resolve conflicts

4 files changed, 240 insertions, 173 deletions

diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h
index ceaeb4cbe3..0184b475a7 100644
--- a/src/lib/libcrypto/asn1/asn1.h
+++ b/src/lib/libcrypto/asn1/asn1.h
@@ -962,6 +962,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_DUP                                  111
 #define ASN1_F_ASN1_ENUMERATED_SET                       112
 #define ASN1_F_ASN1_ENUMERATED_TO_BN                     113
+#define ASN1_F_ASN1_FIND_END                             182
 #define ASN1_F_ASN1_GENERALIZEDTIME_SET                  178
 #define ASN1_F_ASN1_GET_OBJECT                           114
 #define ASN1_F_ASN1_HEADER_NEW                           115
@@ -1075,6 +1076,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_MISSING_SECOND_NUMBER                     138
 #define ASN1_R_MSTRING_NOT_UNIVERSAL                     139
 #define ASN1_R_MSTRING_WRONG_TAG                         140
+#define ASN1_R_NESTED_ASN1_STRING                        174
 #define ASN1_R_NON_HEX_CHARACTERS                        141
 #define ASN1_R_NOT_ENOUGH_DATA                           142
 #define ASN1_R_NO_MATCHING_CHOICE_TYPE                   143
diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c
index 3b57c8fbae..315d0a0807 100644
--- a/src/lib/libcrypto/asn1/asn1_err.c
+++ b/src/lib/libcrypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
 /* crypto/asn1/asn1_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -64,169 +64,175 @@
 
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason)
+
 static ERR_STRING_DATA ASN1_str_functs[]=
         {
-{ERR_PACK(0,ASN1_F_A2D_ASN1_OBJECT,0),  "a2d_ASN1_OBJECT"},
-{ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0),      "a2i_ASN1_ENUMERATED"},
-{ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0), "a2i_ASN1_INTEGER"},
-{ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0),  "a2i_ASN1_STRING"},
-{ERR_PACK(0,ASN1_F_ASN1_BIT_STRING_SET_BIT,0),  "ASN1_BIT_STRING_set_bit"},
-{ERR_PACK(0,ASN1_F_ASN1_CHECK_TLEN,0),  "ASN1_CHECK_TLEN"},
-{ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0),   "ASN1_COLLATE_PRIMITIVE"},
-{ERR_PACK(0,ASN1_F_ASN1_COLLECT,0),     "ASN1_COLLECT"},
-{ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0),     "ASN1_d2i_bio"},
-{ERR_PACK(0,ASN1_F_ASN1_D2I_EX_PRIMITIVE,0),    "ASN1_D2I_EX_PRIMITIVE"},
-{ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0),      "ASN1_d2i_fp"},
-{ERR_PACK(0,ASN1_F_ASN1_DIGEST,0),      "ASN1_digest"},
-{ERR_PACK(0,ASN1_F_ASN1_DO_ADB,0),      "ASN1_DO_ADB"},
-{ERR_PACK(0,ASN1_F_ASN1_DUP,0), "ASN1_dup"},
-{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0),      "ASN1_ENUMERATED_set"},
-{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0),    "ASN1_ENUMERATED_to_BN"},
-{ERR_PACK(0,ASN1_F_ASN1_GENERALIZEDTIME_SET,0), "ASN1_GENERALIZEDTIME_set"},
-{ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0),  "ASN1_get_object"},
-{ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0),  "ASN1_HEADER_new"},
-{ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0),     "ASN1_i2d_bio"},
-{ERR_PACK(0,ASN1_F_ASN1_I2D_FP,0),      "ASN1_i2d_fp"},
-{ERR_PACK(0,ASN1_F_ASN1_INTEGER_SET,0), "ASN1_INTEGER_set"},
-{ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0),       "ASN1_INTEGER_to_BN"},
-{ERR_PACK(0,ASN1_F_ASN1_ITEM_EX_D2I,0), "ASN1_ITEM_EX_D2I"},
-{ERR_PACK(0,ASN1_F_ASN1_ITEM_NEW,0),    "ASN1_item_new"},
-{ERR_PACK(0,ASN1_F_ASN1_MBSTRING_COPY,0),       "ASN1_mbstring_copy"},
-{ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0),  "ASN1_OBJECT_new"},
-{ERR_PACK(0,ASN1_F_ASN1_PACK_STRING,0), "ASN1_pack_string"},
-{ERR_PACK(0,ASN1_F_ASN1_PBE_SET,0),     "ASN1_PBE_SET"},
-{ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0),    "ASN1_seq_pack"},
-{ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0),  "ASN1_seq_unpack"},
-{ERR_PACK(0,ASN1_F_ASN1_SIGN,0),        "ASN1_sign"},
-{ERR_PACK(0,ASN1_F_ASN1_STRING_SET,0),  "ASN1_STRING_set"},
-{ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0),    "ASN1_STRING_TABLE_add"},
-{ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0),     "ASN1_STRING_type_new"},
-{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0),        "ASN1_TEMPLATE_D2I"},
-{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0),     "ASN1_TEMPLATE_EX_D2I"},
-{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0),        "ASN1_TEMPLATE_NEW"},
-{ERR_PACK(0,ASN1_F_ASN1_TIME_SET,0),    "ASN1_TIME_set"},
-{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0),    "ASN1_TYPE_get_int_octetstring"},
-{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0),        "ASN1_TYPE_get_octetstring"},
-{ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0),       "ASN1_unpack_string"},
-{ERR_PACK(0,ASN1_F_ASN1_UTCTIME_SET,0), "ASN1_UTCTIME_set"},
-{ERR_PACK(0,ASN1_F_ASN1_VERIFY,0),      "ASN1_verify"},
-{ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0),    "BN_to_ASN1_ENUMERATED"},
-{ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0),       "BN_to_ASN1_INTEGER"},
-{ERR_PACK(0,ASN1_F_COLLECT_DATA,0),     "COLLECT_DATA"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0),      "D2I_ASN1_BIT_STRING"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0), "d2i_ASN1_BOOLEAN"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_BYTES,0),   "d2i_ASN1_bytes"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_GENERALIZEDTIME,0), "D2I_ASN1_GENERALIZEDTIME"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_HEADER,0),  "d2i_ASN1_HEADER"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0), "D2I_ASN1_INTEGER"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_OBJECT,0),  "d2i_ASN1_OBJECT"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_SET,0),     "d2i_ASN1_SET"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE_BYTES,0),      "d2i_ASN1_type_bytes"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_UINTEGER,0),        "d2i_ASN1_UINTEGER"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0), "D2I_ASN1_UTCTIME"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA,0), "d2i_Netscape_RSA"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0),       "D2I_NETSCAPE_RSA_2"},
-{ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0),   "d2i_PrivateKey"},
-{ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0),    "d2i_PublicKey"},
-{ERR_PACK(0,ASN1_F_D2I_X509,0), "D2I_X509"},
-{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0),    "D2I_X509_CINF"},
-{ERR_PACK(0,ASN1_F_D2I_X509_NAME,0),    "D2I_X509_NAME"},
-{ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0),    "d2i_X509_PKEY"},
-{ERR_PACK(0,ASN1_F_I2D_ASN1_SET,0),     "i2d_ASN1_SET"},
-{ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0),    "I2D_ASN1_TIME"},
-{ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0),   "i2d_DSA_PUBKEY"},
-{ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0), "i2d_Netscape_RSA"},
-{ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0),   "i2d_PrivateKey"},
-{ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0),    "i2d_PublicKey"},
-{ERR_PACK(0,ASN1_F_I2D_RSA_PUBKEY,0),   "i2d_RSA_PUBKEY"},
-{ERR_PACK(0,ASN1_F_LONG_C2I,0), "LONG_C2I"},
-{ERR_PACK(0,ASN1_F_OID_MODULE_INIT,0),  "OID_MODULE_INIT"},
-{ERR_PACK(0,ASN1_F_PKCS5_PBE2_SET,0),   "PKCS5_pbe2_set"},
-{ERR_PACK(0,ASN1_F_X509_CINF_NEW,0),    "X509_CINF_NEW"},
-{ERR_PACK(0,ASN1_F_X509_CRL_ADD0_REVOKED,0),    "X509_CRL_add0_revoked"},
-{ERR_PACK(0,ASN1_F_X509_INFO_NEW,0),    "X509_INFO_new"},
-{ERR_PACK(0,ASN1_F_X509_NAME_NEW,0),    "X509_NAME_NEW"},
-{ERR_PACK(0,ASN1_F_X509_NEW,0), "X509_NEW"},
-{ERR_PACK(0,ASN1_F_X509_PKEY_NEW,0),    "X509_PKEY_new"},
+{ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT),      "a2d_ASN1_OBJECT"},
+{ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED),  "a2i_ASN1_ENUMERATED"},
+{ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER),     "a2i_ASN1_INTEGER"},
+{ERR_FUNC(ASN1_F_A2I_ASN1_STRING),      "a2i_ASN1_STRING"},
+{ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT),      "ASN1_BIT_STRING_set_bit"},
+{ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN),      "ASN1_CHECK_TLEN"},
+{ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE),       "ASN1_COLLATE_PRIMITIVE"},
+{ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"},
+{ERR_FUNC(ASN1_F_ASN1_D2I_BIO), "ASN1_d2i_bio"},
+{ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE),        "ASN1_D2I_EX_PRIMITIVE"},
+{ERR_FUNC(ASN1_F_ASN1_D2I_FP),  "ASN1_d2i_fp"},
+{ERR_FUNC(ASN1_F_ASN1_DIGEST),  "ASN1_digest"},
+{ERR_FUNC(ASN1_F_ASN1_DO_ADB),  "ASN1_DO_ADB"},
+{ERR_FUNC(ASN1_F_ASN1_DUP),     "ASN1_dup"},
+{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET),  "ASN1_ENUMERATED_set"},
+{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN),        "ASN1_ENUMERATED_to_BN"},
+{ERR_FUNC(ASN1_F_ASN1_FIND_END),        "ASN1_FIND_END"},
+{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET),     "ASN1_GENERALIZEDTIME_set"},
+{ERR_FUNC(ASN1_F_ASN1_GET_OBJECT),      "ASN1_get_object"},
+{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW),      "ASN1_HEADER_new"},
+{ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"},
+{ERR_FUNC(ASN1_F_ASN1_I2D_FP),  "ASN1_i2d_fp"},
+{ERR_FUNC(ASN1_F_ASN1_INTEGER_SET),     "ASN1_INTEGER_set"},
+{ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN),   "ASN1_INTEGER_to_BN"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I),     "ASN1_ITEM_EX_D2I"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_NEW),        "ASN1_item_new"},
+{ERR_FUNC(ASN1_F_ASN1_MBSTRING_COPY),   "ASN1_mbstring_copy"},
+{ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW),      "ASN1_OBJECT_new"},
+{ERR_FUNC(ASN1_F_ASN1_PACK_STRING),     "ASN1_pack_string"},
+{ERR_FUNC(ASN1_F_ASN1_PBE_SET), "ASN1_PBE_SET"},
+{ERR_FUNC(ASN1_F_ASN1_SEQ_PACK),        "ASN1_seq_pack"},
+{ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK),      "ASN1_seq_unpack"},
+{ERR_FUNC(ASN1_F_ASN1_SIGN),    "ASN1_sign"},
+{ERR_FUNC(ASN1_F_ASN1_STRING_SET),      "ASN1_STRING_set"},
+{ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD),        "ASN1_STRING_TABLE_add"},
+{ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"},
+{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_D2I),    "ASN1_TEMPLATE_D2I"},
+{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"},
+{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW),    "ASN1_TEMPLATE_NEW"},
+{ERR_FUNC(ASN1_F_ASN1_TIME_SET),        "ASN1_TIME_set"},
+{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING),        "ASN1_TYPE_get_int_octetstring"},
+{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING),    "ASN1_TYPE_get_octetstring"},
+{ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING),   "ASN1_unpack_string"},
+{ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET),     "ASN1_UTCTIME_set"},
+{ERR_FUNC(ASN1_F_ASN1_VERIFY),  "ASN1_verify"},
+{ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED),        "BN_to_ASN1_ENUMERATED"},
+{ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER),   "BN_to_ASN1_INTEGER"},
+{ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING),  "D2I_ASN1_BIT_STRING"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN),     "d2i_ASN1_BOOLEAN"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_BYTES),       "d2i_ASN1_bytes"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME),     "D2I_ASN1_GENERALIZEDTIME"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER),      "d2i_ASN1_HEADER"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER),     "D2I_ASN1_INTEGER"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT),      "d2i_ASN1_OBJECT"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES),  "d2i_ASN1_type_bytes"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER),    "d2i_ASN1_UINTEGER"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME),     "D2I_ASN1_UTCTIME"},
+{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA),     "d2i_Netscape_RSA"},
+{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2),   "D2I_NETSCAPE_RSA_2"},
+{ERR_FUNC(ASN1_F_D2I_PRIVATEKEY),       "d2i_PrivateKey"},
+{ERR_FUNC(ASN1_F_D2I_PUBLICKEY),        "d2i_PublicKey"},
+{ERR_FUNC(ASN1_F_D2I_X509),     "D2I_X509"},
+{ERR_FUNC(ASN1_F_D2I_X509_CINF),        "D2I_X509_CINF"},
+{ERR_FUNC(ASN1_F_D2I_X509_NAME),        "D2I_X509_NAME"},
+{ERR_FUNC(ASN1_F_D2I_X509_PKEY),        "d2i_X509_PKEY"},
+{ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
+{ERR_FUNC(ASN1_F_I2D_ASN1_TIME),        "I2D_ASN1_TIME"},
+{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY),       "i2d_DSA_PUBKEY"},
+{ERR_FUNC(ASN1_F_I2D_NETSCAPE_RSA),     "i2d_Netscape_RSA"},
+{ERR_FUNC(ASN1_F_I2D_PRIVATEKEY),       "i2d_PrivateKey"},
+{ERR_FUNC(ASN1_F_I2D_PUBLICKEY),        "i2d_PublicKey"},
+{ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY),       "i2d_RSA_PUBKEY"},
+{ERR_FUNC(ASN1_F_LONG_C2I),     "LONG_C2I"},
+{ERR_FUNC(ASN1_F_OID_MODULE_INIT),      "OID_MODULE_INIT"},
+{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET),       "PKCS5_pbe2_set"},
+{ERR_FUNC(ASN1_F_X509_CINF_NEW),        "X509_CINF_NEW"},
+{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED),        "X509_CRL_add0_revoked"},
+{ERR_FUNC(ASN1_F_X509_INFO_NEW),        "X509_INFO_new"},
+{ERR_FUNC(ASN1_F_X509_NAME_NEW),        "X509_NAME_NEW"},
+{ERR_FUNC(ASN1_F_X509_NEW),     "X509_NEW"},
+{ERR_FUNC(ASN1_F_X509_PKEY_NEW),        "X509_PKEY_new"},
 {0,NULL}
         };
 
 static ERR_STRING_DATA ASN1_str_reasons[]=
         {
-{ASN1_R_ADDING_OBJECT                    ,"adding object"},
-{ASN1_R_AUX_ERROR                        ,"aux error"},
-{ASN1_R_BAD_CLASS                        ,"bad class"},
-{ASN1_R_BAD_OBJECT_HEADER                ,"bad object header"},
-{ASN1_R_BAD_PASSWORD_READ                ,"bad password read"},
-{ASN1_R_BAD_TAG                          ,"bad tag"},
-{ASN1_R_BN_LIB                           ,"bn lib"},
-{ASN1_R_BOOLEAN_IS_WRONG_LENGTH          ,"boolean is wrong length"},
-{ASN1_R_BUFFER_TOO_SMALL                 ,"buffer too small"},
-{ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER  ,"cipher has no object identifier"},
-{ASN1_R_DATA_IS_WRONG                    ,"data is wrong"},
-{ASN1_R_DECODE_ERROR                     ,"decode error"},
-{ASN1_R_DECODING_ERROR                   ,"decoding error"},
-{ASN1_R_ENCODE_ERROR                     ,"encode error"},
-{ASN1_R_ERROR_GETTING_TIME               ,"error getting time"},
-{ASN1_R_ERROR_LOADING_SECTION            ,"error loading section"},
-{ASN1_R_ERROR_PARSING_SET_ELEMENT        ,"error parsing set element"},
-{ASN1_R_ERROR_SETTING_CIPHER_PARAMS      ,"error setting cipher params"},
-{ASN1_R_EXPECTING_AN_INTEGER             ,"expecting an integer"},
-{ASN1_R_EXPECTING_AN_OBJECT              ,"expecting an object"},
-{ASN1_R_EXPECTING_A_BOOLEAN              ,"expecting a boolean"},
-{ASN1_R_EXPECTING_A_TIME                 ,"expecting a time"},
-{ASN1_R_EXPLICIT_LENGTH_MISMATCH         ,"explicit length mismatch"},
-{ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED     ,"explicit tag not constructed"},
-{ASN1_R_FIELD_MISSING                    ,"field missing"},
-{ASN1_R_FIRST_NUM_TOO_LARGE              ,"first num too large"},
-{ASN1_R_HEADER_TOO_LONG                  ,"header too long"},
-{ASN1_R_ILLEGAL_CHARACTERS               ,"illegal characters"},
-{ASN1_R_ILLEGAL_NULL                     ,"illegal null"},
-{ASN1_R_ILLEGAL_OPTIONAL_ANY             ,"illegal optional any"},
-{ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE ,"illegal options on item template"},
-{ASN1_R_ILLEGAL_TAGGED_ANY               ,"illegal tagged any"},
-{ASN1_R_INTEGER_TOO_LARGE_FOR_LONG       ,"integer too large for long"},
-{ASN1_R_INVALID_BMPSTRING_LENGTH         ,"invalid bmpstring length"},
-{ASN1_R_INVALID_DIGIT                    ,"invalid digit"},
-{ASN1_R_INVALID_SEPARATOR                ,"invalid separator"},
-{ASN1_R_INVALID_TIME_FORMAT              ,"invalid time format"},
-{ASN1_R_INVALID_UNIVERSALSTRING_LENGTH   ,"invalid universalstring length"},
-{ASN1_R_INVALID_UTF8STRING               ,"invalid utf8string"},
-{ASN1_R_IV_TOO_LARGE                     ,"iv too large"},
-{ASN1_R_LENGTH_ERROR                     ,"length error"},
-{ASN1_R_MISSING_EOC                      ,"missing eoc"},
-{ASN1_R_MISSING_SECOND_NUMBER            ,"missing second number"},
-{ASN1_R_MSTRING_NOT_UNIVERSAL            ,"mstring not universal"},
-{ASN1_R_MSTRING_WRONG_TAG                ,"mstring wrong tag"},
-{ASN1_R_NON_HEX_CHARACTERS               ,"non hex characters"},
-{ASN1_R_NOT_ENOUGH_DATA                  ,"not enough data"},
-{ASN1_R_NO_MATCHING_CHOICE_TYPE          ,"no matching choice type"},
-{ASN1_R_NULL_IS_WRONG_LENGTH             ,"null is wrong length"},
-{ASN1_R_ODD_NUMBER_OF_CHARS              ,"odd number of chars"},
-{ASN1_R_PRIVATE_KEY_HEADER_MISSING       ,"private key header missing"},
-{ASN1_R_SECOND_NUMBER_TOO_LARGE          ,"second number too large"},
-{ASN1_R_SEQUENCE_LENGTH_MISMATCH         ,"sequence length mismatch"},
-{ASN1_R_SEQUENCE_NOT_CONSTRUCTED         ,"sequence not constructed"},
-{ASN1_R_SHORT_LINE                       ,"short line"},
-{ASN1_R_STRING_TOO_LONG                  ,"string too long"},
-{ASN1_R_STRING_TOO_SHORT                 ,"string too short"},
-{ASN1_R_TAG_VALUE_TOO_HIGH               ,"tag value too high"},
-{ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
-{ASN1_R_TOO_LONG                         ,"too long"},
-{ASN1_R_TYPE_NOT_CONSTRUCTED             ,"type not constructed"},
-{ASN1_R_UNABLE_TO_DECODE_RSA_KEY         ,"unable to decode rsa key"},
-{ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY ,"unable to decode rsa private key"},
-{ASN1_R_UNEXPECTED_EOC                   ,"unexpected eoc"},
-{ASN1_R_UNKNOWN_FORMAT                   ,"unknown format"},
-{ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"},
-{ASN1_R_UNKNOWN_OBJECT_TYPE              ,"unknown object type"},
-{ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE          ,"unknown public key type"},
-{ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE  ,"unsupported any defined by type"},
-{ASN1_R_UNSUPPORTED_CIPHER               ,"unsupported cipher"},
-{ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM ,"unsupported encryption algorithm"},
-{ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE      ,"unsupported public key type"},
-{ASN1_R_WRONG_TAG                        ,"wrong tag"},
-{ASN1_R_WRONG_TYPE                       ,"wrong type"},
+{ERR_REASON(ASN1_R_ADDING_OBJECT)        ,"adding object"},
+{ERR_REASON(ASN1_R_AUX_ERROR)            ,"aux error"},
+{ERR_REASON(ASN1_R_BAD_CLASS)            ,"bad class"},
+{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER)    ,"bad object header"},
+{ERR_REASON(ASN1_R_BAD_PASSWORD_READ)    ,"bad password read"},
+{ERR_REASON(ASN1_R_BAD_TAG)              ,"bad tag"},
+{ERR_REASON(ASN1_R_BN_LIB)               ,"bn lib"},
+{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
+{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL)     ,"buffer too small"},
+{ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},
+{ERR_REASON(ASN1_R_DATA_IS_WRONG)        ,"data is wrong"},
+{ERR_REASON(ASN1_R_DECODE_ERROR)         ,"decode error"},
+{ERR_REASON(ASN1_R_DECODING_ERROR)       ,"decoding error"},
+{ERR_REASON(ASN1_R_ENCODE_ERROR)         ,"encode error"},
+{ERR_REASON(ASN1_R_ERROR_GETTING_TIME)   ,"error getting time"},
+{ERR_REASON(ASN1_R_ERROR_LOADING_SECTION),"error loading section"},
+{ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT),"error parsing set element"},
+{ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS),"error setting cipher params"},
+{ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER) ,"expecting an integer"},
+{ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT)  ,"expecting an object"},
+{ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN)  ,"expecting a boolean"},
+{ERR_REASON(ASN1_R_EXPECTING_A_TIME)     ,"expecting a time"},
+{ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH),"explicit length mismatch"},
+{ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),"explicit tag not constructed"},
+{ERR_REASON(ASN1_R_FIELD_MISSING)        ,"field missing"},
+{ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE)  ,"first num too large"},
+{ERR_REASON(ASN1_R_HEADER_TOO_LONG)      ,"header too long"},
+{ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS)   ,"illegal characters"},
+{ERR_REASON(ASN1_R_ILLEGAL_NULL)         ,"illegal null"},
+{ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY) ,"illegal optional any"},
+{ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),"illegal options on item template"},
+{ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY)   ,"illegal tagged any"},
+{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
+{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
+{ERR_REASON(ASN1_R_INVALID_DIGIT)        ,"invalid digit"},
+{ERR_REASON(ASN1_R_INVALID_SEPARATOR)    ,"invalid separator"},
+{ERR_REASON(ASN1_R_INVALID_TIME_FORMAT)  ,"invalid time format"},
+{ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"},
+{ERR_REASON(ASN1_R_INVALID_UTF8STRING)   ,"invalid utf8string"},
+{ERR_REASON(ASN1_R_IV_TOO_LARGE)         ,"iv too large"},
+{ERR_REASON(ASN1_R_LENGTH_ERROR)         ,"length error"},
+{ERR_REASON(ASN1_R_MISSING_EOC)          ,"missing eoc"},
+{ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"},
+{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL),"mstring not universal"},
+{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG)    ,"mstring wrong tag"},
+{ERR_REASON(ASN1_R_NESTED_ASN1_STRING)   ,"nested asn1 string"},
+{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS)   ,"non hex characters"},
+{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA)      ,"not enough data"},
+{ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"},
+{ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"},
+{ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS)  ,"odd number of chars"},
+{ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING),"private key header missing"},
+{ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE),"second number too large"},
+{ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH),"sequence length mismatch"},
+{ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"},
+{ERR_REASON(ASN1_R_SHORT_LINE)           ,"short line"},
+{ERR_REASON(ASN1_R_STRING_TOO_LONG)      ,"string too long"},
+{ERR_REASON(ASN1_R_STRING_TOO_SHORT)     ,"string too short"},
+{ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH)   ,"tag value too high"},
+{ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
+{ERR_REASON(ASN1_R_TOO_LONG)             ,"too long"},
+{ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"},
+{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
+{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
+{ERR_REASON(ASN1_R_UNEXPECTED_EOC)       ,"unexpected eoc"},
+{ERR_REASON(ASN1_R_UNKNOWN_FORMAT)       ,"unknown format"},
+{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
+{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE)  ,"unknown object type"},
+{ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
+{ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
+{ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER)   ,"unsupported cipher"},
+{ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},
+{ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),"unsupported public key type"},
+{ERR_REASON(ASN1_R_WRONG_TAG)            ,"wrong tag"},
+{ERR_REASON(ASN1_R_WRONG_TYPE)           ,"wrong type"},
 {0,NULL}
         };
 
@@ -240,8 +246,8 @@ void ERR_load_ASN1_strings(void)
                 {
                 init=0;
 #ifndef OPENSSL_NO_ERR
-                ERR_load_strings(ERR_LIB_ASN1,ASN1_str_functs);
-                ERR_load_strings(ERR_LIB_ASN1,ASN1_str_reasons);
+                ERR_load_strings(0,ASN1_str_functs);
+                ERR_load_strings(0,ASN1_str_reasons);
 #endif
 
                 }
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c
index 2426cb6253..c22501fc63 100644
--- a/src/lib/libcrypto/asn1/tasn_dec.c
+++ b/src/lib/libcrypto/asn1/tasn_dec.c
@@ -66,6 +66,7 @@
 #include <openssl/err.h>
 
 static int asn1_check_eoc(unsigned char **in, long len);
+static int asn1_find_end(unsigned char **in, long len, char inf);
 static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass);
 static int collect_data(BUF_MEM *buf, unsigned char **p, long plen);
 static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst,
@@ -644,7 +645,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl
                 cont = *in;
                 /* If indefinite length constructed find the real end */
                 if(inf) {
-                        if(!asn1_collect(NULL, &p, plen, inf, -1, -1)) goto err;
+                        if(!asn1_find_end(&p, plen, inf)) goto err;
                         len = p - cont;
                 } else {
                         len = p - cont + plen;
@@ -807,12 +808,66 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char
         return ret;
 }
 
+/* This function finds the end of an ASN1 structure when passed its maximum
+ * length, whether it is indefinite length and a pointer to the content.
+ * This is more efficient than calling asn1_collect because it does not
+ * recurse on each indefinite length header.
+ */
+
+static int asn1_find_end(unsigned char **in, long len, char inf)
+        {
+        int expected_eoc;
+        long plen;
+        unsigned char *p = *in, *q;
+        /* If not indefinite length constructed just add length */
+        if (inf == 0)
+                {
+                *in += len;
+                return 1;
+                }
+        expected_eoc = 1;
+        /* Indefinite length constructed form. Find the end when enough EOCs
+         * are found. If more indefinite length constructed headers
+         * are encountered increment the expected eoc count otherwise justi
+         * skip to the end of the data.
+         */
+        while (len > 0)
+                {
+                if(asn1_check_eoc(&p, len))
+                        {
+                        expected_eoc--;
+                        if (expected_eoc == 0)
+                                break;
+                        len -= 2;
+                        continue;
+                        }
+                q = p;
+                /* Just read in a header: only care about the length */
+                if(!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
+                                -1, 0, 0, NULL))
+                        {
+                        ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
+                        return 0;
+                        }
+                if (inf)
+                        expected_eoc++;
+                else
+                        p += plen;
+                len -= p - q;
+                }
+        if (expected_eoc)
+                {
+                ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC);
+                return 0;
+                }
+        *in = p;
+        return 1;
+        }
+
 /* This function collects the asn1 data from a constructred string
  * type into a buffer. The values of 'in' and 'len' should refer
  * to the contents of the constructed type and 'inf' should be set
- * if it is indefinite length. If 'buf' is NULL then we just want
- * to find the end of the current structure: useful for indefinite
- * length constructed stuff.
+ * if it is indefinite length.
  */
 
 static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass)
@@ -822,11 +877,6 @@ static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, in
         char cst, ininf;
         p = *in;
         inf &= 1;
-        /* If no buffer and not indefinite length constructed just pass over the encoded data */
-        if(!buf && !inf) {
-                *in += len;
-                return 1;
-        }
         while(len > 0) {
                 q = p;
                 /* Check for EOC */
@@ -845,9 +895,15 @@ static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, in
                 }
                 /* If indefinite length constructed update max length */
                 if(cst) {
-                        if(!asn1_collect(buf, &p, plen, ininf, tag, aclass)) return 0;
+#ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS
+                        if (!asn1_collect(buf, &p, plen, ininf, tag, aclass))
+                                return 0;
+#else
+                        ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING);
+                        return 0;
+#endif
                 } else {
-                        if(!collect_data(buf, &p, plen)) return 0;
+                        if(plen && !collect_data(buf, &p, plen)) return 0;
                 }
                 len -= p - q;
         }
diff --git a/src/lib/libcrypto/asn1/tasn_enc.c b/src/lib/libcrypto/asn1/tasn_enc.c
index f6c8ddef0a..c675c3c832 100644
--- a/src/lib/libcrypto/asn1/tasn_enc.c
+++ b/src/lib/libcrypto/asn1/tasn_enc.c
@@ -445,9 +445,12 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_
                 case V_ASN1_BOOLEAN:
                 tbool = (ASN1_BOOLEAN *)pval;
                 if(*tbool == -1) return -1;
-                /* Default handling if value == size field then omit */
-                if(*tbool && (it->size > 0)) return -1;
-                if(!*tbool && !it->size) return -1;
+                if (it->utype != V_ASN1_ANY)
+                        {
+                        /* Default handling if value == size field then omit */
+                        if(*tbool && (it->size > 0)) return -1;
+                        if(!*tbool && !it->size) return -1;
+                        }
                 c = (unsigned char)*tbool;
                 cont = &c;
                 len = 1;