makefile.common
+include ../Makefile.inc
diff --git a/asn1/novell_pkis/Makefile.common b/asn1/novell_pkis/Makefile.common
new file mode 100644
index 0000000000..5ab18b1203
--- /dev/null
+++ b/asn1/novell_pkis/Makefile.common
@@ -0,0 +1,37 @@
+# $Id$
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <gerald@wireshark.org>
+# Copyright 1998 Gerald Combs
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+PROTOCOL_NAME=novell_pkis
+
+EXT_ASN_FILE_LIST =
+ASN_FILE_LIST = $(PROTOCOL_NAME).asn
+
+EXTRA_DIST = \
+	Makefile.nmake \
+	$(ASN_FILE_LIST) \
+	packet-$(PROTOCOL_NAME)-template.c \
+	$(PROTOCOL_NAME).cnf
+
+SRC_FILES = \
+	$(EXTRA_DIST) \
+	$(EXT_ASN_FILE_LIST) \
+	$(ASN_FILE_LIST)
+
+A2W_FLAGS = -b -u
diff --git a/asn1/novell_pkis/Makefile.nmake b/asn1/novell_pkis/Makefile.nmake
new file mode 100644
index 0000000000..ce532ca797
--- /dev/null
+++ b/asn1/novell_pkis/Makefile.nmake
@@ -0,0 +1,26 @@
+## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake
+#
+# $Id$
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <gerald@wireshark.org>
+# Copyright 1998 Gerald Combs
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+include ../../config.nmake
+include ../Makefile.preinc.nmake
+include Makefile.common
+include ../Makefile.inc.nmake
diff --git a/asn1/novell_pkis/novell_pkis.asn b/asn1/novell_pkis/novell_pkis.asn
new file mode 100644
index 0000000000..fff6c8a9ad
--- /dev/null
+++ b/asn1/novell_pkis/novell_pkis.asn
@@ -0,0 +1,283 @@
+-- from pkisv10.pdf
+-- you can find this document at https://web.archive.org/web/19990224174228/http://www.developer.novell.com/repository/attributes/certattrs_v10.htm
+
+PKIS { joint-iso-ccitt(2) country(16) us(840) organization(1) novell (113719) } DEFINITIONS IMPLICIT TAGS ::=
+BEGIN
+
+-- ASN.1 Definition of Useful Attributes
+
+-- The following are useful Novell OIDs, etc.
+novell OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) country(16) us(840) organization(1) novell (113719)}
+applications OBJECT IDENTIFIER ::= {novell applications(1) }
+pki OBJECT IDENTIFIER ::= {applications pki(9) }
+pkiAttributeType OBJECT IDENTIFIER ::= {pki at(4) }
+pkiAttributeSyntax OBJECT IDENTIFIER ::= {pki at(5) }
+pkiObjectClass OBJECT IDENTIFIER ::= {pki at(6) }
+
+-- The following unique PKI attributes are hereby defined under the novell applications pki arc:
+pa-sa OBJECT IDENTIFIER ::= { pkiAttributeType (1) }
+ -- securityAttributes
+ -- 2.16.840.113719.1.9.4.1
+
+pa-rl OBJECT IDENTIFIER ::= { pkiAttributeType (2) }
+ -- relianceLimit
+ -- 2.16.840.113719.1.9.4.2
+
+SecurityAttributes ::= SEQUENCE {
+ versionNumber OCTET STRING (SIZE (2)),
+  -- The initial value should be (01 00)
+  -- The first octet is the major version,
+  -- the second octet is the minor version number.
+ nSI BOOLEAN (TRUE),
+  -- NSI = “Nonverified Subscriber Information”
+  -- If FALSE, it means that the CA issuing
+  -- a certificate HAS verified the validity
+  -- of ALL of the values contained
+  -- within the Novell Security Attributes
+  -- using appropriate means as defined
+  -- for example in their Certificate Policy
+  -- and/or Certificate Practice Statement
+  -- If TRUE, it means that the subscriber
+  -- requesting the certificate has represented
+  -- to the CA that the extension defined
+  -- is valid and correct, but that the CA
+  -- has not independently validated the accuracy
+  -- of the attribute. Note that in no case may
+  -- the CA issue a certificate containing an
+  -- extension which it has reason to
+  -- believe is not accurate at the time of
+  -- issuance, except for test certificates
+  -- which are identified as such in the
+  -- Certificate class attribute (by setting
+  -- the certificateValid flag to FALSE.)
+ securityTM PrintableString ("Novell Security Attribute(tm)"),
+  -- Note: Since the “Novell Security
+  -- Attribute(tm)” string is trademarked, if
+  -- it is displayed visually to the user it
+  -- must be presented exactly as shown,
+  -- in English, even in non-English
+  -- implementations. A translation of the
+  -- phrase may be displayed to the user
+  -- in addition, if desired.
+  -- Vendors who license the use of the term
+  -- must agree to check for the presence of
+  -- this string in any attribute defined (by its
+  -- OID) as a Novell Security attribute
+ uriReference IA5String,
+  -- The initial value should be set to (“http://developer.novell.com/repository/attributes/certattrs_v10.htm”),
+  -- This attribute will be included in all
+  -- NICI and PKIS certificates.
+  -- Novell will maintain a copy of this
+  -- document or other suitable definition
+  -- at that location.
+ gLBExtensions GLBExtensions
+}
+
+GLBExtensions::=SEQUENCE{
+  -- These are the extensions over which the
+  -- Greatest Lower Bound is computed within NICI.
+ keyQuality [0] IMPLICIT KeyQuality,
+ cryptoProcessQuality [1] IMPLICIT CryptoProcessQuality,
+ certificateClass [2] IMPLICIT CertificateClass,
+ enterpriseId [3] IMPLICIT EnterpriseId
+}
+
+-- ASN.1 Definitions of Key Quality and Crypto Process Quality Attributes:
+KeyQuality ::= Quality
+CryptoProcessQuality ::= Quality
+
+Quality ::= SEQUENCE {
+ enforceQuality BOOLEAN,
+  -- If TRUE, the explicit attributes compusecQuality,
+  -- cryptoQuality, and keyStorageQuality, plus the
+  -- implicit attributes algorithmType and keyLength
+  -- are either enforced at all times, or a dynamic low
+  -- water mark (Greatest Lower Bound)may be maintained.
+  -- I.e., if enforceQuality is TRUE for the
+  -- keyQuality attribute, the key must never be
+  -- allowed to be transported to and/or used on any
+  -- platform that does not meet the minimum
+  -- criteria, and hence enforceQuality must be TRUE for
+  -- the cryptoProcessQuality as well
+  -- If enforceQuality is FALSE for keyQuality, but
+  -- TRUE for cryptoProcessQuality, then the
+  -- operating system has not enforced the criteria
+  -- in any technical sense, but the subscriber
+  -- is nonetheless representing that the minimum
+  -- criteria will be maintained,
+  -- e.g., by manual or procedural controls.
+  -- For PKIS and NICI versions 1.0, enforceQuality
+  -- must be set to FALSE in the keyQuality attribute.
+ compusecQuality     CompusecQuality,
+ cryptoQuality       CryptoQuality,
+ keyStorageQuality   INTEGER (0..255) -- See definitions in Appendix C
+}
+
+CompusecQuality ::= SEQUENCE SIZE (1..1)
+                    OF CompusecQualityPair
+  -- Multiple pairs of {Criteria, Rating} are allowed
+  -- In the first release, only one pair(TCSEC criteria)is provided
+
+CompusecQualityPair ::= SEQUENCE {
+ compusecCriteria INTEGER(0..255),
+  -- The default should be 1, but DEFAULT implies OPTIONAL, which
+  -- is not the intent. So the value has to be coded explicitly.
+  -- 0= Reserved (encoding error)
+  -- 1= Trusted Computer Security Evaluation Criteria (TCSEC)
+  -- 2= International Trusted Security Evaluation Criteria (ITSEC)
+  -- 3= Common Criteria
+  -- all others reserved
+ compusecRating INTEGER (0..255)
+  -- the compusecRating is in accordance with the specified
+  -- compusecCriteria for each pair in the sequence
+  -- Defined values for ratings for components and systems formally
+  -- evaluated in accordance with the Trusted Computer Security
+  -- Evaluation Criteria and the Trusted Network Interpretation
+  -- (Red Book) are provided in Appendix A.
+}
+
+CryptoQuality ::= SEQUENCE SIZE (1..1)
+                  OF CryptoQualityPair
+  -- Multiple pairs of {Criteria, Rating} are allowed.
+  -- In the initial release, only one pair is provided.
+
+CryptoQualityPair ::= SEQUENCE {
+ cryptoModuleCriteria INTEGER(0..255),
+  -- The default should be 1, but DEFAULT implies OPTIONAL, which
+  -- is not the intent. So the value has to be coded explicitly.
+  -- 1 = FIPS 140-1
+  -- all others reserved
+ cryptoModuleRating INTEGER (0..255)
+  -- the cryptoModuleRating value is in accordance with
+  -- the specified cryptoModuleCriteria for each pair
+  -- FIPS 140-1 ratings definitions:
+  -- 0 = Reserved (encoding error)
+  -- 1 = unevaluated/unknown,
+  -- all others—see Appendix B
+}
+
+-- ASN.1 Definition of Certificate Class Attribute:
+
+CertificateClass ::= SEQUENCE {
+ classValue       INTEGER (0..255),
+  -- Defined class values are contained in Appendix C
+ certificateValid       BOOLEAN
+  -- The default should be true, but DEFAULT is OPTIONAL
+  -- which would make the GLB computation awkward.
+  -- See Section 5 and the footnote for a discussion.
+}
+
+-- ASN.1 Definition of Enterprise Identifier Attribute:
+
+EnterpriseId ::= SEQUENCE {
+ rootLabel [0] IMPLICIT SecurityLabelType1,
+ registryLabel [1] IMPLICIT SecurityLabelType1,
+ enterpriseLabel [2] IMPLICIT SEQUENCE SIZE (1..1) OF SecurityLabelType1
+}
+
+SecurityLabelType1 ::= SEQUENCE {
+ labelType1 INTEGER (0..255),
+  -- The default should be 2, but DEFAULT implies OPTIONAL, which
+  -- is not the intent. So the value has to be coded explicitly.
+  -- Note that the label type for Version 1
+  -- of Graded Authentication is 0 or 1.
+  -- Byte sizes and reserved fields are omitted,
+  -- because they are derivable from the ASN.1.
+ secrecyLevel1 INTEGER (0..255),
+  -- The default should be 0, but DEFAULT implies OPTIONAL, which
+  -- is not the intent. So the value has to be coded explicitly.
+  -- 0 = low secrecy, 255 = high secrecy
+  -- It seems highly unlikely anyone would ever
+  -- need more than 255 secrecy levels
+ integrityLevel1      INTEGER (0..255),
+  -- The default should be 0, but DEFAULT implies OPTIONAL, which
+  -- is not the intent. So the value has to be coded explicitly.
+  -- NOTE! 255 = low integrity, 0 = high integrity!
+  -- It seems highly unlikely anyone would ever
+  -- need more than 255 integrity levels
+ secrecyCategories1   BIT STRING (SIZE(96)),
+  -- The default should be FALSE, but DEFAULT implies OPTIONAL,
+  -- which is not the intent. So the value has to be coded
+  -- explicitly.
+  -- 96 secrecy categories, 0 origin indexing
+ integrityCategories1 BIT STRING (SIZE(64)),
+  -- The default should be FALSE, but DEFAULT implies OPTIONAL,
+  -- which is not the intent. So the value has to be coded
+  -- explicitly.
+  -- 64 integrity categories, 0 origin indexing
+ secrecySingletons1 Singletons,
+ integritySingletons1 Singletons
+}
+
+-- (removed the unused definition of SecurityLabelType2)
+
+Singletons ::= SEQUENCE SIZE (1..16) OF SingletonChoice
+  -- Presently up to 16 singletons or singleton ranges
+  -- can be defined within one security label. This
+  -- is completely arbitrary and can be easily changed,
+  -- but it seems reasonable. Note that no more space
+  -- is taken in the ASN.1 DER encoding than is actually
+  -- required.
+
+SingletonChoice ::= CHOICE {
+ uniqueSingleton     INTEGER (0..9223372036854775807),
+  -- The implied value of the singleton being
+  -- specified in this case is TRUE.
+  -- Note that there isn’t any way to set a
+  -- singleton value to FALSE, except by using the
+  -- SingletonRange functions with identical lower
+  -- and upper bounds.
+ singletonRange      SingletonRange
+}
+
+SingletonRange ::= SEQUENCE {
+ singletonLowerBound INTEGER (0..9223372036854775807),
+  -- The default should be 0, but DEFAULT implies OPTIONAL,
+  -- which is not the intent. So the value has to be coded
+  -- explicitly.
+  -- Lower bound of a range of singletons
+  -- to be set to the singletonValue specified
+
+ singletonUpperBound INTEGER (0..9223372036854775807),
+  -- The default should be 9223372036854775807,
+  -- but DEFAULT implies OPTIONAL,
+  -- which is not the intent. So the value has to be coded
+  -- explicitly.
+  -- Upper bound of a range of singletons
+  -- to be set to the singletonValue specified
+ singletonValue BOOLEAN
+  -- An entire range of singletons can be set to
+  -- either TRUE or FALSE.
+  -- Note that singletonRanges are allowed to overlap,
+  -- and in particular that a uniqueSingleton can
+  -- reset a singleton value already set by a
+  -- singletonRange, and vice versa.
+  -- The uniqueSingleton and singletonRanges are applied
+  -- consecutively, from the lower bound of SEQUENCE (1)
+  -- to the upper bound.
+}
+
+-- ASN.1 Definition of Reliance Limit Attribute:
+
+-- relianceLimits EXTENSION ::= { SYNTAX RelianceLimits IDENTIFIED BY {pa-rl) }
+-- 2.16.840.113719.1.9.4.2
+
+RelianceLimits ::= SEQUENCE {
+ perTransactionLimit MonetaryValue,
+ perCertificateLimit MonetaryValue
+}
+
+MonetaryValue ::= SEQUENCE { -- from SET and draft ANSI X9.45
+ currency Currency,
+ amount INTEGER, -- value is amount * (10 ** amtExp10), an exact representation
+ amtExp10 INTEGER
+}
+
+Currency ::= INTEGER (1..999)
+-- currency denomination from ISO 4217
+-- cf. Appendix E for the numeric currency codes and their
+-- alphabetic (display) equivalents.
+-- US Dollar (USD) is 840.
+-- Euro (EUR) is 978.
+
+END
diff --git a/asn1/novell_pkis/novell_pkis.cnf b/asn1/novell_pkis/novell_pkis.cnf
new file mode 100644
index 0000000000..c173f2dd4a
--- /dev/null
+++ b/asn1/novell_pkis/novell_pkis.cnf
@@ -0,0 +1,22 @@
+# pkis.cnf
+
+# $Id$
+
+#.MODULE_IMPORT
+
+#.EXPORTS
+
+#.REGISTER
+SecurityAttributes B "2.16.840.1.113719.1.9.4.1" "pa-sa"
+RelianceLimits     B "2.16.840.1.113719.1.9.4.2" "pa-rl"
+
+#.PDU
+# PKIS-MESSAGE
+
+#.NO_EMIT
+
+#.TYPE_RENAME
+
+#.FIELD_RENAME
+
+#.END
diff --git a/asn1/novell_pkis/packet-novell_pkis-template.c b/asn1/novell_pkis/packet-novell_pkis-template.c
new file mode 100644
index 0000000000..c0192c5f33
--- /dev/null
+++ b/asn1/novell_pkis/packet-novell_pkis-template.c
@@ -0,0 +1,66 @@
+/* packet-novell_pkis.c
+ *
+ * $Id$
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "config.h"
+
+#include <glib.h>
+#include <epan/expert.h>
+#include <epan/packet.h>
+#include <epan/prefs.h>
+#include <epan/oids.h>
+#include <epan/conversation.h>
+#include <epan/asn1.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include <epan/dissectors/packet-per.h>
+#include "packet-ber.h"
+
+#include "packet-novell_pkis-hf.c"
+#include "packet-novell_pkis-ett.c"
+#include "packet-novell_pkis-fn.c"
+
+static int proto_novell_pkis = -1;
+
+void proto_reg_handoff_novell_pkis(void)
+{
+#include "packet-novell_pkis-dis-tab.c"
+}
+
+void proto_register_novell_pkis (void)
+{
+  static hf_register_info hf[] = {
+#include "packet-novell_pkis-hfarr.c"
+  };
+  static gint *ett[] = {
+#include "packet-novell_pkis-ettarr.c"
+  };
+
+  /* execute protocol initialization only once */
+  if (proto_novell_pkis != -1) return;
+
+  proto_novell_pkis = proto_register_protocol("Novell PKIS ASN.1 type", "novell_pkis", "novell_pkis");
+  proto_register_field_array (proto_novell_pkis, hf, array_length (hf));
+  proto_register_subtree_array (ett, array_length (ett));
+}
diff --git a/configure.ac b/configure.ac
index 5808cded2b..0a6fb01ec1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2801,6 +2801,7 @@ AC_OUTPUT(
   asn1/mpeg-pes/Makefile
   asn1/nbap/Makefile
   asn1/ns_cert_exts/Makefile
+  asn1/novell_pkis/Makefile
   asn1/ocsp/Makefile
   asn1/p1/Makefile
   asn1/p22/Makefile
diff --git a/epan/CMakeLists.txt b/epan/CMakeLists.txt
index 66a7cf4e4a..a6eec91399 100644
--- a/epan/CMakeLists.txt
+++ b/epan/CMakeLists.txt
@@ -237,6 +237,7 @@ set(ASN1_DISSECTOR_SRC
 	dissectors/packet-mpeg-audio.c
 	dissectors/packet-mpeg-pes.c
 	dissectors/packet-nbap.c
+	dissectors/packet-novell_pkis.c
 	dissectors/packet-ns_cert_exts.c
 	dissectors/packet-ocsp.c
 	dissectors/packet-p22.c
diff --git a/epan/dissectors/Makefile.common b/epan/dissectors/Makefile.common
index 4d3cac798d..d1ff9a1ca6 100644
--- a/epan/dissectors/Makefile.common
+++ b/epan/dissectors/Makefile.common
@@ -148,6 +148,7 @@ ASN1_DISSECTOR_SRC = \
 	packet-mpeg-audio.c \
 	packet-mpeg-pes.c \
 	packet-nbap.c \
+	packet-novell_pkis.c \
 	packet-ns_cert_exts.c \
 	packet-ocsp.c \
 	packet-opsi.c \
diff --git a/epan/dissectors/packet-novell_pkis.c b/epan/dissectors/packet-novell_pkis.c
new file mode 100644
index 0000000000..732a063d30
--- /dev/null
+++ b/epan/dissectors/packet-novell_pkis.c
@@ -0,0 +1,752 @@
+/* Do not modify this file. Changes will be overwritten.                      */
+/* Generated automatically by the ASN.1 to Wireshark dissector compiler       */
+/* packet-novell_pkis.c                                                       */
+/* ../../tools/asn2wrs.py -b -u -p novell_pkis -c ./novell_pkis.cnf -s ./packet-novell_pkis-template -D . -O ../../epan/dissectors novell_pkis.asn */
+
+/* Input file: packet-novell_pkis-template.c */
+
+#line 1 "../../asn1/novell_pkis/packet-novell_pkis-template.c"
+/* packet-novell_pkis.c
+ *
+ * $Id$
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "config.h"
+
+#include <glib.h>
+#include <epan/expert.h>
+#include <epan/packet.h>
+#include <epan/prefs.h>
+#include <epan/oids.h>
+#include <epan/conversation.h>
+#include <epan/asn1.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include <epan/dissectors/packet-per.h>
+#include "packet-ber.h"
+
+
+/*--- Included file: packet-novell_pkis-hf.c ---*/
+#line 1 "../../asn1/novell_pkis/packet-novell_pkis-hf.c"
+static int hf_novell_pkis_SecurityAttributes_PDU = -1;  /* SecurityAttributes */
+static int hf_novell_pkis_RelianceLimits_PDU = -1;  /* RelianceLimits */
+static int hf_novell_pkis_versionNumber = -1;     /* OCTET_STRING_SIZE_2 */
+static int hf_novell_pkis_nSI = -1;               /* BOOLEAN */
+static int hf_novell_pkis_securityTM = -1;        /* T_securityTM */
+static int hf_novell_pkis_uriReference = -1;      /* IA5String */
+static int hf_novell_pkis_gLBExtensions = -1;     /* GLBExtensions */
+static int hf_novell_pkis_keyQuality = -1;        /* KeyQuality */
+static int hf_novell_pkis_cryptoProcessQuality = -1;  /* CryptoProcessQuality */
+static int hf_novell_pkis_certificateClass = -1;  /* CertificateClass */
+static int hf_novell_pkis_enterpriseId = -1;      /* EnterpriseId */
+static int hf_novell_pkis_enforceQuality = -1;    /* BOOLEAN */
+static int hf_novell_pkis_compusecQuality = -1;   /* CompusecQuality */
+static int hf_novell_pkis_cryptoQuality = -1;     /* CryptoQuality */
+static int hf_novell_pkis_keyStorageQuality = -1;  /* INTEGER_0_255 */
+static int hf_novell_pkis_CompusecQuality_item = -1;  /* CompusecQualityPair */
+static int hf_novell_pkis_compusecCriteria = -1;  /* INTEGER_0_255 */
+static int hf_novell_pkis_compusecRating = -1;    /* INTEGER_0_255 */
+static int hf_novell_pkis_CryptoQuality_item = -1;  /* CryptoQualityPair */
+static int hf_novell_pkis_cryptoModuleCriteria = -1;  /* INTEGER_0_255 */
+static int hf_novell_pkis_cryptoModuleRating = -1;  /* INTEGER_0_255 */
+static int hf_novell_pkis_classValue = -1;        /* INTEGER_0_255 */
+static int hf_novell_pkis_certificateValid = -1;  /* BOOLEAN */
+static int hf_novell_pkis_rootLabel = -1;         /* SecurityLabelType1 */
+static int hf_novell_pkis_registryLabel = -1;     /* SecurityLabelType1 */
+static int hf_novell_pkis_enterpriseLabel = -1;   /* SEQUENCE_SIZE_1_1_OF_SecurityLabelType1 */
+static int hf_novell_pkis_enterpriseLabel_item = -1;  /* SecurityLabelType1 */
+static int hf_novell_pkis_labelType1 = -1;        /* INTEGER_0_255 */
+static int hf_novell_pkis_secrecyLevel1 = -1;     /* INTEGER_0_255 */
+static int hf_novell_pkis_integrityLevel1 = -1;   /* INTEGER_0_255 */
+static int hf_novell_pkis_secrecyCategories1 = -1;  /* BIT_STRING_SIZE_96 */
+static int hf_novell_pkis_integrityCategories1 = -1;  /* BIT_STRING_SIZE_64 */
+static int hf_novell_pkis_secrecySingletons1 = -1;  /* Singletons */
+static int hf_novell_pkis_integritySingletons1 = -1;  /* Singletons */
+static int hf_novell_pkis_Singletons_item = -1;   /* SingletonChoice */
+static int hf_novell_pkis_uniqueSingleton = -1;   /* INTEGER_0_9223372036854775807 */
+static int hf_novell_pkis_singletonRange = -1;    /* SingletonRange */
+static int hf_novell_pkis_singletonLowerBound = -1;  /* INTEGER_0_9223372036854775807 */
+static int hf_novell_pkis_singletonUpperBound = -1;  /* INTEGER_0_9223372036854775807 */
+static int hf_novell_pkis_singletonValue = -1;    /* BOOLEAN */
+static int hf_novell_pkis_perTransactionLimit = -1;  /* MonetaryValue */
+static int hf_novell_pkis_perCertificateLimit = -1;  /* MonetaryValue */
+static int hf_novell_pkis_currency = -1;          /* Currency */
+static int hf_novell_pkis_amount = -1;            /* INTEGER */
+static int hf_novell_pkis_amtExp10 = -1;          /* INTEGER */
+
+/*--- End of included file: packet-novell_pkis-hf.c ---*/
+#line 41 "../../asn1/novell_pkis/packet-novell_pkis-template.c"
+
+/*--- Included file: packet-novell_pkis-ett.c ---*/
+#line 1 "../../asn1/novell_pkis/packet-novell_pkis-ett.c"
+static gint ett_novell_pkis_SecurityAttributes = -1;
+static gint ett_novell_pkis_GLBExtensions = -1;
+static gint ett_novell_pkis_Quality = -1;
+static gint ett_novell_pkis_CompusecQuality = -1;
+static gint ett_novell_pkis_CompusecQualityPair = -1;
+static gint ett_novell_pkis_CryptoQuality = -1;
+static gint ett_novell_pkis_CryptoQualityPair = -1;
+static gint ett_novell_pkis_CertificateClass = -1;
+static gint ett_novell_pkis_EnterpriseId = -1;
+static gint ett_novell_pkis_SEQUENCE_SIZE_1_1_OF_SecurityLabelType1 = -1;
+static gint ett_novell_pkis_SecurityLabelType1 = -1;
+static gint ett_novell_pkis_Singletons = -1;
+static gint ett_novell_pkis_SingletonChoice = -1;
+static gint ett_novell_pkis_SingletonRange = -1;
+static gint ett_novell_pkis_RelianceLimits = -1;
+static gint ett_novell_pkis_MonetaryValue = -1;
+
+/*--- End of included file: packet-novell_pkis-ett.c ---*/
+#line 42 "../../asn1/novell_pkis/packet-novell_pkis-template.c"
+
+/*--- Included file: packet-novell_pkis-fn.c ---*/
+#line 1 "../../asn1/novell_pkis/packet-novell_pkis-fn.c"
+
+
+static int
+dissect_novell_pkis_OCTET_STRING_SIZE_2(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
+                                       NULL);
+
+  return offset;
+}
+
+
+
+static int
+dissect_novell_pkis_BOOLEAN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
+
+  return offset;
+}
+
+
+
+static int
+dissect_novell_pkis_T_securityTM(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_PrintableString,
+                                            actx, tree, tvb, offset, hf_index,
+                                            NULL);
+
+  return offset;
+}
+
+
+
+static int
+dissect_novell_pkis_IA5String(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_IA5String,
+                                            actx, tree, tvb, offset, hf_index,
+                                            NULL);
+
+  return offset;
+}
+
+
+
+static int
+dissect_novell_pkis_INTEGER_0_255(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
+                                                NULL);
+
+  return offset;
+}
+
+
+static const ber_sequence_t CompusecQualityPair_sequence[] = {
+  { &hf_novell_pkis_compusecCriteria, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_INTEGER_0_255 },
+  { &hf_novell_pkis_compusecRating, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_INTEGER_0_255 },
+  { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_novell_pkis_CompusecQualityPair(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+                                   CompusecQualityPair_sequence, hf_index, ett_novell_pkis_CompusecQualityPair);
+
+  return offset;
+}
+
+
+static const ber_sequence_t CompusecQuality_sequence_of[1] = {
+  { &hf_novell_pkis_CompusecQuality_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_CompusecQualityPair },
+};
+
+static int
+dissect_novell_pkis_CompusecQuality(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
+                                      CompusecQuality_sequence_of, hf_index, ett_novell_pkis_CompusecQuality);
+
+  return offset;
+}
+
+
+static const ber_sequence_t CryptoQualityPair_sequence[] = {
+  { &hf_novell_pkis_cryptoModuleCriteria, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_INTEGER_0_255 },
+  { &hf_novell_pkis_cryptoModuleRating, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_INTEGER_0_255 },
+  { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_novell_pkis_CryptoQualityPair(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+                                   CryptoQualityPair_sequence, hf_index, ett_novell_pkis_CryptoQualityPair);
+
+  return offset;
+}
+
+
+static const ber_sequence_t CryptoQuality_sequence_of[1] = {
+  { &hf_novell_pkis_CryptoQuality_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_CryptoQualityPair },
+};
+
+static int
+dissect_novell_pkis_CryptoQuality(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
+                                      CryptoQuality_sequence_of, hf_index, ett_novell_pkis_CryptoQuality);
+
+  return offset;
+}
+
+
+static const ber_sequence_t Quality_sequence[] = {
+  { &hf_novell_pkis_enforceQuality, BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_BOOLEAN },
+  { &hf_novell_pkis_compusecQuality, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_CompusecQuality },
+  { &hf_novell_pkis_cryptoQuality, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_CryptoQuality },
+  { &hf_novell_pkis_keyStorageQuality, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_INTEGER_0_255 },
+  { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_novell_pkis_Quality(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+                                   Quality_sequence, hf_index, ett_novell_pkis_Quality);
+
+  return offset;
+}
+
+
+
+static int
+dissect_novell_pkis_KeyQuality(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_novell_pkis_Quality(implicit_tag, tvb, offset, actx, tree, hf_index);
+
+  return offset;
+}
+
+
+
+static int
+dissect_novell_pkis_CryptoProcessQuality(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_novell_pkis_Quality(implicit_tag, tvb, offset, actx, tree, hf_index);
+
+  return offset;
+}
+
+
+static const ber_sequence_t CertificateClass_sequence[] = {
+  { &hf_novell_pkis_classValue, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_INTEGER_0_255 },
+  { &hf_novell_pkis_certificateValid, BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_BOOLEAN },
+  { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_novell_pkis_CertificateClass(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+                                   CertificateClass_sequence, hf_index, ett_novell_pkis_CertificateClass);
+
+  return offset;
+}
+
+
+
+static int
+dissect_novell_pkis_BIT_STRING_SIZE_96(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset,
+                                    NULL, hf_index, -1,
+                                    NULL);
+
+  return offset;
+}
+
+
+
+static int
+dissect_novell_pkis_BIT_STRING_SIZE_64(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset,
+                                    NULL, hf_index, -1,
+                                    NULL);
+
+  return offset;
+}
+
+
+
+static int
+dissect_novell_pkis_INTEGER_0_9223372036854775807(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
+                                                NULL);
+
+  return offset;
+}
+
+
+static const ber_sequence_t SingletonRange_sequence[] = {
+  { &hf_novell_pkis_singletonLowerBound, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_INTEGER_0_9223372036854775807 },
+  { &hf_novell_pkis_singletonUpperBound, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_INTEGER_0_9223372036854775807 },
+  { &hf_novell_pkis_singletonValue, BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_BOOLEAN },
+  { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_novell_pkis_SingletonRange(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+                                   SingletonRange_sequence, hf_index, ett_novell_pkis_SingletonRange);
+
+  return offset;
+}
+
+
+static const value_string novell_pkis_SingletonChoice_vals[] = {
+  {   0, "uniqueSingleton" },
+  {   1, "singletonRange" },
+  { 0, NULL }
+};
+
+static const ber_choice_t SingletonChoice_choice[] = {
+  {   0, &hf_novell_pkis_uniqueSingleton, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_INTEGER_0_9223372036854775807 },
+  {   1, &hf_novell_pkis_singletonRange, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_SingletonRange },
+  { 0, NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_novell_pkis_SingletonChoice(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_choice(actx, tree, tvb, offset,
+                                 SingletonChoice_choice, hf_index, ett_novell_pkis_SingletonChoice,
+                                 NULL);
+
+  return offset;
+}
+
+
+static const ber_sequence_t Singletons_sequence_of[1] = {
+  { &hf_novell_pkis_Singletons_item, BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_novell_pkis_SingletonChoice },
+};
+
+static int
+dissect_novell_pkis_Singletons(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
+                                      Singletons_sequence_of, hf_index, ett_novell_pkis_Singletons);
+
+  return offset;
+}
+
+
+static const ber_sequence_t SecurityLabelType1_sequence[] = {
+  { &hf_novell_pkis_labelType1, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_INTEGER_0_255 },
+  { &hf_novell_pkis_secrecyLevel1, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_INTEGER_0_255 },
+  { &hf_novell_pkis_integrityLevel1, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_INTEGER_0_255 },
+  { &hf_novell_pkis_secrecyCategories1, BER_CLASS_UNI, BER_UNI_TAG_BITSTRING, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_BIT_STRING_SIZE_96 },
+  { &hf_novell_pkis_integrityCategories1, BER_CLASS_UNI, BER_UNI_TAG_BITSTRING, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_BIT_STRING_SIZE_64 },
+  { &hf_novell_pkis_secrecySingletons1, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_Singletons },
+  { &hf_novell_pkis_integritySingletons1, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_Singletons },
+  { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_novell_pkis_SecurityLabelType1(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+                                   SecurityLabelType1_sequence, hf_index, ett_novell_pkis_SecurityLabelType1);
+
+  return offset;
+}
+
+
+static const ber_sequence_t SEQUENCE_SIZE_1_1_OF_SecurityLabelType1_sequence_of[1] = {
+  { &hf_novell_pkis_enterpriseLabel_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_SecurityLabelType1 },
+};
+
+static int
+dissect_novell_pkis_SEQUENCE_SIZE_1_1_OF_SecurityLabelType1(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
+                                      SEQUENCE_SIZE_1_1_OF_SecurityLabelType1_sequence_of, hf_index, ett_novell_pkis_SEQUENCE_SIZE_1_1_OF_SecurityLabelType1);
+
+  return offset;
+}
+
+
+static const ber_sequence_t EnterpriseId_sequence[] = {
+  { &hf_novell_pkis_rootLabel, BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_novell_pkis_SecurityLabelType1 },
+  { &hf_novell_pkis_registryLabel, BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_novell_pkis_SecurityLabelType1 },
+  { &hf_novell_pkis_enterpriseLabel, BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_novell_pkis_SEQUENCE_SIZE_1_1_OF_SecurityLabelType1 },
+  { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_novell_pkis_EnterpriseId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+                                   EnterpriseId_sequence, hf_index, ett_novell_pkis_EnterpriseId);
+
+  return offset;
+}
+
+
+static const ber_sequence_t GLBExtensions_sequence[] = {
+  { &hf_novell_pkis_keyQuality, BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_novell_pkis_KeyQuality },
+  { &hf_novell_pkis_cryptoProcessQuality, BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_novell_pkis_CryptoProcessQuality },
+  { &hf_novell_pkis_certificateClass, BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_novell_pkis_CertificateClass },
+  { &hf_novell_pkis_enterpriseId, BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_novell_pkis_EnterpriseId },
+  { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_novell_pkis_GLBExtensions(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+                                   GLBExtensions_sequence, hf_index, ett_novell_pkis_GLBExtensions);
+
+  return offset;
+}
+
+
+static const ber_sequence_t SecurityAttributes_sequence[] = {
+  { &hf_novell_pkis_versionNumber, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_OCTET_STRING_SIZE_2 },
+  { &hf_novell_pkis_nSI     , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_BOOLEAN },
+  { &hf_novell_pkis_securityTM, BER_CLASS_UNI, BER_UNI_TAG_PrintableString, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_T_securityTM },
+  { &hf_novell_pkis_uriReference, BER_CLASS_UNI, BER_UNI_TAG_IA5String, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_IA5String },
+  { &hf_novell_pkis_gLBExtensions, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_GLBExtensions },
+  { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_novell_pkis_SecurityAttributes(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+                                   SecurityAttributes_sequence, hf_index, ett_novell_pkis_SecurityAttributes);
+
+  return offset;
+}
+
+
+
+static int
+dissect_novell_pkis_Currency(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
+                                                NULL);
+
+  return offset;
+}
+
+
+
+static int
+dissect_novell_pkis_INTEGER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
+                                                NULL);
+
+  return offset;
+}
+
+
+static const ber_sequence_t MonetaryValue_sequence[] = {
+  { &hf_novell_pkis_currency, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_Currency },
+  { &hf_novell_pkis_amount  , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_INTEGER },
+  { &hf_novell_pkis_amtExp10, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_INTEGER },
+  { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_novell_pkis_MonetaryValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+                                   MonetaryValue_sequence, hf_index, ett_novell_pkis_MonetaryValue);
+
+  return offset;
+}
+
+
+static const ber_sequence_t RelianceLimits_sequence[] = {
+  { &hf_novell_pkis_perTransactionLimit, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_MonetaryValue },
+  { &hf_novell_pkis_perCertificateLimit, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_novell_pkis_MonetaryValue },
+  { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_novell_pkis_RelianceLimits(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+                                   RelianceLimits_sequence, hf_index, ett_novell_pkis_RelianceLimits);
+
+  return offset;
+}
+
+/*--- PDUs ---*/
+
+static void dissect_SecurityAttributes_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
+  asn1_ctx_t asn1_ctx;
+  asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
+  dissect_novell_pkis_SecurityAttributes(FALSE, tvb, 0, &asn1_ctx, tree, hf_novell_pkis_SecurityAttributes_PDU);
+}
+static void dissect_RelianceLimits_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
+  asn1_ctx_t asn1_ctx;
+  asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
+  dissect_novell_pkis_RelianceLimits(FALSE, tvb, 0, &asn1_ctx, tree, hf_novell_pkis_RelianceLimits_PDU);
+}
+
+
+/*--- End of included file: packet-novell_pkis-fn.c ---*/
+#line 43 "../../asn1/novell_pkis/packet-novell_pkis-template.c"
+
+static int proto_novell_pkis = -1;
+
+void proto_reg_handoff_novell_pkis(void)
+{
+
+/*--- Included file: packet-novell_pkis-dis-tab.c ---*/
+#line 1 "../../asn1/novell_pkis/packet-novell_pkis-dis-tab.c"
+  register_ber_oid_dissector("2.16.840.1.113719.1.9.4.1", dissect_SecurityAttributes_PDU, proto_novell_pkis, "pa-sa");
+  register_ber_oid_dissector("2.16.840.1.113719.1.9.4.2", dissect_RelianceLimits_PDU, proto_novell_pkis, "pa-rl");
+
+
+/*--- End of included file: packet-novell_pkis-dis-tab.c ---*/
+#line 49 "../../asn1/novell_pkis/packet-novell_pkis-template.c"
+}
+
+void proto_register_novell_pkis (void)
+{
+  static hf_register_info hf[] = {
+
+/*--- Included file: packet-novell_pkis-hfarr.c ---*/
+#line 1 "../../asn1/novell_pkis/packet-novell_pkis-hfarr.c"
+    { &hf_novell_pkis_SecurityAttributes_PDU,
+      { "SecurityAttributes", "novell_pkis.SecurityAttributes_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        NULL, HFILL }},
+    { &hf_novell_pkis_RelianceLimits_PDU,
+      { "RelianceLimits", "novell_pkis.RelianceLimits_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        NULL, HFILL }},
+    { &hf_novell_pkis_versionNumber,
+      { "versionNumber", "novell_pkis.versionNumber",
+        FT_BYTES, BASE_NONE, NULL, 0,
+        "OCTET_STRING_SIZE_2", HFILL }},
+    { &hf_novell_pkis_nSI,
+      { "nSI", "novell_pkis.nSI",
+        FT_BOOLEAN, BASE_NONE, NULL, 0,
+        "BOOLEAN", HFILL }},
+    { &hf_novell_pkis_securityTM,
+      { "securityTM", "novell_pkis.securityTM",
+        FT_STRING, BASE_NONE, NULL, 0,
+        NULL, HFILL }},
+    { &hf_novell_pkis_uriReference,
+      { "uriReference", "novell_pkis.uriReference",
+        FT_STRING, BASE_NONE, NULL, 0,
+        "IA5String", HFILL }},
+    { &hf_novell_pkis_gLBExtensions,
+      { "gLBExtensions", "novell_pkis.gLBExtensions_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        NULL, HFILL }},
+    { &hf_novell_pkis_keyQuality,
+      { "keyQuality", "novell_pkis.keyQuality_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        NULL, HFILL }},
+    { &hf_novell_pkis_cryptoProcessQuality,
+      { "cryptoProcessQuality", "novell_pkis.cryptoProcessQuality_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        NULL, HFILL }},
+    { &hf_novell_pkis_certificateClass,
+      { "certificateClass", "novell_pkis.certificateClass_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        NULL, HFILL }},
+    { &hf_novell_pkis_enterpriseId,
+      { "enterpriseId", "novell_pkis.enterpriseId_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        NULL, HFILL }},
+    { &hf_novell_pkis_enforceQuality,
+      { "enforceQuality", "novell_pkis.enforceQuality",
+        FT_BOOLEAN, BASE_NONE, NULL, 0,
+        "BOOLEAN", HFILL }},
+    { &hf_novell_pkis_compusecQuality,
+      { "compusecQuality", "novell_pkis.compusecQuality",
+        FT_UINT32, BASE_DEC, NULL, 0,
+        NULL, HFILL }},
+    { &hf_novell_pkis_cryptoQuality,
+      { "cryptoQuality", "novell_pkis.cryptoQuality",
+        FT_UINT32, BASE_DEC, NULL, 0,
+        NULL, HFILL }},
+    { &hf_novell_pkis_keyStorageQuality,
+      { "keyStorageQuality", "novell_pkis.keyStorageQuality",
+        FT_UINT32, BASE_DEC, NULL, 0,
+        "INTEGER_0_255", HFILL }},
+    { &hf_novell_pkis_CompusecQuality_item,
+      { "CompusecQualityPair", "novell_pkis.CompusecQualityPair_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        NULL, HFILL }},
+    { &hf_novell_pkis_compusecCriteria,
+      { "compusecCriteria", "novell_pkis.compusecCriteria",
+        FT_UINT32, BASE_DEC, NULL, 0,
+        "INTEGER_0_255", HFILL }},
+    { &hf_novell_pkis_compusecRating,
+      { "compusecRating", "novell_pkis.compusecRating",
+        FT_UINT32, BASE_DEC, NULL, 0,
+        "INTEGER_0_255", HFILL }},
+    { &hf_novell_pkis_CryptoQuality_item,
+      { "CryptoQualityPair", "novell_pkis.CryptoQualityPair_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        NULL, HFILL }},
+    { &hf_novell_pkis_cryptoModuleCriteria,
+      { "cryptoModuleCriteria", "novell_pkis.cryptoModuleCriteria",
+        FT_UINT32, BASE_DEC, NULL, 0,
+        "INTEGER_0_255", HFILL }},
+    { &hf_novell_pkis_cryptoModuleRating,
+      { "cryptoModuleRating", "novell_pkis.cryptoModuleRating",
+        FT_UINT32, BASE_DEC, NULL, 0,
+        "INTEGER_0_255", HFILL }},
+    { &hf_novell_pkis_classValue,
+      { "classValue", "novell_pkis.classValue",
+        FT_UINT32, BASE_DEC, NULL, 0,
+        "INTEGER_0_255", HFILL }},
+    { &hf_novell_pkis_certificateValid,
+      { "certificateValid", "novell_pkis.certificateValid",
+        FT_BOOLEAN, BASE_NONE, NULL, 0,
+        "BOOLEAN", HFILL }},
+    { &hf_novell_pkis_rootLabel,
+      { "rootLabel", "novell_pkis.rootLabel_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        "SecurityLabelType1", HFILL }},
+    { &hf_novell_pkis_registryLabel,
+      { "registryLabel", "novell_pkis.registryLabel_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        "SecurityLabelType1", HFILL }},
+    { &hf_novell_pkis_enterpriseLabel,
+      { "enterpriseLabel", "novell_pkis.enterpriseLabel",
+        FT_UINT32, BASE_DEC, NULL, 0,
+        "SEQUENCE_SIZE_1_1_OF_SecurityLabelType1", HFILL }},
+    { &hf_novell_pkis_enterpriseLabel_item,
+      { "SecurityLabelType1", "novell_pkis.SecurityLabelType1_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        NULL, HFILL }},
+    { &hf_novell_pkis_labelType1,
+      { "labelType1", "novell_pkis.labelType1",
+        FT_UINT32, BASE_DEC, NULL, 0,
+        "INTEGER_0_255", HFILL }},
+    { &hf_novell_pkis_secrecyLevel1,
+      { "secrecyLevel1", "novell_pkis.secrecyLevel1",
+        FT_UINT32, BASE_DEC, NULL, 0,
+        "INTEGER_0_255", HFILL }},
+    { &hf_novell_pkis_integrityLevel1,
+      { "integrityLevel1", "novell_pkis.integrityLevel1",
+        FT_UINT32, BASE_DEC, NULL, 0,
+        "INTEGER_0_255", HFILL }},
+    { &hf_novell_pkis_secrecyCategories1,
+      { "secrecyCategories1", "novell_pkis.secrecyCategories1",
+        FT_BYTES, BASE_NONE, NULL, 0,
+        "BIT_STRING_SIZE_96", HFILL }},
+    { &hf_novell_pkis_integrityCategories1,
+      { "integrityCategories1", "novell_pkis.integrityCategories1",
+        FT_BYTES, BASE_NONE, NULL, 0,
+        "BIT_STRING_SIZE_64", HFILL }},
+    { &hf_novell_pkis_secrecySingletons1,
+      { "secrecySingletons1", "novell_pkis.secrecySingletons1",
+        FT_UINT32, BASE_DEC, NULL, 0,
+        "Singletons", HFILL }},
+    { &hf_novell_pkis_integritySingletons1,
+      { "integritySingletons1", "novell_pkis.integritySingletons1",
+        FT_UINT32, BASE_DEC, NULL, 0,
+        "Singletons", HFILL }},
+    { &hf_novell_pkis_Singletons_item,
+      { "SingletonChoice", "novell_pkis.SingletonChoice",
+        FT_UINT32, BASE_DEC, VALS(novell_pkis_SingletonChoice_vals), 0,
+        NULL, HFILL }},
+    { &hf_novell_pkis_uniqueSingleton,
+      { "uniqueSingleton", "novell_pkis.uniqueSingleton",
+        FT_UINT32, BASE_DEC, NULL, 0,
+        "INTEGER_0_9223372036854775807", HFILL }},
+    { &hf_novell_pkis_singletonRange,
+      { "singletonRange", "novell_pkis.singletonRange_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        NULL, HFILL }},
+    { &hf_novell_pkis_singletonLowerBound,
+      { "singletonLowerBound", "novell_pkis.singletonLowerBound",
+        FT_UINT32, BASE_DEC, NULL, 0,
+        "INTEGER_0_9223372036854775807", HFILL }},
+    { &hf_novell_pkis_singletonUpperBound,
+      { "singletonUpperBound", "novell_pkis.singletonUpperBound",
+        FT_UINT32, BASE_DEC, NULL, 0,
+        "INTEGER_0_9223372036854775807", HFILL }},
+    { &hf_novell_pkis_singletonValue,
+      { "singletonValue", "novell_pkis.singletonValue",
+        FT_BOOLEAN, BASE_NONE, NULL, 0,
+        "BOOLEAN", HFILL }},
+    { &hf_novell_pkis_perTransactionLimit,
+      { "perTransactionLimit", "novell_pkis.perTransactionLimit_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        "MonetaryValue", HFILL }},
+    { &hf_novell_pkis_perCertificateLimit,
+      { "perCertificateLimit", "novell_pkis.perCertificateLimit_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        "MonetaryValue", HFILL }},
+    { &hf_novell_pkis_currency,
+      { "currency", "novell_pkis.currency",
+        FT_UINT32, BASE_DEC, NULL, 0,
+        NULL, HFILL }},
+    { &hf_novell_pkis_amount,
+      { "amount", "novell_pkis.amount",
+        FT_INT32, BASE_DEC, NULL, 0,
+        "INTEGER", HFILL }},
+    { &hf_novell_pkis_amtExp10,
+      { "amtExp10", "novell_pkis.amtExp10",
+        FT_INT32, BASE_DEC, NULL, 0,
+        "INTEGER", HFILL }},
+
+/*--- End of included file: packet-novell_pkis-hfarr.c ---*/
+#line 55 "../../asn1/novell_pkis/packet-novell_pkis-template.c"
+  };
+  static gint *ett[] = {
+
+/*--- Included file: packet-novell_pkis-ettarr.c ---*/
+#line 1 "../../asn1/novell_pkis/packet-novell_pkis-ettarr.c"
+    &ett_novell_pkis_SecurityAttributes,
+    &ett_novell_pkis_GLBExtensions,
+    &ett_novell_pkis_Quality,
+    &ett_novell_pkis_CompusecQuality,
+    &ett_novell_pkis_CompusecQualityPair,
+    &ett_novell_pkis_CryptoQuality,
+    &ett_novell_pkis_CryptoQualityPair,
+    &ett_novell_pkis_CertificateClass,
+    &ett_novell_pkis_EnterpriseId,
+    &ett_novell_pkis_SEQUENCE_SIZE_1_1_OF_SecurityLabelType1,
+    &ett_novell_pkis_SecurityLabelType1,
+    &ett_novell_pkis_Singletons,
+    &ett_novell_pkis_SingletonChoice,
+    &ett_novell_pkis_SingletonRange,
+    &ett_novell_pkis_RelianceLimits,
+    &ett_novell_pkis_MonetaryValue,
+
+/*--- End of included file: packet-novell_pkis-ettarr.c ---*/
+#line 58 "../../asn1/novell_pkis/packet-novell_pkis-template.c"
+  };
+
+  /* execute protocol initialization only once */
+  if (proto_novell_pkis != -1) return;
+
+  proto_novell_pkis = proto_register_protocol("Novell PKIS ASN.1 type", "novell_pkis", "novell_pkis");
+  proto_register_field_array (proto_novell_pkis, hf, array_length (hf));
+  proto_register_subtree_array (ett, array_length (ett));
+}