OpenSSL 0.9.7 stable 2002 05 08 merge

68 files changed, 6495 insertions, 4389 deletions

diff --git a/src/lib/libcrypto/asn1/Makefile.ssl b/src/lib/libcrypto/asn1/Makefile.ssl
index dace5be2bc..b423419ba3 100644
--- a/src/lib/libcrypto/asn1/Makefile.ssl
+++ b/src/lib/libcrypto/asn1/Makefile.ssl
@@ -5,13 +5,14 @@
 DIR=    asn1
 TOP=    ../..
 CC=     cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=           make -f Makefile.ssl
-MAKEDEPEND=     $(TOP)/util/domd $(TOP)
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=       Makefile.ssl
 AR=             ar r
 
@@ -23,39 +24,33 @@ APPS=
 
 LIB=$(TOP)/libcrypto.a
 LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
-        a_null.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_bmp.c \
-        a_enum.c a_vis.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
-        x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c \
-        x_name.c x_cinf.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
-        d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c \
-        d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c \
+        a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
+        a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
+        x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c \
+        x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
         d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
         t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
-        p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c \
-        p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c \
-        f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \
+        tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
+        f_int.c f_string.c n_pkey.c \
         f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \
         asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \
-        evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c
+        evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
 LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
-        a_null.o a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_bmp.o \
-        a_enum.o a_vis.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
-        x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o \
-        x_name.o x_cinf.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
-        d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o \
-        d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o \
+        a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
+        a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
+        x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o \
+        x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
         d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
         t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
-        p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o \
-        p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o \
-        f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \
+        tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
+        f_int.o f_string.o n_pkey.o \
         f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \
         asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \
-        evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o
+        evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o
 
 SRC= $(LIBSRC)
 
-EXHEADER=  asn1.h asn1_mac.h
+EXHEADER=  asn1.h asn1_mac.h asn1t.h
 HEADER= $(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -75,8 +70,7 @@ all:	lib
 
 lib:    $(LIBOBJ)
         $(AR) $(LIB) $(LIBOBJ)
-        @echo You may get an error following this line.  Please ignore.
-        - $(RANLIB) $(LIB)
+        $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
 files:
@@ -116,1231 +110,777 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-a_bitstr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_bitstr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_bitstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_bitstr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bitstr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_bitstr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_bitstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 a_bitstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_bitstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_bitstr.o: ../cryptlib.h
-a_bmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_bmp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_bmp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_bmp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_bmp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_bmp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_bmp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_bmp.o: ../cryptlib.h
-a_bool.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_bitstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bitstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bitstr.c
+a_bool.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bool.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 a_bool.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_bool.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_bool.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_bool.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_bool.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_bool.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_bool.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_bool.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_bool.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 a_bool.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_bool.o: ../cryptlib.h
-a_bytes.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+a_bool.o: ../cryptlib.h a_bool.c
+a_bytes.o: ../../e_os.h ../../include/openssl/asn1.h
 a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 a_bytes.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_bytes.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-a_bytes.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_bytes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_bytes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_bytes.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_bytes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 a_bytes.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_bytes.o: ../../include/openssl/symhacks.h ../cryptlib.h
-a_d2i_fp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-a_d2i_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_d2i_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_d2i_fp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_bytes.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bytes.c
+a_d2i_fp.o: ../../e_os.h ../../include/openssl/asn1.h
+a_d2i_fp.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_d2i_fp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_d2i_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_d2i_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 a_d2i_fp.o: ../../include/openssl/opensslconf.h
-a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_d2i_fp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_d2i_fp.o: ../cryptlib.h
-a_digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_digest.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-a_digest.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_d2i_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_d2i_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_d2i_fp.c
+a_digest.o: ../../e_os.h ../../include/openssl/asn1.h
+a_digest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-a_digest.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-a_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-a_digest.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-a_digest.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-a_digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+a_digest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
 a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 a_digest.o: ../../include/openssl/opensslconf.h
-a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-a_digest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-a_digest.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-a_digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-a_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-a_digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-a_dup.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-a_dup.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_dup.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_dup.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+a_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_digest.o: ../cryptlib.h a_digest.c
+a_dup.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_dup.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_dup.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_dup.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 a_dup.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_dup.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_dup.o: ../../include/openssl/symhacks.h ../cryptlib.h
-a_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_dup.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_dup.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_dup.o: ../cryptlib.h a_dup.c
+a_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_enum.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 a_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_enum.o: ../cryptlib.h
-a_gentm.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_gentm.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_gentm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_enum.o: ../cryptlib.h a_enum.c
+a_gentm.o: ../../e_os.h ../../include/openssl/asn1.h
+a_gentm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_gentm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_gentm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 a_gentm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_gentm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_gentm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_gentm.o: ../cryptlib.h
-a_hdr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-a_hdr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_hdr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_hdr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_gentm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_gentm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_gentm.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_gentm.c
+a_hdr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_hdr.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_hdr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_hdr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_hdr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 a_hdr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_hdr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_hdr.o: ../../include/openssl/symhacks.h ../cryptlib.h
-a_i2d_fp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+a_hdr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_hdr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_hdr.o: ../cryptlib.h a_hdr.c
+a_i2d_fp.o: ../../e_os.h ../../include/openssl/asn1.h
 a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 a_i2d_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_i2d_fp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-a_i2d_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_i2d_fp.o: ../../include/openssl/opensslconf.h
-a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_i2d_fp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_i2d_fp.o: ../cryptlib.h
-a_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_i2d_fp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_i2d_fp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_i2d_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_i2d_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_i2d_fp.c
+a_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_int.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_int.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 a_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_int.o: ../cryptlib.h
-a_mbstr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_mbstr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_mbstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_int.o: ../cryptlib.h a_int.c
+a_mbstr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_mbstr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_mbstr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_mbstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 a_mbstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_mbstr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_mbstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_mbstr.o: ../cryptlib.h
-a_meth.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_mbstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_mbstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_mbstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_mbstr.c
+a_meth.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_meth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_meth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_meth.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_meth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_meth.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_meth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_meth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 a_meth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_meth.o: ../cryptlib.h
-a_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_null.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_null.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_null.o: ../cryptlib.h
-a_object.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_object.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_object.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_meth.o: ../cryptlib.h a_meth.c
+a_object.o: ../../e_os.h ../../include/openssl/asn1.h
+a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_object.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 a_object.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_object.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_object.o: ../cryptlib.h
-a_octet.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_octet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_octet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_object.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_object.o: ../../include/openssl/symhacks.h ../cryptlib.h a_object.c
+a_octet.o: ../../e_os.h ../../include/openssl/asn1.h
+a_octet.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_octet.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_octet.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 a_octet.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_octet.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_octet.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_octet.o: ../cryptlib.h
-a_print.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_print.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_octet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_octet.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_octet.o: ../../include/openssl/symhacks.h ../cryptlib.h a_octet.c
+a_print.o: ../../e_os.h ../../include/openssl/asn1.h
+a_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 a_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_print.o: ../cryptlib.h
-a_set.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-a_set.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_set.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_set.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_print.o: ../../include/openssl/symhacks.h ../cryptlib.h a_print.c
+a_set.o: ../../e_os.h ../../include/openssl/asn1.h
+a_set.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_set.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_set.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_set.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 a_set.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_set.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_set.o: ../../include/openssl/symhacks.h ../cryptlib.h
-a_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-a_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-a_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-a_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_set.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_set.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_set.o: ../cryptlib.h a_set.c
+a_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+a_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 a_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-a_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-a_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-a_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-a_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-a_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
 a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_sign.o: ../cryptlib.h
+a_sign.o: ../cryptlib.h a_sign.c
 a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_strex.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-a_strex.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-a_strex.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
-a_strex.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-a_strex.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-a_strex.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+a_strex.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+a_strex.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+a_strex.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
 a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_strex.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-a_strex.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-a_strex.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_strex.o: charmap.h
-a_strnid.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_strnid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_strex.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+a_strex.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+a_strex.o: ../../include/openssl/x509_vfy.h a_strex.c charmap.h
+a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h
+a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_strnid.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_strnid.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 a_strnid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 a_strnid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-a_strnid.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_strnid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_strnid.o: ../cryptlib.h
-a_time.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_strnid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_strnid.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_strnid.o: ../../include/openssl/symhacks.h ../cryptlib.h a_strnid.c
+a_time.o: ../../e_os.h ../../include/openssl/asn1.h
+a_time.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 a_time.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_time.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_time.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_time.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_time.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_time.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_time.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_time.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_time.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 a_time.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_time.o: ../cryptlib.h
-a_type.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-a_type.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_type.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_type.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_time.o: ../cryptlib.h ../o_time.h a_time.c
+a_type.o: ../../e_os.h ../../include/openssl/asn1.h
+a_type.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_type.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_type.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_type.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 a_type.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_type.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_type.o: ../../include/openssl/symhacks.h ../cryptlib.h
-a_utctm.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_utctm.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_utctm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_type.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_type.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_type.o: ../cryptlib.h a_type.c
+a_utctm.o: ../../e_os.h ../../include/openssl/asn1.h
+a_utctm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_utctm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_utctm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 a_utctm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_utctm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_utctm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_utctm.o: ../cryptlib.h
-a_utf8.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_utctm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_utctm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_utctm.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_utctm.c
+a_utf8.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_utf8.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_utf8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_utf8.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_utf8.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_utf8.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_utf8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_utf8.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_utf8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_utf8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 a_utf8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_utf8.o: ../cryptlib.h
-a_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-a_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_utf8.o: ../cryptlib.h a_utf8.c
+a_verify.o: ../../e_os.h ../../include/openssl/asn1.h
+a_verify.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_verify.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-a_verify.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-a_verify.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-a_verify.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-a_verify.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+a_verify.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_verify.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
 a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 a_verify.o: ../../include/openssl/opensslconf.h
-a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-a_verify.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-a_verify.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-a_verify.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-a_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-a_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-a_vis.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_vis.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_vis.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_vis.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_vis.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_vis.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_vis.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_vis.o: ../cryptlib.h
+a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+a_verify.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_verify.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_verify.o: ../cryptlib.h a_verify.c
 asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 asn1_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-asn1_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-asn1_err.o: ../../include/openssl/opensslconf.h
-asn1_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-asn1_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-asn1_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+asn1_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn1_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+asn1_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_err.o: ../../include/openssl/symhacks.h asn1_err.c
+asn1_lib.o: ../../e_os.h ../../include/openssl/asn1.h
 asn1_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 asn1_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-asn1_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-asn1_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-asn1_lib.o: ../../include/openssl/opensslconf.h
-asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-asn1_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-asn1_lib.o: ../cryptlib.h
-asn1_par.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-asn1_par.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-asn1_par.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+asn1_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn1_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_lib.c
+asn1_par.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_par.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+asn1_par.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 asn1_par.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 asn1_par.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 asn1_par.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-asn1_par.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-asn1_par.o: ../cryptlib.h
-asn_pack.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-asn_pack.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-asn_pack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_par.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_par.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_par.c
+asn_moid.o: ../../e_os.h ../../include/openssl/asn1.h
+asn_moid.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+asn_moid.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+asn_moid.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+asn_moid.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+asn_moid.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+asn_moid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn_moid.o: ../../include/openssl/opensslconf.h
+asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+asn_moid.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+asn_moid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+asn_moid.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+asn_moid.o: ../cryptlib.h asn_moid.c
+asn_pack.o: ../../e_os.h ../../include/openssl/asn1.h
+asn_pack.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+asn_pack.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 asn_pack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 asn_pack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-asn_pack.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-asn_pack.o: ../cryptlib.h
-d2i_dhp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-d2i_dhp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-d2i_dhp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-d2i_dhp.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
-d2i_dhp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-d2i_dhp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-d2i_dhp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-d2i_dhp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-d2i_dhp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-d2i_dhp.o: ../cryptlib.h
-d2i_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-d2i_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-d2i_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-d2i_dsap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-d2i_dsap.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-d2i_dsap.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-d2i_dsap.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-d2i_dsap.o: ../../include/openssl/opensslconf.h
-d2i_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-d2i_dsap.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-d2i_dsap.o: ../cryptlib.h
-d2i_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-d2i_pr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-d2i_pr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-d2i_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-d2i_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_pack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn_pack.o: ../../include/openssl/symhacks.h ../cryptlib.h asn_pack.c
+d2i_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+d2i_pr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-d2i_pr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-d2i_pr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-d2i_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-d2i_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-d2i_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-d2i_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-d2i_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 d2i_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-d2i_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
-d2i_pu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-d2i_pu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-d2i_pu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-d2i_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-d2i_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+d2i_pr.o: ../cryptlib.h d2i_pr.c
+d2i_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+d2i_pu.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-d2i_pu.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-d2i_pu.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-d2i_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-d2i_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-d2i_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-d2i_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-d2i_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+d2i_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-d2i_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-d2i_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
-d2i_r_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-d2i_r_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-d2i_r_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-d2i_r_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-d2i_r_pr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-d2i_r_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-d2i_r_pr.o: ../../include/openssl/opensslconf.h
-d2i_r_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
-d2i_r_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-d2i_r_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
-d2i_r_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-d2i_r_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-d2i_r_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-d2i_r_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-d2i_r_pu.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-d2i_r_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-d2i_r_pu.o: ../../include/openssl/opensslconf.h
-d2i_r_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
-d2i_r_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-d2i_r_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
-d2i_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-d2i_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-d2i_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-d2i_s_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-d2i_s_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-d2i_s_pr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-d2i_s_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-d2i_s_pr.o: ../../include/openssl/opensslconf.h
-d2i_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-d2i_s_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-d2i_s_pr.o: ../cryptlib.h
-d2i_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-d2i_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-d2i_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-d2i_s_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-d2i_s_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-d2i_s_pu.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-d2i_s_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-d2i_s_pu.o: ../../include/openssl/opensslconf.h
-d2i_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-d2i_s_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-d2i_s_pu.o: ../cryptlib.h
-evp_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-evp_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-evp_asn1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+d2i_pu.o: ../cryptlib.h d2i_pu.c
+evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+evp_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+evp_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 evp_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 evp_asn1.o: ../../include/openssl/opensslconf.h
-evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-evp_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_asn1.o: ../cryptlib.h
-f_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_asn1.c
+f_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 f_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-f_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-f_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-f_enum.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-f_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+f_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+f_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+f_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+f_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 f_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-f_enum.o: ../cryptlib.h
-f_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_enum.o: ../cryptlib.h f_enum.c
+f_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 f_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-f_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-f_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-f_int.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-f_int.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+f_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+f_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+f_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+f_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 f_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-f_int.o: ../cryptlib.h
-f_string.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-f_string.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-f_string.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+f_int.o: ../cryptlib.h f_int.c
+f_string.o: ../../e_os.h ../../include/openssl/asn1.h
+f_string.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+f_string.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 f_string.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 f_string.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-f_string.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-f_string.o: ../cryptlib.h
-i2d_dhp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-i2d_dhp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-i2d_dhp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_dhp.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
-i2d_dhp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-i2d_dhp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-i2d_dhp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-i2d_dhp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-i2d_dhp.o: ../cryptlib.h
-i2d_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-i2d_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-i2d_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_dsap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-i2d_dsap.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-i2d_dsap.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-i2d_dsap.o: ../../include/openssl/opensslconf.h
-i2d_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-i2d_dsap.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-i2d_dsap.o: ../cryptlib.h
-i2d_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-i2d_pr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-i2d_pr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-i2d_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-i2d_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c
+i2d_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+i2d_pr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-i2d_pr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-i2d_pr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-i2d_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-i2d_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-i2d_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-i2d_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-i2d_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 i2d_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-i2d_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-i2d_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
-i2d_pu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-i2d_pu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-i2d_pu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-i2d_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-i2d_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+i2d_pr.o: ../cryptlib.h i2d_pr.c
+i2d_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+i2d_pu.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-i2d_pu.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-i2d_pu.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-i2d_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-i2d_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-i2d_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-i2d_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-i2d_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+i2d_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-i2d_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-i2d_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
-i2d_r_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-i2d_r_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-i2d_r_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_r_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-i2d_r_pr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-i2d_r_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-i2d_r_pr.o: ../../include/openssl/opensslconf.h
-i2d_r_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
-i2d_r_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-i2d_r_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
-i2d_r_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-i2d_r_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-i2d_r_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_r_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-i2d_r_pu.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-i2d_r_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-i2d_r_pu.o: ../../include/openssl/opensslconf.h
-i2d_r_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
-i2d_r_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-i2d_r_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
-i2d_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-i2d_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-i2d_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_s_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-i2d_s_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-i2d_s_pr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-i2d_s_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-i2d_s_pr.o: ../../include/openssl/opensslconf.h
-i2d_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-i2d_s_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-i2d_s_pr.o: ../cryptlib.h
-i2d_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-i2d_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-i2d_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_s_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-i2d_s_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-i2d_s_pu.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-i2d_s_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-i2d_s_pu.o: ../../include/openssl/opensslconf.h
-i2d_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-i2d_s_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-i2d_s_pu.o: ../cryptlib.h
-n_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-n_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-n_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-n_pkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-n_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+i2d_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+i2d_pu.o: ../cryptlib.h i2d_pu.c
+n_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h
+n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+n_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+n_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 n_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-n_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-n_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-n_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-n_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-n_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-n_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+n_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+n_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+n_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-nsseq.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-nsseq.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-nsseq.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-nsseq.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-nsseq.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-nsseq.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-nsseq.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-nsseq.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-nsseq.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-nsseq.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-nsseq.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-nsseq.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-nsseq.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h n_pkey.c
+nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+nsseq.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+nsseq.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+nsseq.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+nsseq.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
+nsseq.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+nsseq.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+nsseq.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
 nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 nsseq.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p5_pbe.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p5_pbe.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h nsseq.c
+p5_pbe.o: ../../e_os.h ../../include/openssl/asn1.h
+p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 p5_pbe.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p5_pbe.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p5_pbe.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p5_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p5_pbe.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p5_pbe.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p5_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p5_pbe.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p5_pbe.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p5_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+p5_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p5_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
-p5_pbe.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p5_pbe.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p5_pbe.o: ../cryptlib.h
-p5_pbev2.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p5_pbev2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p5_pbe.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p5_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p5_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_pbe.c
+p5_pbev2.o: ../../e_os.h ../../include/openssl/asn1.h
+p5_pbev2.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 p5_pbev2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p5_pbev2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p5_pbev2.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p5_pbev2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p5_pbev2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p5_pbev2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p5_pbev2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p5_pbev2.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+p5_pbev2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p5_pbev2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p5_pbev2.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
-p5_pbev2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p5_pbev2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p5_pbev2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p5_pbev2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p5_pbev2.o: ../cryptlib.h
-p7_dgst.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_dgst.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_dgst.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_dgst.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_dgst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_dgst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_dgst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_dgst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_dgst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_dgst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_dgst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_dgst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_dgst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_dgst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_dgst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_dgst.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_enc.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_enc.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_enc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_enc.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_enc.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_enc.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_enc.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_enc.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_enc.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_enc.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_enc_c.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_enc_c.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_enc_c.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_enc_c.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_enc_c.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_enc_c.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_enc_c.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_enc_c.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_enc_c.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_enc_c.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_enc_c.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_enc_c.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_enc_c.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_enc_c.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_enc_c.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_enc_c.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_enc_c.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_enc_c.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_enc_c.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_evp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_evp.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_evp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_evp.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_evp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_evp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_evp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_evp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_evp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_evp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_evp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_evp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_evp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_evp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_evp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_evp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_evp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_evp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_evp.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_i_s.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_i_s.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_i_s.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_i_s.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_i_s.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_i_s.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_i_s.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_i_s.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_i_s.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_i_s.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_i_s.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_i_s.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_i_s.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_i_s.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_i_s.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_i_s.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_i_s.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_i_s.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_i_s.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_lib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_recip.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_recip.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_recip.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_recip.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_recip.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_recip.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_recip.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_recip.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_recip.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_recip.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_recip.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_recip.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_recip.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_recip.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_recip.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_recip.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_recip.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_recip.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_recip.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_s_e.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_s_e.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_s_e.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_s_e.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_s_e.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_s_e.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_s_e.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_s_e.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_s_e.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_s_e.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_s_e.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_s_e.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_s_e.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_s_e.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_s_e.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_s_e.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_s_e.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_s_e.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_s_e.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_signd.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_signd.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_signd.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_signd.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_signd.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_signd.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_signd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_signd.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_signd.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_signd.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_signd.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_signd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_signd.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_signd.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_signd.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_signd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_signd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_signd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_signd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_signi.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_signi.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_signi.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_signi.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_signi.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_signi.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_signi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_signi.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_signi.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_signi.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_signi.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_signi.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_signi.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_signi.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_signi.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_signi.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_signi.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_signi.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_signi.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p8_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p8_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p5_pbev2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p5_pbev2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_pbev2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p5_pbev2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_pbev2.c
+p8_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+p8_pkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 p8_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p8_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p8_pkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p8_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p8_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p8_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p8_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p8_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+p8_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p8_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p8_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p8_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p8_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-t_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-t_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-t_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-t_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-t_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_bitst.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+p8_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p8_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p8_pkey.o: ../cryptlib.h p8_pkey.c
+t_bitst.o: ../../e_os.h ../../include/openssl/asn1.h
+t_bitst.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+t_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+t_bitst.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+t_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_bitst.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-t_bitst.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-t_bitst.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-t_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-t_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
 t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h
-t_crl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-t_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-t_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h t_bitst.c
+t_crl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-t_crl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-t_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_crl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_crl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-t_crl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-t_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_crl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+t_crl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
 t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-t_crl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-t_crl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h
-t_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-t_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-t_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-t_pkey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+t_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_crl.o: ../cryptlib.h t_crl.c
+t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+t_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 t_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 t_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-t_pkey.o: ../cryptlib.h
-t_req.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-t_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-t_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+t_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+t_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+t_pkey.o: ../../include/openssl/symhacks.h ../cryptlib.h t_pkey.c
+t_req.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-t_req.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-t_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-t_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-t_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_req.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+t_req.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+t_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
 t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-t_req.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-t_req.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h
-t_spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-t_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+t_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_req.o: ../cryptlib.h t_req.c
+t_spki.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-t_spki.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-t_spki.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-t_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-t_spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-t_spki.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-t_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+t_spki.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+t_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-t_spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-t_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-t_x509.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-t_x509.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-t_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_spki.o: ../cryptlib.h t_spki.c
+t_x509.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-t_x509.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-t_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-t_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-t_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+t_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+t_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
 t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-t_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-t_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h
-t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-t_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-t_x509a.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-t_x509a.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-t_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+t_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_x509.o: ../cryptlib.h t_x509.c
+t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
+t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+t_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+t_x509a.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 t_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-t_x509a.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-t_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-t_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-t_x509a.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 t_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_algor.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_algor.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_algor.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_algor.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_algor.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_algor.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_algor.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_algor.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_algor.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_algor.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_x509a.c
+tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+tasn_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+tasn_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tasn_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tasn_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_dec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_dec.o: ../../include/openssl/symhacks.h tasn_dec.c
+tasn_enc.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_enc.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_enc.o: ../../include/openssl/opensslconf.h
+tasn_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_enc.o: ../../include/openssl/symhacks.h tasn_enc.c
+tasn_fre.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_fre.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_fre.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_fre.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_fre.o: ../../include/openssl/opensslconf.h
+tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c
+tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_new.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_new.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tasn_new.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_new.o: ../../include/openssl/opensslconf.h
+tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c
+tasn_typ.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_typ.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_typ.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_typ.o: ../../include/openssl/opensslconf.h
+tasn_typ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_typ.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_typ.o: ../../include/openssl/symhacks.h tasn_typ.c
+tasn_utl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_utl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_utl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tasn_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_utl.o: ../../include/openssl/opensslconf.h
+tasn_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_utl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_utl.o: ../../include/openssl/symhacks.h tasn_utl.c
+x_algor.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_algor.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+x_algor.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_algor.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_algor.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
+x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_algor.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_algor.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_algor.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_algor.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_attrib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_attrib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+x_algor.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_algor.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_algor.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_algor.o: x_algor.c
+x_attrib.o: ../../e_os.h ../../include/openssl/asn1.h
+x_attrib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_attrib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_attrib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_attrib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_attrib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_attrib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_attrib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_attrib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_attrib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+x_attrib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_attrib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_attrib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_attrib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_attrib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_attrib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_attrib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_cinf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_cinf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_cinf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_cinf.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_cinf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_cinf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_cinf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_cinf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_cinf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_cinf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_cinf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_cinf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_cinf.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_cinf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_cinf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_cinf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_cinf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_cinf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_cinf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_crl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_crl.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+x_attrib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_attrib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_attrib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_attrib.o: ../cryptlib.h x_attrib.c
+x_bignum.o: ../../e_os.h ../../include/openssl/asn1.h
+x_bignum.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_bignum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_bignum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_bignum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+x_bignum.o: ../../include/openssl/opensslconf.h
+x_bignum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_bignum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+x_bignum.o: ../../include/openssl/symhacks.h ../cryptlib.h x_bignum.c
+x_crl.o: ../../e_os.h ../../include/openssl/asn1.h
+x_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_crl.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_crl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_crl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_crl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_crl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_crl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_crl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+x_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_crl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_exten.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_exten.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_exten.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_exten.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_exten.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_exten.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_exten.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_exten.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_exten.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+x_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_crl.o: ../cryptlib.h x_crl.c
+x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_exten.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+x_exten.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_exten.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_exten.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
+x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_exten.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_exten.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_exten.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_exten.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+x_exten.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_exten.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_exten.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_exten.o: x_exten.c
+x_info.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_info.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_info.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_info.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_info.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_info.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_info.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_info.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+x_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_name.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_name.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+x_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_info.o: ../cryptlib.h x_info.c
+x_long.o: ../../e_os.h ../../include/openssl/asn1.h
+x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_long.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_long.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_long.o: ../cryptlib.h x_long.c
+x_name.o: ../../e_os.h ../../include/openssl/asn1.h
+x_name.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_name.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_name.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_name.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_name.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_name.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_name.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_name.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_name.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+x_name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_name.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_name.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_name.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+x_name.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_name.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_name.o: ../cryptlib.h x_name.c
+x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
 x_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_pkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+x_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_pubkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_pubkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+x_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_pkey.o: ../cryptlib.h x_pkey.c
+x_pubkey.o: ../../e_os.h ../../include/openssl/asn1.h
+x_pubkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_pubkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_pubkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_pubkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_pubkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_pubkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_pubkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_pubkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_pubkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_pubkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_pubkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_pubkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_pubkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_pubkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_pubkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_pubkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_pubkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_req.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_req.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_pubkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_pubkey.o: ../cryptlib.h x_pubkey.c
+x_req.o: ../../e_os.h ../../include/openssl/asn1.h
+x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_req.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_req.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_req.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_req.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_req.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_req.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_req.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_req.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+x_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_sig.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_sig.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+x_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_req.o: ../cryptlib.h x_req.c
+x_sig.o: ../../e_os.h ../../include/openssl/asn1.h
+x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_sig.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_sig.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_sig.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_sig.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_sig.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_sig.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_sig.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_sig.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_sig.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_sig.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+x_sig.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_sig.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_sig.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_sig.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_sig.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_sig.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+x_sig.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_sig.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_sig.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_sig.o: ../cryptlib.h x_sig.c
+x_spki.o: ../../e_os.h ../../include/openssl/asn1.h
+x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_spki.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_spki.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_spki.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_spki.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_spki.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+x_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_val.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_val.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+x_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_spki.o: ../cryptlib.h x_spki.c
+x_val.o: ../../e_os.h ../../include/openssl/asn1.h
+x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_val.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_val.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_val.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_val.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_val.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_val.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_val.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_val.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_val.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_val.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+x_val.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_val.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_val.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_val.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_val.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_val.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_x509.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_x509.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_val.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+x_val.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_val.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_val.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_val.o: ../cryptlib.h x_val.c
+x_x509.o: ../../e_os.h ../../include/openssl/asn1.h
+x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_x509.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
-x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
 x_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 x_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 x_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-x_x509.o: ../cryptlib.h
-x_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_x509.o: ../cryptlib.h x_x509.c
+x_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
+x_x509a.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_x509a.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_x509a.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_x509a.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_x509a.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+x_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_x509a.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+x_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_x509a.o: ../cryptlib.h x_x509a.c
diff --git a/src/lib/libcrypto/asn1/a_bitstr.c b/src/lib/libcrypto/asn1/a_bitstr.c
index 7013a407ad..c36817c1ee 100644
--- a/src/lib/libcrypto/asn1/a_bitstr.c
+++ b/src/lib/libcrypto/asn1/a_bitstr.c
@@ -60,27 +60,9 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 
-ASN1_BIT_STRING *ASN1_BIT_STRING_new(void)
-{ return M_ASN1_BIT_STRING_new(); }
-
-void ASN1_BIT_STRING_free(ASN1_BIT_STRING *x)
-{ M_ASN1_BIT_STRING_free(x); }
-
 int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
 { return M_ASN1_BIT_STRING_set(x, d, len); }
 
-int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
-{
-        int len, ret;
-        len = i2c_ASN1_BIT_STRING(a, NULL);     
-        ret=ASN1_object_size(0,len,V_ASN1_BIT_STRING);
-        if(pp) {
-                ASN1_put_object(pp,0,len,V_ASN1_BIT_STRING,V_ASN1_UNIVERSAL);
-                i2c_ASN1_BIT_STRING(a, pp);     
-        }
-        return ret;
-}
-
 int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
         {
         int ret,j,bits,len;
@@ -129,40 +111,6 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
         return(ret);
         }
 
-
-/* Convert DER encoded ASN1 BIT_STRING to ASN1_BIT_STRING structure */
-ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
-             long length)
-{
-        unsigned char *p;
-        long len;
-        int i;
-        int inf,tag,xclass;
-        ASN1_BIT_STRING *ret;
-
-        p= *pp;
-        inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-        if (inf & 0x80)
-                {
-                i=ASN1_R_BAD_OBJECT_HEADER;
-                goto err;
-                }
-
-        if (tag != V_ASN1_BIT_STRING)
-                {
-                i=ASN1_R_EXPECTING_A_BIT_STRING;
-                goto err;
-                }
-        if (len < 1) { i=ASN1_R_STRING_TOO_SHORT; goto err; }
-        ret = c2i_ASN1_BIT_STRING(a, &p, len);
-        if(ret) *pp = p;
-        return ret;
-err:
-        ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i);
-        return(NULL);
-
-}
-
 ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
              long len)
         {
@@ -224,6 +172,7 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
         w=n/8;
         v=1<<(7-(n&0x07));
         iv= ~v;
+        if (!value) v=0;
 
         a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */
 
diff --git a/src/lib/libcrypto/asn1/a_bool.c b/src/lib/libcrypto/asn1/a_bool.c
index 18fa61840b..24333ea4d5 100644
--- a/src/lib/libcrypto/asn1/a_bool.c
+++ b/src/lib/libcrypto/asn1/a_bool.c
@@ -58,7 +58,7 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
 
 int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
         {
@@ -110,3 +110,5 @@ err:
         ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i);
         return(ret);
         }
+
+
diff --git a/src/lib/libcrypto/asn1/a_bytes.c b/src/lib/libcrypto/asn1/a_bytes.c
index 3a0c0c7835..bb88660f58 100644
--- a/src/lib/libcrypto/asn1/a_bytes.c
+++ b/src/lib/libcrypto/asn1/a_bytes.c
@@ -58,18 +58,7 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
-
-static unsigned long tag2bit[32]={
-0,      0,      0,      B_ASN1_BIT_STRING,      /* tags  0 -  3 */
-B_ASN1_OCTET_STRING,    0,      0,              B_ASN1_UNKNOWN,/* tags  4- 7 */
-B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags  8-11 */
-B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
-0,      0,      B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,
-B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,0,
-0,B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,
-B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN,
-        };
+#include <openssl/asn1.h>
 
 static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c);
 /* type is a 'bitmap' of acceptable string types.
@@ -92,7 +81,7 @@ ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp,
                 i=ASN1_R_TAG_VALUE_TOO_HIGH;;
                 goto err;
                 }
-        if (!(tag2bit[tag] & type))
+        if (!(ASN1_tag2bit(tag) & type))
                 {
                 i=ASN1_R_WRONG_TYPE;
                 goto err;
diff --git a/src/lib/libcrypto/asn1/a_d2i_fp.c b/src/lib/libcrypto/asn1/a_d2i_fp.c
index a49d1cb289..a80fbe9ff7 100644
--- a/src/lib/libcrypto/asn1/a_d2i_fp.c
+++ b/src/lib/libcrypto/asn1/a_d2i_fp.c
@@ -61,9 +61,11 @@
 #include <openssl/buffer.h>
 #include <openssl/asn1_mac.h>
 
-#define HEADER_SIZE   8
+static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
+
+#ifndef NO_OLD_ASN1
+#ifndef OPENSSL_NO_FP_API
 
-#ifndef NO_FP_API
 char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in,
              unsigned char **x)
         {
@@ -85,10 +87,65 @@ char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in,
 char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
              unsigned char **x)
         {
+        BUF_MEM *b = NULL;
+        unsigned char *p;
+        char *ret=NULL;
+        int len;
+
+        len = asn1_d2i_read_bio(in, &b);
+        if(len < 0) goto err;
+
+        p=(unsigned char *)b->data;
+        ret=d2i(x,&p,len);
+err:
+        if (b != NULL) BUF_MEM_free(b);
+        return(ret);
+        }
+
+#endif
+
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
+        {
+        BUF_MEM *b = NULL;
+        unsigned char *p;
+        void *ret=NULL;
+        int len;
+
+        len = asn1_d2i_read_bio(in, &b);
+        if(len < 0) goto err;
+
+        p=(unsigned char *)b->data;
+        ret=ASN1_item_d2i(x,&p,len, it);
+err:
+        if (b != NULL) BUF_MEM_free(b);
+        return(ret);
+        }
+
+#ifndef OPENSSL_NO_FP_API
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
+        {
+        BIO *b;
+        char *ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB);
+                return(NULL);
+                }
+        BIO_set_fp(b,in,BIO_NOCLOSE);
+        ret=ASN1_item_d2i_bio(it,b,x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+#define HEADER_SIZE   8
+static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
+        {
         BUF_MEM *b;
         unsigned char *p;
         int i;
-        char *ret=NULL;
+        int ret=-1;
         ASN1_CTX c;
         int want=HEADER_SIZE;
         int eos=0;
@@ -99,7 +156,7 @@ char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
         if (b == NULL)
                 {
                 ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
-                return(NULL);
+                return -1;
                 }
 
         ERR_clear_error();
@@ -187,8 +244,8 @@ char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
                         }
                 }
 
-        p=(unsigned char *)b->data;
-        ret=d2i(x,&p,off);
+        *pb = b;
+        return off;
 err:
         if (b != NULL) BUF_MEM_free(b);
         return(ret);
diff --git a/src/lib/libcrypto/asn1/a_digest.c b/src/lib/libcrypto/asn1/a_digest.c
index 8257b8639e..4931e222a0 100644
--- a/src/lib/libcrypto/asn1/a_digest.c
+++ b/src/lib/libcrypto/asn1/a_digest.c
@@ -69,10 +69,11 @@
 #include <openssl/buffer.h>
 #include <openssl/x509.h>
 
+#ifndef NO_ASN1_OLD
+
 int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
                 unsigned char *md, unsigned int *len)
         {
-        EVP_MD_CTX ctx;
         int i;
         unsigned char *str,*p;
 
@@ -81,9 +82,24 @@ int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
         p=str;
         i2d(data,&p);
 
-        EVP_DigestInit(&ctx,type);
-        EVP_DigestUpdate(&ctx,str,i);
-        EVP_DigestFinal(&ctx,md,len);
+        EVP_Digest(str, i, md, len, type, NULL);
+        OPENSSL_free(str);
+        return(1);
+        }
+
+#endif
+
+
+int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
+                unsigned char *md, unsigned int *len)
+        {
+        int i;
+        unsigned char *str = NULL;
+
+        i=ASN1_item_i2d(asn,&str, it);
+        if (!str) return(0);
+
+        EVP_Digest(str, i, md, len, type, NULL);
         OPENSSL_free(str);
         return(1);
         }
diff --git a/src/lib/libcrypto/asn1/a_dup.c b/src/lib/libcrypto/asn1/a_dup.c
index c3bda58a5d..58a017884c 100644
--- a/src/lib/libcrypto/asn1/a_dup.c
+++ b/src/lib/libcrypto/asn1/a_dup.c
@@ -58,9 +58,9 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1.h>
 
-#define READ_CHUNK   2048
+#ifndef NO_OLD_ASN1
 
 char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
         {
@@ -81,3 +81,27 @@ char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
         OPENSSL_free(b);
         return(ret);
         }
+
+#endif
+
+/* ASN1_ITEM version of dup: this follows the model above except we don't need
+ * to allocate the buffer. At some point this could be rewritten to directly dup
+ * the underlying structure instead of doing and encode and decode.
+ */
+
+void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
+        {
+        unsigned char *b = NULL, *p;
+        long i;
+        void *ret;
+
+        if (x == NULL) return(NULL);
+
+        i=ASN1_item_i2d(x,&b,it);
+        if (b == NULL)
+                { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
+        p= b;
+        ret=ASN1_item_d2i(NULL,&p,i, it);
+        OPENSSL_free(b);
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/asn1/a_enum.c b/src/lib/libcrypto/asn1/a_enum.c
index 1428d1df7a..8a315fa371 100644
--- a/src/lib/libcrypto/asn1/a_enum.c
+++ b/src/lib/libcrypto/asn1/a_enum.c
@@ -65,60 +65,6 @@
  * for comments on encoding see a_int.c
  */
 
-ASN1_ENUMERATED *ASN1_ENUMERATED_new(void)
-{ return M_ASN1_ENUMERATED_new(); }
-
-void ASN1_ENUMERATED_free(ASN1_ENUMERATED *x)
-{ M_ASN1_ENUMERATED_free(x); }
-
-
-int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **pp)
-{
-        int len, ret;
-        if(!a) return 0;
-        len = i2c_ASN1_INTEGER(a, NULL);        
-        ret=ASN1_object_size(0,len,V_ASN1_ENUMERATED);
-        if(pp) {
-                ASN1_put_object(pp,0,len,V_ASN1_ENUMERATED,V_ASN1_UNIVERSAL);
-                i2c_ASN1_INTEGER(a, pp);        
-        }
-        return ret;
-}
-
-ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, unsigned char **pp,
-             long length)
-{
-        unsigned char *p;
-        long len;
-        int i;
-        int inf,tag,xclass;
-        ASN1_ENUMERATED *ret;
-
-        p= *pp;
-        inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-        if (inf & 0x80)
-                {
-                i=ASN1_R_BAD_OBJECT_HEADER;
-                goto err;
-                }
-
-        if (tag != V_ASN1_ENUMERATED)
-                {
-                i=ASN1_R_EXPECTING_AN_ENUMERATED;
-                goto err;
-                }
-        ret = c2i_ASN1_INTEGER(a, &p, len);
-        if(ret) {
-                ret->type = (V_ASN1_NEG & ret->type) | V_ASN1_ENUMERATED;
-                *pp = p;
-        }
-        return ret;
-err:
-        ASN1err(ASN1_F_D2I_ASN1_ENUMERATED,i);
-        return(NULL);
-
-}
-
 int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
         {
         int i,j,k;
@@ -168,7 +114,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
         if (i == V_ASN1_NEG_ENUMERATED)
                 neg=1;
         else if (i != V_ASN1_ENUMERATED)
-                return(0);
+                return -1;
         
         if (a->length > sizeof(long))
                 {
@@ -176,7 +122,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
                 return(0xffffffffL);
                 }
         if (a->data == NULL)
-                return(0);
+                return 0;
 
         for (i=0; i<a->length; i++)
                 {
diff --git a/src/lib/libcrypto/asn1/a_gentm.c b/src/lib/libcrypto/asn1/a_gentm.c
index 314479a03d..cd09f68b38 100644
--- a/src/lib/libcrypto/asn1/a_gentm.c
+++ b/src/lib/libcrypto/asn1/a_gentm.c
@@ -61,13 +61,10 @@
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
+#include "o_time.h"
 #include <openssl/asn1.h>
 
-ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_new(void)
-{ return M_ASN1_GENERALIZEDTIME_new(); }
-
-void ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *x)
-{ M_ASN1_GENERALIZEDTIME_free(x); }
+#if 0
 
 int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
         {
@@ -116,6 +113,8 @@ err:
         return(NULL);
         }
 
+#endif
+
 int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
         {
         static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
@@ -147,6 +146,19 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
 
                 if ((n < min[i]) || (n > max[i])) goto err;
                 }
+        /* Optional fractional seconds: decimal point followed by one
+         * or more digits.
+         */
+        if (a[o] == '.')
+                {
+                if (++o > l) goto err;
+                i = o;
+                while ((a[o] >= '0') && (a[o] <= '9') && (o <= l))
+                        o++;
+                /* Must have at least one digit after decimal point */
+                if (i == o) goto err;
+                }
+
         if (a[o] == 'Z')
                 o++;
         else if ((a[o] == '+') || (a[o] == '-'))
@@ -182,6 +194,7 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str)
                         {
                         ASN1_STRING_set((ASN1_STRING *)s,
                                 (unsigned char *)str,t.length);
+                        s->type=V_ASN1_GENERALIZEDTIME;
                         }
                 return(1);
                 }
@@ -194,21 +207,17 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
         {
         char *p;
         struct tm *ts;
-#if defined(THREADS) && !defined(WIN32)
         struct tm data;
-#endif
 
         if (s == NULL)
                 s=M_ASN1_GENERALIZEDTIME_new();
         if (s == NULL)
                 return(NULL);
 
-#if defined(THREADS) && !defined(WIN32)
-        gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
-        ts=&data;
-#else
-        ts=gmtime(&t);
-#endif
+        ts=OPENSSL_gmtime(&t, &data);
+        if (ts == NULL)
+                return(NULL);
+
         p=(char *)s->data;
         if ((p == NULL) || (s->length < 16))
                 {
diff --git a/src/lib/libcrypto/asn1/a_i2d_fp.c b/src/lib/libcrypto/asn1/a_i2d_fp.c
index aee29a7790..f4f1b73ebe 100644
--- a/src/lib/libcrypto/asn1/a_i2d_fp.c
+++ b/src/lib/libcrypto/asn1/a_i2d_fp.c
@@ -59,9 +59,11 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1.h>
 
-#ifndef NO_FP_API
+#ifndef NO_OLD_ASN1
+
+#ifndef OPENSSL_NO_FP_API
 int ASN1_i2d_fp(int (*i2d)(), FILE *out, unsigned char *x)
         {
         BIO *b;
@@ -111,3 +113,51 @@ int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x)
         OPENSSL_free(b);
         return(ret);
         }
+
+#endif
+
+#ifndef OPENSSL_NO_FP_API
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,out,BIO_NOCLOSE);
+        ret=ASN1_item_i2d_bio(it,b,x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
+        {
+        unsigned char *b = NULL;
+        int i,j=0,n,ret=1;
+
+        n = ASN1_item_i2d(x, &b, it);
+        if (b == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+
+        for (;;)
+                {
+                i=BIO_write(out,&(b[j]),n);
+                if (i == n) break;
+                if (i <= 0)
+                        {
+                        ret=0;
+                        break;
+                        }
+                j+=i;
+                n-=i;
+                }
+        OPENSSL_free(b);
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/asn1/a_int.c b/src/lib/libcrypto/asn1/a_int.c
index 6f0413f885..496704b9a5 100644
--- a/src/lib/libcrypto/asn1/a_int.c
+++ b/src/lib/libcrypto/asn1/a_int.c
@@ -60,33 +60,12 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 
-ASN1_INTEGER *ASN1_INTEGER_new(void)
-{ return M_ASN1_INTEGER_new();}
-
-void ASN1_INTEGER_free(ASN1_INTEGER *x)
-{ M_ASN1_INTEGER_free(x);}
-
 ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
 { return M_ASN1_INTEGER_dup(x);}
 
 int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
 { return M_ASN1_INTEGER_cmp(x,y);}
 
-/* Output ASN1 INTEGER including tag+length */
-
-int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
-{
-        int len, ret;
-        if(!a) return 0;
-        len = i2c_ASN1_INTEGER(a, NULL);        
-        ret=ASN1_object_size(0,len,V_ASN1_INTEGER);
-        if(pp) {
-                ASN1_put_object(pp,0,len,V_ASN1_INTEGER,V_ASN1_UNIVERSAL);
-                i2c_ASN1_INTEGER(a, pp);        
-        }
-        return ret;
-}
-
 /* 
  * This converts an ASN1 INTEGER into its content encoding.
  * The internal representation is an ASN1_STRING whose data is a big endian
@@ -174,39 +153,6 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
         return(ret);
         }
 
-/* Convert DER encoded ASN1 INTEGER to ASN1_INTEGER structure */
-ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
-             long length)
-{
-        unsigned char *p;
-        long len;
-        int i;
-        int inf,tag,xclass;
-        ASN1_INTEGER *ret;
-
-        p= *pp;
-        inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-        if (inf & 0x80)
-                {
-                i=ASN1_R_BAD_OBJECT_HEADER;
-                goto err;
-                }
-
-        if (tag != V_ASN1_INTEGER)
-                {
-                i=ASN1_R_EXPECTING_AN_INTEGER;
-                goto err;
-                }
-        ret = c2i_ASN1_INTEGER(a, &p, len);
-        if(ret) *pp = p;
-        return ret;
-err:
-        ASN1err(ASN1_F_D2I_ASN1_INTEGER,i);
-        return(NULL);
-
-}
-
-
 /* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
 
 ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
@@ -414,7 +360,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a)
         if (i == V_ASN1_NEG_INTEGER)
                 neg=1;
         else if (i != V_ASN1_INTEGER)
-                return(0);
+                return -1;
         
         if (a->length > sizeof(long))
                 {
@@ -422,7 +368,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a)
                 return(0xffffffffL);
                 }
         if (a->data == NULL)
-                return(0);
+                return 0;
 
         for (i=0; i<a->length; i++)
                 {
@@ -453,6 +399,12 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
         len=((j == 0)?0:((j/8)+1));
         ret->data=(unsigned char *)OPENSSL_malloc(len+4);
         ret->length=BN_bn2bin(bn,ret->data);
+        /* Correct zero case */
+        if(!ret->length)
+                {
+                ret->data[0] = 0;
+                ret->length = 1;
+                }
         return(ret);
 err:
         if (ret != ai) M_ASN1_INTEGER_free(ret);
diff --git a/src/lib/libcrypto/asn1/a_object.c b/src/lib/libcrypto/asn1/a_object.c
index 20caa2d3bd..71ce7c3896 100644
--- a/src/lib/libcrypto/asn1/a_object.c
+++ b/src/lib/libcrypto/asn1/a_object.c
@@ -302,7 +302,7 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a)
         }
 
 ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
-             char *sn, char *ln)
+             const char *sn, const char *ln)
         {
         ASN1_OBJECT o;
 
diff --git a/src/lib/libcrypto/asn1/a_octet.c b/src/lib/libcrypto/asn1/a_octet.c
index 2586f4327d..9690bae0f1 100644
--- a/src/lib/libcrypto/asn1/a_octet.c
+++ b/src/lib/libcrypto/asn1/a_octet.c
@@ -60,12 +60,6 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 
-ASN1_OCTET_STRING *ASN1_OCTET_STRING_new(void)
-{ return M_ASN1_OCTET_STRING_new(); }
-
-void ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *x)
-{ M_ASN1_OCTET_STRING_free(x); }
-
 ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x)
 { return M_ASN1_OCTET_STRING_dup(x); }
 
@@ -75,21 +69,3 @@ int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b)
 int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, unsigned char *d, int len)
 { return M_ASN1_OCTET_STRING_set(x, d, len); }
 
-int i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a, unsigned char **pp)
-{ return M_i2d_ASN1_OCTET_STRING(a, pp); }
-
-ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a,
-             unsigned char **pp, long length)
-        {
-        ASN1_OCTET_STRING *ret=NULL;
-
-        ret=(ASN1_OCTET_STRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
-                pp,length,V_ASN1_OCTET_STRING,V_ASN1_UNIVERSAL);
-        if (ret == NULL)
-                {
-                ASN1err(ASN1_F_D2I_ASN1_OCTET_STRING,ERR_R_NESTED_ASN1_ERROR);
-                return(NULL);
-                }
-        return(ret);
-        }
-
diff --git a/src/lib/libcrypto/asn1/a_print.c b/src/lib/libcrypto/asn1/a_print.c
index b7bd2bd18a..8035513f04 100644
--- a/src/lib/libcrypto/asn1/a_print.c
+++ b/src/lib/libcrypto/asn1/a_print.c
@@ -60,50 +60,6 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 
-ASN1_IA5STRING *ASN1_IA5STRING_new(void)
-{ return M_ASN1_IA5STRING_new();}
-
-void ASN1_IA5STRING_free(ASN1_IA5STRING *x)
-{ M_ASN1_IA5STRING_free(x);}
-
-int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a, unsigned char **pp)
-        { return(M_i2d_ASN1_IA5STRING(a,pp)); }
-
-ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a, unsigned char **pp,
-             long l)
-        { return(M_d2i_ASN1_IA5STRING(a,pp,l)); }
-
-ASN1_T61STRING *ASN1_T61STRING_new(void)
-{ return M_ASN1_T61STRING_new();}
-
-void ASN1_T61STRING_free(ASN1_T61STRING *x)
-{ M_ASN1_T61STRING_free(x);}
-
-ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a, unsigned char **pp,
-             long l)
-        { return(M_d2i_ASN1_T61STRING(a,pp,l)); }
-
-ASN1_PRINTABLESTRING *ASN1_PRINTABLESTRING_new(void)
-{ return M_ASN1_PRINTABLESTRING_new();}
-
-void ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *x)
-{ M_ASN1_PRINTABLESTRING_free(x);}
-
-ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a,
-             unsigned char **pp, long l)
-        { return(M_d2i_ASN1_PRINTABLESTRING(a,pp,
-             l)); }
-
-int i2d_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING *a, unsigned char **pp)
-        { return(M_i2d_ASN1_PRINTABLESTRING(a,pp)); }
-
-int i2d_ASN1_PRINTABLE(ASN1_STRING *a, unsigned char **pp)
-        { return(M_i2d_ASN1_PRINTABLE(a,pp)); }
-
-ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a, unsigned char **pp,
-             long l)
-        { return(M_d2i_ASN1_PRINTABLE(a,pp,l)); }
-
 int ASN1_PRINTABLE_type(unsigned char *s, int len)
         {
         int c;
@@ -169,29 +125,3 @@ int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
         s->type=ASN1_PRINTABLE_type(s->data,s->length);
         return(1);
         }
-
-ASN1_STRING *DIRECTORYSTRING_new(void)
-{ return M_DIRECTORYSTRING_new();}
-
-void DIRECTORYSTRING_free(ASN1_STRING *x)
-{ M_DIRECTORYSTRING_free(x);}
-
-int i2d_DIRECTORYSTRING(ASN1_STRING *a, unsigned char **pp)
-        { return(M_i2d_DIRECTORYSTRING(a,pp)); }
-
-ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **a, unsigned char **pp,
-             long l)
-        { return(M_d2i_DIRECTORYSTRING(a,pp,l)); }
-
-ASN1_STRING *DISPLAYTEXT_new(void)
-{ return M_DISPLAYTEXT_new();}
-
-void DISPLAYTEXT_free(ASN1_STRING *x)
-{ M_DISPLAYTEXT_free(x);}
-
-int i2d_DISPLAYTEXT(ASN1_STRING *a, unsigned char **pp)
-        { return(M_i2d_DISPLAYTEXT(a,pp)); }
-
-ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **a, unsigned char **pp,
-             long l)
-        { return(M_d2i_DISPLAYTEXT(a,pp,l)); }
diff --git a/src/lib/libcrypto/asn1/a_set.c b/src/lib/libcrypto/asn1/a_set.c
index caf5a1419c..19bb60fca8 100644
--- a/src/lib/libcrypto/asn1/a_set.c
+++ b/src/lib/libcrypto/asn1/a_set.c
@@ -60,6 +60,8 @@
 #include "cryptlib.h"
 #include <openssl/asn1_mac.h>
 
+#ifndef NO_ASN1_OLD
+
 typedef struct
     {
     unsigned char *pbData;
@@ -215,3 +217,4 @@ err:
         return(NULL);
         }
 
+#endif
diff --git a/src/lib/libcrypto/asn1/a_sign.c b/src/lib/libcrypto/asn1/a_sign.c
index 4c651706d2..de53b44144 100644
--- a/src/lib/libcrypto/asn1/a_sign.c
+++ b/src/lib/libcrypto/asn1/a_sign.c
@@ -55,6 +55,59 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
 #include <time.h>
@@ -71,6 +124,8 @@
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 
+#ifndef NO_ASN1_OLD
+
 int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
              ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
              const EVP_MD *type)
@@ -80,6 +135,7 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
         int i,inl=0,outl=0,outll=0;
         X509_ALGOR *a;
 
+        EVP_MD_CTX_init(&ctx);
         for (i=0; i<2; i++)
                 {
                 if (i == 0)
@@ -87,7 +143,14 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
                 else
                         a=algor2;
                 if (a == NULL) continue;
-                if (    (a->parameter == NULL) || 
+                if (type->pkey_type == NID_dsaWithSHA1)
+                        {
+                        /* special case: RFC 2459 tells us to omit 'parameters'
+                         * with id-dsa-with-sha1 */
+                        ASN1_TYPE_free(a->parameter);
+                        a->parameter = NULL;
+                        }
+                else if ((a->parameter == NULL) || 
                         (a->parameter->type != V_ASN1_NULL))
                         {
                         ASN1_TYPE_free(a->parameter);
@@ -120,7 +183,90 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
         p=buf_in;
 
         i2d(data,&p);
-        EVP_SignInit(&ctx,type);
+        EVP_SignInit_ex(&ctx,type, NULL);
+        EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
+        if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
+                        (unsigned int *)&outl,pkey))
+                {
+                outl=0;
+                ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
+                goto err;
+                }
+        if (signature->data != NULL) OPENSSL_free(signature->data);
+        signature->data=buf_out;
+        buf_out=NULL;
+        signature->length=outl;
+        /* In the interests of compatibility, I'll make sure that
+         * the bit string has a 'not-used bits' value of 0
+         */
+        signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+        signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+err:
+        EVP_MD_CTX_cleanup(&ctx);
+        if (buf_in != NULL)
+                { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
+        if (buf_out != NULL)
+                { memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
+        return(outl);
+        }
+
+#endif
+
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
+             ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey,
+             const EVP_MD *type)
+        {
+        EVP_MD_CTX ctx;
+        unsigned char *buf_in=NULL,*buf_out=NULL;
+        int i,inl=0,outl=0,outll=0;
+        X509_ALGOR *a;
+
+        EVP_MD_CTX_init(&ctx);
+        for (i=0; i<2; i++)
+                {
+                if (i == 0)
+                        a=algor1;
+                else
+                        a=algor2;
+                if (a == NULL) continue;
+                if (type->pkey_type == NID_dsaWithSHA1)
+                        {
+                        /* special case: RFC 2459 tells us to omit 'parameters'
+                         * with id-dsa-with-sha1 */
+                        ASN1_TYPE_free(a->parameter);
+                        a->parameter = NULL;
+                        }
+                else if ((a->parameter == NULL) || 
+                        (a->parameter->type != V_ASN1_NULL))
+                        {
+                        ASN1_TYPE_free(a->parameter);
+                        if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
+                        a->parameter->type=V_ASN1_NULL;
+                        }
+                ASN1_OBJECT_free(a->algorithm);
+                a->algorithm=OBJ_nid2obj(type->pkey_type);
+                if (a->algorithm == NULL)
+                        {
+                        ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
+                        goto err;
+                        }
+                if (a->algorithm->length == 0)
+                        {
+                        ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+                        goto err;
+                        }
+                }
+        inl=ASN1_item_i2d(asn,&buf_in, it);
+        outll=outl=EVP_PKEY_size(pkey);
+        buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
+        if ((buf_in == NULL) || (buf_out == NULL))
+                {
+                outl=0;
+                ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        EVP_SignInit_ex(&ctx,type, NULL);
         EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
         if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
                         (unsigned int *)&outl,pkey))
@@ -139,7 +285,7 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
         signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
         signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
 err:
-        memset(&ctx,0,sizeof(ctx));
+        EVP_MD_CTX_cleanup(&ctx);
         if (buf_in != NULL)
                 { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
         if (buf_out != NULL)
diff --git a/src/lib/libcrypto/asn1/a_strex.c b/src/lib/libcrypto/asn1/a_strex.c
index 569b811998..128aa7e772 100644
--- a/src/lib/libcrypto/asn1/a_strex.c
+++ b/src/lib/libcrypto/asn1/a_strex.c
@@ -371,6 +371,8 @@ static int do_indent(char_io *io_ch, void *arg, int indent)
         return 1;
 }
 
+#define FN_WIDTH_LN     25
+#define FN_WIDTH_SN     10
 
 static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
                                 int indent, unsigned long flags)
@@ -456,19 +458,29 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
                 val = X509_NAME_ENTRY_get_data(ent);
                 fn_nid = OBJ_obj2nid(fn);
                 if(fn_opt != XN_FLAG_FN_NONE) {
-                        int objlen;
+                        int objlen, fld_len;
                         if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) {
                                 OBJ_obj2txt(objtmp, 80, fn, 1);
+                                fld_len = 0; /* XXX: what should this be? */
                                 objbuf = objtmp;
                         } else {
-                                if(fn_opt == XN_FLAG_FN_SN) 
+                                if(fn_opt == XN_FLAG_FN_SN) {
+                                        fld_len = FN_WIDTH_SN;
                                         objbuf = OBJ_nid2sn(fn_nid);
-                                else if(fn_opt == XN_FLAG_FN_LN)
+                                } else if(fn_opt == XN_FLAG_FN_LN) {
+                                        fld_len = FN_WIDTH_LN;
                                         objbuf = OBJ_nid2ln(fn_nid);
-                                else objbuf = "";
+                                } else {
+                                        fld_len = 0; /* XXX: what should this be? */
+                                        objbuf = "";
+                                }
                         }
                         objlen = strlen(objbuf);
                         if(!io_ch(arg, objbuf, objlen)) return -1;
+                        if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
+                                if (!do_indent(io_ch, arg, fld_len - objlen)) return -1;
+                                outlen += fld_len - objlen;
+                        }
                         if(!io_ch(arg, sep_eq, sep_eq_len)) return -1;
                         outlen += objlen + sep_eq_len;
                 }
@@ -491,12 +503,24 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
 
 int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags)
 {
+        if(flags == XN_FLAG_COMPAT)
+                return X509_NAME_print(out, nm, indent);
         return do_name_ex(send_bio_chars, out, nm, indent, flags);
 }
 
 
 int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags)
 {
+        if(flags == XN_FLAG_COMPAT)
+                {
+                BIO *btmp;
+                int ret;
+                btmp = BIO_new_fp(fp, BIO_NOCLOSE);
+                if(!btmp) return -1;
+                ret = X509_NAME_print(btmp, nm, indent);
+                BIO_free(btmp);
+                return ret;
+                }
         return do_name_ex(send_fp_chars, fp, nm, indent, flags);
 }
 
diff --git a/src/lib/libcrypto/asn1/a_strnid.c b/src/lib/libcrypto/asn1/a_strnid.c
index 732e68fe46..04789d1c63 100644
--- a/src/lib/libcrypto/asn1/a_strnid.c
+++ b/src/lib/libcrypto/asn1/a_strnid.c
@@ -105,9 +105,9 @@ int ASN1_STRING_set_default_mask_asc(char *p)
                 mask = strtoul(p + 5, &end, 0);
                 if(*end) return 0;
         } else if(!strcmp(p, "nombstr"))
-                         mask = ~(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING);
+                         mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING));
         else if(!strcmp(p, "pkix"))
-                        mask = ~B_ASN1_T61STRING;
+                        mask = ~((unsigned long)B_ASN1_T61STRING);
         else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING;
         else if(!strcmp(p, "default"))
             mask = 0xFFFFFFFFL;
@@ -170,8 +170,10 @@ static ASN1_STRING_TABLE tbl_standard[] = {
 {NID_givenName,                 1, ub_name, DIRSTRING_TYPE, 0},
 {NID_surname,                   1, ub_name, DIRSTRING_TYPE, 0},
 {NID_initials,                  1, ub_name, DIRSTRING_TYPE, 0},
+{NID_friendlyName,              -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
 {NID_name,                      1, ub_name, DIRSTRING_TYPE, 0},
-{NID_dnQualifier,               -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}
+{NID_dnQualifier,               -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+{NID_ms_csp_name,               -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
 };
 
 static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
diff --git a/src/lib/libcrypto/asn1/a_time.c b/src/lib/libcrypto/asn1/a_time.c
index 8c0ddee4ac..27ddd30899 100644
--- a/src/lib/libcrypto/asn1/a_time.c
+++ b/src/lib/libcrypto/asn1/a_time.c
@@ -64,14 +64,14 @@
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
-#include <openssl/asn1.h>
+#include "o_time.h"
+#include <openssl/asn1t.h>
 
-ASN1_TIME *ASN1_TIME_new(void)
-{ return M_ASN1_TIME_new(); }
+IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
 
-void ASN1_TIME_free(ASN1_TIME *x)
-{ M_ASN1_TIME_free(x); }
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
 
+#if 0
 int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
         {
 #ifdef CHARSET_EBCDIC
@@ -95,33 +95,64 @@ int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
         ASN1err(ASN1_F_I2D_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
         return -1;
         }
-
-
-ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, unsigned char **pp, long length)
-        {
-        unsigned char tag;
-        tag = **pp & ~V_ASN1_CONSTRUCTED;
-        if(tag == (V_ASN1_UTCTIME|V_ASN1_UNIVERSAL))
-                                         return d2i_ASN1_UTCTIME(a, pp, length);
-        if(tag == (V_ASN1_GENERALIZEDTIME|V_ASN1_UNIVERSAL))
-                                return d2i_ASN1_GENERALIZEDTIME(a, pp, length);
-        ASN1err(ASN1_F_D2I_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
-        return(NULL);
-        }
+#endif
 
 
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
         {
         struct tm *ts;
-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
         struct tm data;
 
-        gmtime_r(&t,&data);
-        ts=&data; /* should return &data, but doesn't on some systems, so we don't even look at the return value */
-#else
-        ts=gmtime(&t);
-#endif
+        ts=OPENSSL_gmtime(&t,&data);
+        if (ts == NULL)
+                return NULL;
         if((ts->tm_year >= 50) && (ts->tm_year < 150))
                                         return ASN1_UTCTIME_set(s, t);
         return ASN1_GENERALIZEDTIME_set(s,t);
         }
+
+int ASN1_TIME_check(ASN1_TIME *t)
+        {
+        if (t->type == V_ASN1_GENERALIZEDTIME)
+                return ASN1_GENERALIZEDTIME_check(t);
+        else if (t->type == V_ASN1_UTCTIME)
+                return ASN1_UTCTIME_check(t);
+        return 0;
+        }
+
+/* Convert an ASN1_TIME structure to GeneralizedTime */
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
+        {
+        ASN1_GENERALIZEDTIME *ret;
+        char *str;
+
+        if (!ASN1_TIME_check(t)) return NULL;
+
+        if (!out || !*out)
+                {
+                if (!(ret = ASN1_GENERALIZEDTIME_new ()))
+                        return NULL;
+                if (out) *out = ret;
+                }
+        else ret = *out;
+
+        /* If already GeneralizedTime just copy across */
+        if (t->type == V_ASN1_GENERALIZEDTIME)
+                {
+                if(!ASN1_STRING_set(ret, t->data, t->length))
+                        return NULL;
+                return ret;
+                }
+
+        /* grow the string */
+        if (!ASN1_STRING_set(ret, NULL, t->length + 2))
+                return NULL;
+        str = (char *)ret->data;
+        /* Work out the century and prepend */
+        if (t->data[0] >= '5') strcpy(str, "19");
+        else strcpy(str, "20");
+
+        strcat(str, (char *)t->data);
+
+        return ret;
+        }
diff --git a/src/lib/libcrypto/asn1/a_type.c b/src/lib/libcrypto/asn1/a_type.c
index e72a6b29e0..96e111cf23 100644
--- a/src/lib/libcrypto/asn1/a_type.c
+++ b/src/lib/libcrypto/asn1/a_type.c
@@ -57,236 +57,8 @@
  */
 
 #include <stdio.h>
+#include <openssl/asn1t.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
-
-static void ASN1_TYPE_component_free(ASN1_TYPE *a);
-int i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **pp)
-        {
-        int r=0;
-
-        if (a == NULL) return(0);
-
-        switch (a->type)
-                {
-        case V_ASN1_NULL:
-                if (pp != NULL)
-                        ASN1_put_object(pp,0,0,V_ASN1_NULL,V_ASN1_UNIVERSAL);
-                r=2;
-                break;
-        case V_ASN1_INTEGER:
-        case V_ASN1_NEG_INTEGER:
-                r=i2d_ASN1_INTEGER(a->value.integer,pp);
-                break;
-        case V_ASN1_ENUMERATED:
-        case V_ASN1_NEG_ENUMERATED:
-                r=i2d_ASN1_ENUMERATED(a->value.enumerated,pp);
-                break;
-        case V_ASN1_BIT_STRING:
-                r=i2d_ASN1_BIT_STRING(a->value.bit_string,pp);
-                break;
-        case V_ASN1_OCTET_STRING:
-                r=i2d_ASN1_OCTET_STRING(a->value.octet_string,pp);
-                break;
-        case V_ASN1_OBJECT:
-                r=i2d_ASN1_OBJECT(a->value.object,pp);
-                break;
-        case V_ASN1_PRINTABLESTRING:
-                r=M_i2d_ASN1_PRINTABLESTRING(a->value.printablestring,pp);
-                break;
-        case V_ASN1_T61STRING:
-                r=M_i2d_ASN1_T61STRING(a->value.t61string,pp);
-                break;
-        case V_ASN1_IA5STRING:
-                r=M_i2d_ASN1_IA5STRING(a->value.ia5string,pp);
-                break;
-        case V_ASN1_GENERALSTRING:
-                r=M_i2d_ASN1_GENERALSTRING(a->value.generalstring,pp);
-                break;
-        case V_ASN1_UNIVERSALSTRING:
-                r=M_i2d_ASN1_UNIVERSALSTRING(a->value.universalstring,pp);
-                break;
-        case V_ASN1_UTF8STRING:
-                r=M_i2d_ASN1_UTF8STRING(a->value.utf8string,pp);
-                break;
-        case V_ASN1_VISIBLESTRING:
-                r=M_i2d_ASN1_VISIBLESTRING(a->value.visiblestring,pp);
-                break;
-        case V_ASN1_BMPSTRING:
-                r=M_i2d_ASN1_BMPSTRING(a->value.bmpstring,pp);
-                break;
-        case V_ASN1_UTCTIME:
-                r=i2d_ASN1_UTCTIME(a->value.utctime,pp);
-                break;
-        case V_ASN1_GENERALIZEDTIME:
-                r=i2d_ASN1_GENERALIZEDTIME(a->value.generalizedtime,pp);
-                break;
-        case V_ASN1_SET:
-        case V_ASN1_SEQUENCE:
-        case V_ASN1_OTHER:
-        default:
-                if (a->value.set == NULL)
-                        r=0;
-                else
-                        {
-                        r=a->value.set->length;
-                        if (pp != NULL)
-                                {
-                                memcpy(*pp,a->value.set->data,r);
-                                *pp+=r;
-                                }
-                        }
-                break;
-                }
-        return(r);
-        }
-
-ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
-        {
-        ASN1_TYPE *ret=NULL;
-        unsigned char *q,*p,*max;
-        int inf,tag,xclass;
-        long len;
-
-        if ((a == NULL) || ((*a) == NULL))
-                {
-                if ((ret=ASN1_TYPE_new()) == NULL) goto err;
-                }
-        else
-                ret=(*a);
-
-        p= *pp;
-        q=p;
-        max=(p+length);
-
-        inf=ASN1_get_object(&q,&len,&tag,&xclass,length);
-        if (inf & 0x80) goto err;
-        /* If not universal tag we've no idea what it is */
-        if(xclass != V_ASN1_UNIVERSAL) tag = V_ASN1_OTHER;
-        
-        ASN1_TYPE_component_free(ret);
-
-        switch (tag)
-                {
-        case V_ASN1_NULL:
-                p=q;
-                ret->value.ptr=NULL;
-                break;
-        case V_ASN1_INTEGER:
-                if ((ret->value.integer=
-                        d2i_ASN1_INTEGER(NULL,&p,max-p)) == NULL)
-                        goto err;
-                break;
-        case V_ASN1_ENUMERATED:
-                if ((ret->value.enumerated=
-                        d2i_ASN1_ENUMERATED(NULL,&p,max-p)) == NULL)
-                        goto err;
-                break;
-        case V_ASN1_BIT_STRING:
-                if ((ret->value.bit_string=
-                        d2i_ASN1_BIT_STRING(NULL,&p,max-p)) == NULL)
-                        goto err;
-                break;
-        case V_ASN1_OCTET_STRING:
-                if ((ret->value.octet_string=
-                        d2i_ASN1_OCTET_STRING(NULL,&p,max-p)) == NULL)
-                        goto err;
-                break;
-        case V_ASN1_VISIBLESTRING:
-                if ((ret->value.visiblestring=
-                        d2i_ASN1_VISIBLESTRING(NULL,&p,max-p)) == NULL)
-                        goto err;
-                break;
-        case V_ASN1_UTF8STRING:
-                if ((ret->value.utf8string=
-                        d2i_ASN1_UTF8STRING(NULL,&p,max-p)) == NULL)
-                        goto err;
-                break;
-        case V_ASN1_OBJECT:
-                if ((ret->value.object=
-                        d2i_ASN1_OBJECT(NULL,&p,max-p)) == NULL)
-                        goto err;
-                break;
-        case V_ASN1_PRINTABLESTRING:
-                if ((ret->value.printablestring=
-                        d2i_ASN1_PRINTABLESTRING(NULL,&p,max-p)) == NULL)
-                        goto err;
-                break;
-        case V_ASN1_T61STRING:
-                if ((ret->value.t61string=
-                        M_d2i_ASN1_T61STRING(NULL,&p,max-p)) == NULL)
-                        goto err;
-                break;
-        case V_ASN1_IA5STRING:
-                if ((ret->value.ia5string=
-                        M_d2i_ASN1_IA5STRING(NULL,&p,max-p)) == NULL)
-                        goto err;
-                break;
-        case V_ASN1_GENERALSTRING:
-                if ((ret->value.generalstring=
-                        M_d2i_ASN1_GENERALSTRING(NULL,&p,max-p)) == NULL)
-                        goto err;
-                break;
-        case V_ASN1_UNIVERSALSTRING:
-                if ((ret->value.universalstring=
-                        M_d2i_ASN1_UNIVERSALSTRING(NULL,&p,max-p)) == NULL)
-                        goto err;
-                break;
-        case V_ASN1_BMPSTRING:
-                if ((ret->value.bmpstring=
-                        M_d2i_ASN1_BMPSTRING(NULL,&p,max-p)) == NULL)
-                        goto err;
-                break;
-        case V_ASN1_UTCTIME:
-                if ((ret->value.utctime=
-                        d2i_ASN1_UTCTIME(NULL,&p,max-p)) == NULL)
-                        goto err;
-                break;
-        case V_ASN1_GENERALIZEDTIME:
-                if ((ret->value.generalizedtime=
-                        d2i_ASN1_GENERALIZEDTIME(NULL,&p,max-p)) == NULL)
-                        goto err;
-                break;
-        case V_ASN1_SET:
-        case V_ASN1_SEQUENCE:
-        case V_ASN1_OTHER:
-        default:
-                /* Sets and sequences are left complete */
-                if ((ret->value.set=ASN1_STRING_new()) == NULL) goto err;
-                ret->value.set->type=tag;
-                len+=(q-p);
-                if (!ASN1_STRING_set(ret->value.set,p,(int)len)) goto err;
-                p+=len;
-                break;
-                }
-
-        ret->type=tag;
-        if (a != NULL) (*a)=ret;
-        *pp=p;
-        return(ret);
-err:
-        if ((ret != NULL) && ((a == NULL) || (*a != ret))) ASN1_TYPE_free(ret);
-        return(NULL);
-        }
-
-ASN1_TYPE *ASN1_TYPE_new(void)
-        {
-        ASN1_TYPE *ret=NULL;
-        ASN1_CTX c;
-
-        M_ASN1_New_Malloc(ret,ASN1_TYPE);
-        ret->type= -1;
-        ret->value.ptr=NULL;
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_ASN1_TYPE_NEW);
-        }
-
-void ASN1_TYPE_free(ASN1_TYPE *a)
-        {
-        if (a == NULL) return;
-        ASN1_TYPE_component_free(a);
-        OPENSSL_free(a);
-        }
 
 int ASN1_TYPE_get(ASN1_TYPE *a)
         {
@@ -299,54 +71,11 @@ int ASN1_TYPE_get(ASN1_TYPE *a)
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
         {
         if (a->value.ptr != NULL)
-                ASN1_TYPE_component_free(a);
+                ASN1_primitive_free((ASN1_VALUE **)&a, NULL);
         a->type=type;
         a->value.ptr=value;
         }
 
-static void ASN1_TYPE_component_free(ASN1_TYPE *a)
-        {
-        if (a == NULL) return;
-
-        if (a->value.ptr != NULL)
-                {
-                switch (a->type)
-                        {
-                case V_ASN1_OBJECT:
-                        ASN1_OBJECT_free(a->value.object);
-                        break;
-                case V_ASN1_NULL:
-                        break;
-                case V_ASN1_INTEGER:
-                case V_ASN1_NEG_INTEGER:
-                case V_ASN1_ENUMERATED:
-                case V_ASN1_NEG_ENUMERATED:
-                case V_ASN1_BIT_STRING:
-                case V_ASN1_OCTET_STRING:
-                case V_ASN1_SEQUENCE:
-                case V_ASN1_SET:
-                case V_ASN1_NUMERICSTRING:
-                case V_ASN1_PRINTABLESTRING:
-                case V_ASN1_T61STRING:
-                case V_ASN1_VIDEOTEXSTRING:
-                case V_ASN1_IA5STRING:
-                case V_ASN1_UTCTIME:
-                case V_ASN1_GENERALIZEDTIME:
-                case V_ASN1_GRAPHICSTRING:
-                case V_ASN1_VISIBLESTRING:
-                case V_ASN1_GENERALSTRING:
-                case V_ASN1_UNIVERSALSTRING:
-                case V_ASN1_BMPSTRING:
-                case V_ASN1_UTF8STRING:
-                case V_ASN1_OTHER:
-                default:
-                        ASN1_STRING_free((ASN1_STRING *)a->value.ptr);
-                        break;
-                        }
-                a->type=0;
-                a->value.ptr=NULL;
-                }
-        }
 
 IMPLEMENT_STACK_OF(ASN1_TYPE)
 IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
diff --git a/src/lib/libcrypto/asn1/a_utctm.c b/src/lib/libcrypto/asn1/a_utctm.c
index d381c9e0d1..ed2d827db2 100644
--- a/src/lib/libcrypto/asn1/a_utctm.c
+++ b/src/lib/libcrypto/asn1/a_utctm.c
@@ -58,20 +58,11 @@
 
 #include <stdio.h>
 #include <time.h>
-#ifdef VMS
-#include <descrip.h>
-#include <lnmdef.h>
-#include <starlet.h>
-#endif
 #include "cryptlib.h"
+#include "o_time.h"
 #include <openssl/asn1.h>
 
-ASN1_UTCTIME *ASN1_UTCTIME_new(void)
-{ return M_ASN1_UTCTIME_new(); }
-
-void ASN1_UTCTIME_free(ASN1_UTCTIME *x)
-{ M_ASN1_UTCTIME_free(x); }
-
+#if 0
 int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
         {
 #ifndef CHARSET_EBCDIC
@@ -119,6 +110,8 @@ err:
         return(NULL);
         }
 
+#endif
+
 int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
         {
         static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
@@ -182,6 +175,7 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str)
                         {
                         ASN1_STRING_set((ASN1_STRING *)s,
                                 (unsigned char *)str,t.length);
+                        s->type = V_ASN1_UTCTIME;
                         }
                 return(1);
                 }
@@ -193,59 +187,17 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
         {
         char *p;
         struct tm *ts;
-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
-
         struct tm data;
-#endif
 
         if (s == NULL)
                 s=M_ASN1_UTCTIME_new();
         if (s == NULL)
                 return(NULL);
 
-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
-        gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
-        ts=&data;
-#else
-        ts=gmtime(&t);
-#endif
-#ifdef VMS
+        ts=OPENSSL_gmtime(&t, &data);
         if (ts == NULL)
-                {
-                static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL");
-                static $DESCRIPTOR(lognam,"SYS$TIMEZONE_DIFFERENTIAL");
-                char result[256];
-                unsigned int reslen = 0;
-                struct {
-                        short buflen;
-                        short code;
-                        void *bufaddr;
-                        unsigned int *reslen;
-                } itemlist[] = {
-                        { 0, LNM$_STRING, 0, 0 },
-                        { 0, 0, 0, 0 },
-                };
-                int status;
-
-                /* Get the value for SYS$TIMEZONE_DIFFERENTIAL */
-                itemlist[0].buflen = sizeof(result);
-                itemlist[0].bufaddr = result;
-                itemlist[0].reslen = &reslen;
-                status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist);
-                if (!(status & 1))
-                        return NULL;
-                result[reslen] = '\0';
-
-                /* Get the numerical value of the equivalence string */
-                status = atoi(result);
-
-                /* and use it to move time to GMT */
-                t -= status;
-
-                /* then convert the result to the time structure */
-                ts=(struct tm *)localtime(&t);
-                }
-#endif
+                return(NULL);
+
         p=(char *)s->data;
         if ((p == NULL) || (s->length < 14))
                 {
@@ -286,11 +238,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 
         t -= offset*60; /* FIXME: may overflow in extreme cases */
 
-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
-        { struct tm data; gmtime_r(&t, &data); tm = &data; }
-#else
-        tm = gmtime(&t);
-#endif
+        { struct tm data; tm = OPENSSL_gmtime(&t, &data); }
         
 #define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
         year = g2(s->data);
diff --git a/src/lib/libcrypto/asn1/a_utf8.c b/src/lib/libcrypto/asn1/a_utf8.c
index 854278f136..508e11e527 100644
--- a/src/lib/libcrypto/asn1/a_utf8.c
+++ b/src/lib/libcrypto/asn1/a_utf8.c
@@ -60,33 +60,6 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 
-ASN1_UTF8STRING *ASN1_UTF8STRING_new(void)
-{ return M_ASN1_UTF8STRING_new();}
-
-void ASN1_UTF8STRING_free(ASN1_UTF8STRING *x)
-{ M_ASN1_UTF8STRING_free(x);}
-
-int i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a, unsigned char **pp)
-        {
-        return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
-                V_ASN1_UTF8STRING,V_ASN1_UNIVERSAL));
-        }
-
-ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a, unsigned char **pp,
-             long length)
-        {
-        ASN1_UTF8STRING *ret=NULL;
-
-        ret=(ASN1_UTF8STRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
-                pp,length,V_ASN1_UTF8STRING,V_ASN1_UNIVERSAL);
-        if (ret == NULL)
-                {
-                ASN1err(ASN1_F_D2I_ASN1_UTF8STRING,ERR_R_NESTED_ASN1_ERROR);
-                return(NULL);
-                }
-        return(ret);
-        }
-
 
 /* UTF8 utilities */
 
diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c
index 2a11927e5c..bf41de5146 100644
--- a/src/lib/libcrypto/asn1/a_verify.c
+++ b/src/lib/libcrypto/asn1/a_verify.c
@@ -71,6 +71,8 @@
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
 
+#ifndef NO_ASN1_OLD
+
 int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
              char *data, EVP_PKEY *pkey)
         {
@@ -79,6 +81,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
         unsigned char *p,*buf_in=NULL;
         int ret= -1,i,inl;
 
+        EVP_MD_CTX_init(&ctx);
         i=OBJ_obj2nid(a->algorithm);
         type=EVP_get_digestbyname(OBJ_nid2sn(i));
         if (type == NULL)
@@ -97,7 +100,57 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
         p=buf_in;
 
         i2d(data,&p);
-        EVP_VerifyInit(&ctx,type);
+        EVP_VerifyInit_ex(&ctx,type, NULL);
+        EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+
+        memset(buf_in,0,(unsigned int)inl);
+        OPENSSL_free(buf_in);
+
+        if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+                        (unsigned int)signature->length,pkey) <= 0)
+                {
+                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+                ret=0;
+                goto err;
+                }
+        /* we don't need to zero the 'ctx' because we just checked
+         * public information */
+        /* memset(&ctx,0,sizeof(ctx)); */
+        ret=1;
+err:
+        EVP_MD_CTX_cleanup(&ctx);
+        return(ret);
+        }
+
+#endif
+
+
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,
+             void *asn, EVP_PKEY *pkey)
+        {
+        EVP_MD_CTX ctx;
+        const EVP_MD *type;
+        unsigned char *buf_in=NULL;
+        int ret= -1,i,inl;
+
+        EVP_MD_CTX_init(&ctx);
+        i=OBJ_obj2nid(a->algorithm);
+        type=EVP_get_digestbyname(OBJ_nid2sn(i));
+        if (type == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+                goto err;
+                }
+
+        inl = ASN1_item_i2d(asn, &buf_in, it);
+        
+        if (buf_in == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        EVP_VerifyInit_ex(&ctx,type, NULL);
         EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
 
         memset(buf_in,0,(unsigned int)inl);
@@ -115,5 +168,8 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
         /* memset(&ctx,0,sizeof(ctx)); */
         ret=1;
 err:
+        EVP_MD_CTX_cleanup(&ctx);
         return(ret);
         }
+
+
diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h
index 6f956b1963..0d1713f8dd 100644
--- a/src/lib/libcrypto/asn1/asn1.h
+++ b/src/lib/libcrypto/asn1/asn1.h
@@ -60,15 +60,24 @@
 #define HEADER_ASN1_H
 
 #include <time.h>
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
+#include <openssl/e_os2.h>
 #include <openssl/bn.h>
 #include <openssl/stack.h>
 #include <openssl/safestack.h>
 
 #include <openssl/symhacks.h>
 
+#include <openssl/e_os2.h>
+#include <openssl/ossl_typ.h>
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -84,6 +93,7 @@ extern "C" {
 
 #define V_ASN1_APP_CHOOSE               -2      /* let the recipient choose */
 #define V_ASN1_OTHER                    -3      /* used in ASN1_TYPE */
+#define V_ASN1_ANY                      -4      /* used in ASN1 template code */
 
 #define V_ASN1_NEG                      0x100   /* negative flag */
 
@@ -136,6 +146,8 @@ extern "C" {
 #define B_ASN1_BMPSTRING        0x0800
 #define B_ASN1_UNKNOWN          0x1000
 #define B_ASN1_UTF8STRING       0x2000
+#define B_ASN1_UTCTIME          0x4000
+#define B_ASN1_GENERALIZEDTIME  0x8000
 
 /* For use with ASN1_mbstring_copy() */
 #define MBSTRING_FLAG           0x1000
@@ -193,6 +205,21 @@ typedef struct asn1_string_st
         long flags;
         } ASN1_STRING;
 
+/* ASN1_ENCODING structure: this is used to save the received
+ * encoding of an ASN1 type. This is useful to get round
+ * problems with invalid encodings which can break signatures.
+ */
+
+typedef struct ASN1_ENCODING_st
+        {
+        unsigned char *enc;     /* DER encoding */
+        long len;               /* Length of encoding */
+        int modified;            /* set to 1 if 'enc' is invalid */
+        } ASN1_ENCODING;
+
+/* Used with ASN1 LONG type: if a long is set to this it is omitted */
+#define ASN1_LONG_UNDEF 0x7fffffffL
+
 #define STABLE_FLAGS_MALLOC     0x01
 #define STABLE_NO_MASK          0x02
 #define DIRSTRING_TYPE  \
@@ -220,43 +247,116 @@ DECLARE_STACK_OF(ASN1_STRING_TABLE)
 #define ub_title                        64
 #define ub_email_address                128
 
-#ifdef NO_ASN1_TYPEDEFS
-#define ASN1_INTEGER            ASN1_STRING
-#define ASN1_ENUMERATED         ASN1_STRING
-#define ASN1_BIT_STRING         ASN1_STRING
-#define ASN1_OCTET_STRING       ASN1_STRING
-#define ASN1_PRINTABLESTRING    ASN1_STRING
-#define ASN1_T61STRING          ASN1_STRING
-#define ASN1_IA5STRING          ASN1_STRING
-#define ASN1_UTCTIME            ASN1_STRING
-#define ASN1_GENERALIZEDTIME    ASN1_STRING
-#define ASN1_TIME               ASN1_STRING
-#define ASN1_GENERALSTRING      ASN1_STRING
-#define ASN1_UNIVERSALSTRING    ASN1_STRING
-#define ASN1_BMPSTRING          ASN1_STRING
-#define ASN1_VISIBLESTRING      ASN1_STRING
-#define ASN1_UTF8STRING         ASN1_STRING
-#define ASN1_BOOLEAN            int
+/* Declarations for template structures: for full definitions
+ * see asn1t.h
+ */
+typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
+typedef struct ASN1_ITEM_st ASN1_ITEM;
+typedef struct ASN1_TLC_st ASN1_TLC;
+/* This is just an opaque pointer */
+typedef struct ASN1_VALUE_st ASN1_VALUE;
+
+/* Declare ASN1 functions: the implement macro in in asn1t.h */
+
+#define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
+
+#define DECLARE_ASN1_FUNCTIONS_name(type, name) \
+        type *name##_new(void); \
+        void name##_free(type *a); \
+        DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
+
+#define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
+        type *name##_new(void); \
+        void name##_free(type *a); \
+        DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
+
+#define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
+        type *d2i_##name(type **a, unsigned char **in, long len); \
+        int i2d_##name(type *a, unsigned char **out); \
+        DECLARE_ASN1_ITEM(itname)
+
+#define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \
+        type *d2i_##name(type **a, const unsigned char **in, long len); \
+        int i2d_##name(const type *a, unsigned char **out); \
+        DECLARE_ASN1_ITEM(name)
+
+#define DECLARE_ASN1_FUNCTIONS_const(name) \
+        name *name##_new(void); \
+        void name##_free(name *a);
+
+
+/* The following macros and typedefs allow an ASN1_ITEM
+ * to be embedded in a structure and referenced. Since
+ * the ASN1_ITEM pointers need to be globally accessible
+ * (possibly from shared libraries) they may exist in
+ * different forms. On platforms that support it the
+ * ASN1_ITEM structure itself will be globally exported.
+ * Other platforms will export a function that returns
+ * an ASN1_ITEM pointer.
+ *
+ * To handle both cases transparently the macros below
+ * should be used instead of hard coding an ASN1_ITEM
+ * pointer in a structure.
+ *
+ * The structure will look like this:
+ *
+ * typedef struct SOMETHING_st {
+ *      ...
+ *      ASN1_ITEM_EXP *iptr;
+ *      ...
+ * } SOMETHING; 
+ *
+ * It would be initialised as e.g.:
+ *
+ * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};
+ *
+ * and the actual pointer extracted with:
+ *
+ * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);
+ *
+ * Finally an ASN1_ITEM pointer can be extracted from an
+ * appropriate reference with: ASN1_ITEM_rptr(X509). This
+ * would be used when a function takes an ASN1_ITEM * argument.
+ *
+ */
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM ASN1_ITEM_EXP;
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+#define ASN1_ITEM_ptr(iptr) (iptr)
+
+/* Macro to include ASN1_ITEM pointer from base type */
+#define ASN1_ITEM_ref(iptr) (&(iptr##_it))
+
+#define ASN1_ITEM_rptr(ref) (&(ref##_it))
+
+#define DECLARE_ASN1_ITEM(name) \
+        OPENSSL_EXTERN const ASN1_ITEM name##_it;
+
 #else
-typedef struct asn1_string_st ASN1_INTEGER;
-typedef struct asn1_string_st ASN1_ENUMERATED;
-typedef struct asn1_string_st ASN1_BIT_STRING;
-typedef struct asn1_string_st ASN1_OCTET_STRING;
-typedef struct asn1_string_st ASN1_PRINTABLESTRING;
-typedef struct asn1_string_st ASN1_T61STRING;
-typedef struct asn1_string_st ASN1_IA5STRING;
-typedef struct asn1_string_st ASN1_GENERALSTRING;
-typedef struct asn1_string_st ASN1_UNIVERSALSTRING;
-typedef struct asn1_string_st ASN1_BMPSTRING;
-typedef struct asn1_string_st ASN1_UTCTIME;
-typedef struct asn1_string_st ASN1_TIME;
-typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
-typedef struct asn1_string_st ASN1_VISIBLESTRING;
-typedef struct asn1_string_st ASN1_UTF8STRING;
-typedef int ASN1_BOOLEAN;
-#endif
 
-typedef int ASN1_NULL;
+/* Platforms that can't easily handle shared global variables are declared
+ * as functions returning ASN1_ITEM pointers.
+ */
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM * ASN1_ITEM_EXP(void);
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+#define ASN1_ITEM_ptr(iptr) (iptr())
+
+/* Macro to include ASN1_ITEM pointer from base type */
+#define ASN1_ITEM_ref(iptr) (iptr##_it)
+
+#define ASN1_ITEM_rptr(ref) (ref##_it())
+
+#define DECLARE_ASN1_ITEM(name) \
+        const ASN1_ITEM * name##_it(void);
+
+#endif
 
 /* Parameters used by ASN1_STRING_print_ex() */
 
@@ -340,6 +440,8 @@ typedef int ASN1_NULL;
 DECLARE_STACK_OF(ASN1_INTEGER)
 DECLARE_ASN1_SET_OF(ASN1_INTEGER)
 
+DECLARE_STACK_OF(ASN1_GENERALSTRING)
+
 typedef struct asn1_type_st
         {
         int type;
@@ -438,12 +540,11 @@ typedef struct BIT_STRING_BITNAME_st {
                 i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\
                 V_ASN1_UNIVERSAL)
 
-#define M_ASN1_PRINTABLE_new()  ASN1_STRING_type_new(V_ASN1_T61STRING)
-#define M_ASN1_PRINTABLE_free(a)        ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
-                pp,a->type,V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_PRINTABLE(a,pp,l) \
-                d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+#define B_ASN1_TIME \
+                        B_ASN1_UTCTIME | \
+                        B_ASN1_GENERALIZEDTIME
+
+#define B_ASN1_PRINTABLE \
                         B_ASN1_PRINTABLESTRING| \
                         B_ASN1_T61STRING| \
                         B_ASN1_IA5STRING| \
@@ -451,7 +552,28 @@ typedef struct BIT_STRING_BITNAME_st {
                         B_ASN1_UNIVERSALSTRING|\
                         B_ASN1_BMPSTRING|\
                         B_ASN1_UTF8STRING|\
-                        B_ASN1_UNKNOWN)
+                        B_ASN1_UNKNOWN
+
+#define B_ASN1_DIRECTORYSTRING \
+                        B_ASN1_PRINTABLESTRING| \
+                        B_ASN1_TELETEXSTRING|\
+                        B_ASN1_BMPSTRING|\
+                        B_ASN1_UNIVERSALSTRING|\
+                        B_ASN1_UTF8STRING
+
+#define B_ASN1_DISPLAYTEXT \
+                        B_ASN1_IA5STRING| \
+                        B_ASN1_VISIBLESTRING| \
+                        B_ASN1_BMPSTRING|\
+                        B_ASN1_UTF8STRING
+
+#define M_ASN1_PRINTABLE_new()  ASN1_STRING_type_new(V_ASN1_T61STRING)
+#define M_ASN1_PRINTABLE_free(a)        ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+                pp,a->type,V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_PRINTABLE(a,pp,l) \
+                d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+                        B_ASN1_PRINTABLE)
 
 #define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
 #define M_DIRECTORYSTRING_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
@@ -459,11 +581,7 @@ typedef struct BIT_STRING_BITNAME_st {
                                                 pp,a->type,V_ASN1_UNIVERSAL)
 #define M_d2i_DIRECTORYSTRING(a,pp,l) \
                 d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
-                        B_ASN1_PRINTABLESTRING| \
-                        B_ASN1_TELETEXSTRING|\
-                        B_ASN1_BMPSTRING|\
-                        B_ASN1_UNIVERSALSTRING|\
-                        B_ASN1_UTF8STRING)
+                        B_ASN1_DIRECTORYSTRING)
 
 #define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
 #define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a)
@@ -471,9 +589,7 @@ typedef struct BIT_STRING_BITNAME_st {
                                                 pp,a->type,V_ASN1_UNIVERSAL)
 #define M_d2i_DISPLAYTEXT(a,pp,l) \
                 d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
-                        B_ASN1_VISIBLESTRING| \
-                        B_ASN1_BMPSTRING|\
-                        B_ASN1_UTF8STRING)
+                        B_ASN1_DISPLAYTEXT)
 
 #define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\
                 ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
@@ -577,10 +693,8 @@ typedef struct BIT_STRING_BITNAME_st {
 #define IS_SEQUENCE     0
 #define IS_SET          1
 
-ASN1_TYPE *     ASN1_TYPE_new(void );
-void            ASN1_TYPE_free(ASN1_TYPE *a);
-int             i2d_ASN1_TYPE(ASN1_TYPE *a,unsigned char **pp);
-ASN1_TYPE *     d2i_ASN1_TYPE(ASN1_TYPE **a,unsigned char **pp,long length);
+DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
 int ASN1_TYPE_get(ASN1_TYPE *a);
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
 
@@ -592,6 +706,8 @@ ASN1_OBJECT *	c2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
 ASN1_OBJECT *   d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
                         long length);
 
+DECLARE_ASN1_ITEM(ASN1_OBJECT)
+
 DECLARE_STACK_OF(ASN1_OBJECT)
 DECLARE_ASN1_SET_OF(ASN1_OBJECT)
 
@@ -608,12 +724,8 @@ void ASN1_STRING_length_set(ASN1_STRING *x, int n);
 int ASN1_STRING_type(ASN1_STRING *x);
 unsigned char * ASN1_STRING_data(ASN1_STRING *x);
 
-ASN1_BIT_STRING *       ASN1_BIT_STRING_new(void);
-void            ASN1_BIT_STRING_free(ASN1_BIT_STRING *a);
-int             i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
+DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
 int             i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
-ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
-                        long length);
 ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
                         long length);
 int             ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
@@ -621,7 +733,7 @@ int		ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
 int             ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
 int             ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
 
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
                                 BIT_STRING_BITNAME *tbl, int indent);
 #endif
@@ -632,12 +744,8 @@ int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
 int             i2d_ASN1_BOOLEAN(int a,unsigned char **pp);
 int             d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length);
 
-ASN1_INTEGER *  ASN1_INTEGER_new(void);
-void            ASN1_INTEGER_free(ASN1_INTEGER *a);
-int             i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
+DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
 int             i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
-ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
-                        long length);
 ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
                         long length);
 ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp,
@@ -645,11 +753,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp,
 ASN1_INTEGER *  ASN1_INTEGER_dup(ASN1_INTEGER *x);
 int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);
 
-ASN1_ENUMERATED *       ASN1_ENUMERATED_new(void);
-void            ASN1_ENUMERATED_free(ASN1_ENUMERATED *a);
-int             i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a,unsigned char **pp);
-ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a,unsigned char **pp,
-                        long length);
+DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
 
 int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
@@ -663,91 +767,34 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
 int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str); 
 
-ASN1_OCTET_STRING *     ASN1_OCTET_STRING_new(void);
-void            ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *a);
-int             i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a,unsigned char **pp);
-ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a,
-                        unsigned char **pp,long length);
+DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
 ASN1_OCTET_STRING *     ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a);
 int     ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b);
 int     ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, unsigned char *data, int len);
 
-ASN1_VISIBLESTRING *    ASN1_VISIBLESTRING_new(void);
-void            ASN1_VISIBLESTRING_free(ASN1_VISIBLESTRING *a);
-int     i2d_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING *a,unsigned char **pp);
-ASN1_VISIBLESTRING *d2i_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING **a,
-                        unsigned char **pp,long length);
-
-ASN1_UTF8STRING *       ASN1_UTF8STRING_new(void);
-void            ASN1_UTF8STRING_free(ASN1_UTF8STRING *a);
-int             i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a,unsigned char **pp);
-ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a,
-                        unsigned char **pp,long length);
-
-ASN1_NULL *     ASN1_NULL_new(void);
-void            ASN1_NULL_free(ASN1_NULL *a);
-int             i2d_ASN1_NULL(ASN1_NULL *a,unsigned char **pp);
-ASN1_NULL *d2i_ASN1_NULL(ASN1_NULL **a, unsigned char **pp,long length);
-
-ASN1_BMPSTRING *        ASN1_BMPSTRING_new(void);
-void            ASN1_BMPSTRING_free(ASN1_BMPSTRING *a);
-int i2d_ASN1_BMPSTRING(ASN1_BMPSTRING *a, unsigned char **pp);
-ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **a, unsigned char **pp,
-        long length);
-
+DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_NULL)
+DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
 
 int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
 int UTF8_putc(unsigned char *str, int len, unsigned long value);
 
-int i2d_ASN1_PRINTABLE(ASN1_STRING *a,unsigned char **pp);
-ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a,
-        unsigned char **pp, long l);
-
-ASN1_PRINTABLESTRING *  ASN1_PRINTABLESTRING_new(void);
-void            ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *a);
-ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a,
-        unsigned char **pp, long l);
-int i2d_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING *a, unsigned char **pp);
-
-ASN1_STRING *   DIRECTORYSTRING_new(void);
-void            DIRECTORYSTRING_free(ASN1_STRING *a);
-int     i2d_DIRECTORYSTRING(ASN1_STRING *a,unsigned char **pp);
-ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **a, unsigned char **pp,
-                                                                 long length);
-
-ASN1_STRING *   DISPLAYTEXT_new(void);
-void            DISPLAYTEXT_free(ASN1_STRING *a);
-int     i2d_DISPLAYTEXT(ASN1_STRING *a,unsigned char **pp);
-ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **a, unsigned char **pp, long length);
-
-ASN1_T61STRING *        ASN1_T61STRING_new(void);
-void            ASN1_T61STRING_free(ASN1_IA5STRING *a);
-ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a,
-        unsigned char **pp, long l);
-
-ASN1_IA5STRING *        ASN1_IA5STRING_new(void);
-void            ASN1_IA5STRING_free(ASN1_IA5STRING *a);
-int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a,unsigned char **pp);
-ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a,
-        unsigned char **pp, long l);
-
-ASN1_UTCTIME *  ASN1_UTCTIME_new(void);
-void            ASN1_UTCTIME_free(ASN1_UTCTIME *a);
-int             i2d_ASN1_UTCTIME(ASN1_UTCTIME *a,unsigned char **pp);
-ASN1_UTCTIME *  d2i_ASN1_UTCTIME(ASN1_UTCTIME **a,unsigned char **pp,
-                        long length);
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
 
-ASN1_GENERALIZEDTIME *  ASN1_GENERALIZEDTIME_new(void);
-void            ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *a);
-int             i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a,unsigned char **pp);
-ASN1_GENERALIZEDTIME *  d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,unsigned char **pp,
-                        long length);
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
 
-ASN1_TIME *     ASN1_TIME_new(void);
-void            ASN1_TIME_free(ASN1_TIME *a);
-int             i2d_ASN1_TIME(ASN1_TIME *a,unsigned char **pp);
-ASN1_TIME *     d2i_ASN1_TIME(ASN1_TIME **a,unsigned char **pp, long length);
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
+int ASN1_TIME_check(ASN1_TIME *t);
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
 
 int             i2d_ASN1_SET(STACK *a, unsigned char **pp,
                         int (*func)(), int ex_tag, int ex_class, int is_set);
@@ -755,7 +802,7 @@ STACK *		d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
                         char *(*func)(), void (*free_func)(void *),
                         int ex_tag, int ex_class);
 
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
 int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
 int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
@@ -768,7 +815,7 @@ int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a);
 
 int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num);
 ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,
-        char *sn, char *ln);
+        const char *sn, const char *ln);
 
 int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
 long ASN1_INTEGER_get(ASN1_INTEGER *a);
@@ -787,6 +834,7 @@ int ASN1_PRINTABLE_type(unsigned char *s, int max);
 int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);
 ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp,
         long length, int Ptag, int Pclass);
+unsigned long ASN1_tag2bit(int tag);
 /* type is one or more of the B_ASN1_ values. */
 ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,unsigned char **pp,
                 long length,int type);
@@ -805,17 +853,23 @@ int ASN1_object_size(int constructed, int length, int tag);
 /* Used to implement other functions */
 char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x);
 
-#ifndef NO_FP_API
+void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
+
+#ifndef OPENSSL_NO_FP_API
 char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x);
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
 int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
 int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
 #endif
 
 int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
 
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x);
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
 int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x);
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
 int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
 int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
 int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
@@ -834,8 +888,6 @@ void ASN1_HEADER_free(ASN1_HEADER *a);
 
 int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
 
-void ERR_load_ASN1_strings(void);
-
 /* Not used that much at this point, except for the first two */
 ASN1_METHOD *X509_asn1_meth(void);
 ASN1_METHOD *RSAPrivateKey_asn1_meth(void);
@@ -856,7 +908,9 @@ STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
 unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
                              int *len );
 void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)());
+void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
 ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct);
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
 
 void ASN1_STRING_set_default_mask(unsigned long mask);
 int ASN1_STRING_set_default_mask_asc(char *p);
@@ -873,279 +927,177 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
 int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long);
 void ASN1_STRING_TABLE_cleanup(void);
 
+/* ASN1 template functions */
+
+/* Old API compatible functions */
+ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
+void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
+ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it);
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
+
+void ASN1_add_oid_module(void);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
  */
+void ERR_load_ASN1_strings(void);
 
 /* Error codes for the ASN1 functions. */
 
 /* Function codes. */
 #define ASN1_F_A2D_ASN1_OBJECT                           100
-#define ASN1_F_A2I_ASN1_ENUMERATED                       236
-#define ASN1_F_A2I_ASN1_INTEGER                          101
-#define ASN1_F_A2I_ASN1_STRING                           102
-#define ASN1_F_ACCESS_DESCRIPTION_NEW                    291
-#define ASN1_F_ASN1_COLLATE_PRIMITIVE                    103
-#define ASN1_F_ASN1_D2I_BIO                              104
-#define ASN1_F_ASN1_D2I_FP                               105
-#define ASN1_F_ASN1_DUP                                  106
-#define ASN1_F_ASN1_ENUMERATED_SET                       232
-#define ASN1_F_ASN1_ENUMERATED_TO_BN                     233
-#define ASN1_F_ASN1_GENERALIZEDTIME_NEW                  222
-#define ASN1_F_ASN1_GET_OBJECT                           107
-#define ASN1_F_ASN1_HEADER_NEW                           108
-#define ASN1_F_ASN1_I2D_BIO                              109
-#define ASN1_F_ASN1_I2D_FP                               110
-#define ASN1_F_ASN1_INTEGER_SET                          111
-#define ASN1_F_ASN1_INTEGER_TO_BN                        112
-#define ASN1_F_ASN1_MBSTRING_COPY                        282
-#define ASN1_F_ASN1_OBJECT_NEW                           113
-#define ASN1_F_ASN1_PACK_STRING                          245
-#define ASN1_F_ASN1_PBE_SET                              253
-#define ASN1_F_ASN1_SEQ_PACK                             246
-#define ASN1_F_ASN1_SEQ_UNPACK                           247
-#define ASN1_F_ASN1_SIGN                                 114
-#define ASN1_F_ASN1_STRING_NEW                           115
-#define ASN1_F_ASN1_STRING_TABLE_ADD                     283
-#define ASN1_F_ASN1_STRING_TYPE_NEW                      116
-#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING             117
-#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING                 118
-#define ASN1_F_ASN1_TYPE_NEW                             119
-#define ASN1_F_ASN1_UNPACK_STRING                        248
-#define ASN1_F_ASN1_UTCTIME_NEW                          120
-#define ASN1_F_ASN1_VERIFY                               121
-#define ASN1_F_AUTHORITY_KEYID_NEW                       237
-#define ASN1_F_BASIC_CONSTRAINTS_NEW                     226
-#define ASN1_F_BN_TO_ASN1_ENUMERATED                     234
-#define ASN1_F_BN_TO_ASN1_INTEGER                        122
-#define ASN1_F_D2I_ACCESS_DESCRIPTION                    284
-#define ASN1_F_D2I_ASN1_BIT_STRING                       123
-#define ASN1_F_D2I_ASN1_BMPSTRING                        124
-#define ASN1_F_D2I_ASN1_BOOLEAN                          125
-#define ASN1_F_D2I_ASN1_BYTES                            126
-#define ASN1_F_D2I_ASN1_ENUMERATED                       235
-#define ASN1_F_D2I_ASN1_GENERALIZEDTIME                  223
-#define ASN1_F_D2I_ASN1_HEADER                           127
-#define ASN1_F_D2I_ASN1_INTEGER                          128
-#define ASN1_F_D2I_ASN1_NULL                             292
-#define ASN1_F_D2I_ASN1_OBJECT                           129
-#define ASN1_F_D2I_ASN1_OCTET_STRING                     130
-#define ASN1_F_D2I_ASN1_PRINT_TYPE                       131
-#define ASN1_F_D2I_ASN1_SET                              132
-#define ASN1_F_D2I_ASN1_TIME                             224
-#define ASN1_F_D2I_ASN1_TYPE                             133
-#define ASN1_F_D2I_ASN1_TYPE_BYTES                       134
-#define ASN1_F_D2I_ASN1_UINTEGER                         280
-#define ASN1_F_D2I_ASN1_UTCTIME                          135
-#define ASN1_F_D2I_ASN1_UTF8STRING                       266
-#define ASN1_F_D2I_ASN1_VISIBLESTRING                    267
-#define ASN1_F_D2I_AUTHORITY_KEYID                       238
-#define ASN1_F_D2I_BASIC_CONSTRAINTS                     227
-#define ASN1_F_D2I_DHPARAMS                              136
-#define ASN1_F_D2I_DIST_POINT                            276
-#define ASN1_F_D2I_DIST_POINT_NAME                       277
-#define ASN1_F_D2I_DSAPARAMS                             137
-#define ASN1_F_D2I_DSAPRIVATEKEY                         138
-#define ASN1_F_D2I_DSAPUBLICKEY                          139
-#define ASN1_F_D2I_GENERAL_NAME                          230
-#define ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE                228
-#define ASN1_F_D2I_NETSCAPE_PKEY                         140
-#define ASN1_F_D2I_NETSCAPE_RSA                          141
-#define ASN1_F_D2I_NETSCAPE_RSA_2                        142
-#define ASN1_F_D2I_NETSCAPE_SPKAC                        143
-#define ASN1_F_D2I_NETSCAPE_SPKI                         144
-#define ASN1_F_D2I_NOTICEREF                             268
-#define ASN1_F_D2I_OTHERNAME                             287
-#define ASN1_F_D2I_PBE2PARAM                             262
-#define ASN1_F_D2I_PBEPARAM                              249
-#define ASN1_F_D2I_PBKDF2PARAM                           263
-#define ASN1_F_D2I_PKCS12                                254
-#define ASN1_F_D2I_PKCS12_BAGS                           255
-#define ASN1_F_D2I_PKCS12_MAC_DATA                       256
-#define ASN1_F_D2I_PKCS12_SAFEBAG                        257
-#define ASN1_F_D2I_PKCS7                                 145
-#define ASN1_F_D2I_PKCS7_DIGEST                          146
-#define ASN1_F_D2I_PKCS7_ENCRYPT                         147
-#define ASN1_F_D2I_PKCS7_ENC_CONTENT                     148
-#define ASN1_F_D2I_PKCS7_ENVELOPE                        149
-#define ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL               150
-#define ASN1_F_D2I_PKCS7_RECIP_INFO                      151
-#define ASN1_F_D2I_PKCS7_SIGNED                          152
-#define ASN1_F_D2I_PKCS7_SIGNER_INFO                     153
-#define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE                   154
-#define ASN1_F_D2I_PKCS8_PRIV_KEY_INFO                   250
-#define ASN1_F_D2I_PKEY_USAGE_PERIOD                     239
-#define ASN1_F_D2I_POLICYINFO                            269
-#define ASN1_F_D2I_POLICYQUALINFO                        270
-#define ASN1_F_D2I_PRIVATEKEY                            155
-#define ASN1_F_D2I_PUBLICKEY                             156
-#define ASN1_F_D2I_RSAPRIVATEKEY                         157
-#define ASN1_F_D2I_RSAPUBLICKEY                          158
-#define ASN1_F_D2I_SXNET                                 241
-#define ASN1_F_D2I_SXNETID                               243
-#define ASN1_F_D2I_USERNOTICE                            271
-#define ASN1_F_D2I_X509                                  159
-#define ASN1_F_D2I_X509_ALGOR                            160
-#define ASN1_F_D2I_X509_ATTRIBUTE                        161
-#define ASN1_F_D2I_X509_CERT_AUX                         285
-#define ASN1_F_D2I_X509_CINF                             162
-#define ASN1_F_D2I_X509_CRL                              163
-#define ASN1_F_D2I_X509_CRL_INFO                         164
-#define ASN1_F_D2I_X509_EXTENSION                        165
-#define ASN1_F_D2I_X509_KEY                              166
-#define ASN1_F_D2I_X509_NAME                             167
-#define ASN1_F_D2I_X509_NAME_ENTRY                       168
-#define ASN1_F_D2I_X509_PKEY                             169
-#define ASN1_F_D2I_X509_PUBKEY                           170
-#define ASN1_F_D2I_X509_REQ                              171
-#define ASN1_F_D2I_X509_REQ_INFO                         172
-#define ASN1_F_D2I_X509_REVOKED                          173
-#define ASN1_F_D2I_X509_SIG                              174
-#define ASN1_F_D2I_X509_VAL                              175
-#define ASN1_F_DIST_POINT_NAME_NEW                       278
-#define ASN1_F_DIST_POINT_NEW                            279
-#define ASN1_F_GENERAL_NAME_NEW                          231
-#define ASN1_F_I2D_ASN1_HEADER                           176
-#define ASN1_F_I2D_ASN1_TIME                             225
-#define ASN1_F_I2D_DHPARAMS                              177
-#define ASN1_F_I2D_DSAPARAMS                             178
-#define ASN1_F_I2D_DSAPRIVATEKEY                         179
-#define ASN1_F_I2D_DSAPUBLICKEY                          180
-#define ASN1_F_I2D_DSA_PUBKEY                            290
-#define ASN1_F_I2D_NETSCAPE_RSA                          181
-#define ASN1_F_I2D_PKCS7                                 182
-#define ASN1_F_I2D_PRIVATEKEY                            183
-#define ASN1_F_I2D_PUBLICKEY                             184
-#define ASN1_F_I2D_RSAPRIVATEKEY                         185
-#define ASN1_F_I2D_RSAPUBLICKEY                          186
-#define ASN1_F_I2D_RSA_PUBKEY                            289
-#define ASN1_F_I2D_X509_ATTRIBUTE                        187
-#define ASN1_F_I2T_ASN1_OBJECT                           188
-#define ASN1_F_NETSCAPE_CERT_SEQUENCE_NEW                229
-#define ASN1_F_NETSCAPE_PKEY_NEW                         189
-#define ASN1_F_NETSCAPE_SPKAC_NEW                        190
-#define ASN1_F_NETSCAPE_SPKI_NEW                         191
-#define ASN1_F_NOTICEREF_NEW                             272
-#define ASN1_F_OTHERNAME_NEW                             288
-#define ASN1_F_PBE2PARAM_NEW                             264
-#define ASN1_F_PBEPARAM_NEW                              251
-#define ASN1_F_PBKDF2PARAM_NEW                           265
-#define ASN1_F_PKCS12_BAGS_NEW                           258
-#define ASN1_F_PKCS12_MAC_DATA_NEW                       259
-#define ASN1_F_PKCS12_NEW                                260
-#define ASN1_F_PKCS12_SAFEBAG_NEW                        261
-#define ASN1_F_PKCS5_PBE2_SET                            281
-#define ASN1_F_PKCS7_DIGEST_NEW                          192
-#define ASN1_F_PKCS7_ENCRYPT_NEW                         193
-#define ASN1_F_PKCS7_ENC_CONTENT_NEW                     194
-#define ASN1_F_PKCS7_ENVELOPE_NEW                        195
-#define ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW               196
-#define ASN1_F_PKCS7_NEW                                 197
-#define ASN1_F_PKCS7_RECIP_INFO_NEW                      198
-#define ASN1_F_PKCS7_SIGNED_NEW                          199
-#define ASN1_F_PKCS7_SIGNER_INFO_NEW                     200
-#define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW                   201
-#define ASN1_F_PKCS8_PRIV_KEY_INFO_NEW                   252
-#define ASN1_F_PKEY_USAGE_PERIOD_NEW                     240
-#define ASN1_F_POLICYINFO_NEW                            273
-#define ASN1_F_POLICYQUALINFO_NEW                        274
-#define ASN1_F_SXNETID_NEW                               244
-#define ASN1_F_SXNET_NEW                                 242
-#define ASN1_F_USERNOTICE_NEW                            275
-#define ASN1_F_X509_ALGOR_NEW                            202
-#define ASN1_F_X509_ATTRIBUTE_NEW                        203
-#define ASN1_F_X509_CERT_AUX_NEW                         286
-#define ASN1_F_X509_CINF_NEW                             204
-#define ASN1_F_X509_CRL_INFO_NEW                         205
-#define ASN1_F_X509_CRL_NEW                              206
-#define ASN1_F_X509_DHPARAMS_NEW                         207
-#define ASN1_F_X509_EXTENSION_NEW                        208
-#define ASN1_F_X509_INFO_NEW                             209
-#define ASN1_F_X509_KEY_NEW                              210
-#define ASN1_F_X509_NAME_ENTRY_NEW                       211
-#define ASN1_F_X509_NAME_NEW                             212
-#define ASN1_F_X509_NEW                                  213
-#define ASN1_F_X509_PKEY_NEW                             214
-#define ASN1_F_X509_PUBKEY_NEW                           215
-#define ASN1_F_X509_REQ_INFO_NEW                         216
-#define ASN1_F_X509_REQ_NEW                              217
-#define ASN1_F_X509_REVOKED_NEW                          218
-#define ASN1_F_X509_SIG_NEW                              219
-#define ASN1_F_X509_VAL_FREE                             220
-#define ASN1_F_X509_VAL_NEW                              221
+#define ASN1_F_A2I_ASN1_ENUMERATED                       101
+#define ASN1_F_A2I_ASN1_INTEGER                          102
+#define ASN1_F_A2I_ASN1_STRING                           103
+#define ASN1_F_ASN1_CHECK_TLEN                           104
+#define ASN1_F_ASN1_COLLATE_PRIMITIVE                    105
+#define ASN1_F_ASN1_COLLECT                              106
+#define ASN1_F_ASN1_D2I_BIO                              107
+#define ASN1_F_ASN1_D2I_EX_PRIMITIVE                     108
+#define ASN1_F_ASN1_D2I_FP                               109
+#define ASN1_F_ASN1_DO_ADB                               110
+#define ASN1_F_ASN1_DUP                                  111
+#define ASN1_F_ASN1_ENUMERATED_SET                       112
+#define ASN1_F_ASN1_ENUMERATED_TO_BN                     113
+#define ASN1_F_ASN1_GET_OBJECT                           114
+#define ASN1_F_ASN1_HEADER_NEW                           115
+#define ASN1_F_ASN1_I2D_BIO                              116
+#define ASN1_F_ASN1_I2D_FP                               117
+#define ASN1_F_ASN1_INTEGER_SET                          118
+#define ASN1_F_ASN1_INTEGER_TO_BN                        119
+#define ASN1_F_ASN1_ITEM_EX_D2I                          120
+#define ASN1_F_ASN1_ITEM_NEW                             121
+#define ASN1_F_ASN1_MBSTRING_COPY                        122
+#define ASN1_F_ASN1_OBJECT_NEW                           123
+#define ASN1_F_ASN1_PACK_STRING                          124
+#define ASN1_F_ASN1_PBE_SET                              125
+#define ASN1_F_ASN1_SEQ_PACK                             126
+#define ASN1_F_ASN1_SEQ_UNPACK                           127
+#define ASN1_F_ASN1_SIGN                                 128
+#define ASN1_F_ASN1_STRING_TABLE_ADD                     129
+#define ASN1_F_ASN1_STRING_TYPE_NEW                      130
+#define ASN1_F_ASN1_TEMPLATE_D2I                         131
+#define ASN1_F_ASN1_TEMPLATE_EX_D2I                      132
+#define ASN1_F_ASN1_TEMPLATE_NEW                         133
+#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING             134
+#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING                 135
+#define ASN1_F_ASN1_UNPACK_STRING                        136
+#define ASN1_F_ASN1_VERIFY                               137
+#define ASN1_F_BN_TO_ASN1_ENUMERATED                     138
+#define ASN1_F_BN_TO_ASN1_INTEGER                        139
+#define ASN1_F_COLLECT_DATA                              140
+#define ASN1_F_D2I_ASN1_BIT_STRING                       141
+#define ASN1_F_D2I_ASN1_BOOLEAN                          142
+#define ASN1_F_D2I_ASN1_BYTES                            143
+#define ASN1_F_D2I_ASN1_GENERALIZEDTIME                  144
+#define ASN1_F_D2I_ASN1_HEADER                           145
+#define ASN1_F_D2I_ASN1_INTEGER                          146
+#define ASN1_F_D2I_ASN1_OBJECT                           147
+#define ASN1_F_D2I_ASN1_SET                              148
+#define ASN1_F_D2I_ASN1_TYPE_BYTES                       149
+#define ASN1_F_D2I_ASN1_UINTEGER                         150
+#define ASN1_F_D2I_ASN1_UTCTIME                          151
+#define ASN1_F_D2I_NETSCAPE_RSA                          152
+#define ASN1_F_D2I_NETSCAPE_RSA_2                        153
+#define ASN1_F_D2I_PRIVATEKEY                            154
+#define ASN1_F_D2I_PUBLICKEY                             155
+#define ASN1_F_D2I_X509                                  156
+#define ASN1_F_D2I_X509_CINF                             157
+#define ASN1_F_D2I_X509_NAME                             158
+#define ASN1_F_D2I_X509_PKEY                             159
+#define ASN1_F_I2D_ASN1_TIME                             160
+#define ASN1_F_I2D_DSA_PUBKEY                            161
+#define ASN1_F_I2D_NETSCAPE_RSA                          162
+#define ASN1_F_I2D_PRIVATEKEY                            163
+#define ASN1_F_I2D_PUBLICKEY                             164
+#define ASN1_F_I2D_RSA_PUBKEY                            165
+#define ASN1_F_LONG_C2I                                  166
+#define ASN1_F_OID_MODULE_INIT                           174
+#define ASN1_F_PKCS5_PBE2_SET                            167
+#define ASN1_F_X509_CINF_NEW                             168
+#define ASN1_F_X509_CRL_ADD0_REVOKED                     169
+#define ASN1_F_X509_INFO_NEW                             170
+#define ASN1_F_X509_NAME_NEW                             171
+#define ASN1_F_X509_NEW                                  172
+#define ASN1_F_X509_PKEY_NEW                             173
 
 /* Reason codes. */
-#define ASN1_R_BAD_CLASS                                 100
-#define ASN1_R_BAD_OBJECT_HEADER                         101
-#define ASN1_R_BAD_PASSWORD_READ                         102
-#define ASN1_R_BAD_PKCS7_CONTENT                         103
-#define ASN1_R_BAD_PKCS7_TYPE                            104
-#define ASN1_R_BAD_TAG                                   105
-#define ASN1_R_BAD_TYPE                                  106
-#define ASN1_R_BN_LIB                                    107
-#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                   108
-#define ASN1_R_BUFFER_TOO_SMALL                          109
-#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER           166
-#define ASN1_R_DATA_IS_WRONG                             110
-#define ASN1_R_DECODE_ERROR                              155
+#define ASN1_R_ADDING_OBJECT                             171
+#define ASN1_R_AUX_ERROR                                 100
+#define ASN1_R_BAD_CLASS                                 101
+#define ASN1_R_BAD_OBJECT_HEADER                         102
+#define ASN1_R_BAD_PASSWORD_READ                         103
+#define ASN1_R_BAD_TAG                                   104
+#define ASN1_R_BN_LIB                                    105
+#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                   106
+#define ASN1_R_BUFFER_TOO_SMALL                          107
+#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER           108
+#define ASN1_R_DATA_IS_WRONG                             109
+#define ASN1_R_DECODE_ERROR                              110
 #define ASN1_R_DECODING_ERROR                            111
-#define ASN1_R_ENCODE_ERROR                              156
-#define ASN1_R_ERROR_PARSING_SET_ELEMENT                 112
-#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS               157
-#define ASN1_R_EXPECTING_AN_ENUMERATED                   154
-#define ASN1_R_EXPECTING_AN_INTEGER                      113
-#define ASN1_R_EXPECTING_AN_OBJECT                       114
-#define ASN1_R_EXPECTING_AN_OCTET_STRING                 115
-#define ASN1_R_EXPECTING_A_BIT_STRING                    116
+#define ASN1_R_ENCODE_ERROR                              112
+#define ASN1_R_ERROR_LOADING_SECTION                     172
+#define ASN1_R_ERROR_PARSING_SET_ELEMENT                 113
+#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS               114
+#define ASN1_R_EXPECTING_AN_INTEGER                      115
+#define ASN1_R_EXPECTING_AN_OBJECT                       116
 #define ASN1_R_EXPECTING_A_BOOLEAN                       117
-#define ASN1_R_EXPECTING_A_GENERALIZEDTIME               151
-#define ASN1_R_EXPECTING_A_NULL                          164
-#define ASN1_R_EXPECTING_A_TIME                          152
-#define ASN1_R_EXPECTING_A_UTCTIME                       118
-#define ASN1_R_FIRST_NUM_TOO_LARGE                       119
-#define ASN1_R_GENERALIZEDTIME_TOO_LONG                  153
-#define ASN1_R_HEADER_TOO_LONG                           120
-#define ASN1_R_ILLEGAL_CHARACTERS                        158
-#define ASN1_R_INVALID_BMPSTRING_LENGTH                  159
-#define ASN1_R_INVALID_DIGIT                             121
-#define ASN1_R_INVALID_SEPARATOR                         122
-#define ASN1_R_INVALID_TIME_FORMAT                       123
-#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH            160
-#define ASN1_R_INVALID_UTF8STRING                        161
-#define ASN1_R_IV_TOO_LARGE                              124
-#define ASN1_R_LENGTH_ERROR                              125
-#define ASN1_R_MISSING_SECOND_NUMBER                     126
-#define ASN1_R_NON_HEX_CHARACTERS                        127
-#define ASN1_R_NOT_ENOUGH_DATA                           128
-#define ASN1_R_NULL_IS_WRONG_LENGTH                      165
-#define ASN1_R_ODD_NUMBER_OF_CHARS                       129
-#define ASN1_R_PARSING                                   130
-#define ASN1_R_PRIVATE_KEY_HEADER_MISSING                131
-#define ASN1_R_SECOND_NUMBER_TOO_LARGE                   132
-#define ASN1_R_SHORT_LINE                                133
-#define ASN1_R_STRING_TOO_LONG                           163
-#define ASN1_R_STRING_TOO_SHORT                          134
-#define ASN1_R_TAG_VALUE_TOO_HIGH                        135
-#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 136
-#define ASN1_R_TOO_LONG                                  137
-#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY                  138
-#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY          139
-#define ASN1_R_UNKNOWN_ATTRIBUTE_TYPE                    140
-#define ASN1_R_UNKNOWN_FORMAT                            162
-#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM          141
-#define ASN1_R_UNKNOWN_OBJECT_TYPE                       142
-#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE                   143
-#define ASN1_R_UNSUPPORTED_CIPHER                        144
-#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM          145
-#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE               146
-#define ASN1_R_UTCTIME_TOO_LONG                          147
-#define ASN1_R_WRONG_PRINTABLE_TYPE                      148
-#define ASN1_R_WRONG_TAG                                 149
-#define ASN1_R_WRONG_TYPE                                150
+#define ASN1_R_EXPECTING_A_TIME                          118
+#define ASN1_R_EXPLICIT_LENGTH_MISMATCH                  119
+#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED              120
+#define ASN1_R_FIELD_MISSING                             121
+#define ASN1_R_FIRST_NUM_TOO_LARGE                       122
+#define ASN1_R_HEADER_TOO_LONG                           123
+#define ASN1_R_ILLEGAL_CHARACTERS                        124
+#define ASN1_R_ILLEGAL_NULL                              125
+#define ASN1_R_ILLEGAL_OPTIONAL_ANY                      126
+#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE          170
+#define ASN1_R_ILLEGAL_TAGGED_ANY                        127
+#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG                128
+#define ASN1_R_INVALID_BMPSTRING_LENGTH                  129
+#define ASN1_R_INVALID_DIGIT                             130
+#define ASN1_R_INVALID_SEPARATOR                         131
+#define ASN1_R_INVALID_TIME_FORMAT                       132
+#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH            133
+#define ASN1_R_INVALID_UTF8STRING                        134
+#define ASN1_R_IV_TOO_LARGE                              135
+#define ASN1_R_LENGTH_ERROR                              136
+#define ASN1_R_MISSING_EOC                               137
+#define ASN1_R_MISSING_SECOND_NUMBER                     138
+#define ASN1_R_MSTRING_NOT_UNIVERSAL                     139
+#define ASN1_R_MSTRING_WRONG_TAG                         140
+#define ASN1_R_NON_HEX_CHARACTERS                        141
+#define ASN1_R_NOT_ENOUGH_DATA                           142
+#define ASN1_R_NO_MATCHING_CHOICE_TYPE                   143
+#define ASN1_R_NULL_IS_WRONG_LENGTH                      144
+#define ASN1_R_ODD_NUMBER_OF_CHARS                       145
+#define ASN1_R_PRIVATE_KEY_HEADER_MISSING                146
+#define ASN1_R_SECOND_NUMBER_TOO_LARGE                   147
+#define ASN1_R_SEQUENCE_LENGTH_MISMATCH                  148
+#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED                  149
+#define ASN1_R_SHORT_LINE                                150
+#define ASN1_R_STRING_TOO_LONG                           151
+#define ASN1_R_STRING_TOO_SHORT                          152
+#define ASN1_R_TAG_VALUE_TOO_HIGH                        153
+#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
+#define ASN1_R_TOO_LONG                                  155
+#define ASN1_R_TYPE_NOT_CONSTRUCTED                      156
+#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY                  157
+#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY          158
+#define ASN1_R_UNEXPECTED_EOC                            159
+#define ASN1_R_UNKNOWN_FORMAT                            160
+#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM          161
+#define ASN1_R_UNKNOWN_OBJECT_TYPE                       162
+#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE                   163
+#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE           164
+#define ASN1_R_UNSUPPORTED_CIPHER                        165
+#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM          166
+#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE               167
+#define ASN1_R_WRONG_TAG                                 168
+#define ASN1_R_WRONG_TYPE                                169
 
 #ifdef  __cplusplus
 }
 #endif
 #endif
-
diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c
index cecd555c88..c4c3d2a91d 100644
--- a/src/lib/libcrypto/asn1/asn1_err.c
+++ b/src/lib/libcrypto/asn1/asn1_err.c
@@ -63,27 +63,31 @@
 #include <openssl/asn1.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA ASN1_str_functs[]=
         {
 {ERR_PACK(0,ASN1_F_A2D_ASN1_OBJECT,0),  "a2d_ASN1_OBJECT"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0),      "a2i_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0), "a2i_ASN1_INTEGER"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0),  "a2i_ASN1_STRING"},
-{ERR_PACK(0,ASN1_F_ACCESS_DESCRIPTION_NEW,0),   "ACCESS_DESCRIPTION_new"},
+{ERR_PACK(0,ASN1_F_ASN1_CHECK_TLEN,0),  "ASN1_CHECK_TLEN"},
 {ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0),   "ASN1_COLLATE_PRIMITIVE"},
+{ERR_PACK(0,ASN1_F_ASN1_COLLECT,0),     "ASN1_COLLECT"},
 {ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0),     "ASN1_d2i_bio"},
+{ERR_PACK(0,ASN1_F_ASN1_D2I_EX_PRIMITIVE,0),    "ASN1_D2I_EX_PRIMITIVE"},
 {ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0),      "ASN1_d2i_fp"},
+{ERR_PACK(0,ASN1_F_ASN1_DO_ADB,0),      "ASN1_DO_ADB"},
 {ERR_PACK(0,ASN1_F_ASN1_DUP,0), "ASN1_dup"},
 {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0),      "ASN1_ENUMERATED_set"},
 {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0),    "ASN1_ENUMERATED_to_BN"},
-{ERR_PACK(0,ASN1_F_ASN1_GENERALIZEDTIME_NEW,0), "ASN1_GENERALIZEDTIME_new"},
 {ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0),  "ASN1_get_object"},
 {ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0),  "ASN1_HEADER_new"},
 {ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0),     "ASN1_i2d_bio"},
 {ERR_PACK(0,ASN1_F_ASN1_I2D_FP,0),      "ASN1_i2d_fp"},
 {ERR_PACK(0,ASN1_F_ASN1_INTEGER_SET,0), "ASN1_INTEGER_set"},
 {ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0),       "ASN1_INTEGER_to_BN"},
+{ERR_PACK(0,ASN1_F_ASN1_ITEM_EX_D2I,0), "ASN1_ITEM_EX_D2I"},
+{ERR_PACK(0,ASN1_F_ASN1_ITEM_NEW,0),    "ASN1_item_new"},
 {ERR_PACK(0,ASN1_F_ASN1_MBSTRING_COPY,0),       "ASN1_mbstring_copy"},
 {ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0),  "ASN1_OBJECT_new"},
 {ERR_PACK(0,ASN1_F_ASN1_PACK_STRING,0), "ASN1_pack_string"},
@@ -91,186 +95,63 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0),    "ASN1_seq_pack"},
 {ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0),  "ASN1_seq_unpack"},
 {ERR_PACK(0,ASN1_F_ASN1_SIGN,0),        "ASN1_sign"},
-{ERR_PACK(0,ASN1_F_ASN1_STRING_NEW,0),  "ASN1_STRING_new"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0),    "ASN1_STRING_TABLE_add"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0),     "ASN1_STRING_type_new"},
+{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0),        "ASN1_TEMPLATE_D2I"},
+{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0),     "ASN1_TEMPLATE_EX_D2I"},
+{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0),        "ASN1_TEMPLATE_NEW"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0),    "ASN1_TYPE_get_int_octetstring"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0),        "ASN1_TYPE_get_octetstring"},
-{ERR_PACK(0,ASN1_F_ASN1_TYPE_NEW,0),    "ASN1_TYPE_new"},
 {ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0),       "ASN1_unpack_string"},
-{ERR_PACK(0,ASN1_F_ASN1_UTCTIME_NEW,0), "ASN1_UTCTIME_new"},
 {ERR_PACK(0,ASN1_F_ASN1_VERIFY,0),      "ASN1_verify"},
-{ERR_PACK(0,ASN1_F_AUTHORITY_KEYID_NEW,0),      "AUTHORITY_KEYID_new"},
-{ERR_PACK(0,ASN1_F_BASIC_CONSTRAINTS_NEW,0),    "BASIC_CONSTRAINTS_new"},
 {ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0),    "BN_to_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0),       "BN_to_ASN1_INTEGER"},
-{ERR_PACK(0,ASN1_F_D2I_ACCESS_DESCRIPTION,0),   "d2i_ACCESS_DESCRIPTION"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0),      "d2i_ASN1_BIT_STRING"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_BMPSTRING,0),       "d2i_ASN1_BMPSTRING"},
+{ERR_PACK(0,ASN1_F_COLLECT_DATA,0),     "COLLECT_DATA"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0),      "D2I_ASN1_BIT_STRING"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0), "d2i_ASN1_BOOLEAN"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BYTES,0),   "d2i_ASN1_bytes"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_ENUMERATED,0),      "d2i_ASN1_ENUMERATED"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_GENERALIZEDTIME,0), "d2i_ASN1_GENERALIZEDTIME"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_GENERALIZEDTIME,0), "D2I_ASN1_GENERALIZEDTIME"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_HEADER,0),  "d2i_ASN1_HEADER"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0), "d2i_ASN1_INTEGER"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_NULL,0),    "d2i_ASN1_NULL"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0), "D2I_ASN1_INTEGER"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_OBJECT,0),  "d2i_ASN1_OBJECT"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_OCTET_STRING,0),    "d2i_ASN1_OCTET_STRING"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_PRINT_TYPE,0),      "D2I_ASN1_PRINT_TYPE"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_SET,0),     "d2i_ASN1_SET"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_TIME,0),    "d2i_ASN1_TIME"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE,0),    "d2i_ASN1_TYPE"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE_BYTES,0),      "d2i_ASN1_type_bytes"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_UINTEGER,0),        "d2i_ASN1_UINTEGER"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0), "d2i_ASN1_UTCTIME"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_UTF8STRING,0),      "d2i_ASN1_UTF8STRING"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_VISIBLESTRING,0),   "d2i_ASN1_VISIBLESTRING"},
-{ERR_PACK(0,ASN1_F_D2I_AUTHORITY_KEYID,0),      "d2i_AUTHORITY_KEYID"},
-{ERR_PACK(0,ASN1_F_D2I_BASIC_CONSTRAINTS,0),    "d2i_BASIC_CONSTRAINTS"},
-{ERR_PACK(0,ASN1_F_D2I_DHPARAMS,0),     "d2i_DHparams"},
-{ERR_PACK(0,ASN1_F_D2I_DIST_POINT,0),   "d2i_DIST_POINT"},
-{ERR_PACK(0,ASN1_F_D2I_DIST_POINT_NAME,0),      "d2i_DIST_POINT_NAME"},
-{ERR_PACK(0,ASN1_F_D2I_DSAPARAMS,0),    "d2i_DSAparams"},
-{ERR_PACK(0,ASN1_F_D2I_DSAPRIVATEKEY,0),        "d2i_DSAPrivateKey"},
-{ERR_PACK(0,ASN1_F_D2I_DSAPUBLICKEY,0), "d2i_DSAPublicKey"},
-{ERR_PACK(0,ASN1_F_D2I_GENERAL_NAME,0), "d2i_GENERAL_NAME"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE,0),       "d2i_NETSCAPE_CERT_SEQUENCE"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_PKEY,0),        "D2I_NETSCAPE_PKEY"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0), "D2I_ASN1_UTCTIME"},
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA,0), "d2i_Netscape_RSA"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0),       "d2i_Netscape_RSA_2"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0),       "d2i_NETSCAPE_SPKAC"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0),        "d2i_NETSCAPE_SPKI"},
-{ERR_PACK(0,ASN1_F_D2I_NOTICEREF,0),    "d2i_NOTICEREF"},
-{ERR_PACK(0,ASN1_F_D2I_OTHERNAME,0),    "d2i_OTHERNAME"},
-{ERR_PACK(0,ASN1_F_D2I_PBE2PARAM,0),    "d2i_PBE2PARAM"},
-{ERR_PACK(0,ASN1_F_D2I_PBEPARAM,0),     "d2i_PBEPARAM"},
-{ERR_PACK(0,ASN1_F_D2I_PBKDF2PARAM,0),  "d2i_PBKDF2PARAM"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS12,0),       "d2i_PKCS12"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS12_BAGS,0),  "d2i_PKCS12_BAGS"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS12_MAC_DATA,0),      "d2i_PKCS12_MAC_DATA"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS12_SAFEBAG,0),       "d2i_PKCS12_SAFEBAG"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7,0),        "d2i_PKCS7"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_DIGEST,0), "d2i_PKCS7_DIGEST"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENCRYPT,0),        "d2i_PKCS7_ENCRYPT"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENC_CONTENT,0),    "d2i_PKCS7_ENC_CONTENT"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENVELOPE,0),       "d2i_PKCS7_ENVELOPE"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL,0),      "d2i_PKCS7_ISSUER_AND_SERIAL"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_RECIP_INFO,0),     "d2i_PKCS7_RECIP_INFO"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNED,0), "d2i_PKCS7_SIGNED"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNER_INFO,0),    "d2i_PKCS7_SIGNER_INFO"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGN_ENVELOPE,0),  "d2i_PKCS7_SIGN_ENVELOPE"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS8_PRIV_KEY_INFO,0),  "d2i_PKCS8_PRIV_KEY_INFO"},
-{ERR_PACK(0,ASN1_F_D2I_PKEY_USAGE_PERIOD,0),    "d2i_PKEY_USAGE_PERIOD"},
-{ERR_PACK(0,ASN1_F_D2I_POLICYINFO,0),   "d2i_POLICYINFO"},
-{ERR_PACK(0,ASN1_F_D2I_POLICYQUALINFO,0),       "d2i_POLICYQUALINFO"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0),       "D2I_NETSCAPE_RSA_2"},
 {ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0),   "d2i_PrivateKey"},
 {ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0),    "d2i_PublicKey"},
-{ERR_PACK(0,ASN1_F_D2I_RSAPRIVATEKEY,0),        "d2i_RSAPrivateKey"},
-{ERR_PACK(0,ASN1_F_D2I_RSAPUBLICKEY,0), "d2i_RSAPublicKey"},
-{ERR_PACK(0,ASN1_F_D2I_SXNET,0),        "d2i_SXNET"},
-{ERR_PACK(0,ASN1_F_D2I_SXNETID,0),      "d2i_SXNETID"},
-{ERR_PACK(0,ASN1_F_D2I_USERNOTICE,0),   "d2i_USERNOTICE"},
-{ERR_PACK(0,ASN1_F_D2I_X509,0), "d2i_X509"},
-{ERR_PACK(0,ASN1_F_D2I_X509_ALGOR,0),   "d2i_X509_ALGOR"},
-{ERR_PACK(0,ASN1_F_D2I_X509_ATTRIBUTE,0),       "d2i_X509_ATTRIBUTE"},
-{ERR_PACK(0,ASN1_F_D2I_X509_CERT_AUX,0),        "d2i_X509_CERT_AUX"},
-{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0),    "d2i_X509_CINF"},
-{ERR_PACK(0,ASN1_F_D2I_X509_CRL,0),     "d2i_X509_CRL"},
-{ERR_PACK(0,ASN1_F_D2I_X509_CRL_INFO,0),        "d2i_X509_CRL_INFO"},
-{ERR_PACK(0,ASN1_F_D2I_X509_EXTENSION,0),       "d2i_X509_EXTENSION"},
-{ERR_PACK(0,ASN1_F_D2I_X509_KEY,0),     "D2I_X509_KEY"},
-{ERR_PACK(0,ASN1_F_D2I_X509_NAME,0),    "d2i_X509_NAME"},
-{ERR_PACK(0,ASN1_F_D2I_X509_NAME_ENTRY,0),      "d2i_X509_NAME_ENTRY"},
+{ERR_PACK(0,ASN1_F_D2I_X509,0), "D2I_X509"},
+{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0),    "D2I_X509_CINF"},
+{ERR_PACK(0,ASN1_F_D2I_X509_NAME,0),    "D2I_X509_NAME"},
 {ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0),    "d2i_X509_PKEY"},
-{ERR_PACK(0,ASN1_F_D2I_X509_PUBKEY,0),  "d2i_X509_PUBKEY"},
-{ERR_PACK(0,ASN1_F_D2I_X509_REQ,0),     "d2i_X509_REQ"},
-{ERR_PACK(0,ASN1_F_D2I_X509_REQ_INFO,0),        "d2i_X509_REQ_INFO"},
-{ERR_PACK(0,ASN1_F_D2I_X509_REVOKED,0), "d2i_X509_REVOKED"},
-{ERR_PACK(0,ASN1_F_D2I_X509_SIG,0),     "d2i_X509_SIG"},
-{ERR_PACK(0,ASN1_F_D2I_X509_VAL,0),     "d2i_X509_VAL"},
-{ERR_PACK(0,ASN1_F_DIST_POINT_NAME_NEW,0),      "DIST_POINT_NAME_new"},
-{ERR_PACK(0,ASN1_F_DIST_POINT_NEW,0),   "DIST_POINT_new"},
-{ERR_PACK(0,ASN1_F_GENERAL_NAME_NEW,0), "GENERAL_NAME_new"},
-{ERR_PACK(0,ASN1_F_I2D_ASN1_HEADER,0),  "i2d_ASN1_HEADER"},
-{ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0),    "i2d_ASN1_TIME"},
-{ERR_PACK(0,ASN1_F_I2D_DHPARAMS,0),     "i2d_DHparams"},
-{ERR_PACK(0,ASN1_F_I2D_DSAPARAMS,0),    "i2d_DSAparams"},
-{ERR_PACK(0,ASN1_F_I2D_DSAPRIVATEKEY,0),        "i2d_DSAPrivateKey"},
-{ERR_PACK(0,ASN1_F_I2D_DSAPUBLICKEY,0), "i2d_DSAPublicKey"},
+{ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0),    "I2D_ASN1_TIME"},
 {ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0),   "i2d_DSA_PUBKEY"},
 {ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0), "i2d_Netscape_RSA"},
-{ERR_PACK(0,ASN1_F_I2D_PKCS7,0),        "i2d_PKCS7"},
 {ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0),   "i2d_PrivateKey"},
 {ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0),    "i2d_PublicKey"},
-{ERR_PACK(0,ASN1_F_I2D_RSAPRIVATEKEY,0),        "i2d_RSAPrivateKey"},
-{ERR_PACK(0,ASN1_F_I2D_RSAPUBLICKEY,0), "i2d_RSAPublicKey"},
 {ERR_PACK(0,ASN1_F_I2D_RSA_PUBKEY,0),   "i2d_RSA_PUBKEY"},
-{ERR_PACK(0,ASN1_F_I2D_X509_ATTRIBUTE,0),       "i2d_X509_ATTRIBUTE"},
-{ERR_PACK(0,ASN1_F_I2T_ASN1_OBJECT,0),  "i2t_ASN1_OBJECT"},
-{ERR_PACK(0,ASN1_F_NETSCAPE_CERT_SEQUENCE_NEW,0),       "NETSCAPE_CERT_SEQUENCE_new"},
-{ERR_PACK(0,ASN1_F_NETSCAPE_PKEY_NEW,0),        "NETSCAPE_PKEY_NEW"},
-{ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0),       "NETSCAPE_SPKAC_new"},
-{ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0),        "NETSCAPE_SPKI_new"},
-{ERR_PACK(0,ASN1_F_NOTICEREF_NEW,0),    "NOTICEREF_new"},
-{ERR_PACK(0,ASN1_F_OTHERNAME_NEW,0),    "OTHERNAME_new"},
-{ERR_PACK(0,ASN1_F_PBE2PARAM_NEW,0),    "PBE2PARAM_new"},
-{ERR_PACK(0,ASN1_F_PBEPARAM_NEW,0),     "PBEPARAM_new"},
-{ERR_PACK(0,ASN1_F_PBKDF2PARAM_NEW,0),  "PBKDF2PARAM_new"},
-{ERR_PACK(0,ASN1_F_PKCS12_BAGS_NEW,0),  "PKCS12_BAGS_new"},
-{ERR_PACK(0,ASN1_F_PKCS12_MAC_DATA_NEW,0),      "PKCS12_MAC_DATA_new"},
-{ERR_PACK(0,ASN1_F_PKCS12_NEW,0),       "PKCS12_new"},
-{ERR_PACK(0,ASN1_F_PKCS12_SAFEBAG_NEW,0),       "PKCS12_SAFEBAG_new"},
+{ERR_PACK(0,ASN1_F_LONG_C2I,0), "LONG_C2I"},
+{ERR_PACK(0,ASN1_F_OID_MODULE_INIT,0),  "OID_MODULE_INIT"},
 {ERR_PACK(0,ASN1_F_PKCS5_PBE2_SET,0),   "PKCS5_pbe2_set"},
-{ERR_PACK(0,ASN1_F_PKCS7_DIGEST_NEW,0), "PKCS7_DIGEST_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_ENCRYPT_NEW,0),        "PKCS7_ENCRYPT_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_ENC_CONTENT_NEW,0),    "PKCS7_ENC_CONTENT_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_ENVELOPE_NEW,0),       "PKCS7_ENVELOPE_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW,0),      "PKCS7_ISSUER_AND_SERIAL_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_NEW,0),        "PKCS7_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_RECIP_INFO_NEW,0),     "PKCS7_RECIP_INFO_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_SIGNED_NEW,0), "PKCS7_SIGNED_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_SIGNER_INFO_NEW,0),    "PKCS7_SIGNER_INFO_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,0),  "PKCS7_SIGN_ENVELOPE_new"},
-{ERR_PACK(0,ASN1_F_PKCS8_PRIV_KEY_INFO_NEW,0),  "PKCS8_PRIV_KEY_INFO_new"},
-{ERR_PACK(0,ASN1_F_PKEY_USAGE_PERIOD_NEW,0),    "PKEY_USAGE_PERIOD_new"},
-{ERR_PACK(0,ASN1_F_POLICYINFO_NEW,0),   "POLICYINFO_new"},
-{ERR_PACK(0,ASN1_F_POLICYQUALINFO_NEW,0),       "POLICYQUALINFO_new"},
-{ERR_PACK(0,ASN1_F_SXNETID_NEW,0),      "SXNETID_new"},
-{ERR_PACK(0,ASN1_F_SXNET_NEW,0),        "SXNET_new"},
-{ERR_PACK(0,ASN1_F_USERNOTICE_NEW,0),   "USERNOTICE_new"},
-{ERR_PACK(0,ASN1_F_X509_ALGOR_NEW,0),   "X509_ALGOR_new"},
-{ERR_PACK(0,ASN1_F_X509_ATTRIBUTE_NEW,0),       "X509_ATTRIBUTE_new"},
-{ERR_PACK(0,ASN1_F_X509_CERT_AUX_NEW,0),        "X509_CERT_AUX_new"},
-{ERR_PACK(0,ASN1_F_X509_CINF_NEW,0),    "X509_CINF_new"},
-{ERR_PACK(0,ASN1_F_X509_CRL_INFO_NEW,0),        "X509_CRL_INFO_new"},
-{ERR_PACK(0,ASN1_F_X509_CRL_NEW,0),     "X509_CRL_new"},
-{ERR_PACK(0,ASN1_F_X509_DHPARAMS_NEW,0),        "X509_DHPARAMS_NEW"},
-{ERR_PACK(0,ASN1_F_X509_EXTENSION_NEW,0),       "X509_EXTENSION_new"},
+{ERR_PACK(0,ASN1_F_X509_CINF_NEW,0),    "X509_CINF_NEW"},
+{ERR_PACK(0,ASN1_F_X509_CRL_ADD0_REVOKED,0),    "X509_CRL_add0_revoked"},
 {ERR_PACK(0,ASN1_F_X509_INFO_NEW,0),    "X509_INFO_new"},
-{ERR_PACK(0,ASN1_F_X509_KEY_NEW,0),     "X509_KEY_NEW"},
-{ERR_PACK(0,ASN1_F_X509_NAME_ENTRY_NEW,0),      "X509_NAME_ENTRY_new"},
-{ERR_PACK(0,ASN1_F_X509_NAME_NEW,0),    "X509_NAME_new"},
-{ERR_PACK(0,ASN1_F_X509_NEW,0), "X509_new"},
+{ERR_PACK(0,ASN1_F_X509_NAME_NEW,0),    "X509_NAME_NEW"},
+{ERR_PACK(0,ASN1_F_X509_NEW,0), "X509_NEW"},
 {ERR_PACK(0,ASN1_F_X509_PKEY_NEW,0),    "X509_PKEY_new"},
-{ERR_PACK(0,ASN1_F_X509_PUBKEY_NEW,0),  "X509_PUBKEY_new"},
-{ERR_PACK(0,ASN1_F_X509_REQ_INFO_NEW,0),        "X509_REQ_INFO_new"},
-{ERR_PACK(0,ASN1_F_X509_REQ_NEW,0),     "X509_REQ_new"},
-{ERR_PACK(0,ASN1_F_X509_REVOKED_NEW,0), "X509_REVOKED_new"},
-{ERR_PACK(0,ASN1_F_X509_SIG_NEW,0),     "X509_SIG_new"},
-{ERR_PACK(0,ASN1_F_X509_VAL_FREE,0),    "X509_VAL_free"},
-{ERR_PACK(0,ASN1_F_X509_VAL_NEW,0),     "X509_VAL_new"},
 {0,NULL}
         };
 
 static ERR_STRING_DATA ASN1_str_reasons[]=
         {
+{ASN1_R_ADDING_OBJECT                    ,"adding object"},
+{ASN1_R_AUX_ERROR                        ,"aux error"},
 {ASN1_R_BAD_CLASS                        ,"bad class"},
 {ASN1_R_BAD_OBJECT_HEADER                ,"bad object header"},
 {ASN1_R_BAD_PASSWORD_READ                ,"bad password read"},
-{ASN1_R_BAD_PKCS7_CONTENT                ,"bad pkcs7 content"},
-{ASN1_R_BAD_PKCS7_TYPE                   ,"bad pkcs7 type"},
 {ASN1_R_BAD_TAG                          ,"bad tag"},
-{ASN1_R_BAD_TYPE                         ,"bad type"},
 {ASN1_R_BN_LIB                           ,"bn lib"},
 {ASN1_R_BOOLEAN_IS_WRONG_LENGTH          ,"boolean is wrong length"},
 {ASN1_R_BUFFER_TOO_SMALL                 ,"buffer too small"},
@@ -279,22 +160,24 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ASN1_R_DECODE_ERROR                     ,"decode error"},
 {ASN1_R_DECODING_ERROR                   ,"decoding error"},
 {ASN1_R_ENCODE_ERROR                     ,"encode error"},
+{ASN1_R_ERROR_LOADING_SECTION            ,"error loading section"},
 {ASN1_R_ERROR_PARSING_SET_ELEMENT        ,"error parsing set element"},
 {ASN1_R_ERROR_SETTING_CIPHER_PARAMS      ,"error setting cipher params"},
-{ASN1_R_EXPECTING_AN_ENUMERATED          ,"expecting an enumerated"},
 {ASN1_R_EXPECTING_AN_INTEGER             ,"expecting an integer"},
 {ASN1_R_EXPECTING_AN_OBJECT              ,"expecting an object"},
-{ASN1_R_EXPECTING_AN_OCTET_STRING        ,"expecting an octet string"},
-{ASN1_R_EXPECTING_A_BIT_STRING           ,"expecting a bit string"},
 {ASN1_R_EXPECTING_A_BOOLEAN              ,"expecting a boolean"},
-{ASN1_R_EXPECTING_A_GENERALIZEDTIME      ,"expecting a generalizedtime"},
-{ASN1_R_EXPECTING_A_NULL                 ,"expecting a null"},
 {ASN1_R_EXPECTING_A_TIME                 ,"expecting a time"},
-{ASN1_R_EXPECTING_A_UTCTIME              ,"expecting a utctime"},
+{ASN1_R_EXPLICIT_LENGTH_MISMATCH         ,"explicit length mismatch"},
+{ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED     ,"explicit tag not constructed"},
+{ASN1_R_FIELD_MISSING                    ,"field missing"},
 {ASN1_R_FIRST_NUM_TOO_LARGE              ,"first num too large"},
-{ASN1_R_GENERALIZEDTIME_TOO_LONG         ,"generalizedtime too long"},
 {ASN1_R_HEADER_TOO_LONG                  ,"header too long"},
 {ASN1_R_ILLEGAL_CHARACTERS               ,"illegal characters"},
+{ASN1_R_ILLEGAL_NULL                     ,"illegal null"},
+{ASN1_R_ILLEGAL_OPTIONAL_ANY             ,"illegal optional any"},
+{ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE ,"illegal options on item template"},
+{ASN1_R_ILLEGAL_TAGGED_ANY               ,"illegal tagged any"},
+{ASN1_R_INTEGER_TOO_LARGE_FOR_LONG       ,"integer too large for long"},
 {ASN1_R_INVALID_BMPSTRING_LENGTH         ,"invalid bmpstring length"},
 {ASN1_R_INVALID_DIGIT                    ,"invalid digit"},
 {ASN1_R_INVALID_SEPARATOR                ,"invalid separator"},
@@ -303,32 +186,37 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ASN1_R_INVALID_UTF8STRING               ,"invalid utf8string"},
 {ASN1_R_IV_TOO_LARGE                     ,"iv too large"},
 {ASN1_R_LENGTH_ERROR                     ,"length error"},
+{ASN1_R_MISSING_EOC                      ,"missing eoc"},
 {ASN1_R_MISSING_SECOND_NUMBER            ,"missing second number"},
+{ASN1_R_MSTRING_NOT_UNIVERSAL            ,"mstring not universal"},
+{ASN1_R_MSTRING_WRONG_TAG                ,"mstring wrong tag"},
 {ASN1_R_NON_HEX_CHARACTERS               ,"non hex characters"},
 {ASN1_R_NOT_ENOUGH_DATA                  ,"not enough data"},
+{ASN1_R_NO_MATCHING_CHOICE_TYPE          ,"no matching choice type"},
 {ASN1_R_NULL_IS_WRONG_LENGTH             ,"null is wrong length"},
 {ASN1_R_ODD_NUMBER_OF_CHARS              ,"odd number of chars"},
-{ASN1_R_PARSING                          ,"parsing"},
 {ASN1_R_PRIVATE_KEY_HEADER_MISSING       ,"private key header missing"},
 {ASN1_R_SECOND_NUMBER_TOO_LARGE          ,"second number too large"},
+{ASN1_R_SEQUENCE_LENGTH_MISMATCH         ,"sequence length mismatch"},
+{ASN1_R_SEQUENCE_NOT_CONSTRUCTED         ,"sequence not constructed"},
 {ASN1_R_SHORT_LINE                       ,"short line"},
 {ASN1_R_STRING_TOO_LONG                  ,"string too long"},
 {ASN1_R_STRING_TOO_SHORT                 ,"string too short"},
 {ASN1_R_TAG_VALUE_TOO_HIGH               ,"tag value too high"},
 {ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
 {ASN1_R_TOO_LONG                         ,"too long"},
+{ASN1_R_TYPE_NOT_CONSTRUCTED             ,"type not constructed"},
 {ASN1_R_UNABLE_TO_DECODE_RSA_KEY         ,"unable to decode rsa key"},
 {ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY ,"unable to decode rsa private key"},
-{ASN1_R_UNKNOWN_ATTRIBUTE_TYPE           ,"unknown attribute type"},
+{ASN1_R_UNEXPECTED_EOC                   ,"unexpected eoc"},
 {ASN1_R_UNKNOWN_FORMAT                   ,"unknown format"},
 {ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"},
 {ASN1_R_UNKNOWN_OBJECT_TYPE              ,"unknown object type"},
 {ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE          ,"unknown public key type"},
+{ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE  ,"unsupported any defined by type"},
 {ASN1_R_UNSUPPORTED_CIPHER               ,"unsupported cipher"},
 {ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM ,"unsupported encryption algorithm"},
 {ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE      ,"unsupported public key type"},
-{ASN1_R_UTCTIME_TOO_LONG                 ,"utctime too long"},
-{ASN1_R_WRONG_PRINTABLE_TYPE             ,"wrong printable type"},
 {ASN1_R_WRONG_TAG                        ,"wrong tag"},
 {ASN1_R_WRONG_TYPE                       ,"wrong type"},
 {0,NULL}
@@ -343,7 +231,7 @@ void ERR_load_ASN1_strings(void)
         if (init)
                 {
                 init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
                 ERR_load_strings(ERR_LIB_ASN1,ASN1_str_functs);
                 ERR_load_strings(ERR_LIB_ASN1,ASN1_str_reasons);
 #endif
diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c
index a8b651e54e..830ff2af3c 100644
--- a/src/lib/libcrypto/asn1/asn1_lib.c
+++ b/src/lib/libcrypto/asn1/asn1_lib.c
@@ -59,7 +59,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
 
 static int asn1_get_length(unsigned char **pp,int *inf,long *rl,int max);
 static void asn1_put_length(unsigned char **pp, int length);
@@ -301,7 +300,7 @@ int asn1_GetSequence(ASN1_CTX *c, long *length)
                 return(0);
                 }
         if (c->inf == (1|V_ASN1_CONSTRUCTED))
-                c->slen= *length;
+                c->slen= *length+ *(c->pp)-c->p;
         c->eos=0;
         return(1);
         }
diff --git a/src/lib/libcrypto/asn1/asn1_mac.h b/src/lib/libcrypto/asn1/asn1_mac.h
index af0e664b2d..a48649ceeb 100644
--- a/src/lib/libcrypto/asn1/asn1_mac.h
+++ b/src/lib/libcrypto/asn1/asn1_mac.h
@@ -70,14 +70,14 @@ extern "C" {
 #endif 
 
 #define ASN1_MAC_H_err(f,r,line) \
-        ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),ERR_file_name,(line))
+        ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
 
 #define M_ASN1_D2I_vars(a,type,func) \
         ASN1_CTX c; \
         type ret=NULL; \
         \
-        c.pp=pp; \
-        c.q= *pp; \
+        c.pp=(unsigned char **)pp; \
+        c.q= *(unsigned char **)pp; \
         c.error=ERR_R_NESTED_ASN1_ERROR; \
         if ((a == NULL) || ((*a) == NULL)) \
                 { if ((ret=(type)func()) == NULL) \
@@ -85,13 +85,13 @@ extern "C" {
         else    ret=(*a);
 
 #define M_ASN1_D2I_Init() \
-        c.p= *pp; \
+        c.p= *(unsigned char **)pp; \
         c.max=(length == 0)?0:(c.p+length);
 
 #define M_ASN1_D2I_Finish_2(a) \
         if (!asn1_Finish(&c)) \
                 { c.line=__LINE__; goto err; } \
-        *pp=c.p; \
+        *(unsigned char **)pp=c.p; \
         if (a != NULL) (*a)=ret; \
         return(ret);
 
@@ -99,7 +99,7 @@ extern "C" {
         M_ASN1_D2I_Finish_2(a); \
 err:\
         ASN1_MAC_H_err((e),c.error,c.line); \
-        asn1_add_error(*pp,(int)(c.q- *pp)); \
+        asn1_add_error(*(unsigned char **)pp,(int)(c.q- *pp)); \
         if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
         return(NULL)
 
@@ -196,9 +196,6 @@ err:\
         if ((a != NULL) && (sk_##type##_num(a) != 0)) \
                 M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
 
-#define M_ASN1_I2D_put_SEQUENCE_opt_ex_type(type,a,f) \
-        if (a) M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
-
 #define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
         if ((c.slen != 0) && \
                 (M_ASN1_next == \
@@ -392,9 +389,6 @@ err:\
                 if ((a != NULL) && (sk_##type##_num(a) != 0)) \
                         M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
 
-#define M_ASN1_I2D_len_SEQUENCE_opt_ex_type(type,a,f) \
-                if (a) M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
-
 #define M_ASN1_I2D_len_IMP_SET(a,f,x) \
                 ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
 
@@ -458,15 +452,6 @@ err:\
                         ret+=ASN1_object_size(1,v,mtag); \
                         }
 
-#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
-                if (a)\
-                        { \
-                        v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
-                                                 V_ASN1_UNIVERSAL, \
-                                                 IS_SEQUENCE); \
-                        ret+=ASN1_object_size(1,v,mtag); \
-                        }
-
 /* Put Macros */
 #define M_ASN1_I2D_put(a,f)     f(a,&p)
 
@@ -551,14 +536,6 @@ err:\
                                                IS_SEQUENCE); \
                         }
 
-#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
-                if (a) \
-                        { \
-                        ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
-                        i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
-                                               IS_SEQUENCE); \
-                        }
-
 #define M_ASN1_I2D_seq_total() \
                 r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
                 if (pp == NULL) return(r); \
diff --git a/src/lib/libcrypto/asn1/asn1t.h b/src/lib/libcrypto/asn1/asn1t.h
new file mode 100644
index 0000000000..ed372f8554
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn1t.h
@@ -0,0 +1,846 @@
+/* asn1t.h */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_ASN1T_H
+#define HEADER_ASN1T_H
+
+#include <stddef.h>
+#include <openssl/e_os2.h>
+#include <openssl/asn1.h>
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
+/* ASN1 template defines, structures and functions */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
+
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+#define ASN1_ITEM_start(itname) \
+        OPENSSL_GLOBAL const ASN1_ITEM itname##_it = {
+
+#define ASN1_ITEM_end(itname) \
+                };
+
+#else
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr()))
+
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+#define ASN1_ITEM_start(itname) \
+        const ASN1_ITEM * itname##_it(void) \
+        { \
+                static const ASN1_ITEM local_it = { \
+
+#define ASN1_ITEM_end(itname) \
+                }; \
+        return &local_it; \
+        }
+
+#endif
+
+
+/* Macros to aid ASN1 template writing */
+
+#define ASN1_ITEM_TEMPLATE(tname) \
+        const static ASN1_TEMPLATE tname##_item_tt 
+
+#define ASN1_ITEM_TEMPLATE_END(tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_PRIMITIVE,\
+                -1,\
+                &tname##_item_tt,\
+                0,\
+                NULL,\
+                0,\
+                #tname \
+        ASN1_ITEM_end(tname)
+
+
+/* This is a ASN1 type which just embeds a template */
+ 
+/* This pair helps declare a SEQUENCE. We can do:
+ *
+ *      ASN1_SEQUENCE(stname) = {
+ *              ... SEQUENCE components ...
+ *      } ASN1_SEQUENCE_END(stname)
+ *
+ *      This will produce an ASN1_ITEM called stname_it
+ *      for a structure called stname.
+ *
+ *      If you want the same structure but a different
+ *      name then use:
+ *
+ *      ASN1_SEQUENCE(itname) = {
+ *              ... SEQUENCE components ...
+ *      } ASN1_SEQUENCE_END_name(stname, itname)
+ *
+ *      This will create an item called itname_it using
+ *      a structure called stname.
+ */
+
+#define ASN1_SEQUENCE(tname) \
+        const static ASN1_TEMPLATE tname##_seq_tt[] 
+
+#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
+
+#define ASN1_SEQUENCE_END_name(stname, tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+#define ASN1_SEQUENCE_cb(tname, cb) \
+        const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+        ASN1_SEQUENCE(tname)
+
+#define ASN1_BROKEN_SEQUENCE(tname) \
+        const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
+        ASN1_SEQUENCE(tname)
+
+#define ASN1_SEQUENCE_ref(tname, cb, lck) \
+        const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \
+        ASN1_SEQUENCE(tname)
+
+#define ASN1_SEQUENCE_enc(tname, enc, cb) \
+        const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
+        ASN1_SEQUENCE(tname)
+
+#define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
+
+#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+
+#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+
+#define ASN1_SEQUENCE_END_ref(stname, tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                &tname##_aux,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+
+/* This pair helps declare a CHOICE type. We can do:
+ *
+ *      ASN1_CHOICE(chname) = {
+ *              ... CHOICE options ...
+ *      ASN1_CHOICE_END(chname)
+ *
+ *      This will produce an ASN1_ITEM called chname_it
+ *      for a structure called chname. The structure
+ *      definition must look like this:
+ *      typedef struct {
+ *              int type;
+ *              union {
+ *                      ASN1_SOMETHING *opt1;
+ *                      ASN1_SOMEOTHER *opt2;
+ *              } value;
+ *      } chname;
+ *      
+ *      the name of the selector must be 'type'.
+ *      to use an alternative selector name use the
+ *      ASN1_CHOICE_END_selector() version.
+ */
+
+#define ASN1_CHOICE(tname) \
+        const static ASN1_TEMPLATE tname##_ch_tt[] 
+
+#define ASN1_CHOICE_cb(tname, cb) \
+        const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+        ASN1_CHOICE(tname)
+
+#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
+
+#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)
+
+#define ASN1_CHOICE_END_selector(stname, tname, selname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_CHOICE,\
+                offsetof(stname,selname) ,\
+                tname##_ch_tt,\
+                sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+#define ASN1_CHOICE_END_cb(stname, tname, selname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_CHOICE,\
+                offsetof(stname,selname) ,\
+                tname##_ch_tt,\
+                sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+                &tname##_aux,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+/* This helps with the template wrapper form of ASN1_ITEM */
+
+#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \
+        (flags), (tag), 0,\
+        #name, ASN1_ITEM_ref(type) }
+
+/* These help with SEQUENCE or CHOICE components */
+
+/* used to declare other types */
+
+#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \
+        (flags), (tag), offsetof(stname, field),\
+        #field, ASN1_ITEM_ref(type) }
+
+/* used when the structure is combined with the parent */
+
+#define ASN1_EX_COMBINE(flags, tag, type) { \
+        (flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) }
+
+/* implicit and explicit helper macros */
+
+#define ASN1_IMP_EX(stname, field, type, tag, ex) \
+                ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type)
+
+#define ASN1_EXP_EX(stname, field, type, tag, ex) \
+                ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type)
+
+/* Any defined by macros: the field used is in the table itself */
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+#else
+#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb }
+#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb }
+#endif
+/* Plain simple type */
+#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
+
+/* OPTIONAL simple type */
+#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* IMPLICIT tagged simple type */
+#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)
+
+/* IMPLICIT tagged OPTIONAL simple type */
+#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+
+/* Same as above but EXPLICIT */
+
+#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)
+#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+
+/* SEQUENCE OF type */
+#define ASN1_SEQUENCE_OF(stname, field, type) \
+                ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)
+
+/* OPTIONAL SEQUENCE OF */
+#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \
+                ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* Same as above but for SET OF */
+
+#define ASN1_SET_OF(stname, field, type) \
+                ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)
+
+#define ASN1_SET_OF_OPT(stname, field, type) \
+                ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */
+
+#define ASN1_IMP_SET_OF(stname, field, type, tag) \
+                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+
+#define ASN1_EXP_SET_OF(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+
+#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \
+                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+
+#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+
+#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \
+                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+
+#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \
+                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+
+#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+
+#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+
+/* Macros for the ASN1_ADB structure */
+
+#define ASN1_ADB(name) \
+        const static ASN1_ADB_TABLE name##_adbtbl[] 
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
+        ;\
+        const static ASN1_ADB name##_adb = {\
+                flags,\
+                offsetof(name, field),\
+                app_table,\
+                name##_adbtbl,\
+                sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+                def,\
+                none\
+        }
+
+#else
+
+#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
+        ;\
+        const static ASN1_ITEM *name##_adb(void) \
+        { \
+        const static ASN1_ADB internal_adb = \
+                {\
+                flags,\
+                offsetof(name, field),\
+                app_table,\
+                name##_adbtbl,\
+                sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+                def,\
+                none\
+                }; \
+                return (const ASN1_ITEM *) &internal_adb; \
+        } \
+        void dummy_function(void)
+
+#endif
+
+#define ADB_ENTRY(val, template) {val, template}
+
+#define ASN1_ADB_TEMPLATE(name) \
+        const static ASN1_TEMPLATE name##_tt 
+
+/* This is the ASN1 template structure that defines
+ * a wrapper round the actual type. It determines the
+ * actual position of the field in the value structure,
+ * various flags such as OPTIONAL and the field name.
+ */
+
+struct ASN1_TEMPLATE_st {
+unsigned long flags;            /* Various flags */
+long tag;                       /* tag, not used if no tagging */
+unsigned long offset;           /* Offset of this field in structure */
+#ifndef NO_ASN1_FIELD_NAMES
+char *field_name;               /* Field name */
+#endif
+ASN1_ITEM_EXP *item;            /* Relevant ASN1_ITEM or ASN1_ADB */
+};
+
+/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */
+
+#define ASN1_TEMPLATE_item(t) (t->item_ptr)
+#define ASN1_TEMPLATE_adb(t) (t->item_ptr)
+
+typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE;
+typedef struct ASN1_ADB_st ASN1_ADB;
+
+struct ASN1_ADB_st {
+        unsigned long flags;    /* Various flags */
+        unsigned long offset;   /* Offset of selector field */
+        STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */
+        const ASN1_ADB_TABLE *tbl;      /* Table of possible types */
+        long tblcount;          /* Number of entries in tbl */
+        const ASN1_TEMPLATE *default_tt;  /* Type to use if no match */
+        const ASN1_TEMPLATE *null_tt;  /* Type to use if selector is NULL */
+};
+
+struct ASN1_ADB_TABLE_st {
+        long value;             /* NID for an object or value for an int */
+        const ASN1_TEMPLATE tt;         /* item for this value */
+};
+
+/* template flags */
+
+/* Field is optional */
+#define ASN1_TFLG_OPTIONAL      (0x1)
+
+/* Field is a SET OF */
+#define ASN1_TFLG_SET_OF        (0x1 << 1)
+
+/* Field is a SEQUENCE OF */
+#define ASN1_TFLG_SEQUENCE_OF   (0x2 << 1)
+
+/* Special case: this refers to a SET OF that
+ * will be sorted into DER order when encoded *and*
+ * the corresponding STACK will be modified to match
+ * the new order.
+ */
+#define ASN1_TFLG_SET_ORDER     (0x3 << 1)
+
+/* Mask for SET OF or SEQUENCE OF */
+#define ASN1_TFLG_SK_MASK       (0x3 << 1)
+
+/* These flags mean the tag should be taken from the
+ * tag field. If EXPLICIT then the underlying type
+ * is used for the inner tag.
+ */
+
+/* IMPLICIT tagging */
+#define ASN1_TFLG_IMPTAG        (0x1 << 3)
+
+
+/* EXPLICIT tagging, inner tag from underlying type */
+#define ASN1_TFLG_EXPTAG        (0x2 << 3)
+
+#define ASN1_TFLG_TAG_MASK      (0x3 << 3)
+
+/* context specific IMPLICIT */
+#define ASN1_TFLG_IMPLICIT      ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT
+
+/* context specific EXPLICIT */
+#define ASN1_TFLG_EXPLICIT      ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT
+
+/* If tagging is in force these determine the
+ * type of tag to use. Otherwise the tag is
+ * determined by the underlying type. These 
+ * values reflect the actual octet format.
+ */
+
+/* Universal tag */ 
+#define ASN1_TFLG_UNIVERSAL     (0x0<<6)
+/* Application tag */ 
+#define ASN1_TFLG_APPLICATION   (0x1<<6)
+/* Context specific tag */ 
+#define ASN1_TFLG_CONTEXT       (0x2<<6)
+/* Private tag */ 
+#define ASN1_TFLG_PRIVATE       (0x3<<6)
+
+#define ASN1_TFLG_TAG_CLASS     (0x3<<6)
+
+/* These are for ANY DEFINED BY type. In this case
+ * the 'item' field points to an ASN1_ADB structure
+ * which contains a table of values to decode the
+ * relevant type
+ */
+
+#define ASN1_TFLG_ADB_MASK      (0x3<<8)
+
+#define ASN1_TFLG_ADB_OID       (0x1<<8)
+
+#define ASN1_TFLG_ADB_INT       (0x1<<9)
+
+/* This flag means a parent structure is passed
+ * instead of the field: this is useful is a
+ * SEQUENCE is being combined with a CHOICE for
+ * example. Since this means the structure and
+ * item name will differ we need to use the
+ * ASN1_CHOICE_END_name() macro for example.
+ */
+
+#define ASN1_TFLG_COMBINE       (0x1<<10)
+
+/* This is the actual ASN1 item itself */
+
+struct ASN1_ITEM_st {
+char itype;                     /* The item type, primitive, SEQUENCE, CHOICE or extern */
+long utype;                     /* underlying type */
+const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains the contents */
+long tcount;                    /* Number of templates if SEQUENCE or CHOICE */
+const void *funcs;              /* functions that handle this type */
+long size;                      /* Structure size (usually)*/
+#ifndef NO_ASN1_FIELD_NAMES
+const char *sname;              /* Structure name */
+#endif
+};
+
+/* These are values for the itype field and
+ * determine how the type is interpreted.
+ *
+ * For PRIMITIVE types the underlying type
+ * determines the behaviour if items is NULL.
+ *
+ * Otherwise templates must contain a single 
+ * template and the type is treated in the
+ * same way as the type specified in the template.
+ *
+ * For SEQUENCE types the templates field points
+ * to the members, the size field is the
+ * structure size.
+ *
+ * For CHOICE types the templates field points
+ * to each possible member (typically a union)
+ * and the 'size' field is the offset of the
+ * selector.
+ *
+ * The 'funcs' field is used for application
+ * specific functions. 
+ *
+ * For COMPAT types the funcs field gives a
+ * set of functions that handle this type, this
+ * supports the old d2i, i2d convention.
+ *
+ * The EXTERN type uses a new style d2i/i2d.
+ * The new style should be used where possible
+ * because it avoids things like the d2i IMPLICIT
+ * hack.
+ *
+ * MSTRING is a multiple string type, it is used
+ * for a CHOICE of character strings where the
+ * actual strings all occupy an ASN1_STRING
+ * structure. In this case the 'utype' field
+ * has a special meaning, it is used as a mask
+ * of acceptable types using the B_ASN1 constants.
+ *
+ */
+
+#define ASN1_ITYPE_PRIMITIVE    0x0
+
+#define ASN1_ITYPE_SEQUENCE     0x1
+
+#define ASN1_ITYPE_CHOICE       0x2
+
+#define ASN1_ITYPE_COMPAT       0x3
+
+#define ASN1_ITYPE_EXTERN       0x4
+
+#define ASN1_ITYPE_MSTRING      0x5
+
+/* Cache for ASN1 tag and length, so we
+ * don't keep re-reading it for things
+ * like CHOICE
+ */
+
+struct ASN1_TLC_st{
+        char valid;     /* Values below are valid */
+        int ret;        /* return value */
+        long plen;      /* length */
+        int ptag;       /* class value */
+        int pclass;     /* class value */
+        int hdrlen;     /* header length */
+};
+
+/* Typedefs for ASN1 function pointers */
+
+typedef ASN1_VALUE * ASN1_new_func(void);
+typedef void ASN1_free_func(ASN1_VALUE *a);
+typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, unsigned char ** in, long length);
+typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in);
+
+typedef int ASN1_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
+                                        int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+typedef struct ASN1_COMPAT_FUNCS_st {
+        ASN1_new_func *asn1_new;
+        ASN1_free_func *asn1_free;
+        ASN1_d2i_func *asn1_d2i;
+        ASN1_i2d_func *asn1_i2d;
+} ASN1_COMPAT_FUNCS;
+
+typedef struct ASN1_EXTERN_FUNCS_st {
+        void *app_data;
+        ASN1_ex_new_func *asn1_ex_new;
+        ASN1_ex_free_func *asn1_ex_free;
+        ASN1_ex_free_func *asn1_ex_clear;
+        ASN1_ex_d2i *asn1_ex_d2i;
+        ASN1_ex_i2d *asn1_ex_i2d;
+} ASN1_EXTERN_FUNCS;
+
+typedef struct ASN1_PRIMITIVE_FUNCS_st {
+        void *app_data;
+        unsigned long flags;
+        ASN1_ex_new_func *prim_new;
+        ASN1_ex_free_func *prim_free;
+        ASN1_ex_free_func *prim_clear;
+        ASN1_primitive_c2i *prim_c2i;
+        ASN1_primitive_i2c *prim_i2c;
+} ASN1_PRIMITIVE_FUNCS;
+
+/* This is the ASN1_AUX structure: it handles various
+ * miscellaneous requirements. For example the use of
+ * reference counts and an informational callback.
+ *
+ * The "informational callback" is called at various
+ * points during the ASN1 encoding and decoding. It can
+ * be used to provide minor customisation of the structures
+ * used. This is most useful where the supplied routines
+ * *almost* do the right thing but need some extra help
+ * at a few points. If the callback returns zero then
+ * it is assumed a fatal error has occurred and the 
+ * main operation should be abandoned.
+ *
+ * If major changes in the default behaviour are required
+ * then an external type is more appropriate.
+ */
+
+typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it);
+
+typedef struct ASN1_AUX_st {
+        void *app_data;
+        int flags;
+        int ref_offset;         /* Offset of reference value */
+        int ref_lock;           /* Lock type to use */
+        ASN1_aux_cb *asn1_cb;
+        int enc_offset;         /* Offset of ASN1_ENCODING structure */
+} ASN1_AUX;
+
+/* Flags in ASN1_AUX */
+
+/* Use a reference count */
+#define ASN1_AFLG_REFCOUNT      1
+/* Save the encoding of structure (useful for signatures) */
+#define ASN1_AFLG_ENCODING      2
+/* The Sequence length is invalid */
+#define ASN1_AFLG_BROKEN        4
+
+/* operation values for asn1_cb */
+
+#define ASN1_OP_NEW_PRE         0
+#define ASN1_OP_NEW_POST        1
+#define ASN1_OP_FREE_PRE        2
+#define ASN1_OP_FREE_POST       3
+#define ASN1_OP_D2I_PRE         4
+#define ASN1_OP_D2I_POST        5
+#define ASN1_OP_I2D_PRE         6
+#define ASN1_OP_I2D_POST        7
+
+/* Macro to implement a primitive type */
+#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
+#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \
+                                ASN1_ITEM_start(itname) \
+                                        ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \
+                                ASN1_ITEM_end(itname)
+
+/* Macro to implement a multi string type */
+#define IMPLEMENT_ASN1_MSTRING(itname, mask) \
+                                ASN1_ITEM_start(itname) \
+                                        ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
+                                ASN1_ITEM_end(itname)
+
+/* Macro to implement an ASN1_ITEM in terms of old style funcs */
+
+#define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE)
+
+#define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \
+        static const ASN1_COMPAT_FUNCS sname##_ff = { \
+                (ASN1_new_func *)sname##_new, \
+                (ASN1_free_func *)sname##_free, \
+                (ASN1_d2i_func *)d2i_##sname, \
+                (ASN1_i2d_func *)i2d_##sname, \
+        }; \
+        ASN1_ITEM_start(sname) \
+                ASN1_ITYPE_COMPAT, \
+                tag, \
+                NULL, \
+                0, \
+                &sname##_ff, \
+                0, \
+                #sname \
+        ASN1_ITEM_end(sname)
+
+#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
+        ASN1_ITEM_start(sname) \
+                ASN1_ITYPE_EXTERN, \
+                tag, \
+                NULL, \
+                0, \
+                &fptrs, \
+                0, \
+                #sname \
+        ASN1_ITEM_end(sname)
+
+/* Macro to implement standard functions in terms of ASN1_ITEM structures */
+
+#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
+
+#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)
+
+#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
+                        IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
+
+#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
+        stname *fname##_new(void) \
+        { \
+                return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
+        } \
+        void fname##_free(stname *a) \
+        { \
+                ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
+        }
+
+#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \
+        IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+        IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+
+#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+        stname *d2i_##fname(stname **a, unsigned char **in, long len) \
+        { \
+                return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
+        } \
+        int i2d_##fname(stname *a, unsigned char **out) \
+        { \
+                return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+        } 
+
+/* This includes evil casts to remove const: they will go away when full
+ * ASN1 constification is done.
+ */
+#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+        stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
+        { \
+                return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, (unsigned char **)in, len, ASN1_ITEM_rptr(itname));\
+        } \
+        int i2d_##fname(const stname *a, unsigned char **out) \
+        { \
+                return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+        } 
+
+#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \
+        stname * stname##_dup(stname *x) \
+        { \
+        return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
+        }
+
+#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
+                IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
+
+#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \
+        IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+        IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+
+/* external definitions for primitive types */
+
+DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_ANY)
+DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
+DECLARE_ASN1_ITEM(CBIGNUM)
+DECLARE_ASN1_ITEM(BIGNUM)
+DECLARE_ASN1_ITEM(LONG)
+DECLARE_ASN1_ITEM(ZLONG)
+
+DECLARE_STACK_OF(ASN1_VALUE)
+
+/* Functions used internally by the ASN1 code */
+
+int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+int ASN1_template_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt);
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
+                                int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt);
+void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it);
+
+ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr);
+
+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
+
+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_enc_save(ASN1_VALUE **pval, unsigned char *in, int inlen, const ASN1_ITEM *it);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/asn1/asn_moid.c b/src/lib/libcrypto/asn1/asn_moid.c
new file mode 100644
index 0000000000..be20db4bad
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn_moid.c
@@ -0,0 +1,95 @@
+/* asn_moid.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+
+/* Simple ASN1 OID module: add all objects in a given section */
+
+static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
+        {
+        int i;
+        const char *oid_section;
+        STACK_OF(CONF_VALUE) *sktmp;
+        CONF_VALUE *oval;
+        oid_section = CONF_imodule_get_value(md);
+        if(!(sktmp = NCONF_get_section(cnf, oid_section)))
+                {
+                ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
+                return 0;
+                }
+        for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++)
+                {
+                oval = sk_CONF_VALUE_value(sktmp, i);
+                if(OBJ_create(oval->value, oval->name, oval->name) == NID_undef)
+                        {
+                        ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT);
+                        return 0;
+                        }
+                }
+        return 1;
+}
+
+void ASN1_add_oid_module(void)
+        {
+        CONF_module_add("oid_section", oid_module_init, 0);
+        }
diff --git a/src/lib/libcrypto/asn1/asn_pack.c b/src/lib/libcrypto/asn1/asn_pack.c
index bdf5f130b3..e6051db2dc 100644
--- a/src/lib/libcrypto/asn1/asn_pack.c
+++ b/src/lib/libcrypto/asn1/asn_pack.c
@@ -60,6 +60,8 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 
+#ifndef NO_ASN1_OLD
+
 /* ASN1 packing and unpacking functions */
 
 /* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
@@ -117,7 +119,7 @@ void *ASN1_unpack_string (ASN1_STRING *oct, char *(*d2i)())
 
 /* Pack an ASN1 object into an ASN1_STRING */
 
-ASN1_STRING *ASN1_pack_string (void *obj, int (*i2d)(), ASN1_STRING **oct)
+ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_STRING **oct)
 {
         unsigned char *p;
         ASN1_STRING *octmp;
@@ -143,3 +145,47 @@ ASN1_STRING *ASN1_pack_string (void *obj, int (*i2d)(), ASN1_STRING **oct)
         return octmp;
 }
 
+#endif
+
+/* ASN1_ITEM versions of the above */
+
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
+{
+        ASN1_STRING *octmp;
+
+        if (!oct || !*oct) {
+                if (!(octmp = ASN1_STRING_new ())) {
+                        ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+                        return NULL;
+                }
+                if (oct) *oct = octmp;
+        } else octmp = *oct;
+
+        if(octmp->data) {
+                OPENSSL_free(octmp->data);
+                octmp->data = NULL;
+        }
+                
+        if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) {
+                ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
+                return NULL;
+        }
+        if (!octmp->data) {
+                ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        return octmp;
+}
+
+/* Extract an ASN1 object from an ASN1_STRING */
+
+void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it)
+{
+        unsigned char *p;
+        void *ret;
+
+        p = oct->data;
+        if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))
+                ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR);
+        return ret;
+}
diff --git a/src/lib/libcrypto/asn1/d2i_pr.c b/src/lib/libcrypto/asn1/d2i_pr.c
index c92b8325d8..2e7d96af90 100644
--- a/src/lib/libcrypto/asn1/d2i_pr.c
+++ b/src/lib/libcrypto/asn1/d2i_pr.c
@@ -62,6 +62,12 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/asn1.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
 
 EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp,
              long length)
@@ -82,18 +88,20 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp,
         ret->type=EVP_PKEY_type(type);
         switch (ret->type)
                 {
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
         case EVP_PKEY_RSA:
-                if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,pp,length)) == NULL)
+                if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,
+                        (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
                         {
                         ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
                         goto err;
                         }
                 break;
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
         case EVP_PKEY_DSA:
-                if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,pp,length)) == NULL)
+                if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,
+                        (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
                         {
                         ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
                         goto err;
diff --git a/src/lib/libcrypto/asn1/d2i_pu.c b/src/lib/libcrypto/asn1/d2i_pu.c
index e0d203cef7..71f2eb361b 100644
--- a/src/lib/libcrypto/asn1/d2i_pu.c
+++ b/src/lib/libcrypto/asn1/d2i_pu.c
@@ -62,6 +62,12 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/asn1.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
 
 EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp,
              long length)
@@ -82,18 +88,20 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp,
         ret->type=EVP_PKEY_type(type);
         switch (ret->type)
                 {
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
         case EVP_PKEY_RSA:
-                if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,pp,length)) == NULL)
+                if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,
+                        (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
                         {
                         ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
                         goto err;
                         }
                 break;
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
         case EVP_PKEY_DSA:
-                if ((ret->pkey.dsa=d2i_DSAPublicKey(NULL,pp,length)) == NULL)
+                if ((ret->pkey.dsa=d2i_DSAPublicKey(NULL,
+                        (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
                         {
                         ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
                         goto err;
diff --git a/src/lib/libcrypto/asn1/f_int.c b/src/lib/libcrypto/asn1/f_int.c
index 6b090f6740..48cc3bfb90 100644
--- a/src/lib/libcrypto/asn1/f_int.c
+++ b/src/lib/libcrypto/asn1/f_int.c
@@ -69,10 +69,16 @@ int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
 
         if (a == NULL) return(0);
 
+        if (a->type & V_ASN1_NEG)
+                {
+                if (BIO_write(bp, "-", 1) != 1) goto err;
+                n = 1;
+                }
+
         if (a->length == 0)
                 {
                 if (BIO_write(bp,"00",2) != 2) goto err;
-                n=2;
+                n += 2;
                 }
         else
                 {
diff --git a/src/lib/libcrypto/asn1/i2d_pr.c b/src/lib/libcrypto/asn1/i2d_pr.c
index 71d6910204..1e951ae01d 100644
--- a/src/lib/libcrypto/asn1/i2d_pr.c
+++ b/src/lib/libcrypto/asn1/i2d_pr.c
@@ -61,17 +61,23 @@
 #include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
 
 int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
         {
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
         if (a->type == EVP_PKEY_RSA)
                 {
                 return(i2d_RSAPrivateKey(a->pkey.rsa,pp));
                 }
         else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
         if (a->type == EVP_PKEY_DSA)
                 {
                 return(i2d_DSAPrivateKey(a->pkey.dsa,pp));
diff --git a/src/lib/libcrypto/asn1/i2d_pu.c b/src/lib/libcrypto/asn1/i2d_pu.c
index 8f73d37d03..013d19bbf4 100644
--- a/src/lib/libcrypto/asn1/i2d_pu.c
+++ b/src/lib/libcrypto/asn1/i2d_pu.c
@@ -61,16 +61,22 @@
 #include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
 
 int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
         {
         switch (a->type)
                 {
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
         case EVP_PKEY_RSA:
                 return(i2d_RSAPublicKey(a->pkey.rsa,pp));
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
         case EVP_PKEY_DSA:
                 return(i2d_DSAPublicKey(a->pkey.dsa,pp));
 #endif
diff --git a/src/lib/libcrypto/asn1/n_pkey.c b/src/lib/libcrypto/asn1/n_pkey.c
index 9840193538..49f80fffd2 100644
--- a/src/lib/libcrypto/asn1/n_pkey.c
+++ b/src/lib/libcrypto/asn1/n_pkey.c
@@ -56,110 +56,134 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
+#include <openssl/asn1t.h>
 #include <openssl/asn1_mac.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 
 
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 
 typedef struct netscape_pkey_st
         {
-        ASN1_INTEGER *version;
+        long version;
         X509_ALGOR *algor;
         ASN1_OCTET_STRING *private_key;
         } NETSCAPE_PKEY;
 
-static int i2d_NETSCAPE_PKEY(NETSCAPE_PKEY *a, unsigned char **pp);
-static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a,unsigned char **pp, long length);
-static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void);
-static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *);
+typedef struct netscape_encrypted_pkey_st
+        {
+        ASN1_OCTET_STRING *os;
+        /* This is the same structure as DigestInfo so use it:
+         * although this isn't really anything to do with
+         * digests.
+         */
+        X509_SIG *enckey;
+        } NETSCAPE_ENCRYPTED_PKEY;
+
+
+ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
+        ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
+} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
 
-int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
+ASN1_SEQUENCE(NETSCAPE_PKEY) = {
+        ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
+        ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
+        ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_PKEY)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+
+static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
+             int (*cb)(), int sgckey);
+
+int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)())
 {
         return i2d_RSA_NET(a, pp, cb, 0);
 }
 
-int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
+int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
         {
-        int i,j,l[6];
-        NETSCAPE_PKEY *pkey;
+        int i, j, ret = 0;
+        int rsalen, pkeylen, olen;
+        NETSCAPE_PKEY *pkey = NULL;
+        NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
         unsigned char buf[256],*zz;
         unsigned char key[EVP_MAX_KEY_LENGTH];
         EVP_CIPHER_CTX ctx;
-        X509_ALGOR *alg=NULL;
-        ASN1_OCTET_STRING os,os2;
-        M_ASN1_I2D_vars(a);
 
         if (a == NULL) return(0);
 
-#ifdef WIN32
-        r=r; /* shut the damn compiler up :-) */
-#endif
-
-        os.data=os2.data=NULL;
         if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;
-        if (!ASN1_INTEGER_set(pkey->version,0)) goto err;
+        if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err;
+        pkey->version = 0;
 
-        if (pkey->algor->algorithm != NULL)
-                ASN1_OBJECT_free(pkey->algor->algorithm);
         pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
         if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
         pkey->algor->parameter->type=V_ASN1_NULL;
 
-        l[0]=i2d_RSAPrivateKey(a,NULL);
-        pkey->private_key->length=l[0];
+        rsalen = i2d_RSAPrivateKey(a, NULL);
 
-        os2.length=i2d_NETSCAPE_PKEY(pkey,NULL);
-        l[1]=i2d_ASN1_OCTET_STRING(&os2,NULL);
+        /* Fake some octet strings just for the initial length
+         * calculation.
+         */
 
-        if ((alg=X509_ALGOR_new()) == NULL) goto err;
-        if (alg->algorithm != NULL)
-                ASN1_OBJECT_free(alg->algorithm);
-        alg->algorithm=OBJ_nid2obj(NID_rc4);
-        if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err;
-        alg->parameter->type=V_ASN1_NULL;
+        pkey->private_key->length=rsalen;
 
-        l[2]=i2d_X509_ALGOR(alg,NULL);
-        l[3]=ASN1_object_size(1,l[2]+l[1],V_ASN1_SEQUENCE);
+        pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);
 
-#ifndef CONST_STRICT
-        os.data=(unsigned char *)"private-key";
-#endif
-        os.length=11;
-        l[4]=i2d_ASN1_OCTET_STRING(&os,NULL);
+        enckey->enckey->digest->length = pkeylen;
 
-        l[5]=ASN1_object_size(1,l[4]+l[3],V_ASN1_SEQUENCE);
+        enckey->os->length = 11;        /* "private-key" */
+
+        enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4);
+        if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
+        enckey->enckey->algor->parameter->type=V_ASN1_NULL;
 
         if (pp == NULL)
                 {
-                if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
-                if (alg != NULL) X509_ALGOR_free(alg);
-                return(l[5]);
+                olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
+                NETSCAPE_PKEY_free(pkey);
+                NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+                return olen;
                 }
 
-        if (pkey->private_key->data != NULL)
-                OPENSSL_free(pkey->private_key->data);
-        if ((pkey->private_key->data=(unsigned char *)OPENSSL_malloc(l[0])) == NULL)
+
+        /* Since its RC4 encrypted length is actual length */
+        if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL)
                 {
                 ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
                 goto err;
                 }
-        zz=pkey->private_key->data;
+
+        pkey->private_key->data = zz;
+        /* Write out private key encoding */
         i2d_RSAPrivateKey(a,&zz);
 
-        if ((os2.data=(unsigned char *)OPENSSL_malloc(os2.length)) == NULL)
+        if ((zz=OPENSSL_malloc(pkeylen)) == NULL)
                 {
                 ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
                 goto err;
                 }
-        zz=os2.data;
+
+        if (!ASN1_STRING_set(enckey->os, "private-key", -1)) 
+                {
+                ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        enckey->enckey->digest->data = zz;
         i2d_NETSCAPE_PKEY(pkey,&zz);
+
+        /* Wipe the private key encoding */
+        memset(pkey->private_key->data, 0, rsalen);
                 
         if (cb == NULL)
                 cb=EVP_read_pw_string;
@@ -171,109 +195,86 @@ int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
                 }
         i = strlen((char *)buf);
         /* If the key is used for SGC the algorithm is modified a little. */
-        if(sgckey){
-                EVP_MD_CTX mctx;
-                EVP_DigestInit(&mctx, EVP_md5());
-                EVP_DigestUpdate(&mctx, buf, i);
-                EVP_DigestFinal(&mctx, buf, NULL);
+        if(sgckey) {
+                EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
                 memcpy(buf + 16, "SGCKEYSALT", 10);
                 i = 26;
         }
-                
+
         EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
         memset(buf,0,256);
 
+        /* Encrypt private key in place */
+        zz = enckey->enckey->digest->data;
         EVP_CIPHER_CTX_init(&ctx);
-        EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
-        EVP_EncryptUpdate(&ctx,os2.data,&i,os2.data,os2.length);
-        EVP_EncryptFinal(&ctx,&(os2.data[i]),&j);
+        EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL);
+        EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen);
+        EVP_EncryptFinal_ex(&ctx,zz + i,&j);
         EVP_CIPHER_CTX_cleanup(&ctx);
 
-        p= *pp;
-        ASN1_put_object(&p,1,l[4]+l[3],V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-        i2d_ASN1_OCTET_STRING(&os,&p);
-        ASN1_put_object(&p,1,l[2]+l[1],V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-        i2d_X509_ALGOR(alg,&p);
-        i2d_ASN1_OCTET_STRING(&os2,&p);
-        ret=l[5];
+        ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
 err:
-        if (os2.data != NULL) OPENSSL_free(os2.data);
-        if (alg != NULL) X509_ALGOR_free(alg);
-        if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
-        r=r;
+        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+        NETSCAPE_PKEY_free(pkey);
         return(ret);
         }
 
 
-RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)())
+RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)())
 {
         return d2i_RSA_NET(a, pp, length, cb, 0);
 }
 
-RSA *d2i_RSA_NET(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey)
+RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey)
         {
         RSA *ret=NULL;
-        ASN1_OCTET_STRING *os=NULL;
-        ASN1_CTX c;
+        const unsigned char *p, *kp;
+        NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
+
+        p = *pp;
 
-        c.pp=pp;
-        c.error=ASN1_R_DECODING_ERROR;
+        enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
+        if(!enckey) {
+                ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_DECODING_ERROR);
+                return NULL;
+        }
 
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(os,d2i_ASN1_OCTET_STRING);
-        if ((os->length != 11) || (strncmp("private-key",
-                (char *)os->data,os->length) != 0))
+        if ((enckey->os->length != 11) || (strncmp("private-key",
+                (char *)enckey->os->data,11) != 0))
                 {
                 ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
-                M_ASN1_BIT_STRING_free(os);
-                goto err;
+                NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+                return NULL;
                 }
-        M_ASN1_BIT_STRING_free(os);
-        c.q=c.p;
-        if ((ret=d2i_RSA_NET_2(a,&c.p,c.slen,cb, sgckey)) == NULL) goto err;
-        /* Note: some versions of IIS key files use length values that are
-         * too small for the surrounding SEQUENCEs. This following line
-         * effectively disable length checking.
-         */
-        c.slen = 0;
-
-        M_ASN1_D2I_Finish(a,RSA_free,ASN1_F_D2I_NETSCAPE_RSA);
+        if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4)
+                {
+                ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
+                goto err;
         }
+        kp = enckey->enckey->digest->data;
+        if (cb == NULL)
+                cb=EVP_read_pw_string;
+        if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;
 
-RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length,
-             int (*cb)())
-{
-        return d2i_RSA_NET_2(a, pp, length, cb, 0);
-}
+        *pp = p;
 
-RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
+        err:
+        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+        return ret;
+
+        }
+
+static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
              int (*cb)(), int sgckey)
         {
         NETSCAPE_PKEY *pkey=NULL;
         RSA *ret=NULL;
         int i,j;
-        unsigned char buf[256],*zz;
+        unsigned char buf[256];
+        const unsigned char *zz;
         unsigned char key[EVP_MAX_KEY_LENGTH];
         EVP_CIPHER_CTX ctx;
-        X509_ALGOR *alg=NULL;
-        ASN1_OCTET_STRING *os=NULL;
-        ASN1_CTX c;
 
-        c.error=ERR_R_NESTED_ASN1_ERROR;
-        c.pp=pp;
-
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(alg,d2i_X509_ALGOR);
-        if (OBJ_obj2nid(alg->algorithm) != NID_rc4)
-                {
-                ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
-                goto err;
-                }
-        M_ASN1_D2I_get(os,d2i_ASN1_OCTET_STRING);
-        if (cb == NULL)
-                cb=EVP_read_pw_string;
         i=cb(buf,256,"Enter Private Key password:",0);
         if (i != 0)
                 {
@@ -283,10 +284,7 @@ RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
 
         i = strlen((char *)buf);
         if(sgckey){
-                EVP_MD_CTX mctx;
-                EVP_DigestInit(&mctx, EVP_md5());
-                EVP_DigestUpdate(&mctx, buf, i);
-                EVP_DigestFinal(&mctx, buf, NULL);
+                EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
                 memcpy(buf + 16, "SGCKEYSALT", 10);
                 i = 26;
         }
@@ -295,9 +293,9 @@ RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
         memset(buf,0,256);
 
         EVP_CIPHER_CTX_init(&ctx);
-        EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
+        EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
         EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
-        EVP_DecryptFinal(&ctx,&(os->data[i]),&j);
+        EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j);
         EVP_CIPHER_CTX_cleanup(&ctx);
         os->length=i+j;
 
@@ -315,71 +313,14 @@ RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
                 ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
                 goto err;
                 }
-        if (!asn1_Finish(&c)) goto err;
-        *pp=c.p;
 err:
-        if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
-        if (os != NULL) M_ASN1_BIT_STRING_free(os);
-        if (alg != NULL) X509_ALGOR_free(alg);
+        NETSCAPE_PKEY_free(pkey);
         return(ret);
         }
 
-static int i2d_NETSCAPE_PKEY(NETSCAPE_PKEY *a, unsigned char **pp)
-        {
-        M_ASN1_I2D_vars(a);
-
-
-        M_ASN1_I2D_len(a->version,      i2d_ASN1_INTEGER);
-        M_ASN1_I2D_len(a->algor,        i2d_X509_ALGOR);
-        M_ASN1_I2D_len(a->private_key,  i2d_ASN1_OCTET_STRING);
-
-        M_ASN1_I2D_seq_total();
-
-        M_ASN1_I2D_put(a->version,      i2d_ASN1_INTEGER);
-        M_ASN1_I2D_put(a->algor,        i2d_X509_ALGOR);
-        M_ASN1_I2D_put(a->private_key,  i2d_ASN1_OCTET_STRING);
-
-        M_ASN1_I2D_finish();
-        }
-
-static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a, unsigned char **pp,
-             long length)
-        {
-        M_ASN1_D2I_vars(a,NETSCAPE_PKEY *,NETSCAPE_PKEY_new);
-
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
-        M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
-        M_ASN1_D2I_get(ret->private_key,d2i_ASN1_OCTET_STRING);
-        M_ASN1_D2I_Finish(a,NETSCAPE_PKEY_free,ASN1_F_D2I_NETSCAPE_PKEY);
-        }
-
-static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void)
-        {
-        NETSCAPE_PKEY *ret=NULL;
-        ASN1_CTX c;
-
-        M_ASN1_New_Malloc(ret,NETSCAPE_PKEY);
-        M_ASN1_New(ret->version,M_ASN1_INTEGER_new);
-        M_ASN1_New(ret->algor,X509_ALGOR_new);
-        M_ASN1_New(ret->private_key,M_ASN1_OCTET_STRING_new);
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_NETSCAPE_PKEY_NEW);
-        }
-
-static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *a)
-        {
-        if (a == NULL) return;
-        M_ASN1_INTEGER_free(a->version);
-        X509_ALGOR_free(a->algor);
-        M_ASN1_OCTET_STRING_free(a->private_key);
-        OPENSSL_free(a);
-        }
-
-#endif /* NO_RC4 */
+#endif /* OPENSSL_NO_RC4 */
 
-#else /* !NO_RSA */
+#else /* !OPENSSL_NO_RSA */
 
 # if PEDANTIC
 static void *dummy=&dummy;
diff --git a/src/lib/libcrypto/asn1/nsseq.c b/src/lib/libcrypto/asn1/nsseq.c
index 6e7f09ba23..50e2d4d07a 100644
--- a/src/lib/libcrypto/asn1/nsseq.c
+++ b/src/lib/libcrypto/asn1/nsseq.c
@@ -58,61 +58,25 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include <openssl/asn1_mac.h>
-#include <openssl/err.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/objects.h>
 
-/* Netscape certificate sequence structure */
-
-int i2d_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE *a, unsigned char **pp)
+static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-        int v = 0;
-        M_ASN1_I2D_vars(a);
-        M_ASN1_I2D_len (a->type, i2d_ASN1_OBJECT);
-        M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509,a->certs,i2d_X509,0,
-                                             V_ASN1_SEQUENCE,v);
-
-        M_ASN1_I2D_seq_total();
-
-        M_ASN1_I2D_put (a->type, i2d_ASN1_OBJECT);
-        M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509,a->certs,i2d_X509,0,
-                                             V_ASN1_SEQUENCE,v);
-
-        M_ASN1_I2D_finish();
+        if(operation == ASN1_OP_NEW_POST) {
+                NETSCAPE_CERT_SEQUENCE *nsseq;
+                nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval;
+                nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence);
+        }
+        return 1;
 }
 
-NETSCAPE_CERT_SEQUENCE *NETSCAPE_CERT_SEQUENCE_new(void)
-{
-        NETSCAPE_CERT_SEQUENCE *ret=NULL;
-        ASN1_CTX c;
-        M_ASN1_New_Malloc(ret, NETSCAPE_CERT_SEQUENCE);
-        /* Note hardcoded object type */
-        ret->type = OBJ_nid2obj(NID_netscape_cert_sequence);
-        ret->certs = NULL;
-        return (ret);
-        M_ASN1_New_Error(ASN1_F_NETSCAPE_CERT_SEQUENCE_NEW);
-}
+/* Netscape certificate sequence structure */
 
-NETSCAPE_CERT_SEQUENCE *d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE **a,
-             unsigned char **pp, long length)
-{
-        M_ASN1_D2I_vars(a,NETSCAPE_CERT_SEQUENCE *,
-                                        NETSCAPE_CERT_SEQUENCE_new);
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get (ret->type, d2i_ASN1_OBJECT);
-        M_ASN1_D2I_get_EXP_set_opt_type(X509,ret->certs,d2i_X509,X509_free,0,
-                                        V_ASN1_SEQUENCE);
-        M_ASN1_D2I_Finish(a, NETSCAPE_CERT_SEQUENCE_free,
-                          ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE);
-}
+ASN1_SEQUENCE_cb(NETSCAPE_CERT_SEQUENCE, nsseq_cb) = {
+        ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT),
+        ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0)
+} ASN1_SEQUENCE_END_cb(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
 
-void NETSCAPE_CERT_SEQUENCE_free (NETSCAPE_CERT_SEQUENCE *a)
-{
-        if (a == NULL) return;
-        ASN1_OBJECT_free(a->type);
-        if(a->certs)
-            sk_X509_pop_free(a->certs, X509_free);
-        OPENSSL_free (a);
-}
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
diff --git a/src/lib/libcrypto/asn1/p5_pbe.c b/src/lib/libcrypto/asn1/p5_pbe.c
index b7ed538eb2..891150638e 100644
--- a/src/lib/libcrypto/asn1/p5_pbe.c
+++ b/src/lib/libcrypto/asn1/p5_pbe.c
@@ -58,53 +58,18 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/rand.h>
 
 /* PKCS#5 password based encryption structure */
 
-int i2d_PBEPARAM(PBEPARAM *a, unsigned char **pp)
-{
-        M_ASN1_I2D_vars(a);
-        M_ASN1_I2D_len (a->salt, i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_len (a->iter, i2d_ASN1_INTEGER);
-
-        M_ASN1_I2D_seq_total ();
-
-        M_ASN1_I2D_put (a->salt, i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_put (a->iter, i2d_ASN1_INTEGER);
-        M_ASN1_I2D_finish();
-}
-
-PBEPARAM *PBEPARAM_new(void)
-{
-        PBEPARAM *ret=NULL;
-        ASN1_CTX c;
-        M_ASN1_New_Malloc(ret, PBEPARAM);
-        M_ASN1_New(ret->iter,M_ASN1_INTEGER_new);
-        M_ASN1_New(ret->salt,M_ASN1_OCTET_STRING_new);
-        return (ret);
-        M_ASN1_New_Error(ASN1_F_PBEPARAM_NEW);
-}
-
-PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, unsigned char **pp, long length)
-{
-        M_ASN1_D2I_vars(a,PBEPARAM *,PBEPARAM_new);
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get (ret->salt, d2i_ASN1_OCTET_STRING);
-        M_ASN1_D2I_get (ret->iter, d2i_ASN1_INTEGER);
-        M_ASN1_D2I_Finish(a, PBEPARAM_free, ASN1_F_D2I_PBEPARAM);
-}
+ASN1_SEQUENCE(PBEPARAM) = {
+        ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PBEPARAM)
 
-void PBEPARAM_free (PBEPARAM *a)
-{
-        if(a==NULL) return;
-        M_ASN1_OCTET_STRING_free(a->salt);
-        M_ASN1_INTEGER_free (a->iter);
-        OPENSSL_free (a);
-}
+IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
 
 /* Return an algorithm identifier for a PKCS#5 PBE algorithm */
 
diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c
index 6a7b578c0e..43dfe09479 100644
--- a/src/lib/libcrypto/asn1/p5_pbev2.c
+++ b/src/lib/libcrypto/asn1/p5_pbev2.c
@@ -58,108 +58,27 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/rand.h>
 
 /* PKCS#5 v2.0 password based encryption structures */
 
-int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **pp)
-{
-        M_ASN1_I2D_vars(a);
-        M_ASN1_I2D_len (a->keyfunc, i2d_X509_ALGOR);
-        M_ASN1_I2D_len (a->encryption, i2d_X509_ALGOR);
-
-        M_ASN1_I2D_seq_total ();
-
-        M_ASN1_I2D_put (a->keyfunc, i2d_X509_ALGOR);
-        M_ASN1_I2D_put (a->encryption, i2d_X509_ALGOR);
-
-        M_ASN1_I2D_finish();
-}
-
-PBE2PARAM *PBE2PARAM_new(void)
-{
-        PBE2PARAM *ret=NULL;
-        ASN1_CTX c;
-        M_ASN1_New_Malloc(ret, PBE2PARAM);
-        M_ASN1_New(ret->keyfunc,X509_ALGOR_new);
-        M_ASN1_New(ret->encryption,X509_ALGOR_new);
-        return (ret);
-        M_ASN1_New_Error(ASN1_F_PBE2PARAM_NEW);
-}
-
-PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, unsigned char **pp, long length)
-{
-        M_ASN1_D2I_vars(a,PBE2PARAM *,PBE2PARAM_new);
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get (ret->keyfunc, d2i_X509_ALGOR);
-        M_ASN1_D2I_get (ret->encryption, d2i_X509_ALGOR);
-        M_ASN1_D2I_Finish(a, PBE2PARAM_free, ASN1_F_D2I_PBE2PARAM);
-}
-
-void PBE2PARAM_free (PBE2PARAM *a)
-{
-        if(a==NULL) return;
-        X509_ALGOR_free(a->keyfunc);
-        X509_ALGOR_free(a->encryption);
-        OPENSSL_free (a);
-}
-
-int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **pp)
-{
-        M_ASN1_I2D_vars(a);
-        M_ASN1_I2D_len (a->salt, i2d_ASN1_TYPE);
-        M_ASN1_I2D_len (a->iter, i2d_ASN1_INTEGER);
-        M_ASN1_I2D_len (a->keylength, i2d_ASN1_INTEGER);
-        M_ASN1_I2D_len (a->prf, i2d_X509_ALGOR);
+ASN1_SEQUENCE(PBE2PARAM) = {
+        ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR),
+        ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBE2PARAM)
 
-        M_ASN1_I2D_seq_total ();
+IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM)
 
-        M_ASN1_I2D_put (a->salt, i2d_ASN1_TYPE);
-        M_ASN1_I2D_put (a->iter, i2d_ASN1_INTEGER);
-        M_ASN1_I2D_put (a->keylength, i2d_ASN1_INTEGER);
-        M_ASN1_I2D_put (a->prf, i2d_X509_ALGOR);
+ASN1_SEQUENCE(PBKDF2PARAM) = {
+        ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY),
+        ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER),
+        ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER),
+        ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBKDF2PARAM)
 
-        M_ASN1_I2D_finish();
-}
-
-PBKDF2PARAM *PBKDF2PARAM_new(void)
-{
-        PBKDF2PARAM *ret=NULL;
-        ASN1_CTX c;
-        M_ASN1_New_Malloc(ret, PBKDF2PARAM);
-        M_ASN1_New(ret->salt, ASN1_TYPE_new);
-        M_ASN1_New(ret->iter, M_ASN1_INTEGER_new);
-        ret->keylength = NULL;
-        ret->prf = NULL;
-        return (ret);
-        M_ASN1_New_Error(ASN1_F_PBKDF2PARAM_NEW);
-}
-
-PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, unsigned char **pp,
-             long length)
-{
-        M_ASN1_D2I_vars(a,PBKDF2PARAM *,PBKDF2PARAM_new);
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get (ret->salt, d2i_ASN1_TYPE);
-        M_ASN1_D2I_get (ret->iter, d2i_ASN1_INTEGER);
-        M_ASN1_D2I_get_opt (ret->keylength, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
-        M_ASN1_D2I_get_opt (ret->prf, d2i_X509_ALGOR, V_ASN1_SEQUENCE);
-        M_ASN1_D2I_Finish(a, PBKDF2PARAM_free, ASN1_F_D2I_PBKDF2PARAM);
-}
-
-void PBKDF2PARAM_free (PBKDF2PARAM *a)
-{
-        if(a==NULL) return;
-        ASN1_TYPE_free(a->salt);
-        M_ASN1_INTEGER_free(a->iter);
-        M_ASN1_INTEGER_free(a->keylength);
-        X509_ALGOR_free(a->prf);
-        OPENSSL_free (a);
-}
+IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
 
 /* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
  * yes I know this is horrible!
@@ -198,7 +117,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
                 goto err;
 
         /* Dummy cipherinit to just setup the IV */
-        EVP_CipherInit(&ctx, cipher, NULL, iv, 0);
+        EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
         if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
                 ASN1err(ASN1_F_PKCS5_PBE2_SET,
                                         ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
diff --git a/src/lib/libcrypto/asn1/p8_pkey.c b/src/lib/libcrypto/asn1/p8_pkey.c
index fa6cbfb6f8..b634d5bc85 100644
--- a/src/lib/libcrypto/asn1/p8_pkey.c
+++ b/src/lib/libcrypto/asn1/p8_pkey.c
@@ -58,70 +58,27 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-int i2d_PKCS8_PRIV_KEY_INFO (PKCS8_PRIV_KEY_INFO *a, unsigned char **pp)
+/* Minor tweak to operation: zero private key data */
+static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-
-        M_ASN1_I2D_vars(a);
-
-        M_ASN1_I2D_len (a->version, i2d_ASN1_INTEGER);
-        M_ASN1_I2D_len (a->pkeyalg, i2d_X509_ALGOR);
-        M_ASN1_I2D_len (a->pkey, i2d_ASN1_TYPE);
-        M_ASN1_I2D_len_IMP_SET_opt_type (X509_ATTRIBUTE, a->attributes,
-                                         i2d_X509_ATTRIBUTE, 0);
-        
-        M_ASN1_I2D_seq_total ();
-
-        M_ASN1_I2D_put (a->version, i2d_ASN1_INTEGER);
-        M_ASN1_I2D_put (a->pkeyalg, i2d_X509_ALGOR);
-        M_ASN1_I2D_put (a->pkey, i2d_ASN1_TYPE);
-        M_ASN1_I2D_put_IMP_SET_opt_type (X509_ATTRIBUTE, a->attributes,
-                                         i2d_X509_ATTRIBUTE, 0);
-
-        M_ASN1_I2D_finish();
+        /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
+        if(operation == ASN1_OP_FREE_PRE) {
+                PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
+                if (key->pkey->value.octet_string)
+                memset(key->pkey->value.octet_string->data,
+                                 0, key->pkey->value.octet_string->length);
+        }
+        return 1;
 }
 
-PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void)
-{
-        PKCS8_PRIV_KEY_INFO *ret=NULL;
-        ASN1_CTX c;
-        M_ASN1_New_Malloc(ret, PKCS8_PRIV_KEY_INFO);
-        M_ASN1_New (ret->version, M_ASN1_INTEGER_new);
-        M_ASN1_New (ret->pkeyalg, X509_ALGOR_new);
-        M_ASN1_New (ret->pkey, ASN1_TYPE_new);
-        ret->attributes = NULL;
-        ret->broken = PKCS8_OK;
-        return (ret);
-        M_ASN1_New_Error(ASN1_F_PKCS8_PRIV_KEY_INFO_NEW);
-}
+ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
+        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR),
+        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY),
+        ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0)
+} ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
 
-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a,
-             unsigned char **pp, long length)
-{
-        M_ASN1_D2I_vars(a,PKCS8_PRIV_KEY_INFO *,PKCS8_PRIV_KEY_INFO_new);
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get (ret->version, d2i_ASN1_INTEGER);
-        M_ASN1_D2I_get (ret->pkeyalg, d2i_X509_ALGOR);
-        M_ASN1_D2I_get (ret->pkey, d2i_ASN1_TYPE);
-        M_ASN1_D2I_get_IMP_set_opt_type(X509_ATTRIBUTE, ret->attributes,
-                                        d2i_X509_ATTRIBUTE,
-                                        X509_ATTRIBUTE_free, 0);
-        M_ASN1_D2I_Finish(a, PKCS8_PRIV_KEY_INFO_free, ASN1_F_D2I_PKCS8_PRIV_KEY_INFO);
-}
-
-void PKCS8_PRIV_KEY_INFO_free (PKCS8_PRIV_KEY_INFO *a)
-{
-        if (a == NULL) return;
-        M_ASN1_INTEGER_free (a->version);
-        X509_ALGOR_free(a->pkeyalg);
-        /* Clear sensitive data */
-        if (a->pkey->value.octet_string)
-                memset (a->pkey->value.octet_string->data,
-                                 0, a->pkey->value.octet_string->length);
-        ASN1_TYPE_free (a->pkey);
-        sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free);
-        OPENSSL_free (a);
-}
+IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
diff --git a/src/lib/libcrypto/asn1/t_crl.c b/src/lib/libcrypto/asn1/t_crl.c
index d78e4a8f88..60db305756 100644
--- a/src/lib/libcrypto/asn1/t_crl.c
+++ b/src/lib/libcrypto/asn1/t_crl.c
@@ -64,8 +64,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-static void ext_print(BIO *out, X509_EXTENSION *ex);
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
         {
         BIO *b;
@@ -86,11 +85,10 @@ int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
 int X509_CRL_print(BIO *out, X509_CRL *x)
 {
         char buf[256];
-        unsigned char *s;
         STACK_OF(X509_REVOKED) *rev;
         X509_REVOKED *r;
         long l;
-        int i, j, n;
+        int i, n;
 
         BIO_printf(out, "Certificate Revocation List (CRL):\n");
         l = X509_CRL_get_version(x);
@@ -109,15 +107,12 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
         BIO_printf(out,"\n");
 
         n=X509_CRL_get_ext_count(x);
-        if (n > 0) {
-                BIO_printf(out,"%8sCRL extensions:\n","");
-                for (i=0; i<n; i++) ext_print(out, X509_CRL_get_ext(x, i));
-        }
-
+        X509V3_extensions_print(out, "CRL extensions",
+                                                x->crl->extensions, 0, 8);
 
         rev = X509_CRL_get_REVOKED(x);
 
-        if(sk_X509_REVOKED_num(rev))
+        if(sk_X509_REVOKED_num(rev) > 0)
             BIO_printf(out, "Revoked Certificates:\n");
         else BIO_printf(out, "No Revoked Certificates.\n");
 
@@ -128,39 +123,11 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
                 BIO_printf(out,"\n        Revocation Date: ","");
                 ASN1_TIME_print(out,r->revocationDate);
                 BIO_printf(out,"\n");
-                for(j = 0; j < X509_REVOKED_get_ext_count(r); j++)
-                                ext_print(out, X509_REVOKED_get_ext(r, j));
-        }
-
-        i=OBJ_obj2nid(x->sig_alg->algorithm);
-        BIO_printf(out,"    Signature Algorithm: %s",
-                                (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
-
-        s = x->signature->data;
-        n = x->signature->length;
-        for (i=0; i<n; i++, s++)
-        {
-                if ((i%18) == 0) BIO_write(out,"\n        ",9);
-                BIO_printf(out,"%02x%s",*s, ((i+1) == n)?"":":");
+                X509V3_extensions_print(out, "CRL entry extensions",
+                                                r->extensions, 0, 8);
         }
-        BIO_write(out,"\n",1);
+        X509_signature_print(out, x->sig_alg, x->signature);
 
         return 1;
 
 }
-
-static void ext_print(BIO *out, X509_EXTENSION *ex)
-{
-        ASN1_OBJECT *obj;
-        int j;
-        BIO_printf(out,"%12s","");
-        obj=X509_EXTENSION_get_object(ex);
-        i2a_ASN1_OBJECT(out,obj);
-        j=X509_EXTENSION_get_critical(ex);
-        BIO_printf(out, ": %s\n", j ? "critical":"","");
-        if(!X509V3_EXT_print(out, ex, 0, 16)) {
-                BIO_printf(out, "%16s", "");
-                M_ASN1_OCTET_STRING_print(out,ex->value);
-        }
-        BIO_write(out,"\n",1);
-}
diff --git a/src/lib/libcrypto/asn1/t_pkey.c b/src/lib/libcrypto/asn1/t_pkey.c
index ae18da96e3..8060115202 100644
--- a/src/lib/libcrypto/asn1/t_pkey.c
+++ b/src/lib/libcrypto/asn1/t_pkey.c
@@ -60,21 +60,21 @@
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/bn.h>
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
 
 static int print(BIO *fp,const char *str,BIGNUM *num,
                 unsigned char *buf,int off);
-#ifndef NO_RSA
-#ifndef NO_FP_API
-int RSA_print_fp(FILE *fp, RSA *x, int off)
+#ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_FP_API
+int RSA_print_fp(FILE *fp, const RSA *x, int off)
         {
         BIO *b;
         int ret;
@@ -91,7 +91,7 @@ int RSA_print_fp(FILE *fp, RSA *x, int off)
         }
 #endif
 
-int RSA_print(BIO *bp, RSA *x, int off)
+int RSA_print(BIO *bp, const RSA *x, int off)
         {
         char str[128];
         const char *s;
@@ -136,11 +136,11 @@ err:
         if (m != NULL) OPENSSL_free(m);
         return(ret);
         }
-#endif /* NO_RSA */
+#endif /* OPENSSL_NO_RSA */
 
-#ifndef NO_DSA
-#ifndef NO_FP_API
-int DSA_print_fp(FILE *fp, DSA *x, int off)
+#ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_FP_API
+int DSA_print_fp(FILE *fp, const DSA *x, int off)
         {
         BIO *b;
         int ret;
@@ -157,7 +157,7 @@ int DSA_print_fp(FILE *fp, DSA *x, int off)
         }
 #endif
 
-int DSA_print(BIO *bp, DSA *x, int off)
+int DSA_print(BIO *bp, const DSA *x, int off)
         {
         char str[128];
         unsigned char *m=NULL;
@@ -207,7 +207,7 @@ err:
         if (m != NULL) OPENSSL_free(m);
         return(ret);
         }
-#endif /* !NO_DSA */
+#endif /* !OPENSSL_NO_DSA */
 
 static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
              int off)
@@ -259,9 +259,9 @@ static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
         return(1);
         }
 
-#ifndef NO_DH
-#ifndef NO_FP_API
-int DHparams_print_fp(FILE *fp, DH *x)
+#ifndef OPENSSL_NO_DH
+#ifndef OPENSSL_NO_FP_API
+int DHparams_print_fp(FILE *fp, const DH *x)
         {
         BIO *b;
         int ret;
@@ -278,7 +278,7 @@ int DHparams_print_fp(FILE *fp, DH *x)
         }
 #endif
 
-int DHparams_print(BIO *bp, DH *x)
+int DHparams_print(BIO *bp, const DH *x)
         {
         unsigned char *m=NULL;
         int reason=ERR_R_BUF_LIB,i,ret=0;
@@ -312,9 +312,9 @@ err:
         }
 #endif
 
-#ifndef NO_DSA
-#ifndef NO_FP_API
-int DSAparams_print_fp(FILE *fp, DSA *x)
+#ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_FP_API
+int DSAparams_print_fp(FILE *fp, const DSA *x)
         {
         BIO *b;
         int ret;
@@ -331,7 +331,7 @@ int DSAparams_print_fp(FILE *fp, DSA *x)
         }
 #endif
 
-int DSAparams_print(BIO *bp, DSA *x)
+int DSAparams_print(BIO *bp, const DSA *x)
         {
         unsigned char *m=NULL;
         int reason=ERR_R_BUF_LIB,i,ret=0;
@@ -357,5 +357,5 @@ err:
         return(ret);
         }
 
-#endif /* !NO_DSA */
+#endif /* !OPENSSL_NO_DSA */
 
diff --git a/src/lib/libcrypto/asn1/t_req.c b/src/lib/libcrypto/asn1/t_req.c
index ea1af092db..848c29a2dd 100644
--- a/src/lib/libcrypto/asn1/t_req.c
+++ b/src/lib/libcrypto/asn1/t_req.c
@@ -64,7 +64,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
         {
         BIO *b;
@@ -85,8 +85,7 @@ int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
 int X509_REQ_print(BIO *bp, X509_REQ *x)
         {
         unsigned long l;
-        int i,n;
-        char *s;
+        int i;
         const char *neg;
         X509_REQ_INFO *ri;
         EVP_PKEY *pkey;
@@ -118,7 +117,7 @@ int X509_REQ_print(BIO *bp, X509_REQ *x)
         if (BIO_puts(bp,str) <= 0) goto err;
 
         pkey=X509_REQ_get_pubkey(x);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
         if (pkey != NULL && pkey->type == EVP_PKEY_RSA)
                 {
                 BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
@@ -127,7 +126,7 @@ int X509_REQ_print(BIO *bp, X509_REQ *x)
                 }
         else 
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
                 if (pkey != NULL && pkey->type == EVP_PKEY_DSA)
                 {
                 BIO_printf(bp,"%12sDSA Public Key:\n","");
@@ -145,13 +144,10 @@ int X509_REQ_print(BIO *bp, X509_REQ *x)
         if (BIO_puts(bp,str) <= 0) goto err;
 
         sk=x->req_info->attributes;
-        if ((sk == NULL) || (sk_X509_ATTRIBUTE_num(sk) == 0))
+        if (sk_X509_ATTRIBUTE_num(sk) == 0)
                 {
-                if (!x->req_info->req_kludge)
-                        {
-                        sprintf(str,"%12sa0:00\n","");
-                        if (BIO_puts(bp,str) <= 0) goto err;
-                        }
+                sprintf(str,"%12sa0:00\n","");
+                if (BIO_puts(bp,str) <= 0) goto err;
                 }
         else
                 {
@@ -170,7 +166,13 @@ int X509_REQ_print(BIO *bp, X509_REQ *x)
                         if (BIO_puts(bp,str) <= 0) goto err;
                         if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
                         {
-                        if (a->set)
+                        if (a->single)
+                                {
+                                t=a->value.single;
+                                type=t->type;
+                                bs=t->value.bit_string;
+                                }
+                        else
                                 {
                                 ii=0;
                                 count=sk_ASN1_TYPE_num(a->value.set);
@@ -179,12 +181,6 @@ get_next:
                                 type=at->type;
                                 bs=at->value.asn1_string;
                                 }
-                        else
-                                {
-                                t=a->value.single;
-                                type=t->type;
-                                bs=t->value.bit_string;
-                                }
                         }
                         for (j=25-j; j>0; j--)
                                 if (BIO_write(bp," ",1) != 1) goto err;
@@ -229,24 +225,8 @@ get_next:
                 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
         }
 
-        i=OBJ_obj2nid(x->sig_alg->algorithm);
-        sprintf(str,"%4sSignature Algorithm: %s","",
-                (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
-        if (BIO_puts(bp,str) <= 0) goto err;
+        if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
 
-        n=x->signature->length;
-        s=(char *)x->signature->data;
-        for (i=0; i<n; i++)
-                {
-                if ((i%18) == 0)
-                        {
-                        sprintf(str,"\n%8s","");
-                        if (BIO_puts(bp,str) <= 0) goto err;
-                        }
-                sprintf(str,"%02x%s",(unsigned char)s[i],((i+1) == n)?"":":");
-                if (BIO_puts(bp,str) <= 0) goto err;
-                }
-        if (BIO_puts(bp,"\n") <= 0) goto err;
         return(1);
 err:
         X509err(X509_F_X509_REQ_PRINT,ERR_R_BUF_LIB);
diff --git a/src/lib/libcrypto/asn1/t_spki.c b/src/lib/libcrypto/asn1/t_spki.c
index d708434fca..5abfbc815e 100644
--- a/src/lib/libcrypto/asn1/t_spki.c
+++ b/src/lib/libcrypto/asn1/t_spki.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/x509.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1.h>
 
 /* Print out an SPKI */
 
@@ -76,7 +76,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
         pkey = X509_PUBKEY_get(spki->spkac->pubkey);
         if(!pkey) BIO_printf(out, "  Unable to load public key\n");
         else {
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
                 if (pkey->type == EVP_PKEY_RSA)
                         {
                         BIO_printf(out,"  RSA Public Key: (%d bit)\n",
@@ -85,7 +85,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
                         }
                 else 
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
                 if (pkey->type == EVP_PKEY_DSA)
                 {
                 BIO_printf(out,"  DSA Public Key:\n");
diff --git a/src/lib/libcrypto/asn1/t_x509.c b/src/lib/libcrypto/asn1/t_x509.c
index 89ae73a6de..5de4833ed0 100644
--- a/src/lib/libcrypto/asn1/t_x509.c
+++ b/src/lib/libcrypto/asn1/t_x509.c
@@ -60,18 +60,23 @@
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/bn.h>
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int X509_print_fp(FILE *fp, X509 *x)
+        {
+        return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+        }
+
+int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag)
         {
         BIO *b;
         int ret;
@@ -82,144 +87,165 @@ int X509_print_fp(FILE *fp, X509 *x)
                 return(0);
                 }
         BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=X509_print(b, x);
+        ret=X509_print_ex(b, x, nmflag, cflag);
         BIO_free(b);
         return(ret);
         }
 #endif
 
 int X509_print(BIO *bp, X509 *x)
+{
+        return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
+
+int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
         {
         long l;
-        int ret=0,i,j,n;
-        char *m=NULL,*s;
+        int ret=0,i;
+        char *m=NULL,mlch = ' ';
+        int nmindent = 0;
         X509_CINF *ci;
         ASN1_INTEGER *bs;
         EVP_PKEY *pkey=NULL;
         const char *neg;
-        X509_EXTENSION *ex;
         ASN1_STRING *str=NULL;
 
+        if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+                        mlch = '\n';
+                        nmindent = 12;
+        }
+
+        if(nmflags == X509_FLAG_COMPAT)
+                nmindent = 16;
+
         ci=x->cert_info;
-        if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
-        if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
-        l=X509_get_version(x);
-        if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
-        if (BIO_write(bp,"        Serial Number:",22) <= 0) goto err;
-
-        bs=X509_get_serialNumber(x);
-        if (bs->length <= 4)
+        if(!(cflag & X509_FLAG_NO_HEADER))
                 {
-                l=ASN1_INTEGER_get(bs);
-                if (l < 0)
-                        {
-                        l= -l;
-                        neg="-";
-                        }
-                else
-                        neg="";
-                if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
-                        goto err;
+                if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
+                if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
                 }
-        else
+        if(!(cflag & X509_FLAG_NO_VERSION))
+                {
+                l=X509_get_version(x);
+                if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
+                }
+        if(!(cflag & X509_FLAG_NO_SERIAL))
                 {
-                neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
-                if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
 
-                for (i=0; i<bs->length; i++)
+                if (BIO_write(bp,"        Serial Number:",22) <= 0) goto err;
+
+                bs=X509_get_serialNumber(x);
+                if (bs->length <= 4)
                         {
-                        if (BIO_printf(bp,"%02x%c",bs->data[i],
-                                ((i+1 == bs->length)?'\n':':')) <= 0)
+                        l=ASN1_INTEGER_get(bs);
+                        if (l < 0)
+                                {
+                                l= -l;
+                                neg="-";
+                                }
+                        else
+                                neg="";
+                        if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
                                 goto err;
                         }
-                }
+                else
+                        {
+                        neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
+                        if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
 
-        i=OBJ_obj2nid(ci->signature->algorithm);
-        if (BIO_printf(bp,"%8sSignature Algorithm: %s\n","",
-                (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0)
-                goto err;
+                        for (i=0; i<bs->length; i++)
+                                {
+                                if (BIO_printf(bp,"%02x%c",bs->data[i],
+                                        ((i+1 == bs->length)?'\n':':')) <= 0)
+                                        goto err;
+                                }
+                        }
 
-        if (BIO_write(bp,"        Issuer: ",16) <= 0) goto err;
-        if (!X509_NAME_print(bp,X509_get_issuer_name(x),16)) goto err;
-        if (BIO_write(bp,"\n        Validity\n",18) <= 0) goto err;
-        if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
-        if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
-        if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
-        if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
-        if (BIO_write(bp,"\n        Subject: ",18) <= 0) goto err;
-        if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err;
-        if (BIO_write(bp,"\n        Subject Public Key Info:\n",34) <= 0)
-                goto err;
-        i=OBJ_obj2nid(ci->key->algor->algorithm);
-        if (BIO_printf(bp,"%12sPublic Key Algorithm: %s\n","",
-                (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
+                }
 
-        pkey=X509_get_pubkey(x);
-        if (pkey == NULL)
+        if(!(cflag & X509_FLAG_NO_SIGNAME))
                 {
-                BIO_printf(bp,"%12sUnable to load Public Key\n","");
-                ERR_print_errors(bp);
+                if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0) 
+                        goto err;
+                if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0)
+                        goto err;
+                if (BIO_puts(bp, "\n") <= 0)
+                        goto err;
                 }
-        else
-#ifndef NO_RSA
-        if (pkey->type == EVP_PKEY_RSA)
+
+        if(!(cflag & X509_FLAG_NO_ISSUER))
                 {
-                BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
-                BN_num_bits(pkey->pkey.rsa->n));
-                RSA_print(bp,pkey->pkey.rsa,16);
+                if (BIO_printf(bp,"        Issuer:%c",mlch) <= 0) goto err;
+                if (X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags) < 0) goto err;
+                if (BIO_write(bp,"\n",1) <= 0) goto err;
                 }
-        else
-#endif
-#ifndef NO_DSA
-        if (pkey->type == EVP_PKEY_DSA)
+        if(!(cflag & X509_FLAG_NO_VALIDITY))
                 {
-                BIO_printf(bp,"%12sDSA Public Key:\n","");
-                DSA_print(bp,pkey->pkey.dsa,16);
+                if (BIO_write(bp,"        Validity\n",17) <= 0) goto err;
+                if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
+                if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
+                if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
+                if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
+                if (BIO_write(bp,"\n",1) <= 0) goto err;
                 }
-        else
-#endif
-                BIO_printf(bp,"%12sUnknown Public Key:\n","");
-
-        EVP_PKEY_free(pkey);
-
-        n=X509_get_ext_count(x);
-        if (n > 0)
+        if(!(cflag & X509_FLAG_NO_SUBJECT))
                 {
-                BIO_printf(bp,"%8sX509v3 extensions:\n","");
-                for (i=0; i<n; i++)
+                if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;
+                if (X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags) < 0) goto err;
+                if (BIO_write(bp,"\n",1) <= 0) goto err;
+                }
+        if(!(cflag & X509_FLAG_NO_PUBKEY))
+                {
+                if (BIO_write(bp,"        Subject Public Key Info:\n",33) <= 0)
+                        goto err;
+                if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
+                        goto err;
+                if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
+                        goto err;
+                if (BIO_puts(bp, "\n") <= 0)
+                        goto err;
+
+                pkey=X509_get_pubkey(x);
+                if (pkey == NULL)
                         {
-                        ASN1_OBJECT *obj;
-                        ex=X509_get_ext(x,i);
-                        if (BIO_printf(bp,"%12s","") <= 0) goto err;
-                        obj=X509_EXTENSION_get_object(ex);
-                        i2a_ASN1_OBJECT(bp,obj);
-                        j=X509_EXTENSION_get_critical(ex);
-                        if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
-                                goto err;
-                        if(!X509V3_EXT_print(bp, ex, 0, 16))
-                                {
-                                BIO_printf(bp, "%16s", "");
-                                M_ASN1_OCTET_STRING_print(bp,ex->value);
-                                }
-                        if (BIO_write(bp,"\n",1) <= 0) goto err;
+                        BIO_printf(bp,"%12sUnable to load Public Key\n","");
+                        ERR_print_errors(bp);
+                        }
+                else
+#ifndef OPENSSL_NO_RSA
+                if (pkey->type == EVP_PKEY_RSA)
+                        {
+                        BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+                        BN_num_bits(pkey->pkey.rsa->n));
+                        RSA_print(bp,pkey->pkey.rsa,16);
+                        }
+                else
+#endif
+#ifndef OPENSSL_NO_DSA
+                if (pkey->type == EVP_PKEY_DSA)
+                        {
+                        BIO_printf(bp,"%12sDSA Public Key:\n","");
+                        DSA_print(bp,pkey->pkey.dsa,16);
                         }
+                else
+#endif
+                        BIO_printf(bp,"%12sUnknown Public Key:\n","");
+
+                EVP_PKEY_free(pkey);
                 }
 
-        i=OBJ_obj2nid(x->sig_alg->algorithm);
-        if (BIO_printf(bp,"%4sSignature Algorithm: %s","",
-                (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
+        if (!(cflag & X509_FLAG_NO_EXTENSIONS))
+                X509V3_extensions_print(bp, "X509v3 extensions",
+                                        ci->extensions, cflag, 8);
 
-        n=x->signature->length;
-        s=(char *)x->signature->data;
-        for (i=0; i<n; i++)
+        if(!(cflag & X509_FLAG_NO_SIGDUMP))
                 {
-                if ((i%18) == 0)
-                        if (BIO_write(bp,"\n        ",9) <= 0) goto err;
-                if (BIO_printf(bp,"%02x%s",(unsigned char)s[i],
-                        ((i+1) == n)?"":":") <= 0) goto err;
+                if(X509_signature_print(bp, x->sig_alg, x->signature) <= 0) goto err;
+                }
+        if(!(cflag & X509_FLAG_NO_AUX))
+                {
+                if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err;
                 }
-        if (BIO_write(bp,"\n",1) != 1) goto err;
-        if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err;
         ret=1;
 err:
         if (str != NULL) ASN1_STRING_free(str);
@@ -227,6 +253,71 @@ err:
         return(ret);
         }
 
+int X509_ocspid_print (BIO *bp, X509 *x)
+        {
+        unsigned char *der=NULL ;
+        unsigned char *dertmp;
+        int derlen;
+        int i;
+        unsigned char SHA1md[SHA_DIGEST_LENGTH];
+
+        /* display the hash of the subject as it would appear
+           in OCSP requests */
+        if (BIO_printf(bp,"        Subject OCSP hash: ") <= 0)
+                goto err;
+        derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
+        if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL)
+                goto err;
+        i2d_X509_NAME(x->cert_info->subject, &dertmp);
+
+        EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL);
+        for (i=0; i < SHA_DIGEST_LENGTH; i++)
+                {
+                if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
+                }
+        OPENSSL_free (der);
+        der=NULL;
+
+        /* display the hash of the public key as it would appear
+           in OCSP requests */
+        if (BIO_printf(bp,"\n        Public key OCSP hash: ") <= 0)
+                goto err;
+
+        EVP_Digest(x->cert_info->key->public_key->data,
+                x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1(), NULL);
+        for (i=0; i < SHA_DIGEST_LENGTH; i++)
+                {
+                if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)
+                        goto err;
+                }
+        BIO_printf(bp,"\n");
+
+        return (1);
+err:
+        if (der != NULL) OPENSSL_free(der);
+        return(0);
+        }
+
+int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
+{
+        unsigned char *s;
+        int i, n;
+        if (BIO_puts(bp,"    Signature Algorithm: ") <= 0) return 0;
+        if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0;
+
+        n=sig->length;
+        s=sig->data;
+        for (i=0; i<n; i++)
+                {
+                if ((i%18) == 0)
+                        if (BIO_write(bp,"\n        ",9) <= 0) return 0;
+                        if (BIO_printf(bp,"%02x%s",s[i],
+                                ((i+1) == n)?"":":") <= 0) return 0;
+                }
+        if (BIO_write(bp,"\n",1) != 1) return 0;
+        return 1;
+}
+
 int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
         {
         int i,n;
diff --git a/src/lib/libcrypto/asn1/t_x509a.c b/src/lib/libcrypto/asn1/t_x509a.c
index f06af5b576..7d4a6e6084 100644
--- a/src/lib/libcrypto/asn1/t_x509a.c
+++ b/src/lib/libcrypto/asn1/t_x509a.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1.h>
 #include <openssl/x509.h>
 
 /* X509_CERT_AUX and string set routines
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c
new file mode 100644
index 0000000000..0fc1f421e2
--- /dev/null
+++ b/src/lib/libcrypto/asn1/tasn_dec.c
@@ -0,0 +1,958 @@
+/* tasn_dec.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+static int asn1_check_eoc(unsigned char **in, long len);
+static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass);
+static int collect_data(BUF_MEM *buf, unsigned char **p, long plen);
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst,
+                        unsigned char **in, long len, int exptag, int expclass, char opt, ASN1_TLC *ctx);
+static int asn1_template_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx);
+static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx);
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long len,
+                                        const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+/* Table to convert tags to bit values, used for MSTRING type */
+static unsigned long tag2bit[32]={
+0,      0,      0,      B_ASN1_BIT_STRING,      /* tags  0 -  3 */
+B_ASN1_OCTET_STRING,    0,      0,              B_ASN1_UNKNOWN,/* tags  4- 7 */
+B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags  8-11 */
+B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
+0,      0,      B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,   /* tags 16-19 */
+B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,       /* tags 20-22 */
+B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME,                        /* tags 23-24 */ 
+B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,  /* tags 25-27 */
+B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */
+        };
+
+unsigned long ASN1_tag2bit(int tag)
+{
+        if((tag < 0) || (tag > 30)) return 0;
+        return tag2bit[tag];
+}
+
+/* Macro to initialize and invalidate the cache */
+
+#define asn1_tlc_clear(c)       if(c) (c)->valid = 0
+
+/* Decode an ASN1 item, this currently behaves just 
+ * like a standard 'd2i' function. 'in' points to 
+ * a buffer to read the data from, in future we will
+ * have more advanced versions that can input data
+ * a piece at a time and this will simply be a special
+ * case.
+ */
+
+ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it)
+{
+        ASN1_TLC c;
+        ASN1_VALUE *ptmpval = NULL;
+        if(!pval) pval = &ptmpval;
+        asn1_tlc_clear(&c);
+        if(ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
+                return *pval;
+        return NULL;
+}
+
+int ASN1_template_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt)
+{
+        ASN1_TLC c;
+        asn1_tlc_clear(&c);
+        return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
+}
+
+
+/* Decode an item, taking care of IMPLICIT tagging, if any.
+ * If 'opt' set and tag mismatch return -1 to handle OPTIONAL
+ */
+
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
+                                int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+        const ASN1_TEMPLATE *tt, *errtt = NULL;
+        const ASN1_COMPAT_FUNCS *cf;
+        const ASN1_EXTERN_FUNCS *ef;
+        const ASN1_AUX *aux = it->funcs;
+        ASN1_aux_cb *asn1_cb;
+        unsigned char *p, *q, imphack = 0, oclass;
+        char seq_eoc, seq_nolen, cst, isopt;
+        long tmplen;
+        int i;
+        int otag;
+        int ret = 0;
+        ASN1_VALUE *pchval, **pchptr, *ptmpval;
+        if(!pval) return 0;
+        if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
+        else asn1_cb = 0;
+
+        switch(it->itype) {
+
+                case ASN1_ITYPE_PRIMITIVE:
+                if(it->templates) {
+                        /* tagging or OPTIONAL is currently illegal on an item template
+                         * because the flags can't get passed down. In practice this isn't
+                         * a problem: we include the relevant flags from the item template
+                         * in the template itself.
+                         */
+                        if ((tag != -1) || opt) {
+                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
+                                goto err;
+                        }
+                        return asn1_template_ex_d2i(pval, in, len, it->templates, opt, ctx);
+                }
+                return asn1_d2i_ex_primitive(pval, in, len, it, tag, aclass, opt, ctx);
+                break;
+
+                case ASN1_ITYPE_MSTRING:
+                p = *in;
+                /* Just read in tag and class */
+                ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, &p, len, -1, 0, 1, ctx);
+                if(!ret) {
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                        goto err;
+                } 
+                /* Must be UNIVERSAL class */
+                if(oclass != V_ASN1_UNIVERSAL) {
+                        /* If OPTIONAL, assume this is OK */
+                        if(opt) return -1;
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL);
+                        goto err;
+                } 
+                /* Check tag matches bit map */
+                if(!(ASN1_tag2bit(otag) & it->utype)) {
+                        /* If OPTIONAL, assume this is OK */
+                        if(opt) return -1;
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_WRONG_TAG);
+                        goto err;
+                } 
+                return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx);
+
+                case ASN1_ITYPE_EXTERN:
+                /* Use new style d2i */
+                ef = it->funcs;
+                return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx);
+
+                case ASN1_ITYPE_COMPAT:
+                /* we must resort to old style evil hackery */
+                cf = it->funcs;
+
+                /* If OPTIONAL see if it is there */
+                if(opt) {
+                        int exptag;
+                        p = *in;
+                        if(tag == -1) exptag = it->utype;
+                        else exptag = tag;
+                        /* Don't care about anything other than presence of expected tag */
+                        ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL, &p, len, exptag, aclass, 1, ctx);
+                        if(!ret) {
+                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                                goto err;
+                        }
+                        if(ret == -1) return -1;
+                }
+                /* This is the old style evil hack IMPLICIT handling:
+                 * since the underlying code is expecting a tag and
+                 * class other than the one present we change the
+                 * buffer temporarily then change it back afterwards.
+                 * This doesn't and never did work for tags > 30.
+                 *
+                 * Yes this is *horrible* but it is only needed for
+                 * old style d2i which will hopefully not be around
+                 * for much longer.
+                 * FIXME: should copy the buffer then modify it so
+                 * the input buffer can be const: we should *always*
+                 * copy because the old style d2i might modify the
+                 * buffer.
+                 */
+
+                if(tag != -1) {
+                        p = *in;
+                        imphack = *p;
+                        *p = (unsigned char)((*p & V_ASN1_CONSTRUCTED) | it->utype);
+                }
+
+                ptmpval = cf->asn1_d2i(pval, in, len);
+
+                if(tag != -1) *p = imphack;
+
+                if(ptmpval) return 1;
+                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                goto err;
+
+
+                case ASN1_ITYPE_CHOICE:
+                if(asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+                                goto auxerr;
+
+                /* Allocate structure */
+                if(!*pval) {
+                        if(!ASN1_item_ex_new(pval, it)) {
+                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                                goto err;
+                        }
+                }
+                /* CHOICE type, try each possibility in turn */
+                pchval = NULL;
+                p = *in;
+                for(i = 0, tt=it->templates; i < it->tcount; i++, tt++) {
+                        pchptr = asn1_get_field_ptr(pval, tt);
+                        /* We mark field as OPTIONAL so its absence
+                         * can be recognised.
+                         */
+                        ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
+                        /* If field not present, try the next one */
+                        if(ret == -1) continue;
+                        /* If positive return, read OK, break loop */
+                        if(ret > 0) break;
+                        /* Otherwise must be an ASN1 parsing error */
+                        errtt = tt;
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                        goto err;
+                }
+                /* Did we fall off the end without reading anything? */
+                if(i == it->tcount) {
+                        /* If OPTIONAL, this is OK */
+                        if(opt) {
+                                /* Free and zero it */
+                                ASN1_item_ex_free(pval, it);
+                                return -1;
+                        }
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE);
+                        goto err;
+                }
+                asn1_set_choice_selector(pval, i, it);
+                *in = p;
+                if(asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+                                goto auxerr;
+                return 1;
+
+                case ASN1_ITYPE_SEQUENCE:
+                p = *in;
+                tmplen = len;
+
+                /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+                if(tag == -1) {
+                        tag = V_ASN1_SEQUENCE;
+                        aclass = V_ASN1_UNIVERSAL;
+                }
+                /* Get SEQUENCE length and update len, p */
+                ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst, &p, len, tag, aclass, opt, ctx);
+                if(!ret) {
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                        goto err;
+                } else if(ret == -1) return -1;
+                if(aux && (aux->flags & ASN1_AFLG_BROKEN)) {
+                        len = tmplen - (p - *in);
+                        seq_nolen = 1;
+                } else seq_nolen = seq_eoc;     /* If indefinite we don't do a length check */
+                if(!cst) {
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
+                        goto err;
+                }
+
+                if(!*pval) {
+                        if(!ASN1_item_ex_new(pval, it)) {
+                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                                goto err;
+                        }
+                }
+                if(asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+                                goto auxerr;
+
+                /* Get each field entry */
+                for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+                        const ASN1_TEMPLATE *seqtt;
+                        ASN1_VALUE **pseqval;
+                        seqtt = asn1_do_adb(pval, tt, 1);
+                        if(!seqtt) goto err;
+                        pseqval = asn1_get_field_ptr(pval, seqtt);
+                        /* Have we ran out of data? */
+                        if(!len) break;
+                        q = p;
+                        if(asn1_check_eoc(&p, len)) {
+                                if(!seq_eoc) {
+                                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_UNEXPECTED_EOC);
+                                        goto err;
+                                }
+                                len -= p - q;
+                                seq_eoc = 0;
+                                q = p;
+                                break;
+                        }
+                        /* This determines the OPTIONAL flag value. The field cannot
+                         * be omitted if it is the last of a SEQUENCE and there is
+                         * still data to be read. This isn't strictly necessary but
+                         * it increases efficiency in some cases.
+                         */
+                        if(i == (it->tcount - 1)) isopt = 0;
+                        else isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);
+                        /* attempt to read in field, allowing each to be OPTIONAL */
+                        ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx);
+                        if(!ret) {
+                                errtt = seqtt;
+                                goto err;
+                        } else if(ret == -1) {
+                                /* OPTIONAL component absent. Free and zero the field
+                                 */
+                                ASN1_template_free(pseqval, seqtt);
+                                continue;
+                        }
+                        /* Update length */
+                        len -= p - q;
+                }
+                /* Check for EOC if expecting one */
+                if(seq_eoc && !asn1_check_eoc(&p, len)) {
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC);
+                        goto err;
+                }
+                /* Check all data read */
+                if(!seq_nolen && len) {
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH);
+                        goto err;
+                }
+
+                /* If we get here we've got no more data in the SEQUENCE,
+                 * however we may not have read all fields so check all
+                 * remaining are OPTIONAL and clear any that are.
+                 */
+                for(; i < it->tcount; tt++, i++) {
+                        const ASN1_TEMPLATE *seqtt;
+                        seqtt = asn1_do_adb(pval, tt, 1);
+                        if(!seqtt) goto err;
+                        if(seqtt->flags & ASN1_TFLG_OPTIONAL) {
+                                ASN1_VALUE **pseqval;
+                                pseqval = asn1_get_field_ptr(pval, seqtt);
+                                ASN1_template_free(pseqval, seqtt);
+                        } else {
+                                errtt = seqtt;
+                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_FIELD_MISSING);
+                                goto err;
+                        }
+                }
+                /* Save encoding */
+                if(!asn1_enc_save(pval, *in, p - *in, it)) goto auxerr;
+                *in = p;
+                if(asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+                                goto auxerr;
+                return 1;
+
+                default:
+                return 0;
+        }
+        auxerr:
+        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
+        err:
+        ASN1_item_ex_free(pval, it);
+        if(errtt) ERR_add_error_data(4, "Field=", errtt->field_name, ", Type=", it->sname);
+        else ERR_add_error_data(2, "Type=", it->sname);
+        return 0;
+}
+
+/* Templates are handled with two separate functions. One handles any EXPLICIT tag and the other handles the
+ * rest.
+ */
+
+static int asn1_template_ex_d2i(ASN1_VALUE **val, unsigned char **in, long inlen, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx)
+{
+        int flags, aclass;
+        int ret;
+        long len;
+        unsigned char *p, *q;
+        char exp_eoc;
+        if(!val) return 0;
+        flags = tt->flags;
+        aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+        p = *in;
+
+        /* Check if EXPLICIT tag expected */
+        if(flags & ASN1_TFLG_EXPTAG) {
+                char cst;
+                /* Need to work out amount of data available to the inner content and where it
+                 * starts: so read in EXPLICIT header to get the info.
+                 */
+                ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst, &p, inlen, tt->tag, aclass, opt, ctx);
+                q = p;
+                if(!ret) {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                        return 0;
+                } else if(ret == -1) return -1;
+                if(!cst) {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
+                        return 0;
+                }
+                /* We've found the field so it can't be OPTIONAL now */
+                ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
+                if(!ret) {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                        return 0;
+                }
+                /* We read the field in OK so update length */
+                len -= p - q;
+                if(exp_eoc) {
+                        /* If NDEF we must have an EOC here */
+                        if(!asn1_check_eoc(&p, len)) {
+                                ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_MISSING_EOC);
+                                goto err;
+                        }
+                } else {
+                        /* Otherwise we must hit the EXPLICIT tag end or its an error */
+                        if(len) {
+                                ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_EXPLICIT_LENGTH_MISMATCH);
+                                goto err;
+                        }
+                }
+        } else 
+                return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx);
+
+        *in = p;
+        return 1;
+
+        err:
+        ASN1_template_free(val, tt);
+        *val = NULL;
+        return 0;
+}
+
+static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx)
+{
+        int flags, aclass;
+        int ret;
+        unsigned char *p, *q;
+        if(!val) return 0;
+        flags = tt->flags;
+        aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+        p = *in;
+        q = p;
+
+        if(flags & ASN1_TFLG_SK_MASK) {
+                /* SET OF, SEQUENCE OF */
+                int sktag, skaclass;
+                char sk_eoc;
+                /* First work out expected inner tag value */
+                if(flags & ASN1_TFLG_IMPTAG) {
+                        sktag = tt->tag;
+                        skaclass = aclass;
+                } else {
+                        skaclass = V_ASN1_UNIVERSAL;
+                        if(flags & ASN1_TFLG_SET_OF) sktag = V_ASN1_SET;
+                        else sktag = V_ASN1_SEQUENCE;
+                }
+                /* Get the tag */
+                ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL, &p, len, sktag, skaclass, opt, ctx);
+                if(!ret) {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                        return 0;
+                } else if(ret == -1) return -1;
+                if(!*val) *val = (ASN1_VALUE *)sk_new_null();
+                else {
+                        /* We've got a valid STACK: free up any items present */
+                        STACK *sktmp = (STACK *)*val;
+                        ASN1_VALUE *vtmp;
+                        while(sk_num(sktmp) > 0) {
+                                vtmp = (ASN1_VALUE *)sk_pop(sktmp);
+                                ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item));
+                        }
+                }
+                                
+                if(!*val) {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+                /* Read as many items as we can */
+                while(len > 0) {
+                        ASN1_VALUE *skfield;
+                        q = p;
+                        /* See if EOC found */
+                        if(asn1_check_eoc(&p, len)) {
+                                if(!sk_eoc) {
+                                        ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_UNEXPECTED_EOC);
+                                        goto err;
+                                }
+                                len -= p - q;
+                                sk_eoc = 0;
+                                break;
+                        }
+                        skfield = NULL;
+                        if(!ASN1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) {
+                                ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
+                                goto err;
+                        }
+                        len -= p - q;
+                        if(!sk_push((STACK *)*val, (char *)skfield)) {
+                                ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_MALLOC_FAILURE);
+                                goto err;
+                        }
+                }
+                if(sk_eoc) {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_MISSING_EOC);
+                        goto err;
+                }
+        } else if(flags & ASN1_TFLG_IMPTAG) {
+                /* IMPLICIT tagging */
+                ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx);
+                if(!ret) {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
+                        goto err;
+                } else if(ret == -1) return -1;
+        } else {
+                /* Nothing special */
+                ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, opt, ctx);
+                if(!ret) {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
+                        goto err;
+                } else if(ret == -1) return -1;
+        }
+
+        *in = p;
+        return 1;
+
+        err:
+        ASN1_template_free(val, tt);
+        *val = NULL;
+        return 0;
+}
+
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inlen, 
+                                                const ASN1_ITEM *it,
+                                                int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+        int ret = 0, utype;
+        long plen;
+        char cst, inf, free_cont = 0;
+        unsigned char *p;
+        BUF_MEM buf;
+        unsigned char *cont = NULL;
+        long len; 
+        if(!pval) {
+                ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);
+                return 0; /* Should never happen */
+        }
+
+        if(it->itype == ASN1_ITYPE_MSTRING) {
+                utype = tag;
+                tag = -1;
+        } else utype = it->utype;
+
+        if(utype == V_ASN1_ANY) {
+                /* If type is ANY need to figure out type from tag */
+                unsigned char oclass;
+                if(tag >= 0) {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_TAGGED_ANY);
+                        return 0;
+                }
+                if(opt) {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_OPTIONAL_ANY);
+                        return 0;
+                }
+                p = *in;
+                ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL, &p, inlen, -1, 0, 0, ctx);
+                if(!ret) {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+                        return 0;
+                }
+                if(oclass != V_ASN1_UNIVERSAL) utype = V_ASN1_OTHER;
+        }
+        if(tag == -1) {
+                tag = utype;
+                aclass = V_ASN1_UNIVERSAL;
+        }
+        p = *in;
+        /* Check header */
+        ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst, &p, inlen, tag, aclass, opt, ctx);
+        if(!ret) {
+                ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+                return 0;
+        } else if(ret == -1) return -1;
+        /* SEQUENCE, SET and "OTHER" are left in encoded form */
+        if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) {
+                /* Clear context cache for type OTHER because the auto clear when
+                 * we have a exact match wont work
+                 */
+                if(utype == V_ASN1_OTHER) {
+                        asn1_tlc_clear(ctx);
+                /* SEQUENCE and SET must be constructed */
+                } else if(!cst) {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_CONSTRUCTED);
+                        return 0;
+                }
+
+                cont = *in;
+                /* If indefinite length constructed find the real end */
+                if(inf) {
+                        if(!asn1_collect(NULL, &p, plen, inf, -1, -1)) goto err;
+                        len = p - cont;
+                } else {
+                        len = p - cont + plen;
+                        p += plen;
+                        buf.data = NULL;
+                }
+        } else if(cst) {
+                buf.length = 0;
+                buf.max = 0;
+                buf.data = NULL;
+                /* Should really check the internal tags are correct but
+                 * some things may get this wrong. The relevant specs
+                 * say that constructed string types should be OCTET STRINGs
+                 * internally irrespective of the type. So instead just check
+                 * for UNIVERSAL class and ignore the tag.
+                 */
+                if(!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) goto err;
+                len = buf.length;
+                /* Append a final null to string */
+                if(!BUF_MEM_grow(&buf, len + 1)) {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
+                        return 0;
+                }
+                buf.data[len] = 0;
+                cont = (unsigned char *)buf.data;
+                free_cont = 1;
+        } else {
+                cont = p;
+                len = plen;
+                p += plen;
+        }
+
+        /* We now have content length and type: translate into a structure */
+        if(!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) goto err;
+
+        *in = p;
+        ret = 1;
+        err:
+        if(free_cont && buf.data) OPENSSL_free(buf.data);
+        return ret;
+}
+
+/* Translate ASN1 content octets into a structure */
+
+int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
+{
+        ASN1_STRING *stmp;
+        ASN1_TYPE *typ = NULL;
+        int ret = 0;
+        const ASN1_PRIMITIVE_FUNCS *pf;
+        ASN1_INTEGER **tint;
+        pf = it->funcs;
+        if(pf && pf->prim_c2i) return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
+        /* If ANY type clear type and set pointer to internal value */
+        if(it->utype == V_ASN1_ANY) {
+                if(!*pval) {
+                        typ = ASN1_TYPE_new();
+                        *pval = (ASN1_VALUE *)typ;
+                } else typ = (ASN1_TYPE *)*pval;
+                if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
+                pval = (ASN1_VALUE **)&typ->value.ptr;
+        }
+        switch(utype) {
+                case V_ASN1_OBJECT:
+                if(!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) goto err;
+                break;
+
+                case V_ASN1_NULL:
+                if(len) {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_NULL_IS_WRONG_LENGTH);
+                        goto err;
+                }
+                *pval = (ASN1_VALUE *)1;
+                break;
+
+                case V_ASN1_BOOLEAN:
+                if(len != 1) {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
+                        goto err;
+                } else {
+                        ASN1_BOOLEAN *tbool;
+                        tbool = (ASN1_BOOLEAN *)pval;
+                        *tbool = *cont;
+                }
+                break;
+
+                case V_ASN1_BIT_STRING:
+                if(!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) goto err;
+                break;
+
+                case V_ASN1_INTEGER:
+                case V_ASN1_NEG_INTEGER:
+                case V_ASN1_ENUMERATED:
+                case V_ASN1_NEG_ENUMERATED:
+                tint = (ASN1_INTEGER **)pval;
+                if(!c2i_ASN1_INTEGER(tint, &cont, len)) goto err;
+                /* Fixup type to match the expected form */
+                (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
+                break;
+
+                case V_ASN1_OCTET_STRING:
+                case V_ASN1_NUMERICSTRING:
+                case V_ASN1_PRINTABLESTRING:
+                case V_ASN1_T61STRING:
+                case V_ASN1_VIDEOTEXSTRING:
+                case V_ASN1_IA5STRING:
+                case V_ASN1_UTCTIME:
+                case V_ASN1_GENERALIZEDTIME:
+                case V_ASN1_GRAPHICSTRING:
+                case V_ASN1_VISIBLESTRING:
+                case V_ASN1_GENERALSTRING:
+                case V_ASN1_UNIVERSALSTRING:
+                case V_ASN1_BMPSTRING:
+                case V_ASN1_UTF8STRING:
+                case V_ASN1_OTHER:
+                case V_ASN1_SET:
+                case V_ASN1_SEQUENCE:
+                default:
+                /* All based on ASN1_STRING and handled the same */
+                if(!*pval) {
+                        stmp = ASN1_STRING_type_new(utype);
+                        if(!stmp) {
+                                ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
+                                goto err;
+                        }
+                        *pval = (ASN1_VALUE *)stmp;
+                } else {
+                        stmp = (ASN1_STRING *)*pval;
+                        stmp->type = utype;
+                }
+                /* If we've already allocated a buffer use it */
+                if(*free_cont) {
+                        if(stmp->data) OPENSSL_free(stmp->data);
+                        stmp->data = cont;
+                        stmp->length = len;
+                        *free_cont = 0;
+                } else {
+                        if(!ASN1_STRING_set(stmp, cont, len)) {
+                                ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
+                                ASN1_STRING_free(stmp); 
+                                *pval = NULL;
+                                goto err;
+                        }
+                }
+                break;
+        }
+        /* If ASN1_ANY and NULL type fix up value */
+        if(typ && utype==V_ASN1_NULL) typ->value.ptr = NULL;
+
+        ret = 1;
+        err:
+        if(!ret) ASN1_TYPE_free(typ);
+        return ret;
+}
+
+/* This function collects the asn1 data from a constructred string
+ * type into a buffer. The values of 'in' and 'len' should refer
+ * to the contents of the constructed type and 'inf' should be set
+ * if it is indefinite length. If 'buf' is NULL then we just want
+ * to find the end of the current structure: useful for indefinite
+ * length constructed stuff.
+ */
+
+static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass)
+{
+        unsigned char *p, *q;
+        long plen;
+        char cst, ininf;
+        p = *in;
+        inf &= 1;
+        /* If no buffer and not indefinite length constructed just pass over the encoded data */
+        if(!buf && !inf) {
+                *in += len;
+                return 1;
+        }
+        while(len > 0) {
+                q = p;
+                /* Check for EOC */
+                if(asn1_check_eoc(&p, len)) {
+                        /* EOC is illegal outside indefinite length constructed form */
+                        if(!inf) {
+                                ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_UNEXPECTED_EOC);
+                                return 0;
+                        }
+                        inf = 0;
+                        break;
+                }
+                if(!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p, len, tag, aclass, 0, NULL)) {
+                        ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR);
+                        return 0;
+                }
+                /* If indefinite length constructed update max length */
+                if(cst) {
+                        if(!asn1_collect(buf, &p, plen, ininf, tag, aclass)) return 0;
+                } else {
+                        if(!collect_data(buf, &p, plen)) return 0;
+                }
+                len -= p - q;
+        }
+        if(inf) {
+                ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC);
+                return 0;
+        }
+        *in = p;
+        return 1;
+}
+
+static int collect_data(BUF_MEM *buf, unsigned char **p, long plen)
+{
+                int len;
+                if(buf) {
+                        len = buf->length;
+                        if(!BUF_MEM_grow(buf, len + plen)) {
+                                ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
+                                return 0;
+                        }
+                        memcpy(buf->data + len, *p, plen);
+                }
+                *p += plen;
+                return 1;
+}
+
+/* Check for ASN1 EOC and swallow it if found */
+
+static int asn1_check_eoc(unsigned char **in, long len)
+{
+        unsigned char *p;
+        if(len < 2) return 0;
+        p = *in;
+        if(!p[0] && !p[1]) {
+                *in += 2;
+                return 1;
+        }
+        return 0;
+}
+
+/* Check an ASN1 tag and length: a bit like ASN1_get_object
+ * but it sets the length for indefinite length constructed
+ * form, we don't know the exact length but we can set an
+ * upper bound to the amount of data available minus the
+ * header length just read.
+ */
+
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst,
+                unsigned char **in, long len, int exptag, int expclass, char opt, ASN1_TLC *ctx)
+{
+        int i;
+        int ptag, pclass;
+        long plen;
+        unsigned char *p, *q;
+        p = *in;
+        q = p;
+
+        if(ctx && ctx->valid) {
+                i = ctx->ret;
+                plen = ctx->plen;
+                pclass = ctx->pclass;
+                ptag = ctx->ptag;
+                p += ctx->hdrlen;
+        } else {
+                i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
+                if(ctx) {
+                        ctx->ret = i;
+                        ctx->plen = plen;
+                        ctx->pclass = pclass;
+                        ctx->ptag = ptag;
+                        ctx->hdrlen = p - q;
+                        ctx->valid = 1;
+                        /* If definite length, length + header can't exceed total
+                         * amount of data available.
+                         */
+                        if(!(i & 1) && ((plen + ctx->hdrlen) > len)) {
+                                ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG);
+                                asn1_tlc_clear(ctx);
+                                return 0;
+                        }
+                }
+        }
+
+        if(i & 0x80) {
+                ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);
+                asn1_tlc_clear(ctx);
+                return 0;
+        }
+        if(exptag >= 0) {
+                if((exptag != ptag) || (expclass != pclass)) {
+                        /* If type is OPTIONAL, not an error, but indicate missing
+                         * type.
+                         */
+                        if(opt) return -1;
+                        asn1_tlc_clear(ctx);
+                        ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);
+                        return 0;
+                }
+                /* We have a tag and class match, so assume we are going to do something with it */
+                asn1_tlc_clear(ctx);
+        }
+
+        if(i & 1) plen = len - (p - q);
+
+        if(inf) *inf = i & 1;
+
+        if(cst) *cst = i & V_ASN1_CONSTRUCTED;
+
+        if(olen) *olen = plen;
+        if(oclass) *oclass = pclass;
+        if(otag) *otag = ptag;
+
+        *in = p;
+        return 1;
+}
diff --git a/src/lib/libcrypto/asn1/tasn_enc.c b/src/lib/libcrypto/asn1/tasn_enc.c
new file mode 100644
index 0000000000..f6c8ddef0a
--- /dev/null
+++ b/src/lib/libcrypto/asn1/tasn_enc.c
@@ -0,0 +1,497 @@
+/* tasn_enc.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *seq, unsigned char **out, int skcontlen, const ASN1_ITEM *item, int isset);
+
+/* Encode an ASN1 item, this is compatible with the
+ * standard 'i2d' function. 'out' points to 
+ * a buffer to output the data to, in future we will
+ * have more advanced versions that can output data
+ * a piece at a time and this will simply be a special
+ * case.
+ *
+ * The new i2d has one additional feature. If the output
+ * buffer is NULL (i.e. *out == NULL) then a buffer is
+ * allocated and populated with the encoding.
+ */
+
+
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
+{
+        if(out && !*out) {
+                unsigned char *p, *buf;
+                int len;
+                len = ASN1_item_ex_i2d(&val, NULL, it, -1, 0);
+                if(len <= 0) return len;
+                buf = OPENSSL_malloc(len);
+                if(!buf) return -1;
+                p = buf;
+                ASN1_item_ex_i2d(&val, &p, it, -1, 0);
+                *out = buf;
+                return len;
+        }
+                
+        return ASN1_item_ex_i2d(&val, out, it, -1, 0);
+}
+
+/* Encode an item, taking care of IMPLICIT tagging (if any).
+ * This function performs the normal item handling: it can be
+ * used in external types.
+ */
+
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
+{
+        const ASN1_TEMPLATE *tt = NULL;
+        unsigned char *p = NULL;
+        int i, seqcontlen, seqlen;
+        ASN1_STRING *strtmp;
+        const ASN1_COMPAT_FUNCS *cf;
+        const ASN1_EXTERN_FUNCS *ef;
+        const ASN1_AUX *aux = it->funcs;
+        ASN1_aux_cb *asn1_cb;
+        if((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) return 0;
+        if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
+        else asn1_cb = 0;
+
+        switch(it->itype) {
+
+                case ASN1_ITYPE_PRIMITIVE:
+                if(it->templates)
+                        return ASN1_template_i2d(pval, out, it->templates);
+                return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
+                break;
+
+                case ASN1_ITYPE_MSTRING:
+                strtmp = (ASN1_STRING *)*pval;
+                return asn1_i2d_ex_primitive(pval, out, it, -1, 0);
+
+                case ASN1_ITYPE_CHOICE:
+                if(asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+                                return 0;
+                i = asn1_get_choice_selector(pval, it);
+                if((i >= 0) && (i < it->tcount)) {
+                        ASN1_VALUE **pchval;
+                        const ASN1_TEMPLATE *chtt;
+                        chtt = it->templates + i;
+                        pchval = asn1_get_field_ptr(pval, chtt);
+                        return ASN1_template_i2d(pchval, out, chtt);
+                } 
+                /* Fixme: error condition if selector out of range */
+                if(asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+                                return 0;
+                break;
+
+                case ASN1_ITYPE_EXTERN:
+                /* If new style i2d it does all the work */
+                ef = it->funcs;
+                return ef->asn1_ex_i2d(pval, out, it, tag, aclass);
+
+                case ASN1_ITYPE_COMPAT:
+                /* old style hackery... */
+                cf = it->funcs;
+                if(out) p = *out;
+                i = cf->asn1_i2d(*pval, out);
+                /* Fixup for IMPLICIT tag: note this messes up for tags > 30,
+                 * but so did the old code. Tags > 30 are very rare anyway.
+                 */
+                if(out && (tag != -1))
+                        *p = aclass | tag | (*p & V_ASN1_CONSTRUCTED);
+                return i;
+                
+                case ASN1_ITYPE_SEQUENCE:
+                i = asn1_enc_restore(&seqcontlen, out, pval, it);
+                /* An error occurred */
+                if(i < 0) return 0;
+                /* We have a valid cached encoding... */
+                if(i > 0) return seqcontlen;
+                /* Otherwise carry on */
+                seqcontlen = 0;
+                /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+                if(tag == -1) {
+                        tag = V_ASN1_SEQUENCE;
+                        aclass = V_ASN1_UNIVERSAL;
+                }
+                if(asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+                                return 0;
+                /* First work out sequence content length */
+                for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+                        const ASN1_TEMPLATE *seqtt;
+                        ASN1_VALUE **pseqval;
+                        seqtt = asn1_do_adb(pval, tt, 1);
+                        if(!seqtt) return 0;
+                        pseqval = asn1_get_field_ptr(pval, seqtt);
+                        /* FIXME: check for errors in enhanced version */
+                        /* FIXME: special handling of indefinite length encoding */
+                        seqcontlen += ASN1_template_i2d(pseqval, NULL, seqtt);
+                }
+                seqlen = ASN1_object_size(1, seqcontlen, tag);
+                if(!out) return seqlen;
+                /* Output SEQUENCE header */
+                ASN1_put_object(out, 1, seqcontlen, tag, aclass);
+                for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+                        const ASN1_TEMPLATE *seqtt;
+                        ASN1_VALUE **pseqval;
+                        seqtt = asn1_do_adb(pval, tt, 1);
+                        if(!seqtt) return 0;
+                        pseqval = asn1_get_field_ptr(pval, seqtt);
+                        /* FIXME: check for errors in enhanced version */
+                        ASN1_template_i2d(pseqval, out, seqtt);
+                }
+                if(asn1_cb  && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+                                return 0;
+                return seqlen;
+
+                default:
+                return 0;
+        }
+        return 0;
+}
+
+int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt)
+{
+        int i, ret, flags, aclass;
+        flags = tt->flags;
+        aclass = flags & ASN1_TFLG_TAG_CLASS;
+        if(flags & ASN1_TFLG_SK_MASK) {
+                /* SET OF, SEQUENCE OF */
+                STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+                int isset, sktag, skaclass;
+                int skcontlen, sklen;
+                ASN1_VALUE *skitem;
+                if(!*pval) return 0;
+                if(flags & ASN1_TFLG_SET_OF) {
+                        isset = 1;
+                        /* 2 means we reorder */
+                        if(flags & ASN1_TFLG_SEQUENCE_OF) isset = 2;
+                } else isset = 0;
+                /* First work out inner tag value */
+                if(flags & ASN1_TFLG_IMPTAG) {
+                        sktag = tt->tag;
+                        skaclass = aclass;
+                } else {
+                        skaclass = V_ASN1_UNIVERSAL;
+                        if(isset) sktag = V_ASN1_SET;
+                        else sktag = V_ASN1_SEQUENCE;
+                }
+                /* Now work out length of items */
+                skcontlen = 0;
+                for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+                        skitem = sk_ASN1_VALUE_value(sk, i);
+                        skcontlen += ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item), -1, 0);
+                }
+                sklen = ASN1_object_size(1, skcontlen, sktag);
+                /* If EXPLICIT need length of surrounding tag */
+                if(flags & ASN1_TFLG_EXPTAG)
+                        ret = ASN1_object_size(1, sklen, tt->tag);
+                else ret = sklen;
+
+                if(!out) return ret;
+
+                /* Now encode this lot... */
+                /* EXPLICIT tag */
+                if(flags & ASN1_TFLG_EXPTAG)
+                        ASN1_put_object(out, 1, sklen, tt->tag, aclass);
+                /* SET or SEQUENCE and IMPLICIT tag */
+                ASN1_put_object(out, 1, skcontlen, sktag, skaclass);
+                /* And finally the stuff itself */
+                asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item), isset);
+
+                return ret;
+        }
+                        
+        if(flags & ASN1_TFLG_EXPTAG) {
+                /* EXPLICIT tagging */
+                /* Find length of tagged item */
+                i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, 0);
+                if(!i) return 0;
+                /* Find length of EXPLICIT tag */
+                ret = ASN1_object_size(1, i, tt->tag);
+                if(out) {
+                        /* Output tag and item */
+                        ASN1_put_object(out, 1, i, tt->tag, aclass);
+                        ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, 0);
+                }
+                return ret;
+        }
+        if(flags & ASN1_TFLG_IMPTAG) {
+                /* IMPLICIT tagging */
+                return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), tt->tag, aclass);
+        }
+        /* Nothing special: treat as normal */
+        return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, 0);
+}
+
+/* Temporary structure used to hold DER encoding of items for SET OF */
+
+typedef struct {
+        unsigned char *data;
+        int length;
+        ASN1_VALUE *field;
+} DER_ENC;
+
+static int der_cmp(const void *a, const void *b)
+{
+        const DER_ENC *d1 = a, *d2 = b;
+        int cmplen, i;
+        cmplen = (d1->length < d2->length) ? d1->length : d2->length;
+        i = memcmp(d1->data, d2->data, cmplen);
+        if(i) return i;
+        return d1->length - d2->length;
+}
+
+/* Output the content octets of SET OF or SEQUENCE OF */
+
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, int skcontlen, const ASN1_ITEM *item, int do_sort)
+{
+        int i;
+        ASN1_VALUE *skitem;
+        unsigned char *tmpdat = NULL, *p = NULL;
+        DER_ENC *derlst = NULL, *tder;
+        if(do_sort) {
+                /* Don't need to sort less than 2 items */
+                if(sk_ASN1_VALUE_num(sk) < 2) do_sort = 0;
+                else {
+                        derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) * sizeof(*derlst));
+                        tmpdat = OPENSSL_malloc(skcontlen);
+                        if(!derlst || !tmpdat) return 0;
+                }
+        }
+        /* If not sorting just output each item */
+        if(!do_sort) {
+                for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+                        skitem = sk_ASN1_VALUE_value(sk, i);
+                        ASN1_item_i2d(skitem, out, item);
+                }
+                return 1;
+        }
+        p = tmpdat;
+        /* Doing sort: build up a list of each member's DER encoding */
+        for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
+                skitem = sk_ASN1_VALUE_value(sk, i);
+                tder->data = p;
+                tder->length = ASN1_item_i2d(skitem, &p, item);
+                tder->field = skitem;
+        }
+        /* Now sort them */
+        qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp);
+        /* Output sorted DER encoding */        
+        p = *out;
+        for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
+                memcpy(p, tder->data, tder->length);
+                p += tder->length;
+        }
+        *out = p;
+        /* If do_sort is 2 then reorder the STACK */
+        if(do_sort == 2) {
+                for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
+                        sk_ASN1_VALUE_set(sk, i, tder->field);
+        }
+        OPENSSL_free(derlst);
+        OPENSSL_free(tmpdat);
+        return 1;
+}
+
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
+{
+        int len;
+        int utype;
+        int usetag;
+
+        utype = it->utype;
+
+        /* Get length of content octets and maybe find
+         * out the underlying type.
+         */
+
+        len = asn1_ex_i2c(pval, NULL, &utype, it);
+
+        /* If SEQUENCE, SET or OTHER then header is
+         * included in pseudo content octets so don't
+         * include tag+length. We need to check here
+         * because the call to asn1_ex_i2c() could change
+         * utype.
+         */
+        if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
+           (utype == V_ASN1_OTHER))
+                usetag = 0;
+        else usetag = 1;
+
+        /* -1 means omit type */
+
+        if(len == -1) return 0;
+
+        /* If not implicitly tagged get tag from underlying type */
+        if(tag == -1) tag = utype;
+
+        /* Output tag+length followed by content octets */
+        if(out) {
+                if(usetag) ASN1_put_object(out, 0, len, tag, aclass);
+                asn1_ex_i2c(pval, *out, &utype, it);
+                *out += len;
+        }
+
+        if(usetag) return ASN1_object_size(0, len, tag);
+        return len;
+}
+
+/* Produce content octets from a structure */
+
+int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_ITEM *it)
+{
+        ASN1_BOOLEAN *tbool = NULL;
+        ASN1_STRING *strtmp;
+        ASN1_OBJECT *otmp;
+        int utype;
+        unsigned char *cont, c;
+        int len;
+        const ASN1_PRIMITIVE_FUNCS *pf;
+        pf = it->funcs;
+        if(pf && pf->prim_i2c) return pf->prim_i2c(pval, cout, putype, it);
+
+        /* Should type be omitted? */
+        if((it->itype != ASN1_ITYPE_PRIMITIVE) || (it->utype != V_ASN1_BOOLEAN)) {
+                if(!*pval) return -1;
+        }
+
+        if(it->itype == ASN1_ITYPE_MSTRING) {
+                /* If MSTRING type set the underlying type */
+                strtmp = (ASN1_STRING *)*pval;
+                utype = strtmp->type;
+                *putype = utype;
+        } else if(it->utype == V_ASN1_ANY) {
+                /* If ANY set type and pointer to value */
+                ASN1_TYPE *typ;
+                typ = (ASN1_TYPE *)*pval;
+                utype = typ->type;
+                *putype = utype;
+                pval = (ASN1_VALUE **)&typ->value.ptr;
+        } else utype = *putype;
+
+        switch(utype) {
+                case V_ASN1_OBJECT:
+                otmp = (ASN1_OBJECT *)*pval;
+                cont = otmp->data;
+                len = otmp->length;
+                break;
+
+                case V_ASN1_NULL:
+                cont = NULL;
+                len = 0;
+                break;
+
+                case V_ASN1_BOOLEAN:
+                tbool = (ASN1_BOOLEAN *)pval;
+                if(*tbool == -1) return -1;
+                /* Default handling if value == size field then omit */
+                if(*tbool && (it->size > 0)) return -1;
+                if(!*tbool && !it->size) return -1;
+                c = (unsigned char)*tbool;
+                cont = &c;
+                len = 1;
+                break;
+
+                case V_ASN1_BIT_STRING:
+                return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, cout ? &cout : NULL);
+                break;
+
+                case V_ASN1_INTEGER:
+                case V_ASN1_NEG_INTEGER:
+                case V_ASN1_ENUMERATED:
+                case V_ASN1_NEG_ENUMERATED:
+                /* These are all have the same content format
+                 * as ASN1_INTEGER
+                 */
+                return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL);
+                break;
+
+                case V_ASN1_OCTET_STRING:
+                case V_ASN1_NUMERICSTRING:
+                case V_ASN1_PRINTABLESTRING:
+                case V_ASN1_T61STRING:
+                case V_ASN1_VIDEOTEXSTRING:
+                case V_ASN1_IA5STRING:
+                case V_ASN1_UTCTIME:
+                case V_ASN1_GENERALIZEDTIME:
+                case V_ASN1_GRAPHICSTRING:
+                case V_ASN1_VISIBLESTRING:
+                case V_ASN1_GENERALSTRING:
+                case V_ASN1_UNIVERSALSTRING:
+                case V_ASN1_BMPSTRING:
+                case V_ASN1_UTF8STRING:
+                case V_ASN1_SEQUENCE:
+                case V_ASN1_SET:
+                default:
+                /* All based on ASN1_STRING and handled the same */
+                strtmp = (ASN1_STRING *)*pval;
+                cont = strtmp->data;
+                len = strtmp->length;
+
+                break;
+
+        }
+        if(cout && len) memcpy(cout, cont, len);
+        return len;
+}
diff --git a/src/lib/libcrypto/asn1/tasn_fre.c b/src/lib/libcrypto/asn1/tasn_fre.c
new file mode 100644
index 0000000000..c7610776f2
--- /dev/null
+++ b/src/lib/libcrypto/asn1/tasn_fre.c
@@ -0,0 +1,226 @@
+/* tasn_fre.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+
+static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine);
+
+/* Free up an ASN1 structure */
+
+void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
+{
+        asn1_item_combine_free(&val, it, 0);
+}
+
+void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        asn1_item_combine_free(pval, it, 0);
+}
+
+static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
+{
+        const ASN1_TEMPLATE *tt = NULL, *seqtt;
+        const ASN1_EXTERN_FUNCS *ef;
+        const ASN1_COMPAT_FUNCS *cf;
+        const ASN1_AUX *aux = it->funcs;
+        ASN1_aux_cb *asn1_cb;
+        int i;
+        if(!pval) return;
+        if((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) return;
+        if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
+        else asn1_cb = 0;
+
+        switch(it->itype) {
+
+                case ASN1_ITYPE_PRIMITIVE:
+                if(it->templates) ASN1_template_free(pval, it->templates);
+                else ASN1_primitive_free(pval, it);
+                break;
+
+                case ASN1_ITYPE_MSTRING:
+                ASN1_primitive_free(pval, it);
+                break;
+
+                case ASN1_ITYPE_CHOICE:
+                if(asn1_cb) {
+                        i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+                        if(i == 2) return;
+                }
+                i = asn1_get_choice_selector(pval, it);
+                if(asn1_cb) asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+                if((i >= 0) && (i < it->tcount)) {
+                        ASN1_VALUE **pchval;
+                        tt = it->templates + i;
+                        pchval = asn1_get_field_ptr(pval, tt);
+                        ASN1_template_free(pchval, tt);
+                }
+                if(asn1_cb) asn1_cb(ASN1_OP_FREE_POST, pval, it);
+                if(!combine) {
+                        OPENSSL_free(*pval);
+                        *pval = NULL;
+                }
+                break;
+
+                case ASN1_ITYPE_COMPAT:
+                cf = it->funcs;
+                if(cf && cf->asn1_free) cf->asn1_free(*pval);
+                break;
+
+                case ASN1_ITYPE_EXTERN:
+                ef = it->funcs;
+                if(ef && ef->asn1_ex_free) ef->asn1_ex_free(pval, it);
+                break;
+
+                case ASN1_ITYPE_SEQUENCE:
+                if(asn1_do_lock(pval, -1, it) > 0) return;
+                if(asn1_cb) {
+                        i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+                        if(i == 2) return;
+                }               
+                asn1_enc_free(pval, it);
+                /* If we free up as normal we will invalidate any
+                 * ANY DEFINED BY field and we wont be able to 
+                 * determine the type of the field it defines. So
+                 * free up in reverse order.
+                 */
+                tt = it->templates + it->tcount - 1;
+                for(i = 0; i < it->tcount; tt--, i++) {
+                        ASN1_VALUE **pseqval;
+                        seqtt = asn1_do_adb(pval, tt, 0);
+                        if(!seqtt) continue;
+                        pseqval = asn1_get_field_ptr(pval, seqtt);
+                        ASN1_template_free(pseqval, seqtt);
+                }
+                if(asn1_cb) asn1_cb(ASN1_OP_FREE_POST, pval, it);
+                if(!combine) {
+                        OPENSSL_free(*pval);
+                        *pval = NULL;
+                }
+                break;
+        }
+}
+
+void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+        int i;
+        if(tt->flags & ASN1_TFLG_SK_MASK) {
+                STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+                for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+                        ASN1_VALUE *vtmp;
+                        vtmp = sk_ASN1_VALUE_value(sk, i);
+                        asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), 0);
+                }
+                sk_ASN1_VALUE_free(sk);
+                *pval = NULL;
+        } else asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item),
+                                                tt->flags & ASN1_TFLG_COMBINE);
+}
+
+void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        int utype;
+        if(it) {
+                const ASN1_PRIMITIVE_FUNCS *pf;
+                pf = it->funcs;
+                if(pf && pf->prim_free) {
+                        pf->prim_free(pval, it);
+                        return;
+                }
+        }
+        /* Special case: if 'it' is NULL free contents of ASN1_TYPE */
+        if(!it) {
+                ASN1_TYPE *typ = (ASN1_TYPE *)*pval;
+                utype = typ->type;
+                pval = (ASN1_VALUE **)&typ->value.ptr;
+                if(!*pval) return;
+        } else if(it->itype == ASN1_ITYPE_MSTRING) {
+                utype = -1;
+                if(!*pval) return;
+        } else {
+                utype = it->utype;
+                if((utype != V_ASN1_BOOLEAN) && !*pval) return;
+        }
+
+        switch(utype) {
+                case V_ASN1_OBJECT:
+                ASN1_OBJECT_free((ASN1_OBJECT *)*pval);
+                break;
+
+                case V_ASN1_BOOLEAN:
+                *(ASN1_BOOLEAN *)pval = it->size;
+                return;
+
+                case V_ASN1_NULL:
+                break;
+
+                case V_ASN1_ANY:
+                ASN1_primitive_free(pval, NULL);
+                OPENSSL_free(*pval);
+                break;
+
+                default:
+                ASN1_STRING_free((ASN1_STRING *)*pval);
+                *pval = NULL;
+                break;
+        }
+        *pval = NULL;
+}
diff --git a/src/lib/libcrypto/asn1/tasn_new.c b/src/lib/libcrypto/asn1/tasn_new.c
new file mode 100644
index 0000000000..e33861f864
--- /dev/null
+++ b/src/lib/libcrypto/asn1/tasn_new.c
@@ -0,0 +1,348 @@
+/* tasn_new.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+#include <string.h>
+
+static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine);
+static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it)
+{
+        ASN1_VALUE *ret = NULL;
+        if(ASN1_item_ex_new(&ret, it) > 0) return ret;
+        return NULL;
+}
+
+/* Allocate an ASN1 structure */
+
+int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        return asn1_item_ex_combine_new(pval, it, 0);
+}
+
+static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
+{
+        const ASN1_TEMPLATE *tt = NULL;
+        const ASN1_COMPAT_FUNCS *cf;
+        const ASN1_EXTERN_FUNCS *ef;
+        const ASN1_AUX *aux = it->funcs;
+        ASN1_aux_cb *asn1_cb;
+        ASN1_VALUE **pseqval;
+        int i;
+        if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
+        else asn1_cb = 0;
+
+        if(!combine) *pval = NULL;
+
+#ifdef CRYPTO_MDEBUG
+        if(it->sname) CRYPTO_push_info(it->sname);
+#endif
+
+        switch(it->itype) {
+
+                case ASN1_ITYPE_EXTERN:
+                ef = it->funcs;
+                if(ef && ef->asn1_ex_new) {
+                        if(!ef->asn1_ex_new(pval, it))
+                                goto memerr;
+                }
+                break;
+
+                case ASN1_ITYPE_COMPAT:
+                cf = it->funcs;
+                if(cf && cf->asn1_new) {
+                        *pval = cf->asn1_new();
+                        if(!*pval) goto memerr;
+                }
+                break;
+
+                case ASN1_ITYPE_PRIMITIVE:
+                if(it->templates) {
+                        if(!ASN1_template_new(pval, it->templates))
+                                goto memerr;
+                } else {
+                        if(!ASN1_primitive_new(pval, it))
+                                goto memerr;
+                }
+                break;
+
+                case ASN1_ITYPE_MSTRING:
+                if(!ASN1_primitive_new(pval, it))
+                                goto memerr;
+                break;
+
+                case ASN1_ITYPE_CHOICE:
+                if(asn1_cb) {
+                        i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
+                        if(!i) goto auxerr;
+                        if(i==2) {
+#ifdef CRYPTO_MDEBUG
+                                if(it->sname) CRYPTO_pop_info();
+#endif
+                                return 1;
+                        }
+                }
+                if(!combine) {
+                        *pval = OPENSSL_malloc(it->size);
+                        if(!*pval) goto memerr;
+                        memset(*pval, 0, it->size);
+                }
+                asn1_set_choice_selector(pval, -1, it);
+                if(asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+                                goto auxerr;
+                break;
+
+                case ASN1_ITYPE_SEQUENCE:
+                if(asn1_cb) {
+                        i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
+                        if(!i) goto auxerr;
+                        if(i==2) {
+#ifdef CRYPTO_MDEBUG
+                                if(it->sname) CRYPTO_pop_info();
+#endif
+                                return 1;
+                        }
+                }
+                if(!combine) {
+                        *pval = OPENSSL_malloc(it->size);
+                        if(!*pval) goto memerr;
+                        memset(*pval, 0, it->size);
+                        asn1_do_lock(pval, 0, it);
+                        asn1_enc_init(pval, it);
+                }
+                for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+                        pseqval = asn1_get_field_ptr(pval, tt);
+                        if(!ASN1_template_new(pseqval, tt)) goto memerr;
+                }
+                if(asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+                                goto auxerr;
+                break;
+        }
+#ifdef CRYPTO_MDEBUG
+        if(it->sname) CRYPTO_pop_info();
+#endif
+        return 1;
+
+        memerr:
+        ASN1err(ASN1_F_ASN1_ITEM_NEW, ERR_R_MALLOC_FAILURE);
+#ifdef CRYPTO_MDEBUG
+        if(it->sname) CRYPTO_pop_info();
+#endif
+        return 0;
+
+        auxerr:
+        ASN1err(ASN1_F_ASN1_ITEM_NEW, ASN1_R_AUX_ERROR);
+        ASN1_item_ex_free(pval, it);
+#ifdef CRYPTO_MDEBUG
+        if(it->sname) CRYPTO_pop_info();
+#endif
+        return 0;
+
+}
+
+static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        const ASN1_EXTERN_FUNCS *ef;
+
+        switch(it->itype) {
+
+                case ASN1_ITYPE_EXTERN:
+                ef = it->funcs;
+                if(ef && ef->asn1_ex_clear) 
+                        ef->asn1_ex_clear(pval, it);
+                else *pval = NULL;
+                break;
+
+
+                case ASN1_ITYPE_PRIMITIVE:
+                if(it->templates) 
+                        asn1_template_clear(pval, it->templates);
+                else
+                        asn1_primitive_clear(pval, it);
+                break;
+
+                case ASN1_ITYPE_MSTRING:
+                asn1_primitive_clear(pval, it);
+                break;
+
+                case ASN1_ITYPE_COMPAT:
+                case ASN1_ITYPE_CHOICE:
+                case ASN1_ITYPE_SEQUENCE:
+                *pval = NULL;
+                break;
+        }
+}
+
+
+int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+        const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item);
+        int ret;
+        if(tt->flags & ASN1_TFLG_OPTIONAL) {
+                asn1_template_clear(pval, tt);
+                return 1;
+        }
+        /* If ANY DEFINED BY nothing to do */
+
+        if(tt->flags & ASN1_TFLG_ADB_MASK) {
+                *pval = NULL;
+                return 1;
+        }
+#ifdef CRYPTO_MDEBUG
+        if(tt->field_name) CRYPTO_push_info(tt->field_name);
+#endif
+        /* If SET OF or SEQUENCE OF, its a STACK */
+        if(tt->flags & ASN1_TFLG_SK_MASK) {
+                STACK_OF(ASN1_VALUE) *skval;
+                skval = sk_ASN1_VALUE_new_null();
+                if(!skval) {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE);
+                        ret = 0;
+                        goto done;
+                }
+                *pval = (ASN1_VALUE *)skval;
+                ret = 1;
+                goto done;
+        }
+        /* Otherwise pass it back to the item routine */
+        ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);
+        done:
+#ifdef CRYPTO_MDEBUG
+        if(it->sname) CRYPTO_pop_info();
+#endif
+        return ret;
+}
+
+static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+        /* If ADB or STACK just NULL the field */
+        if(tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK)) 
+                *pval = NULL;
+        else
+                asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item));
+}
+
+
+/* NB: could probably combine most of the real XXX_new() behaviour and junk all the old
+ * functions.
+ */
+
+int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        ASN1_TYPE *typ;
+        int utype;
+        const ASN1_PRIMITIVE_FUNCS *pf;
+        pf = it->funcs;
+        if(pf && pf->prim_new) return pf->prim_new(pval, it);
+        if(!it || (it->itype == ASN1_ITYPE_MSTRING)) utype = -1;
+        else utype = it->utype;
+        switch(utype) {
+                case V_ASN1_OBJECT:
+                *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef);
+                return 1;
+
+                case V_ASN1_BOOLEAN:
+                *(ASN1_BOOLEAN *)pval = it->size;
+                return 1;
+
+                case V_ASN1_NULL:
+                *pval = (ASN1_VALUE *)1;
+                return 1;
+
+                case V_ASN1_ANY:
+                typ = OPENSSL_malloc(sizeof(ASN1_TYPE));
+                if(!typ) return 0;
+                typ->value.ptr = NULL;
+                typ->type = -1;
+                *pval = (ASN1_VALUE *)typ;
+                break;
+
+                default:
+                *pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype);
+                break;
+        }
+        if(*pval) return 1;
+        return 0;
+}
+
+void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        int utype;
+        const ASN1_PRIMITIVE_FUNCS *pf;
+        pf = it->funcs;
+        if(pf) {
+                if(pf->prim_clear)
+                        pf->prim_clear(pval, it);
+                else 
+                        *pval = NULL;
+                return;
+        }
+        if(!it || (it->itype == ASN1_ITYPE_MSTRING)) utype = -1;
+        else utype = it->utype;
+        if(utype == V_ASN1_BOOLEAN)
+                *(ASN1_BOOLEAN *)pval = it->size;
+        else *pval = NULL;
+}
diff --git a/src/lib/libcrypto/asn1/tasn_prn.c b/src/lib/libcrypto/asn1/tasn_prn.c
new file mode 100644
index 0000000000..fab67ae5ac
--- /dev/null
+++ b/src/lib/libcrypto/asn1/tasn_prn.c
@@ -0,0 +1,198 @@
+/* tasn_prn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include <openssl/nasn.h>
+
+/* Print routines. Print out a whole structure from a template.
+ */
+
+static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name);
+
+int ASN1_item_print(BIO *out, void *fld, int indent, const ASN1_ITEM *it)
+{
+        return asn1_item_print_nm(out, fld, indent, it, it->sname);
+}
+
+static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name)
+{
+        ASN1_STRING *str;
+        const ASN1_TEMPLATE *tt;
+        void *tmpfld;
+        int i;
+        if(!fld) {
+                BIO_printf(out, "%*s%s ABSENT\n", indent, "", name);
+                return 1;
+        }
+        switch(it->itype) {
+
+                case ASN1_ITYPE_PRIMITIVE:
+                if(it->templates)
+                        return ASN1_template_print(out, fld, indent, it->templates);
+                return asn1_primitive_print(out, fld, it->utype, indent, name);
+                break;
+
+                case ASN1_ITYPE_MSTRING:
+                str = fld;
+                return asn1_primitive_print(out, fld, str->type, indent, name);
+
+                case ASN1_ITYPE_EXTERN:
+                BIO_printf(out, "%*s%s:EXTERNAL TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");
+                return 1;
+                case ASN1_ITYPE_COMPAT:
+                BIO_printf(out, "%*s%s:COMPATIBLE TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");
+                return 1;
+
+
+                case ASN1_ITYPE_CHOICE:
+                /* CHOICE type, get selector */
+                i = asn1_get_choice_selector(fld, it);
+                /* This should never happen... */
+                if((i < 0) || (i >= it->tcount)) {
+                        BIO_printf(out, "%s selector [%d] out of range\n", it->sname, i);
+                        return 1;
+                }
+                tt = it->templates + i;
+                tmpfld = asn1_get_field(fld, tt);
+                return ASN1_template_print(out, tmpfld, indent, tt);
+
+                case ASN1_ITYPE_SEQUENCE:
+                BIO_printf(out, "%*s%s {\n", indent, "", name);
+                /* Get each field entry */
+                for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+                        tmpfld = asn1_get_field(fld, tt);
+                        ASN1_template_print(out, tmpfld, indent + 2, tt);
+                }
+                BIO_printf(out, "%*s}\n", indent, "");
+                return 1;
+
+                default:
+                return 0;
+        }
+}
+
+int ASN1_template_print(BIO *out, void *fld, int indent, const ASN1_TEMPLATE *tt)
+{
+        int i, flags;
+#if 0
+        if(!fld) return 0; 
+#endif
+        flags = tt->flags;
+        if(flags & ASN1_TFLG_SK_MASK) {
+                char *tname;
+                void *skitem;
+                /* SET OF, SEQUENCE OF */
+                if(flags & ASN1_TFLG_SET_OF) tname = "SET";
+                else tname = "SEQUENCE";
+                if(fld) {
+                        BIO_printf(out, "%*s%s OF %s {\n", indent, "", tname, tt->field_name);
+                        for(i = 0; i < sk_num(fld); i++) {
+                                skitem = sk_value(fld, i);
+                                asn1_item_print_nm(out, skitem, indent + 2, tt->item, "");
+                        }
+                        BIO_printf(out, "%*s}\n", indent, "");
+                } else 
+                        BIO_printf(out, "%*s%s OF %s ABSENT\n", indent, "", tname, tt->field_name);
+                return 1;
+        }
+        return asn1_item_print_nm(out, fld, indent, tt->item, tt->field_name);
+}
+
+static int asn1_primitive_print(BIO *out, void *fld, long utype, int indent, const char *name)
+{
+        ASN1_STRING *str = fld;
+        if(fld) {
+                if(utype == V_ASN1_BOOLEAN) {
+                        int *bool = fld;
+if(*bool == -1) printf("BOOL MISSING\n");
+                        BIO_printf(out, "%*s%s:%s", indent, "", "BOOLEAN", *bool ? "TRUE" : "FALSE");
+                } else if((utype == V_ASN1_INTEGER) 
+                          || (utype == V_ASN1_ENUMERATED)) {
+                        char *s, *nm;
+                        s = i2s_ASN1_INTEGER(NULL, fld);
+                        if(utype == V_ASN1_INTEGER) nm = "INTEGER";
+                        else nm = "ENUMERATED";
+                        BIO_printf(out, "%*s%s:%s", indent, "", nm, s);
+                        OPENSSL_free(s);
+                } else if(utype == V_ASN1_NULL) {
+                        BIO_printf(out, "%*s%s", indent, "", "NULL");
+                } else if(utype == V_ASN1_UTCTIME) {
+                        BIO_printf(out, "%*s%s:%s:", indent, "", name, "UTCTIME");
+                        ASN1_UTCTIME_print(out, str);
+                } else if(utype == V_ASN1_GENERALIZEDTIME) {
+                        BIO_printf(out, "%*s%s:%s:", indent, "", name, "GENERALIZEDTIME");
+                        ASN1_GENERALIZEDTIME_print(out, str);
+                } else if(utype == V_ASN1_OBJECT) {
+                        char objbuf[80], *ln;
+                        ln = OBJ_nid2ln(OBJ_obj2nid(fld));
+                        if(!ln) ln = "";
+                        OBJ_obj2txt(objbuf, 80, fld, 1);
+                        BIO_printf(out, "%*s%s:%s (%s)", indent, "", "OBJECT", ln, objbuf);
+                } else {
+                        BIO_printf(out, "%*s%s:", indent, "", name);
+                        ASN1_STRING_print_ex(out, str, ASN1_STRFLGS_DUMP_UNKNOWN|ASN1_STRFLGS_SHOW_TYPE);
+                }
+                BIO_printf(out, "\n");
+        } else BIO_printf(out, "%*s%s [ABSENT]\n", indent, "", name);
+        return 1;
+}
diff --git a/src/lib/libcrypto/asn1/tasn_typ.c b/src/lib/libcrypto/asn1/tasn_typ.c
new file mode 100644
index 0000000000..804d2eeba2
--- /dev/null
+++ b/src/lib/libcrypto/asn1/tasn_typ.c
@@ -0,0 +1,133 @@
+/* tasn_typ.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+/* Declarations for string types */
+
+
+IMPLEMENT_ASN1_TYPE(ASN1_INTEGER)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_INTEGER)
+
+IMPLEMENT_ASN1_TYPE(ASN1_ENUMERATED)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_ENUMERATED)
+
+IMPLEMENT_ASN1_TYPE(ASN1_BIT_STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_BIT_STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_OCTET_STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_NULL)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_NULL)
+
+IMPLEMENT_ASN1_TYPE(ASN1_OBJECT)
+
+IMPLEMENT_ASN1_TYPE(ASN1_UTF8STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTF8STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_PRINTABLESTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_T61STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_T61STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_IA5STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_IA5STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_GENERALSTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_UTCTIME)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTCTIME)
+
+IMPLEMENT_ASN1_TYPE(ASN1_GENERALIZEDTIME)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
+
+IMPLEMENT_ASN1_TYPE(ASN1_VISIBLESTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_UNIVERSALSTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_BMPSTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_BMPSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_ANY)
+
+/* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */
+IMPLEMENT_ASN1_TYPE(ASN1_SEQUENCE)
+
+IMPLEMENT_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
+/* Multistring types */
+
+IMPLEMENT_ASN1_MSTRING(ASN1_PRINTABLE, B_ASN1_PRINTABLE)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
+
+IMPLEMENT_ASN1_MSTRING(DISPLAYTEXT, B_ASN1_DISPLAYTEXT)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+
+IMPLEMENT_ASN1_MSTRING(DIRECTORYSTRING, B_ASN1_DIRECTORYSTRING)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+
+/* Three separate BOOLEAN type: normal, DEFAULT TRUE and DEFAULT FALSE */
+IMPLEMENT_ASN1_TYPE_ex(ASN1_BOOLEAN, ASN1_BOOLEAN, -1)
+IMPLEMENT_ASN1_TYPE_ex(ASN1_TBOOLEAN, ASN1_BOOLEAN, 1)
+IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0)
diff --git a/src/lib/libcrypto/asn1/tasn_utl.c b/src/lib/libcrypto/asn1/tasn_utl.c
new file mode 100644
index 0000000000..8996ce8c13
--- /dev/null
+++ b/src/lib/libcrypto/asn1/tasn_utl.c
@@ -0,0 +1,253 @@
+/* tasn_utl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/err.h>
+
+/* Utility functions for manipulating fields and offsets */
+
+/* Add 'offset' to 'addr' */
+#define offset2ptr(addr, offset) (void *)(((char *) addr) + offset)
+
+/* Given an ASN1_ITEM CHOICE type return
+ * the selector value
+ */
+
+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        int *sel = offset2ptr(*pval, it->utype);
+        return *sel;
+}
+
+/* Given an ASN1_ITEM CHOICE type set
+ * the selector value, return old value.
+ */
+
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it)
+{       
+        int *sel, ret;
+        sel = offset2ptr(*pval, it->utype);
+        ret = *sel;
+        *sel = value;
+        return ret;
+}
+
+/* Do reference counting. The value 'op' decides what to do. 
+ * if it is +1 then the count is incremented. If op is 0 count is
+ * set to 1. If op is -1 count is decremented and the return value
+ * is the current refrence count or 0 if no reference count exists.
+ */
+
+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
+{
+        const ASN1_AUX *aux;
+        int *lck, ret;
+        if(it->itype != ASN1_ITYPE_SEQUENCE) return 0;
+        aux = it->funcs;
+        if(!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) return 0;
+        lck = offset2ptr(*pval, aux->ref_offset);
+        if(op == 0) {
+                *lck = 1;
+                return 1;
+        }
+        ret = CRYPTO_add(lck, op, aux->ref_lock);
+#ifdef REF_PRINT
+        fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck);
+#endif
+#ifdef REF_CHECK
+        if(ret < 0) 
+                fprintf(stderr, "%s, bad reference count\n", it->sname);
+#endif
+        return ret;
+}
+
+static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        const ASN1_AUX *aux;
+        if(!pval || !*pval) return NULL;
+        aux = it->funcs;
+        if(!aux || !(aux->flags & ASN1_AFLG_ENCODING)) return NULL;
+        return offset2ptr(*pval, aux->enc_offset);
+}
+
+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        ASN1_ENCODING *enc;
+        enc = asn1_get_enc_ptr(pval, it);
+        if(enc) {
+                enc->enc = NULL;
+                enc->len = 0;
+                enc->modified = 1;
+        }
+}
+
+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        ASN1_ENCODING *enc;
+        enc = asn1_get_enc_ptr(pval, it);
+        if(enc) {
+                if(enc->enc) OPENSSL_free(enc->enc);
+                enc->enc = NULL;
+                enc->len = 0;
+                enc->modified = 1;
+        }
+}
+
+int asn1_enc_save(ASN1_VALUE **pval, unsigned char *in, int inlen, const ASN1_ITEM *it)
+{
+        ASN1_ENCODING *enc;
+        enc = asn1_get_enc_ptr(pval, it);
+        if(!enc) return 1;
+
+        if(enc->enc) OPENSSL_free(enc->enc);
+        enc->enc = OPENSSL_malloc(inlen);
+        if(!enc->enc) return 0;
+        memcpy(enc->enc, in, inlen);
+        enc->len = inlen;
+        enc->modified = 0;
+
+        return 1;
+}
+                
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        ASN1_ENCODING *enc;
+        enc = asn1_get_enc_ptr(pval, it);
+        if(!enc || enc->modified) return 0;
+        if(out) {
+                memcpy(*out, enc->enc, enc->len);
+                *out += enc->len;
+        }
+        if(len) *len = enc->len;
+        return 1;
+}
+
+/* Given an ASN1_TEMPLATE get a pointer to a field */
+ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+        ASN1_VALUE **pvaltmp;
+        if(tt->flags & ASN1_TFLG_COMBINE) return pval;
+        pvaltmp = offset2ptr(*pval, tt->offset);
+        /* NOTE for BOOLEAN types the field is just a plain
+         * int so we can't return int **, so settle for
+         * (int *).
+         */
+        return pvaltmp;
+}
+
+/* Handle ANY DEFINED BY template, find the selector, look up
+ * the relevant ASN1_TEMPLATE in the table and return it.
+ */
+
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr)
+{
+        const ASN1_ADB *adb;
+        const ASN1_ADB_TABLE *atbl;
+        long selector;
+        ASN1_VALUE **sfld;
+        int i;
+        if(!(tt->flags & ASN1_TFLG_ADB_MASK)) return tt;
+
+        /* Else ANY DEFINED BY ... get the table */
+        adb = ASN1_ADB_ptr(tt->item);
+
+        /* Get the selector field */
+        sfld = offset2ptr(*pval, adb->offset);
+
+        /* Check if NULL */
+        if(!sfld) {
+                if(!adb->null_tt) goto err;
+                return adb->null_tt;
+        }
+
+        /* Convert type to a long:
+         * NB: don't check for NID_undef here because it
+         * might be a legitimate value in the table
+         */
+        if(tt->flags & ASN1_TFLG_ADB_OID) 
+                selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld);
+        else 
+                selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld);
+
+        /* Try to find matching entry in table
+         * Maybe should check application types first to
+         * allow application override? Might also be useful
+         * to have a flag which indicates table is sorted and
+         * we can do a binary search. For now stick to a
+         * linear search.
+         */
+
+        for(atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++)
+                if(atbl->value == selector) return &atbl->tt;
+
+        /* FIXME: need to search application table too */
+
+        /* No match, return default type */
+        if(!adb->default_tt) goto err;          
+        return adb->default_tt;
+        
+        err:
+        /* FIXME: should log the value or OID of unsupported type */
+        if(nullerr) ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
+        return NULL;
+}
diff --git a/src/lib/libcrypto/asn1/x_algor.c b/src/lib/libcrypto/asn1/x_algor.c
index 853a8dfeef..00b9ea54a1 100644
--- a/src/lib/libcrypto/asn1/x_algor.c
+++ b/src/lib/libcrypto/asn1/x_algor.c
@@ -1,118 +1,73 @@
-/* crypto/asn1/x_algor.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* x_algor.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
 
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <stddef.h>
 #include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
 
-int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **pp)
-        {
-        M_ASN1_I2D_vars(a);
-
-        M_ASN1_I2D_len(a->algorithm,i2d_ASN1_OBJECT);
-        if (a->parameter != NULL)
-                { M_ASN1_I2D_len(a->parameter,i2d_ASN1_TYPE); }
-
-        M_ASN1_I2D_seq_total();
-        M_ASN1_I2D_put(a->algorithm,i2d_ASN1_OBJECT);
-        if (a->parameter != NULL)
-                { M_ASN1_I2D_put(a->parameter,i2d_ASN1_TYPE); }
-
-        M_ASN1_I2D_finish();
-        }
-
-X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, unsigned char **pp, long length)
-        {
-        M_ASN1_D2I_vars(a,X509_ALGOR *,X509_ALGOR_new);
-
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->algorithm,d2i_ASN1_OBJECT);
-        if (!M_ASN1_D2I_end_sequence())
-                { M_ASN1_D2I_get(ret->parameter,d2i_ASN1_TYPE); }
-        else
-                {
-                ASN1_TYPE_free(ret->parameter);
-                ret->parameter=NULL;
-                }
-        M_ASN1_D2I_Finish(a,X509_ALGOR_free,ASN1_F_D2I_X509_ALGOR);
-        }
-
-X509_ALGOR *X509_ALGOR_new(void)
-        {
-        X509_ALGOR *ret=NULL;
-        ASN1_CTX c;
-
-        M_ASN1_New_Malloc(ret,X509_ALGOR);
-        ret->algorithm=OBJ_nid2obj(NID_undef);
-        ret->parameter=NULL;
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_X509_ALGOR_NEW);
-        }
+ASN1_SEQUENCE(X509_ALGOR) = {
+        ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT),
+        ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
+} ASN1_SEQUENCE_END(X509_ALGOR)
 
-void X509_ALGOR_free(X509_ALGOR *a)
-        {
-        if (a == NULL) return;
-        ASN1_OBJECT_free(a->algorithm);
-        ASN1_TYPE_free(a->parameter);
-        OPENSSL_free(a);
-        }
+IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
 
 IMPLEMENT_STACK_OF(X509_ALGOR)
 IMPLEMENT_ASN1_SET_OF(X509_ALGOR)
diff --git a/src/lib/libcrypto/asn1/x_attrib.c b/src/lib/libcrypto/asn1/x_attrib.c
index 14e5ea27aa..1e3713f18f 100644
--- a/src/lib/libcrypto/asn1/x_attrib.c
+++ b/src/lib/libcrypto/asn1/x_attrib.c
@@ -59,64 +59,42 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/objects.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-/* sequence */
-int i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a, unsigned char **pp)
-        {
-        int k=0;
-        int r=0,ret=0;
-        unsigned char **p=NULL;
-
-        if (a == NULL) return(0);
-
-        p=NULL;
-        for (;;)
-                {
-                if (k)
-                        {
-                        r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
-                        if (pp == NULL) return(r);
-                        p=pp;
-                        ASN1_put_object(p,1,ret,V_ASN1_SEQUENCE,
-                                V_ASN1_UNIVERSAL);
-                        }
-
-                ret+=i2d_ASN1_OBJECT(a->object,p);
-                if (a->set)
-                        ret+=i2d_ASN1_SET_OF_ASN1_TYPE(a->value.set,p,i2d_ASN1_TYPE,
-                                V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
-                else
-                        ret+=i2d_ASN1_TYPE(a->value.single,p);
-                if (k++) return(r);
-                }
-        }
-
-X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a, unsigned char **pp,
-             long length)
-        {
-        M_ASN1_D2I_vars(a,X509_ATTRIBUTE *,X509_ATTRIBUTE_new);
+/* X509_ATTRIBUTE: this has the following form:
+ *
+ * typedef struct x509_attributes_st
+ *      {
+ *      ASN1_OBJECT *object;
+ *      int single;
+ *      union   {
+ *              char            *ptr;
+ *              STACK_OF(ASN1_TYPE) *set;
+ *              ASN1_TYPE       *single;
+ *              } value;
+ *      } X509_ATTRIBUTE;
+ *
+ * this needs some extra thought because the CHOICE type is
+ * merged with the main structure and because the value can
+ * be anything at all we *must* try the SET OF first because
+ * the ASN1_ANY type will swallow anything including the whole
+ * SET OF structure.
+ */
 
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT);
+ASN1_CHOICE(X509_ATTRIBUTE_SET) = {
+        ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY),
+        ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY)
+} ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single)
 
-        if ((c.slen != 0) &&
-                (M_ASN1_next == (V_ASN1_CONSTRUCTED|V_ASN1_UNIVERSAL|V_ASN1_SET)))
-                {
-                ret->set=1;
-                M_ASN1_D2I_get_set_type(ASN1_TYPE,ret->value.set,d2i_ASN1_TYPE,
-                                        ASN1_TYPE_free);
-                }
-        else
-                {
-                ret->set=0;
-                M_ASN1_D2I_get(ret->value.single,d2i_ASN1_TYPE);
-                }
+ASN1_SEQUENCE(X509_ATTRIBUTE) = {
+        ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
+        /* CHOICE type merged with parent */
+        ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET)
+} ASN1_SEQUENCE_END(X509_ATTRIBUTE)
 
-        M_ASN1_D2I_Finish(a,X509_ATTRIBUTE_free,ASN1_F_D2I_X509_ATTRIBUTE);
-        }
+IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
 
 X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
         {
@@ -126,7 +104,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
         if ((ret=X509_ATTRIBUTE_new()) == NULL)
                 return(NULL);
         ret->object=OBJ_nid2obj(nid);
-        ret->set=1;
+        ret->single=0;
         if ((ret->value.set=sk_ASN1_TYPE_new_null()) == NULL) goto err;
         if ((val=ASN1_TYPE_new()) == NULL) goto err;
         if (!sk_ASN1_TYPE_push(ret->value.set,val)) goto err;
@@ -138,28 +116,3 @@ err:
         if (val != NULL) ASN1_TYPE_free(val);
         return(NULL);
         }
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_new(void)
-        {
-        X509_ATTRIBUTE *ret=NULL;
-        ASN1_CTX c;
-
-        M_ASN1_New_Malloc(ret,X509_ATTRIBUTE);
-        ret->object=OBJ_nid2obj(NID_undef);
-        ret->set=0;
-        ret->value.ptr=NULL;
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_X509_ATTRIBUTE_NEW);
-        }
-        
-void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a)
-        {
-        if (a == NULL) return;
-        ASN1_OBJECT_free(a->object);
-        if (a->set)
-                sk_ASN1_TYPE_pop_free(a->value.set,ASN1_TYPE_free);
-        else
-                ASN1_TYPE_free(a->value.single);
-        OPENSSL_free(a);
-        }
-
diff --git a/src/lib/libcrypto/asn1/x_bignum.c b/src/lib/libcrypto/asn1/x_bignum.c
new file mode 100644
index 0000000000..848c7a0877
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_bignum.c
@@ -0,0 +1,137 @@
+/* x_bignum.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+
+/* Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a
+ * BIGNUM directly. Currently it ignores the sign which isn't a problem since all
+ * BIGNUMs used are non negative and anything that looks negative is normally due
+ * to an encoding error.
+ */
+
+#define BN_SENSITIVE    1
+
+static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+static int bn_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+static ASN1_PRIMITIVE_FUNCS bignum_pf = {
+        NULL, 0,
+        bn_new,
+        bn_free,
+        0,
+        bn_c2i,
+        bn_i2c
+};
+
+ASN1_ITEM_start(BIGNUM)
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
+ASN1_ITEM_end(BIGNUM)
+
+ASN1_ITEM_start(CBIGNUM)
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"
+ASN1_ITEM_end(CBIGNUM)
+
+static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        *pval = (ASN1_VALUE *)BN_new();
+        if(*pval) return 1;
+        else return 0;
+}
+
+static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        if(!*pval) return;
+        if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval);
+        else BN_free((BIGNUM *)*pval);
+        *pval = NULL;
+}
+
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+{
+        BIGNUM *bn;
+        int pad;
+        if(!*pval) return -1;
+        bn = (BIGNUM *)*pval;
+        /* If MSB set in an octet we need a padding byte */
+        if(BN_num_bits(bn) & 0x7) pad = 0;
+        else pad = 1;
+        if(cont) {
+                if(pad) *cont++ = 0;
+                BN_bn2bin(bn, cont);
+        }
+        return pad + BN_num_bytes(bn);
+}
+
+static int bn_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
+{
+        BIGNUM *bn;
+        if(!*pval) bn_new(pval, it);
+        bn  = (BIGNUM *)*pval;
+        if(!BN_bin2bn(cont, len, bn)) {
+                bn_free(pval, it);
+                return 0;
+        }
+        return 1;
+}
+
+
diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c
index 51518cdf35..11fce96825 100644
--- a/src/lib/libcrypto/asn1/x_crl.c
+++ b/src/lib/libcrypto/asn1/x_crl.c
@@ -58,275 +58,76 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
 static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
                                 const X509_REVOKED * const *b);
 static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a,
                                 const X509_REVOKED * const *b);
-int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **pp)
-        {
-        M_ASN1_I2D_vars(a);
-
-        M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
-        M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME);
-        M_ASN1_I2D_len_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
-                                         i2d_X509_EXTENSION);
-
-        M_ASN1_I2D_seq_total();
 
-        M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
-        M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME);
-        M_ASN1_I2D_put_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
-                                         i2d_X509_EXTENSION);
-
-        M_ASN1_I2D_finish();
-        }
-
-X509_REVOKED *d2i_X509_REVOKED(X509_REVOKED **a, unsigned char **pp,
-             long length)
-        {
-        M_ASN1_D2I_vars(a,X509_REVOKED *,X509_REVOKED_new);
-
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER);
-        M_ASN1_D2I_get(ret->revocationDate,d2i_ASN1_TIME);
-        M_ASN1_D2I_get_seq_opt_type(X509_EXTENSION,ret->extensions,
-                                    d2i_X509_EXTENSION,X509_EXTENSION_free);
-        M_ASN1_D2I_Finish(a,X509_REVOKED_free,ASN1_F_D2I_X509_REVOKED);
-        }
-
-int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
-        {
-        int v1=0;
-        long l=0;
+ASN1_SEQUENCE(X509_REVOKED) = {
+        ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
+        ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
+} ASN1_SEQUENCE_END(X509_REVOKED)
+
+/* The X509_CRL_INFO structure needs a bit of customisation. This is actually
+ * mirroring the old behaviour: its purpose is to allow the use of
+ * sk_X509_REVOKED_find to lookup revoked certificates. Unfortunately
+ * this will zap the original order and the signature so we keep a copy
+ * of the original positions and reorder appropriately before encoding.
+ *
+ * Might want to see if there's a better way of doing this later...
+ */
+static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
+        int i;
         int (*old_cmp)(const X509_REVOKED * const *,
                         const X509_REVOKED * const *);
-        M_ASN1_I2D_vars(a);
-        
-        old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp);
-        sk_X509_REVOKED_sort(a->revoked);
-        sk_X509_REVOKED_set_cmp_func(a->revoked,old_cmp);
-
-        if ((a->version != NULL) && ((l=ASN1_INTEGER_get(a->version)) != 0))
-                {
-                M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
-                }
-        M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
-        M_ASN1_I2D_len(a->issuer,i2d_X509_NAME);
-        M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_TIME);
-        if (a->nextUpdate != NULL)
-                { M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); }
-        M_ASN1_I2D_len_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
-                                         i2d_X509_REVOKED);
-        M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
-                                             i2d_X509_EXTENSION,0,
-                                             V_ASN1_SEQUENCE,v1);
-
-        M_ASN1_I2D_seq_total();
-
-        if ((a->version != NULL) && (l != 0))
-                {
-                M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
-                }
-        M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR);
-        M_ASN1_I2D_put(a->issuer,i2d_X509_NAME);
-        M_ASN1_I2D_put(a->lastUpdate,i2d_ASN1_TIME);
-        if (a->nextUpdate != NULL)
-                { M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_TIME); }
-        M_ASN1_I2D_put_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
-                                         i2d_X509_REVOKED);
-        M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
-                                             i2d_X509_EXTENSION,0,
-                                             V_ASN1_SEQUENCE,v1);
 
-        M_ASN1_I2D_finish();
-        }
-
-X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a, unsigned char **pp,
-             long length)
-        {
-        int i,ver=0;
-        M_ASN1_D2I_vars(a,X509_CRL_INFO *,X509_CRL_INFO_new);
-
-
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get_opt(ret->version,d2i_ASN1_INTEGER,V_ASN1_INTEGER);
-        if (ret->version != NULL)
-                ver=ret->version->data[0];
-        
-        if ((ver == 0) && (ret->version != NULL))
-                {
-                M_ASN1_INTEGER_free(ret->version);
-                ret->version=NULL;
-                }
-        M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
-        M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
-        M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_TIME);
-        /* Manually handle the OPTIONAL ASN1_TIME stuff */
-        /* First try UTCTime */
-        M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_UTCTIME, V_ASN1_UTCTIME);
-        /* If that doesn't work try GeneralizedTime */
-        if(!ret->nextUpdate) 
-                M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_GENERALIZEDTIME,
-                                                        V_ASN1_GENERALIZEDTIME);
-        if (ret->revoked != NULL)
-                {
-                while (sk_X509_REVOKED_num(ret->revoked))
-                        X509_REVOKED_free(sk_X509_REVOKED_pop(ret->revoked));
-                }
-        M_ASN1_D2I_get_seq_opt_type(X509_REVOKED,ret->revoked,d2i_X509_REVOKED,
-                                    X509_REVOKED_free);
-
-        if (ret->revoked != NULL)
-                {
-                for (i=0; i<sk_X509_REVOKED_num(ret->revoked); i++)
-                        {
-                        sk_X509_REVOKED_value(ret->revoked,i)->sequence=i;
-                        }
-                }
-
-        if (ret->extensions != NULL)
-                {
-                while (sk_X509_EXTENSION_num(ret->extensions))
-                        X509_EXTENSION_free(
-                        sk_X509_EXTENSION_pop(ret->extensions));
-                }
-                
-        M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,ret->extensions,
-                                        d2i_X509_EXTENSION,
-                                        X509_EXTENSION_free,0,
-                                        V_ASN1_SEQUENCE);
-
-        M_ASN1_D2I_Finish(a,X509_CRL_INFO_free,ASN1_F_D2I_X509_CRL_INFO);
-        }
-
-int i2d_X509_CRL(X509_CRL *a, unsigned char **pp)
-        {
-        M_ASN1_I2D_vars(a);
-
-        M_ASN1_I2D_len(a->crl,i2d_X509_CRL_INFO);
-        M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
-        M_ASN1_I2D_len(a->signature,i2d_ASN1_BIT_STRING);
-
-        M_ASN1_I2D_seq_total();
-
-        M_ASN1_I2D_put(a->crl,i2d_X509_CRL_INFO);
-        M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR);
-        M_ASN1_I2D_put(a->signature,i2d_ASN1_BIT_STRING);
-
-        M_ASN1_I2D_finish();
-        }
-
-X509_CRL *d2i_X509_CRL(X509_CRL **a, unsigned char **pp, long length)
-        {
-        M_ASN1_D2I_vars(a,X509_CRL *,X509_CRL_new);
-
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->crl,d2i_X509_CRL_INFO);
-        M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
-        M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
-
-        M_ASN1_D2I_Finish(a,X509_CRL_free,ASN1_F_D2I_X509_CRL);
-        }
-
-
-X509_REVOKED *X509_REVOKED_new(void)
-        {
-        X509_REVOKED *ret=NULL;
-        ASN1_CTX c;
-
-        M_ASN1_New_Malloc(ret,X509_REVOKED);
-        M_ASN1_New(ret->serialNumber,M_ASN1_INTEGER_new);
-        M_ASN1_New(ret->revocationDate,M_ASN1_UTCTIME_new);
-        ret->extensions=NULL;
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_X509_REVOKED_NEW);
-        }
-
-X509_CRL_INFO *X509_CRL_INFO_new(void)
-        {
-        X509_CRL_INFO *ret=NULL;
-        ASN1_CTX c;
-
-        M_ASN1_New_Malloc(ret,X509_CRL_INFO);
-        ret->version=NULL;
-        M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
-        M_ASN1_New(ret->issuer,X509_NAME_new);
-        M_ASN1_New(ret->lastUpdate,M_ASN1_UTCTIME_new);
-        ret->nextUpdate=NULL;
-        M_ASN1_New(ret->revoked,sk_X509_REVOKED_new_null);
-        ret->extensions = NULL;
-        sk_X509_REVOKED_set_cmp_func(ret->revoked,X509_REVOKED_cmp);
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW);
-        }
-
-X509_CRL *X509_CRL_new(void)
-        {
-        X509_CRL *ret=NULL;
-        ASN1_CTX c;
-
-        M_ASN1_New_Malloc(ret,X509_CRL);
-        ret->references=1;
-        M_ASN1_New(ret->crl,X509_CRL_INFO_new);
-        M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
-        M_ASN1_New(ret->signature,M_ASN1_BIT_STRING_new);
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_X509_CRL_NEW);
-        }
-
-void X509_REVOKED_free(X509_REVOKED *a)
-        {
-        if (a == NULL) return;
-        M_ASN1_INTEGER_free(a->serialNumber);
-        M_ASN1_UTCTIME_free(a->revocationDate);
-        sk_X509_EXTENSION_pop_free(a->extensions,X509_EXTENSION_free);
-        OPENSSL_free(a);
-        }
-
-void X509_CRL_INFO_free(X509_CRL_INFO *a)
-        {
-        if (a == NULL) return;
-        M_ASN1_INTEGER_free(a->version);
-        X509_ALGOR_free(a->sig_alg);
-        X509_NAME_free(a->issuer);
-        M_ASN1_UTCTIME_free(a->lastUpdate);
-        if (a->nextUpdate)
-                M_ASN1_UTCTIME_free(a->nextUpdate);
-        sk_X509_REVOKED_pop_free(a->revoked,X509_REVOKED_free);
-        sk_X509_EXTENSION_pop_free(a->extensions,X509_EXTENSION_free);
-        OPENSSL_free(a);
-        }
-
-void X509_CRL_free(X509_CRL *a)
-        {
-        int i;
-
-        if (a == NULL) return;
-
-        i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509_CRL);
-#ifdef REF_PRINT
-        REF_PRINT("X509_CRL",a);
-#endif
-        if (i > 0) return;
-#ifdef REF_CHECK
-        if (i < 0)
-                {
-                fprintf(stderr,"X509_CRL_free, bad reference count\n");
-                abort();
-                }
-#endif
-
-        X509_CRL_INFO_free(a->crl);
-        X509_ALGOR_free(a->sig_alg);
-        M_ASN1_BIT_STRING_free(a->signature);
-        OPENSSL_free(a);
+        if(!a || !a->revoked) return 1;
+        switch(operation) {
+
+                /* Save original order */
+                case ASN1_OP_D2I_POST:
+                for (i=0; i<sk_X509_REVOKED_num(a->revoked); i++)
+                        sk_X509_REVOKED_value(a->revoked,i)->sequence=i;
+                sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);
+                break;
+
+                /* Restore original order */
+                case ASN1_OP_I2D_PRE:
+                old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp);
+                sk_X509_REVOKED_sort(a->revoked);
+                sk_X509_REVOKED_set_cmp_func(a->revoked,old_cmp);
+                break;
         }
+        return 1;
+}
+
+
+ASN1_SEQUENCE_cb(X509_CRL_INFO, crl_inf_cb) = {
+        ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
+        ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),
+        ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
+        ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),
+        ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
+} ASN1_SEQUENCE_END_cb(X509_CRL_INFO, X509_CRL_INFO)
+
+ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = {
+        ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
+        ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED)
+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
 
 static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
                         const X509_REVOKED * const *b)
@@ -342,6 +143,19 @@ static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a,
         return((*a)->sequence-(*b)->sequence);
         }
 
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
+{
+        X509_CRL_INFO *inf;
+        inf = crl->crl;
+        if(!inf->revoked)
+                inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
+        if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
+                ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        return 1;
+}
+
 IMPLEMENT_STACK_OF(X509_REVOKED)
 IMPLEMENT_ASN1_SET_OF(X509_REVOKED)
 IMPLEMENT_STACK_OF(X509_CRL)
diff --git a/src/lib/libcrypto/asn1/x_exten.c b/src/lib/libcrypto/asn1/x_exten.c
index fbfd963b40..702421b6c8 100644
--- a/src/lib/libcrypto/asn1/x_exten.c
+++ b/src/lib/libcrypto/asn1/x_exten.c
@@ -1,139 +1,71 @@
-/* crypto/asn1/x_exten.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* x_exten.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
 
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/asn1_mac.h>
+#include <stddef.h>
 #include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
 
-int i2d_X509_EXTENSION(X509_EXTENSION *a, unsigned char **pp)
-        {
-        int k=0;
-        int r=0,ret=0;
-        unsigned char **p=NULL;
-
-        if (a == NULL) return(0);
-
-        p=NULL;
-        for (;;)
-                {
-                if (k)
-                        {
-                        r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
-                        if (pp == NULL) return(r);
-                        p=pp;
-                        ASN1_put_object(p,1,ret,V_ASN1_SEQUENCE,
-                                V_ASN1_UNIVERSAL);
-                        }
-
-                ret+=i2d_ASN1_OBJECT(a->object,p);
-                if ((a->critical) || a->netscape_hack)
-                        ret+=i2d_ASN1_BOOLEAN(a->critical,p);
-                ret+=i2d_ASN1_OCTET_STRING(a->value,p);
-                if (k++) return(r);
-                }
-        }
-
-X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **a, unsigned char **pp,
-             long length)
-        {
-        int i;
-        M_ASN1_D2I_vars(a,X509_EXTENSION *,X509_EXTENSION_new);
-
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT);
-
-        ret->netscape_hack=0;
-        if ((c.slen != 0) &&
-                (M_ASN1_next == (V_ASN1_UNIVERSAL|V_ASN1_BOOLEAN)))
-                {
-                c.q=c.p;
-                if (d2i_ASN1_BOOLEAN(&i,&c.p,c.slen) < 0) goto err;
-                ret->critical=i;
-                c.slen-=(c.p-c.q);
-                if (ret->critical == 0) ret->netscape_hack=1;
-                }
-        M_ASN1_D2I_get(ret->value,d2i_ASN1_OCTET_STRING);
-
-        M_ASN1_D2I_Finish(a,X509_EXTENSION_free,ASN1_F_D2I_X509_EXTENSION);
-        }
-
-X509_EXTENSION *X509_EXTENSION_new(void)
-        {
-        X509_EXTENSION *ret=NULL;
-        ASN1_CTX c;
-
-        M_ASN1_New_Malloc(ret,X509_EXTENSION);
-        ret->object=OBJ_nid2obj(NID_undef);
-        M_ASN1_New(ret->value,M_ASN1_OCTET_STRING_new);
-        ret->critical=0;
-        ret->netscape_hack=0;
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_X509_EXTENSION_NEW);
-        }
-        
-void X509_EXTENSION_free(X509_EXTENSION *a)
-        {
-        if (a == NULL) return;
-        ASN1_OBJECT_free(a->object);
-        M_ASN1_OCTET_STRING_free(a->value);
-        OPENSSL_free(a);
-        }
+ASN1_SEQUENCE(X509_EXTENSION) = {
+        ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
+        ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
+        ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_EXTENSION)
 
+IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION)
diff --git a/src/lib/libcrypto/asn1/x_info.c b/src/lib/libcrypto/asn1/x_info.c
index 5e62fc2f6f..d44f6cdb01 100644
--- a/src/lib/libcrypto/asn1/x_info.c
+++ b/src/lib/libcrypto/asn1/x_info.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1.h>
 #include <openssl/x509.h>
 
 X509_INFO *X509_INFO_new(void)
diff --git a/src/lib/libcrypto/asn1/x_long.c b/src/lib/libcrypto/asn1/x_long.c
new file mode 100644
index 0000000000..c5f25956cb
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_long.c
@@ -0,0 +1,169 @@
+/* x_long.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+
+/* Custom primitive type for long handling. This converts between an ASN1_INTEGER
+ * and a long directly.
+ */
+
+
+static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+static ASN1_PRIMITIVE_FUNCS long_pf = {
+        NULL, 0,
+        long_new,
+        long_free,
+        long_free,      /* Clear should set to initial value */
+        long_c2i,
+        long_i2c
+};
+
+ASN1_ITEM_start(LONG)
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
+ASN1_ITEM_end(LONG)
+
+ASN1_ITEM_start(ZLONG)
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
+ASN1_ITEM_end(ZLONG)
+
+static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        *(long *)pval = it->size;
+        return 1;
+}
+
+static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        *(long *)pval = it->size;
+}
+
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+{
+        long ltmp;
+        unsigned long utmp;
+        int clen, pad, i;
+        /* this exists to bypass broken gcc optimization */
+        char *cp = (char *)pval;
+
+        /* use memcpy, because we may not be long aligned */
+        memcpy(&ltmp, cp, sizeof(long));
+
+        if(ltmp == it->size) return -1;
+        /* Convert the long to positive: we subtract one if negative so
+         * we can cleanly handle the padding if only the MSB of the leading
+         * octet is set. 
+         */
+        if(ltmp < 0) utmp = -ltmp - 1;
+        else utmp = ltmp;
+        clen = BN_num_bits_word(utmp);
+        /* If MSB of leading octet set we need to pad */
+        if(!(clen & 0x7)) pad = 1;
+        else pad = 0;
+
+        /* Convert number of bits to number of octets */
+        clen = (clen + 7) >> 3;
+
+        if(cont) {
+                if(pad) *cont++ = (ltmp < 0) ? 0xff : 0;
+                for(i = clen - 1; i >= 0; i--) {
+                        cont[i] = (unsigned char)(utmp & 0xff);
+                        if(ltmp < 0) cont[i] ^= 0xff;
+                        utmp >>= 8;
+                }
+        }
+        return clen + pad;
+}
+
+static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
+{
+        int neg, i;
+        long ltmp;
+        unsigned long utmp = 0;
+        char *cp = (char *)pval;
+        if(len > sizeof(long)) {
+                ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+                return 0;
+        }
+        /* Is it negative? */
+        if(len && (cont[0] & 0x80)) neg = 1;
+        else neg = 0;
+        utmp = 0;
+        for(i = 0; i < len; i++) {
+                utmp <<= 8;
+                if(neg) utmp |= cont[i] ^ 0xff;
+                else utmp |= cont[i];
+        }
+        ltmp = (long)utmp;
+        if(neg) {
+                ltmp++;
+                ltmp = -ltmp;
+        }
+        if(ltmp == it->size) {
+                ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+                return 0;
+        }
+        memcpy(cp, &ltmp, sizeof(long));
+        return 1;
+}
diff --git a/src/lib/libcrypto/asn1/x_name.c b/src/lib/libcrypto/asn1/x_name.c
index 1885d699ef..caece0f158 100644
--- a/src/lib/libcrypto/asn1/x_name.c
+++ b/src/lib/libcrypto/asn1/x_name.c
@@ -58,212 +58,203 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-static int i2d_X509_NAME_entries(X509_NAME *a);
-int i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a, unsigned char **pp)
-        {
-        M_ASN1_I2D_vars(a);
+static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it,
+                                        int tag, int aclass, char opt, ASN1_TLC *ctx);
 
-        M_ASN1_I2D_len(a->object,i2d_ASN1_OBJECT);
-        M_ASN1_I2D_len(a->value,i2d_ASN1_PRINTABLE);
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
+static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
 
-        M_ASN1_I2D_seq_total();
+static int x509_name_encode(X509_NAME *a);
 
-        M_ASN1_I2D_put(a->object,i2d_ASN1_OBJECT);
-        M_ASN1_I2D_put(a->value,i2d_ASN1_PRINTABLE);
+ASN1_SEQUENCE(X509_NAME_ENTRY) = {
+        ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
+        ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)
+} ASN1_SEQUENCE_END(X509_NAME_ENTRY)
 
-        M_ASN1_I2D_finish();
-        }
+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)
 
-X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a, unsigned char **pp,
-             long length)
-        {
-        M_ASN1_D2I_vars(a,X509_NAME_ENTRY *,X509_NAME_ENTRY_new);
+/* For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY }
+ * so declare two template wrappers for this
+ */
 
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT);
-        M_ASN1_D2I_get(ret->value,d2i_ASN1_PRINTABLE);
-        ret->set=0;
-        M_ASN1_D2I_Finish(a,X509_NAME_ENTRY_free,ASN1_F_D2I_X509_NAME_ENTRY);
-        }
+ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
+ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)
 
-int i2d_X509_NAME(X509_NAME *a, unsigned char **pp)
-        {
-        int ret;
+ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
+ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
 
-        if (a == NULL) return(0);
-        if (a->modified)
-                {
-                ret=i2d_X509_NAME_entries(a);
-                if (ret < 0) return(ret);
-                }
-
-        ret=a->bytes->length;
-        if (pp != NULL)
-                {
-                memcpy(*pp,a->bytes->data,ret);
-                *pp+=ret;
-                }
-        return(ret);
-        }
-
-static int i2d_X509_NAME_entries(X509_NAME *a)
-        {
-        X509_NAME_ENTRY *ne,*fe=NULL;
-        STACK_OF(X509_NAME_ENTRY) *sk;
-        BUF_MEM *buf=NULL;
-        int set=0,r,ret=0;
-        int i;
-        unsigned char *p;
-        int size=0;
+/* Normally that's where it would end: we'd have two nested STACK structures
+ * representing the ASN1. Unfortunately X509_NAME uses a completely different
+ * form and caches encodings so we have to process the internal form and convert
+ * to the external form.
+ */
 
-        sk=a->entries;
-        for (i=0; i<sk_X509_NAME_ENTRY_num(sk); i++)
-                {
-                ne=sk_X509_NAME_ENTRY_value(sk,i);
-                if (fe == NULL)
-                        {
-                        fe=ne;
-                        size=0;
-                        }
+const ASN1_EXTERN_FUNCS x509_name_ff = {
+        NULL,
+        x509_name_ex_new,
+        x509_name_ex_free,
+        0,      /* Default clear behaviour is OK */
+        x509_name_ex_d2i,
+        x509_name_ex_i2d
+};
+
+IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) 
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)
+
+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
+{
+        X509_NAME *ret = NULL;
+        ret = OPENSSL_malloc(sizeof(X509_NAME));
+        if(!ret) goto memerr;
+        if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL)
+                goto memerr;
+        if((ret->bytes = BUF_MEM_new()) == NULL) goto memerr;
+        ret->modified=1;
+        *val = (ASN1_VALUE *)ret;
+        return 1;
 
-                if (ne->set != set)
-                        {
-                        ret+=ASN1_object_size(1,size,V_ASN1_SET);
-                        fe->size=size;
-                        fe=ne;
-                        size=0;
-                        set=ne->set;
-                        }
-                size+=i2d_X509_NAME_ENTRY(ne,NULL);
-                }
-        if (fe != NULL)
+ memerr:
+        ASN1err(ASN1_F_X509_NAME_NEW, ERR_R_MALLOC_FAILURE);
+        if (ret)
                 {
-                /* SET OF needed only if entries is non empty */
-                ret+=ASN1_object_size(1,size,V_ASN1_SET);
-                fe->size=size;
+                if (ret->entries)
+                        sk_X509_NAME_ENTRY_free(ret->entries);
+                OPENSSL_free(ret);
                 }
+        return 0;
+}
 
-        r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
-
-        buf=a->bytes;
-        if (!BUF_MEM_grow(buf,r)) goto err;
-        p=(unsigned char *)buf->data;
-
-        ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-
-        set= -1;
-        for (i=0; i<sk_X509_NAME_ENTRY_num(sk); i++)
-                {
-                ne=sk_X509_NAME_ENTRY_value(sk,i);
-                if (set != ne->set)
-                        {
-                        set=ne->set;
-                        ASN1_put_object(&p,1,ne->size,
-                                V_ASN1_SET,V_ASN1_UNIVERSAL);
-                        }
-                i2d_X509_NAME_ENTRY(ne,&p);
-                }
-        a->modified=0;
-        return(r);
-err:
-        return(-1);
-        }
+static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        X509_NAME *a;
+        if(!pval || !*pval)
+            return;
+        a = (X509_NAME *)*pval;
 
-X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length)
-        {
-        int set=0,i;
-        int idx=0;
-        unsigned char *orig;
-        M_ASN1_D2I_vars(a,X509_NAME *,X509_NAME_new);
+        BUF_MEM_free(a->bytes);
+        sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
+        OPENSSL_free(a);
+        *pval = NULL;
+}
 
-        orig= *pp;
-        if (sk_X509_NAME_ENTRY_num(ret->entries) > 0)
-                {
-                while (sk_X509_NAME_ENTRY_num(ret->entries) > 0)
-                        X509_NAME_ENTRY_free(
-                                       sk_X509_NAME_ENTRY_pop(ret->entries));
-                }
+/* Used with sk_pop_free() to free up the internal representation.
+ * NB: we only free the STACK and not its contents because it is
+ * already present in the X509_NAME structure.
+ */
 
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        for (;;)
-                {
-                if (M_ASN1_D2I_end_sequence()) break;
-                M_ASN1_D2I_get_set_type(X509_NAME_ENTRY,ret->entries,
-                                        d2i_X509_NAME_ENTRY,
-                                        X509_NAME_ENTRY_free);
-                for (; idx < sk_X509_NAME_ENTRY_num(ret->entries); idx++)
-                        {
-                        sk_X509_NAME_ENTRY_value(ret->entries,idx)->set=set;
-                        }
-                set++;
+static void sk_internal_free(void *a)
+{
+        sk_free(a);
+}
+
+static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it,
+                                        int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+        unsigned char *p = *in, *q;
+        STACK *intname = NULL;
+        int i, j, ret;
+        X509_NAME *nm = NULL;
+        STACK_OF(X509_NAME_ENTRY) *entries;
+        X509_NAME_ENTRY *entry;
+        q = p;
+
+        /* Get internal representation of Name */
+        ret = ASN1_item_ex_d2i((ASN1_VALUE **)&intname, &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
+                                                                tag, aclass, opt, ctx);
+        
+        if(ret <= 0) return ret;
+
+        if(*val) x509_name_ex_free(val, NULL);
+        if(!x509_name_ex_new((ASN1_VALUE **)&nm, NULL)) goto err;
+        /* We've decoded it: now cache encoding */
+        if(!BUF_MEM_grow(nm->bytes, p - q)) goto err;
+        memcpy(nm->bytes->data, q, p - q);
+
+        /* Convert internal representation to X509_NAME structure */
+        for(i = 0; i < sk_num(intname); i++) {
+                entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname, i);
+                for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
+                        entry = sk_X509_NAME_ENTRY_value(entries, j);
+                        entry->set = i;
+                        if(!sk_X509_NAME_ENTRY_push(nm->entries, entry))
+                                goto err;
                 }
-
-        i=(int)(c.p-orig);
-        if (!BUF_MEM_grow(ret->bytes,i)) goto err;
-        memcpy(ret->bytes->data,orig,i);
-        ret->bytes->length=i;
-        ret->modified=0;
-
-        M_ASN1_D2I_Finish(a,X509_NAME_free,ASN1_F_D2I_X509_NAME);
+                sk_X509_NAME_ENTRY_free(entries);
         }
-
-X509_NAME *X509_NAME_new(void)
-        {
-        X509_NAME *ret=NULL;
-        ASN1_CTX c;
-
-        M_ASN1_New_Malloc(ret,X509_NAME);
-        if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL)
-                { c.line=__LINE__; goto err2; }
-        M_ASN1_New(ret->bytes,BUF_MEM_new);
-        ret->modified=1;
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_X509_NAME_NEW);
+        sk_free(intname);
+        nm->modified = 0;
+        *val = (ASN1_VALUE *)nm;
+        *in = p;
+        return ret;
+        err:
+        ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_NESTED_ASN1_ERROR);
+        return 0;
+}
+
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
+{
+        int ret;
+        X509_NAME *a = (X509_NAME *)*val;
+        if(a->modified) {
+                ret = x509_name_encode((X509_NAME *)a);
+                if(ret < 0) return ret;
         }
-
-X509_NAME_ENTRY *X509_NAME_ENTRY_new(void)
-        {
-        X509_NAME_ENTRY *ret=NULL;
-        ASN1_CTX c;
-
-        M_ASN1_New_Malloc(ret,X509_NAME_ENTRY);
-/*      M_ASN1_New(ret->object,ASN1_OBJECT_new);*/
-        ret->object=NULL;
-        ret->set=0;
-        M_ASN1_New(ret->value,ASN1_STRING_new);
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_X509_NAME_ENTRY_NEW);
+        ret = a->bytes->length;
+        if(out != NULL) {
+                memcpy(*out,a->bytes->data,ret);
+                *out+=ret;
         }
+        return ret;
+}
 
-void X509_NAME_free(X509_NAME *a)
-        {
-        if(a == NULL)
-            return;
-
-        BUF_MEM_free(a->bytes);
-        sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
-        OPENSSL_free(a);
+static int x509_name_encode(X509_NAME *a)
+{
+        STACK *intname = NULL;
+        int len;
+        unsigned char *p;
+        STACK_OF(X509_NAME_ENTRY) *entries = NULL;
+        X509_NAME_ENTRY *entry;
+        int i, set = -1;
+        intname = sk_new_null();
+        if(!intname) goto memerr;
+        for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+                entry = sk_X509_NAME_ENTRY_value(a->entries, i);
+                if(entry->set != set) {
+                        entries = sk_X509_NAME_ENTRY_new_null();
+                        if(!entries) goto memerr;
+                        if(!sk_push(intname, (char *)entries)) goto memerr;
+                        set = entry->set;
+                }
+                if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
         }
+        len = ASN1_item_ex_i2d((ASN1_VALUE **)&intname, NULL, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+        if (!BUF_MEM_grow(a->bytes,len)) goto memerr;
+        p=(unsigned char *)a->bytes->data;
+        ASN1_item_ex_i2d((ASN1_VALUE **)&intname, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+        sk_pop_free(intname, sk_internal_free);
+        a->modified = 0;
+        return len;
+        memerr:
+        sk_pop_free(intname, sk_internal_free);
+        ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_MALLOC_FAILURE);
+        return -1;
+}
 
-void X509_NAME_ENTRY_free(X509_NAME_ENTRY *a)
-        {
-        if (a == NULL) return;
-        ASN1_OBJECT_free(a->object);
-        M_ASN1_BIT_STRING_free(a->value);
-        OPENSSL_free(a);
-        }
 
 int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
         {
         X509_NAME *in;
 
-        if (*xn == NULL) return(0);
+        if (!xn || !name) return(0);
 
         if (*xn != name)
                 {
diff --git a/src/lib/libcrypto/asn1/x_pubkey.c b/src/lib/libcrypto/asn1/x_pubkey.c
index 4397a404b5..55630294b6 100644
--- a/src/lib/libcrypto/asn1/x_pubkey.c
+++ b/src/lib/libcrypto/asn1/x_pubkey.c
@@ -58,62 +58,25 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-int i2d_X509_PUBKEY(X509_PUBKEY *a, unsigned char **pp)
-        {
-        M_ASN1_I2D_vars(a);
-
-        M_ASN1_I2D_len(a->algor,        i2d_X509_ALGOR);
-        M_ASN1_I2D_len(a->public_key,   i2d_ASN1_BIT_STRING);
-
-        M_ASN1_I2D_seq_total();
-
-        M_ASN1_I2D_put(a->algor,        i2d_X509_ALGOR);
-        M_ASN1_I2D_put(a->public_key,   i2d_ASN1_BIT_STRING);
-
-        M_ASN1_I2D_finish();
-        }
-
-X509_PUBKEY *d2i_X509_PUBKEY(X509_PUBKEY **a, unsigned char **pp,
-             long length)
-        {
-        M_ASN1_D2I_vars(a,X509_PUBKEY *,X509_PUBKEY_new);
-
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
-        M_ASN1_D2I_get(ret->public_key,d2i_ASN1_BIT_STRING);
-        if (ret->pkey != NULL)
-                {
-                EVP_PKEY_free(ret->pkey);
-                ret->pkey=NULL;
-                }
-        M_ASN1_D2I_Finish(a,X509_PUBKEY_free,ASN1_F_D2I_X509_PUBKEY);
+/* Minor tweak to operation: free up EVP_PKEY */
+static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        if(operation == ASN1_OP_FREE_POST) {
+                X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
+                EVP_PKEY_free(pubkey->pkey);
         }
+        return 1;
+}
 
-X509_PUBKEY *X509_PUBKEY_new(void)
-        {
-        X509_PUBKEY *ret=NULL;
-        ASN1_CTX c;
-
-        M_ASN1_New_Malloc(ret,X509_PUBKEY);
-        M_ASN1_New(ret->algor,X509_ALGOR_new);
-        M_ASN1_New(ret->public_key,M_ASN1_BIT_STRING_new);
-        ret->pkey=NULL;
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_X509_PUBKEY_NEW);
-        }
+ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
+        ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
+        ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY)
 
-void X509_PUBKEY_free(X509_PUBKEY *a)
-        {
-        if (a == NULL) return;
-        X509_ALGOR_free(a->algor);
-        M_ASN1_BIT_STRING_free(a->public_key);
-        if (a->pkey != NULL) EVP_PKEY_free(a->pkey);
-        OPENSSL_free(a);
-        }
+IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
 
 int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
         {
@@ -146,7 +109,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
                         }
                 }
         else
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
                 if (pkey->type == EVP_PKEY_DSA)
                 {
                 unsigned char *pp;
@@ -206,7 +169,8 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
         long j;
         int type;
         unsigned char *p;
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
+        const unsigned char *cp;
         X509_ALGOR *a;
 #endif
 
@@ -230,16 +194,16 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
                 }
         ret->save_parameters=0;
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
         a=key->algor;
         if (ret->type == EVP_PKEY_DSA)
                 {
                 if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
                         {
                         ret->pkey.dsa->write_params=0;
-                        p=a->parameter->value.sequence->data;
+                        cp=p=a->parameter->value.sequence->data;
                         j=a->parameter->value.sequence->length;
-                        if (!d2i_DSAparams(&ret->pkey.dsa,&p,(long)j))
+                        if (!d2i_DSAparams(&ret->pkey.dsa,&cp,(long)j))
                                 goto err;
                         }
                 ret->save_parameters=1;
@@ -289,7 +253,7 @@ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
 /* The following are equivalents but which return RSA and DSA
  * keys
  */
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 RSA *d2i_RSA_PUBKEY(RSA **a, unsigned char **pp,
              long length)
 {
@@ -327,7 +291,7 @@ int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
 }
 #endif
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 DSA *d2i_DSA_PUBKEY(DSA **a, unsigned char **pp,
              long length)
 {
diff --git a/src/lib/libcrypto/asn1/x_req.c b/src/lib/libcrypto/asn1/x_req.c
index 6dddd4f653..b3f18ebc12 100644
--- a/src/lib/libcrypto/asn1/x_req.c
+++ b/src/lib/libcrypto/asn1/x_req.c
@@ -58,200 +58,55 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-int i2d_X509_REQ_INFO(X509_REQ_INFO *a, unsigned char **pp)
-        {
-        M_ASN1_I2D_vars(a);
-
-        if(a->asn1) {
-                if(pp) {
-                        memcpy(*pp, a->asn1, a->length);
-                        *pp += a->length;
-                }
-                return a->length;
-        }
-
-        M_ASN1_I2D_len(a->version,              i2d_ASN1_INTEGER);
-        M_ASN1_I2D_len(a->subject,              i2d_X509_NAME);
-        M_ASN1_I2D_len(a->pubkey,               i2d_X509_PUBKEY);
-
-        /* this is a *nasty* hack reported to be required to
-         * allow some CA Software to accept the cert request.
-         * It is not following the PKCS standards ...
-         * PKCS#10 pg 5
-         * attributes [0] IMPLICIT Attributes
-         * NOTE: no OPTIONAL ... so it *must* be there
-         */
-        if (a->req_kludge) 
-                {
-                M_ASN1_I2D_len_IMP_SET_opt_type(X509_ATTRIBUTE,a->attributes,i2d_X509_ATTRIBUTE,0);
-                }
-        else
-                {
-                M_ASN1_I2D_len_IMP_SET_type(X509_ATTRIBUTE,a->attributes,
-                                            i2d_X509_ATTRIBUTE,0);
-                }
-        
-        M_ASN1_I2D_seq_total();
-        M_ASN1_I2D_put(a->version,              i2d_ASN1_INTEGER);
-        M_ASN1_I2D_put(a->subject,              i2d_X509_NAME);
-        M_ASN1_I2D_put(a->pubkey,               i2d_X509_PUBKEY);
+/* X509_REQ_INFO is handled in an unusual way to get round
+ * invalid encodings. Some broken certificate requests don't
+ * encode the attributes field if it is empty. This is in
+ * violation of PKCS#10 but we need to tolerate it. We do
+ * this by making the attributes field OPTIONAL then using
+ * the callback to initialise it to an empty STACK. 
+ *
+ * This means that the field will be correctly encoded unless
+ * we NULL out the field.
+ *
+ * As a result we no longer need the req_kludge field because
+ * the information is now contained in the attributes field:
+ * 1. If it is NULL then it's the invalid omission.
+ * 2. If it is empty it is the correct encoding.
+ * 3. If it is not empty then some attributes are present.
+ *
+ */
 
-        /* this is a *nasty* hack reported to be required by some CA's.
-         * It is not following the PKCS standards ...
-         * PKCS#10 pg 5
-         * attributes [0] IMPLICIT Attributes
-         * NOTE: no OPTIONAL ... so it *must* be there
-         */
-        if (a->req_kludge)
-                {
-                M_ASN1_I2D_put_IMP_SET_opt_type(X509_ATTRIBUTE,a->attributes,
-                                                i2d_X509_ATTRIBUTE,0);
-                }
-        else
-                {
-                M_ASN1_I2D_put_IMP_SET_type(X509_ATTRIBUTE,a->attributes,
-                                            i2d_X509_ATTRIBUTE,0);
-                }
+static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
 
-        M_ASN1_I2D_finish();
+        if(operation == ASN1_OP_NEW_POST) {
+                rinf->attributes = sk_X509_ATTRIBUTE_new_null();
+                if(!rinf->attributes) return 0;
         }
-
-X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a, unsigned char **pp,
-             long length)
-        {
-        M_ASN1_D2I_vars(a,X509_REQ_INFO *,X509_REQ_INFO_new);
-
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
-        M_ASN1_D2I_get(ret->subject,d2i_X509_NAME);
-        M_ASN1_D2I_get(ret->pubkey,d2i_X509_PUBKEY);
-
-        /* this is a *nasty* hack to allow for some CA's that
-         * have been reported as requiring it.
-         * It is not following the PKCS standards ...
-         * PKCS#10 pg 5
-         * attributes [0] IMPLICIT Attributes
-         * NOTE: no OPTIONAL ... so it *must* be there
+        return 1;
+}
+
+ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = {
+        ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME),
+        ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY),
+        /* This isn't really OPTIONAL but it gets round invalid
+         * encodings
          */
-        if (asn1_Finish(&c))
-                ret->req_kludge=1;
-        else
-                {
-                M_ASN1_D2I_get_IMP_set_type(X509_ATTRIBUTE,ret->attributes,
-                                            d2i_X509_ATTRIBUTE,
-                                            X509_ATTRIBUTE_free,0);
-                }
-
-        M_ASN1_D2I_Finish(a,X509_REQ_INFO_free,ASN1_F_D2I_X509_REQ_INFO);
-        }
-
-X509_REQ_INFO *X509_REQ_INFO_new(void)
-        {
-        X509_REQ_INFO *ret=NULL;
-        ASN1_CTX c;
-
-        M_ASN1_New_Malloc(ret,X509_REQ_INFO);
-        M_ASN1_New(ret->version,M_ASN1_INTEGER_new);
-        M_ASN1_New(ret->subject,X509_NAME_new);
-        M_ASN1_New(ret->pubkey,X509_PUBKEY_new);
-        M_ASN1_New(ret->attributes,sk_X509_ATTRIBUTE_new_null);
-        ret->req_kludge=0;
-        ret->asn1 = NULL;
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_X509_REQ_INFO_NEW);
-        }
-        
-void X509_REQ_INFO_free(X509_REQ_INFO *a)
-        {
-        if (a == NULL) return;
-        if(a->asn1) OPENSSL_free(a->asn1);
-        M_ASN1_INTEGER_free(a->version);
-        X509_NAME_free(a->subject);
-        X509_PUBKEY_free(a->pubkey);
-        sk_X509_ATTRIBUTE_pop_free(a->attributes,X509_ATTRIBUTE_free);
-        OPENSSL_free(a);
-        }
+        ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0)
+} ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO)
 
-int i2d_X509_REQ(X509_REQ *a, unsigned char **pp)
-        {
-        M_ASN1_I2D_vars(a);
-        M_ASN1_I2D_len(a->req_info,     i2d_X509_REQ_INFO);
-        M_ASN1_I2D_len(a->sig_alg,      i2d_X509_ALGOR);
-        M_ASN1_I2D_len(a->signature,    i2d_ASN1_BIT_STRING);
-
-        M_ASN1_I2D_seq_total();
-
-        M_ASN1_I2D_put(a->req_info,     i2d_X509_REQ_INFO);
-        M_ASN1_I2D_put(a->sig_alg,      i2d_X509_ALGOR);
-        M_ASN1_I2D_put(a->signature,    i2d_ASN1_BIT_STRING);
-
-        M_ASN1_I2D_finish();
-        }
-
-X509_REQ *d2i_X509_REQ(X509_REQ **a, unsigned char **pp, long length)
-        {
-        M_ASN1_D2I_vars(a,X509_REQ *,X509_REQ_new);
-
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->req_info,d2i_X509_REQ_INFO);
-
-        /* Keep a copy of the original encoding for signature checking */
-        ret->req_info->length = c.p - c.q;
-        if(!(ret->req_info->asn1 = OPENSSL_malloc(ret->req_info->length))) {
-                c.line=__LINE__;
-                c.error = ERR_R_MALLOC_FAILURE;
-                goto err;
-        }
-
-        memcpy(ret->req_info->asn1, c.q, ret->req_info->length);
-
-        M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
-        M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
-        M_ASN1_D2I_Finish(a,X509_REQ_free,ASN1_F_D2I_X509_REQ);
-        }
-
-X509_REQ *X509_REQ_new(void)
-        {
-        X509_REQ *ret=NULL;
-        ASN1_CTX c;
-
-        M_ASN1_New_Malloc(ret,X509_REQ);
-        ret->references=1;
-        M_ASN1_New(ret->req_info,X509_REQ_INFO_new);
-        M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
-        M_ASN1_New(ret->signature,M_ASN1_BIT_STRING_new);
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_X509_REQ_NEW);
-        }
-
-void X509_REQ_free(X509_REQ *a)
-        {
-        int i;
-
-        if (a == NULL) return;
-
-        i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509_REQ);
-#ifdef REF_PRINT
-        REF_PRINT("X509_REQ",a);
-#endif
-        if (i > 0) return;
-#ifdef REF_CHECK
-        if (i < 0)
-                {
-                fprintf(stderr,"X509_REQ_free, bad reference count\n");
-                abort();
-                }
-#endif
-
-        X509_REQ_INFO_free(a->req_info);
-        X509_ALGOR_free(a->sig_alg);
-        M_ASN1_BIT_STRING_free(a->signature);
-        OPENSSL_free(a);
-        }
+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO)
 
+ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_INFO) = {
+        ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO),
+        ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ)
 
+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ)
diff --git a/src/lib/libcrypto/asn1/x_sig.c b/src/lib/libcrypto/asn1/x_sig.c
index d79f147647..42efa86c1c 100644
--- a/src/lib/libcrypto/asn1/x_sig.c
+++ b/src/lib/libcrypto/asn1/x_sig.c
@@ -58,53 +58,12 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-int i2d_X509_SIG(X509_SIG *a, unsigned char **pp)
-        {
-        M_ASN1_I2D_vars(a);
-
-        M_ASN1_I2D_len(a->algor,        i2d_X509_ALGOR);
-        M_ASN1_I2D_len(a->digest,       i2d_ASN1_OCTET_STRING);
-
-        M_ASN1_I2D_seq_total();
-
-        M_ASN1_I2D_put(a->algor,        i2d_X509_ALGOR);
-        M_ASN1_I2D_put(a->digest,       i2d_ASN1_OCTET_STRING);
-
-        M_ASN1_I2D_finish();
-        }
-
-X509_SIG *d2i_X509_SIG(X509_SIG **a, unsigned char **pp, long length)
-        {
-        M_ASN1_D2I_vars(a,X509_SIG *,X509_SIG_new);
-
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
-        M_ASN1_D2I_get(ret->digest,d2i_ASN1_OCTET_STRING);
-        M_ASN1_D2I_Finish(a,X509_SIG_free,ASN1_F_D2I_X509_SIG);
-        }
-
-X509_SIG *X509_SIG_new(void)
-        {
-        X509_SIG *ret=NULL;
-        ASN1_CTX c;
-
-        M_ASN1_New_Malloc(ret,X509_SIG);
-        M_ASN1_New(ret->algor,X509_ALGOR_new);
-        M_ASN1_New(ret->digest,M_ASN1_OCTET_STRING_new);
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_X509_SIG_NEW);
-        }
-
-void X509_SIG_free(X509_SIG *a)
-        {
-        if (a == NULL) return;
-        X509_ALGOR_free(a->algor);
-        M_ASN1_OCTET_STRING_free(a->digest);
-        OPENSSL_free(a);
-        }
-
+ASN1_SEQUENCE(X509_SIG) = {
+        ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),
+        ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_SIG)
 
+IMPLEMENT_ASN1_FUNCTIONS(X509_SIG)
diff --git a/src/lib/libcrypto/asn1/x_spki.c b/src/lib/libcrypto/asn1/x_spki.c
index 4f01888f7d..2aece077c5 100644
--- a/src/lib/libcrypto/asn1/x_spki.c
+++ b/src/lib/libcrypto/asn1/x_spki.c
@@ -63,104 +63,19 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/x509.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 
-int i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a, unsigned char **pp)
-        {
-        M_ASN1_I2D_vars(a);
+ASN1_SEQUENCE(NETSCAPE_SPKAC) = {
+        ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY),
+        ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_SPKAC)
 
-        M_ASN1_I2D_len(a->pubkey,       i2d_X509_PUBKEY);
-        M_ASN1_I2D_len(a->challenge,    i2d_ASN1_IA5STRING);
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
 
-        M_ASN1_I2D_seq_total();
-
-        M_ASN1_I2D_put(a->pubkey,       i2d_X509_PUBKEY);
-        M_ASN1_I2D_put(a->challenge,    i2d_ASN1_IA5STRING);
-
-        M_ASN1_I2D_finish();
-        }
-
-NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a, unsigned char **pp,
-             long length)
-        {
-        M_ASN1_D2I_vars(a,NETSCAPE_SPKAC *,NETSCAPE_SPKAC_new);
-
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->pubkey,d2i_X509_PUBKEY);
-        M_ASN1_D2I_get(ret->challenge,d2i_ASN1_IA5STRING);
-        M_ASN1_D2I_Finish(a,NETSCAPE_SPKAC_free,ASN1_F_D2I_NETSCAPE_SPKAC);
-        }
-
-NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void)
-        {
-        NETSCAPE_SPKAC *ret=NULL;
-        ASN1_CTX c;
-
-        M_ASN1_New_Malloc(ret,NETSCAPE_SPKAC);
-        M_ASN1_New(ret->pubkey,X509_PUBKEY_new);
-        M_ASN1_New(ret->challenge,M_ASN1_IA5STRING_new);
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_NETSCAPE_SPKAC_NEW);
-        }
-
-void NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a)
-        {
-        if (a == NULL) return;
-        X509_PUBKEY_free(a->pubkey);
-        M_ASN1_IA5STRING_free(a->challenge);
-        OPENSSL_free(a);
-        }
-
-int i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a, unsigned char **pp)
-        {
-        M_ASN1_I2D_vars(a);
-
-        M_ASN1_I2D_len(a->spkac,        i2d_NETSCAPE_SPKAC);
-        M_ASN1_I2D_len(a->sig_algor,    i2d_X509_ALGOR);
-        M_ASN1_I2D_len(a->signature,    i2d_ASN1_BIT_STRING);
-
-        M_ASN1_I2D_seq_total();
-
-        M_ASN1_I2D_put(a->spkac,        i2d_NETSCAPE_SPKAC);
-        M_ASN1_I2D_put(a->sig_algor,    i2d_X509_ALGOR);
-        M_ASN1_I2D_put(a->signature,    i2d_ASN1_BIT_STRING);
-
-        M_ASN1_I2D_finish();
-        }
-
-NETSCAPE_SPKI *d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a, unsigned char **pp,
-             long length)
-        {
-        M_ASN1_D2I_vars(a,NETSCAPE_SPKI *,NETSCAPE_SPKI_new);
-
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->spkac,d2i_NETSCAPE_SPKAC);
-        M_ASN1_D2I_get(ret->sig_algor,d2i_X509_ALGOR);
-        M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
-        M_ASN1_D2I_Finish(a,NETSCAPE_SPKI_free,ASN1_F_D2I_NETSCAPE_SPKI);
-        }
-
-NETSCAPE_SPKI *NETSCAPE_SPKI_new(void)
-        {
-        NETSCAPE_SPKI *ret=NULL;
-        ASN1_CTX c;
-
-        M_ASN1_New_Malloc(ret,NETSCAPE_SPKI);
-        M_ASN1_New(ret->spkac,NETSCAPE_SPKAC_new);
-        M_ASN1_New(ret->sig_algor,X509_ALGOR_new);
-        M_ASN1_New(ret->signature,M_ASN1_BIT_STRING_new);
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_NETSCAPE_SPKI_NEW);
-        }
-
-void NETSCAPE_SPKI_free(NETSCAPE_SPKI *a)
-        {
-        if (a == NULL) return;
-        NETSCAPE_SPKAC_free(a->spkac);
-        X509_ALGOR_free(a->sig_algor);
-        M_ASN1_BIT_STRING_free(a->signature);
-        OPENSSL_free(a);
-        }
+ASN1_SEQUENCE(NETSCAPE_SPKI) = {
+        ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC),
+        ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR),
+        ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_SPKI)
 
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKI)
diff --git a/src/lib/libcrypto/asn1/x_val.c b/src/lib/libcrypto/asn1/x_val.c
index 0f8f020b57..dc17c67758 100644
--- a/src/lib/libcrypto/asn1/x_val.c
+++ b/src/lib/libcrypto/asn1/x_val.c
@@ -58,52 +58,12 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-int i2d_X509_VAL(X509_VAL *a, unsigned char **pp)
-        {
-        M_ASN1_I2D_vars(a);
-
-        M_ASN1_I2D_len(a->notBefore,i2d_ASN1_TIME);
-        M_ASN1_I2D_len(a->notAfter,i2d_ASN1_TIME);
-
-        M_ASN1_I2D_seq_total();
-
-        M_ASN1_I2D_put(a->notBefore,i2d_ASN1_TIME);
-        M_ASN1_I2D_put(a->notAfter,i2d_ASN1_TIME);
-
-        M_ASN1_I2D_finish();
-        }
-
-X509_VAL *d2i_X509_VAL(X509_VAL **a, unsigned char **pp, long length)
-        {
-        M_ASN1_D2I_vars(a,X509_VAL *,X509_VAL_new);
-
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->notBefore,d2i_ASN1_TIME);
-        M_ASN1_D2I_get(ret->notAfter,d2i_ASN1_TIME);
-        M_ASN1_D2I_Finish(a,X509_VAL_free,ASN1_F_D2I_X509_VAL);
-        }
-
-X509_VAL *X509_VAL_new(void)
-        {
-        X509_VAL *ret=NULL;
-        ASN1_CTX c;
-
-        M_ASN1_New_Malloc(ret,X509_VAL);
-        M_ASN1_New(ret->notBefore,M_ASN1_TIME_new);
-        M_ASN1_New(ret->notAfter,M_ASN1_TIME_new);
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_X509_VAL_NEW);
-        }
-
-void X509_VAL_free(X509_VAL *a)
-        {
-        if (a == NULL) return;
-        M_ASN1_TIME_free(a->notBefore);
-        M_ASN1_TIME_free(a->notAfter);
-        OPENSSL_free(a);
-        }
+ASN1_SEQUENCE(X509_VAL) = {
+        ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME),
+        ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME)
+} ASN1_SEQUENCE_END(X509_VAL)
 
+IMPLEMENT_ASN1_FUNCTIONS(X509_VAL)
diff --git a/src/lib/libcrypto/asn1/x_x509.c b/src/lib/libcrypto/asn1/x_x509.c
index 61ba856b17..b50167ce43 100644
--- a/src/lib/libcrypto/asn1/x_x509.c
+++ b/src/lib/libcrypto/asn1/x_x509.c
@@ -59,12 +59,71 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-static int x509_meth_num = 0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_meth = NULL;
+ASN1_SEQUENCE(X509_CINF) = {
+        ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
+        ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
+        ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
+        ASN1_SIMPLE(X509_CINF, validity, X509_VAL),
+        ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
+        ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),
+        ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
+        ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
+        ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
+} ASN1_SEQUENCE_END(X509_CINF)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
+/* X509 top level structure needs a bit of customisation */
+
+static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        X509 *ret = (X509 *)*pval;
+
+        switch(operation) {
+
+                case ASN1_OP_NEW_POST:
+                ret->valid=0;
+                ret->name = NULL;
+                ret->ex_flags = 0;
+                ret->ex_pathlen = -1;
+                ret->skid = NULL;
+                ret->akid = NULL;
+                ret->aux = NULL;
+                CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+                break;
+
+                case ASN1_OP_D2I_POST:
+                if (ret->name != NULL) OPENSSL_free(ret->name);
+                ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
+                break;
+
+                case ASN1_OP_FREE_POST:
+                CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+                X509_CERT_AUX_free(ret->aux);
+                ASN1_OCTET_STRING_free(ret->skid);
+                AUTHORITY_KEYID_free(ret->akid);
+
+                if (ret->name != NULL) OPENSSL_free(ret->name);
+                break;
+
+        }
+
+        return 1;
+
+}
+
+ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
+        ASN1_SIMPLE(X509, cert_info, X509_CINF),
+        ASN1_SIMPLE(X509, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509, X509)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509)
 
 static ASN1_METHOD meth={
         (int (*)())  i2d_X509,
@@ -77,97 +136,11 @@ ASN1_METHOD *X509_asn1_meth(void)
         return(&meth);
         }
 
-int i2d_X509(X509 *a, unsigned char **pp)
-        {
-        M_ASN1_I2D_vars(a);
-
-        M_ASN1_I2D_len(a->cert_info,    i2d_X509_CINF);
-        M_ASN1_I2D_len(a->sig_alg,      i2d_X509_ALGOR);
-        M_ASN1_I2D_len(a->signature,    i2d_ASN1_BIT_STRING);
-
-        M_ASN1_I2D_seq_total();
-
-        M_ASN1_I2D_put(a->cert_info,    i2d_X509_CINF);
-        M_ASN1_I2D_put(a->sig_alg,      i2d_X509_ALGOR);
-        M_ASN1_I2D_put(a->signature,    i2d_ASN1_BIT_STRING);
-
-        M_ASN1_I2D_finish();
-        }
-
-X509 *d2i_X509(X509 **a, unsigned char **pp, long length)
-        {
-        M_ASN1_D2I_vars(a,X509 *,X509_new);
-
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF);
-        M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
-        M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
-        if (ret->name != NULL) OPENSSL_free(ret->name);
-        ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
-
-        M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509);
-        }
-
-X509 *X509_new(void)
-        {
-        X509 *ret=NULL;
-        ASN1_CTX c;
-
-        M_ASN1_New_Malloc(ret,X509);
-        ret->valid=0;
-        ret->references=1;
-        ret->name = NULL;
-        ret->ex_flags = 0;
-        ret->ex_pathlen = -1;
-        ret->skid = NULL;
-        ret->akid = NULL;
-        ret->aux = NULL;
-        M_ASN1_New(ret->cert_info,X509_CINF_new);
-        M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
-        M_ASN1_New(ret->signature,M_ASN1_BIT_STRING_new);
-        CRYPTO_new_ex_data(x509_meth, ret, &ret->ex_data);
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_X509_NEW);
-        }
-
-void X509_free(X509 *a)
-        {
-        int i;
-
-        if (a == NULL) return;
-
-        i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509);
-#ifdef REF_PRINT
-        REF_PRINT("X509",a);
-#endif
-        if (i > 0) return;
-#ifdef REF_CHECK
-        if (i < 0)
-                {
-                fprintf(stderr,"X509_free, bad reference count\n");
-                abort();
-                }
-#endif
-
-        CRYPTO_free_ex_data(x509_meth,a,&a->ex_data);
-        X509_CINF_free(a->cert_info);
-        X509_ALGOR_free(a->sig_alg);
-        M_ASN1_BIT_STRING_free(a->signature);
-        X509_CERT_AUX_free(a->aux);
-        ASN1_OCTET_STRING_free(a->skid);
-        AUTHORITY_KEYID_free(a->akid);
-
-        if (a->name != NULL) OPENSSL_free(a->name);
-        OPENSSL_free(a);
-        }
-
 int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
              CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
         {
-        x509_meth_num++;
-        return(CRYPTO_get_ex_new_index(x509_meth_num-1,
-                &x509_meth,argl,argp,new_func,dup_func,free_func));
+        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
+                                new_func, dup_func, free_func);
         }
 
 int X509_set_ex_data(X509 *r, int idx, void *arg)
diff --git a/src/lib/libcrypto/asn1/x_x509a.c b/src/lib/libcrypto/asn1/x_x509a.c
index ebcce87bf2..f244768b7e 100644
--- a/src/lib/libcrypto/asn1/x_x509a.c
+++ b/src/lib/libcrypto/asn1/x_x509a.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
 /* X509_CERT_AUX routines. These are used to encode additional
@@ -71,72 +71,15 @@
 
 static X509_CERT_AUX *aux_get(X509 *x);
 
-X509_CERT_AUX *d2i_X509_CERT_AUX(X509_CERT_AUX **a, unsigned char **pp, long length)
-{
-        M_ASN1_D2I_vars(a, X509_CERT_AUX *, X509_CERT_AUX_new);
-        
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-
-        M_ASN1_D2I_get_seq_opt_type(ASN1_OBJECT, ret->trust,
-                                        d2i_ASN1_OBJECT, ASN1_OBJECT_free);
-        M_ASN1_D2I_get_IMP_set_opt_type(ASN1_OBJECT, ret->reject,
-                                        d2i_ASN1_OBJECT, ASN1_OBJECT_free, 0);
-        M_ASN1_D2I_get_opt(ret->alias, d2i_ASN1_UTF8STRING, V_ASN1_UTF8STRING);
-        M_ASN1_D2I_get_opt(ret->keyid, d2i_ASN1_OCTET_STRING, V_ASN1_OCTET_STRING);
-        M_ASN1_D2I_get_IMP_set_opt_type(X509_ALGOR, ret->other,
-                                        d2i_X509_ALGOR, X509_ALGOR_free, 1);
-
-        M_ASN1_D2I_Finish(a, X509_CERT_AUX_free, ASN1_F_D2I_X509_CERT_AUX);
-}
-
-X509_CERT_AUX *X509_CERT_AUX_new()
-{
-        X509_CERT_AUX *ret = NULL;
-        ASN1_CTX c;
-        M_ASN1_New_Malloc(ret, X509_CERT_AUX);
-        ret->trust = NULL;
-        ret->reject = NULL;
-        ret->alias = NULL;
-        ret->keyid = NULL;
-        ret->other = NULL;
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_X509_CERT_AUX_NEW);
-}
-
-void X509_CERT_AUX_free(X509_CERT_AUX *a)
-{
-        if(a == NULL) return;
-        sk_ASN1_OBJECT_pop_free(a->trust, ASN1_OBJECT_free);
-        sk_ASN1_OBJECT_pop_free(a->reject, ASN1_OBJECT_free);
-        ASN1_UTF8STRING_free(a->alias);
-        ASN1_OCTET_STRING_free(a->keyid);
-        sk_X509_ALGOR_pop_free(a->other, X509_ALGOR_free);
-        OPENSSL_free(a);
-}
-
-int i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **pp)
-{
-        M_ASN1_I2D_vars(a);
-
-        M_ASN1_I2D_len_SEQUENCE_opt_type(ASN1_OBJECT, a->trust, i2d_ASN1_OBJECT);
-        M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(ASN1_OBJECT, a->reject, i2d_ASN1_OBJECT, 0);
-
-        M_ASN1_I2D_len(a->alias, i2d_ASN1_UTF8STRING);
-        M_ASN1_I2D_len(a->keyid, i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(X509_ALGOR, a->other, i2d_X509_ALGOR, 1);
+ASN1_SEQUENCE(X509_CERT_AUX) = {
+        ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
+        ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),
+        ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),
+        ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),
+        ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)
+} ASN1_SEQUENCE_END(X509_CERT_AUX)
 
-        M_ASN1_I2D_seq_total();
-
-        M_ASN1_I2D_put_SEQUENCE_opt_type(ASN1_OBJECT, a->trust, i2d_ASN1_OBJECT);
-        M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(ASN1_OBJECT, a->reject, i2d_ASN1_OBJECT, 0);
-
-        M_ASN1_I2D_put(a->alias, i2d_ASN1_UTF8STRING);
-        M_ASN1_I2D_put(a->keyid, i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(X509_ALGOR, a->other, i2d_X509_ALGOR, 1);
-
-        M_ASN1_I2D_finish();
-}
+IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
 
 static X509_CERT_AUX *aux_get(X509 *x)
 {