52 files changed, 2246 insertions, 3369 deletions

diff --git a/src/lib/libcrypto/asn1/Makefile.ssl b/src/lib/libcrypto/asn1/Makefile.ssl
deleted file mode 100644
index cb45194d48..0000000000
--- a/src/lib/libcrypto/asn1/Makefile.ssl
+++ /dev/null
@@ -1,1152 +0,0 @@
-#
-# SSLeay/crypto/asn1/Makefile
-#
-
-DIR=    asn1
-TOP=    ../..
-CC=     cc
-INCLUDES= -I.. -I$(TOP) -I../../include
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR=     /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKE=           make -f Makefile.ssl
-MAKEDEPPROG=    makedepend
-MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=       Makefile.ssl
-AR=             ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile README
-TEST=
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
-        a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
-        a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
-        x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c \
-        x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
-        d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
-        t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
-        tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
-        f_int.c f_string.c n_pkey.c \
-        f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \
-        asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \
-        evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
-LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
-        a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
-        a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
-        x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o \
-        x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
-        d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
-        t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
-        tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
-        f_int.o f_string.o n_pkey.o \
-        f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \
-        asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \
-        evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o
-
-SRC= $(LIBSRC)
-
-EXHEADER=  asn1.h asn1_mac.h asn1t.h
-HEADER= $(EXHEADER)
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
-
-test:   test.c
-        cc -g -I../../include -c test.c
-        cc -g -I../../include -o test test.o -L../.. -lcrypto
-
-pk:     pk.c
-        cc -g -I../../include -c pk.c
-        cc -g -I../../include -o pk pk.o -L../.. -lcrypto
-
-all:    lib
-
-lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
-        $(RANLIB) $(LIB) || echo Never mind.
-        @touch lib
-
-files:
-        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
-
-links:
-        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
-        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
-        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
-        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
-
-install:
-        @for i in $(EXHEADER) ; \
-        do  \
-        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-        done;
-
-tags:
-        ctags $(SRC)
-
-tests:
-
-lint:
-        lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
-
-dclean:
-        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-        mv -f Makefile.new $(MAKEFILE)
-
-clean:
-        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-a_bitstr.o: ../../e_os.h ../../include/openssl/asn1.h
-a_bitstr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_bitstr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_bitstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_bitstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_bitstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_bitstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bitstr.c
-a_bool.o: ../../e_os.h ../../include/openssl/asn1.h
-a_bool.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-a_bool.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_bool.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_bool.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_bool.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_bool.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-a_bool.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_bool.o: ../cryptlib.h a_bool.c
-a_bytes.o: ../../e_os.h ../../include/openssl/asn1.h
-a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_bytes.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_bytes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_bytes.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_bytes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_bytes.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_bytes.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bytes.c
-a_d2i_fp.o: ../../e_os.h ../../include/openssl/asn1.h
-a_d2i_fp.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
-a_d2i_fp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_d2i_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_d2i_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_d2i_fp.o: ../../include/openssl/opensslconf.h
-a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_d2i_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_d2i_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_d2i_fp.c
-a_digest.o: ../../e_os.h ../../include/openssl/aes.h
-a_digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_digest.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-a_digest.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-a_digest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-a_digest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-a_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-a_digest.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-a_digest.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-a_digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-a_digest.o: ../../include/openssl/opensslconf.h
-a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-a_digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-a_digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-a_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-a_digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_digest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-a_digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_digest.o: ../cryptlib.h a_digest.c
-a_dup.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_dup.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_dup.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_dup.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_dup.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_dup.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-a_dup.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_dup.o: ../cryptlib.h a_dup.c
-a_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-a_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_enum.o: ../cryptlib.h a_enum.c
-a_gentm.o: ../../e_os.h ../../include/openssl/asn1.h
-a_gentm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_gentm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_gentm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_gentm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_gentm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_gentm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_gentm.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_gentm.c
-a_hdr.o: ../../e_os.h ../../include/openssl/asn1.h
-a_hdr.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
-a_hdr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_hdr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_hdr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_hdr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_hdr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-a_hdr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_hdr.o: ../cryptlib.h a_hdr.c
-a_i2d_fp.o: ../../e_os.h ../../include/openssl/asn1.h
-a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_i2d_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_i2d_fp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_i2d_fp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_i2d_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_i2d_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_i2d_fp.c
-a_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-a_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_int.o: ../cryptlib.h a_int.c
-a_mbstr.o: ../../e_os.h ../../include/openssl/asn1.h
-a_mbstr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_mbstr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_mbstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_mbstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_mbstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_mbstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_mbstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_mbstr.c
-a_meth.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_meth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_meth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_meth.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_meth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_meth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-a_meth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_meth.o: ../cryptlib.h a_meth.c
-a_object.o: ../../e_os.h ../../include/openssl/asn1.h
-a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_object.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_object.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_object.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_object.o: ../../include/openssl/symhacks.h ../cryptlib.h a_object.c
-a_octet.o: ../../e_os.h ../../include/openssl/asn1.h
-a_octet.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_octet.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_octet.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_octet.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_octet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_octet.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_octet.o: ../../include/openssl/symhacks.h ../cryptlib.h a_octet.c
-a_print.o: ../../e_os.h ../../include/openssl/asn1.h
-a_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_print.o: ../../include/openssl/symhacks.h ../cryptlib.h a_print.c
-a_set.o: ../../e_os.h ../../include/openssl/asn1.h
-a_set.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
-a_set.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_set.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_set.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_set.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_set.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-a_set.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_set.o: ../cryptlib.h a_set.c
-a_sign.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
-a_sign.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_sign.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-a_sign.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-a_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-a_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-a_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-a_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-a_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-a_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-a_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-a_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-a_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_sign.o: ../cryptlib.h a_sign.c
-a_strex.o: ../../e_os.h ../../include/openssl/aes.h
-a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_strex.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-a_strex.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-a_strex.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-a_strex.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-a_strex.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-a_strex.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-a_strex.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_strex.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-a_strex.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-a_strex.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-a_strex.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-a_strex.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-a_strex.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_strex.c charmap.h
-a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h
-a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_strnid.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_strnid.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_strnid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-a_strnid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-a_strnid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_strnid.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_strnid.o: ../../include/openssl/symhacks.h ../cryptlib.h a_strnid.c
-a_time.o: ../../e_os.h ../../include/openssl/asn1.h
-a_time.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-a_time.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_time.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_time.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_time.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_time.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-a_time.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_time.o: ../cryptlib.h ../o_time.h a_time.c
-a_type.o: ../../e_os.h ../../include/openssl/asn1.h
-a_type.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-a_type.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_type.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_type.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_type.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_type.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-a_type.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_type.o: ../cryptlib.h a_type.c
-a_utctm.o: ../../e_os.h ../../include/openssl/asn1.h
-a_utctm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_utctm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_utctm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_utctm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_utctm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_utctm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_utctm.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_utctm.c
-a_utf8.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_utf8.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_utf8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_utf8.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_utf8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_utf8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-a_utf8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_utf8.o: ../cryptlib.h a_utf8.c
-a_verify.o: ../../e_os.h ../../include/openssl/aes.h
-a_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-a_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-a_verify.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-a_verify.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-a_verify.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-a_verify.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-a_verify.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-a_verify.o: ../../include/openssl/opensslconf.h
-a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-a_verify.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-a_verify.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-a_verify.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-a_verify.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_verify.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-a_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_verify.o: ../cryptlib.h a_verify.c
-asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-asn1_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-asn1_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-asn1_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-asn1_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-asn1_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-asn1_err.o: ../../include/openssl/symhacks.h asn1_err.c
-asn1_lib.o: ../../e_os.h ../../include/openssl/asn1.h
-asn1_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
-asn1_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-asn1_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-asn1_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-asn1_lib.o: ../../include/openssl/opensslconf.h
-asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-asn1_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-asn1_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_lib.c
-asn1_par.o: ../../e_os.h ../../include/openssl/asn1.h
-asn1_par.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-asn1_par.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-asn1_par.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-asn1_par.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-asn1_par.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-asn1_par.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-asn1_par.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_par.c
-asn_moid.o: ../../e_os.h ../../include/openssl/aes.h
-asn_moid.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-asn_moid.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-asn_moid.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-asn_moid.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-asn_moid.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-asn_moid.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
-asn_moid.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-asn_moid.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-asn_moid.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-asn_moid.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-asn_moid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-asn_moid.o: ../../include/openssl/opensslconf.h
-asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-asn_moid.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-asn_moid.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-asn_moid.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-asn_moid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-asn_moid.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-asn_moid.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-asn_moid.o: ../cryptlib.h asn_moid.c
-asn_pack.o: ../../e_os.h ../../include/openssl/asn1.h
-asn_pack.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-asn_pack.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-asn_pack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-asn_pack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-asn_pack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-asn_pack.o: ../../include/openssl/symhacks.h ../cryptlib.h asn_pack.c
-d2i_pr.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
-d2i_pr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-d2i_pr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-d2i_pr.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-d2i_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-d2i_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-d2i_pr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-d2i_pr.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-d2i_pr.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-d2i_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-d2i_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-d2i_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-d2i_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-d2i_pr.o: ../../include/openssl/ui_compat.h ../cryptlib.h d2i_pr.c
-d2i_pu.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
-d2i_pu.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-d2i_pu.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-d2i_pu.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-d2i_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-d2i_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-d2i_pu.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-d2i_pu.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-d2i_pu.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-d2i_pu.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-d2i_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-d2i_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-d2i_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-d2i_pu.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-d2i_pu.o: ../../include/openssl/ui_compat.h ../cryptlib.h d2i_pu.c
-evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
-evp_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-evp_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-evp_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-evp_asn1.o: ../../include/openssl/opensslconf.h
-evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-evp_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_asn1.c
-f_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-f_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-f_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-f_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-f_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-f_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-f_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-f_enum.o: ../cryptlib.h f_enum.c
-f_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-f_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-f_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-f_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-f_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-f_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-f_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-f_int.o: ../cryptlib.h f_int.c
-f_string.o: ../../e_os.h ../../include/openssl/asn1.h
-f_string.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-f_string.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-f_string.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-f_string.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c
-i2d_pr.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
-i2d_pr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-i2d_pr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-i2d_pr.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-i2d_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-i2d_pr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-i2d_pr.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-i2d_pr.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-i2d_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-i2d_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-i2d_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-i2d_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-i2d_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-i2d_pr.o: ../../include/openssl/ui_compat.h ../cryptlib.h i2d_pr.c
-i2d_pu.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
-i2d_pu.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-i2d_pu.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-i2d_pu.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-i2d_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-i2d_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-i2d_pu.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-i2d_pu.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-i2d_pu.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-i2d_pu.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-i2d_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-i2d_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-i2d_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-i2d_pu.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-i2d_pu.o: ../../include/openssl/ui_compat.h ../cryptlib.h i2d_pu.c
-n_pkey.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
-n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h
-n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-n_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-n_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-n_pkey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-n_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-n_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-n_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-n_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-n_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-n_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-n_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-n_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-n_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-n_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-n_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-n_pkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-n_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-n_pkey.o: ../cryptlib.h n_pkey.c
-nsseq.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-nsseq.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-nsseq.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-nsseq.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-nsseq.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-nsseq.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-nsseq.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-nsseq.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-nsseq.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-nsseq.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-nsseq.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-nsseq.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-nsseq.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-nsseq.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-nsseq.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-nsseq.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h nsseq.c
-p5_pbe.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
-p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-p5_pbe.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-p5_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-p5_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-p5_pbe.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-p5_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-p5_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p5_pbe.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-p5_pbe.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-p5_pbe.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-p5_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p5_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p5_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
-p5_pbe.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p5_pbe.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p5_pbe.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p5_pbe.o: ../cryptlib.h p5_pbe.c
-p5_pbev2.o: ../../e_os.h ../../include/openssl/aes.h
-p5_pbev2.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-p5_pbev2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p5_pbev2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p5_pbev2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p5_pbev2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-p5_pbev2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p5_pbev2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p5_pbev2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p5_pbev2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-p5_pbev2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p5_pbev2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p5_pbev2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p5_pbev2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p5_pbev2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-p5_pbev2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-p5_pbev2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_pbev2.c
-p8_pkey.o: ../../e_os.h ../../include/openssl/aes.h
-p8_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-p8_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p8_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p8_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p8_pkey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-p8_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p8_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p8_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p8_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-p8_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p8_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p8_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p8_pkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-p8_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p8_pkey.o: ../cryptlib.h p8_pkey.c
-t_bitst.o: ../../e_os.h ../../include/openssl/aes.h
-t_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-t_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-t_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-t_bitst.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-t_bitst.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-t_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-t_bitst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-t_bitst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-t_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-t_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-t_bitst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h t_bitst.c
-t_crl.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
-t_crl.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-t_crl.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
-t_crl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-t_crl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-t_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_crl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-t_crl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-t_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-t_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-t_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-t_crl.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_crl.o: ../cryptlib.h t_crl.c
-t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-t_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-t_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-t_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
-t_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-t_pkey.o: ../../include/openssl/symhacks.h ../cryptlib.h t_pkey.c
-t_req.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
-t_req.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-t_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-t_req.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
-t_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-t_req.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-t_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-t_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-t_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-t_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-t_req.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_req.o: ../cryptlib.h t_req.c
-t_spki.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
-t_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-t_spki.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-t_spki.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-t_spki.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-t_spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-t_spki.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-t_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-t_spki.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-t_spki.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-t_spki.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-t_spki.o: ../cryptlib.h t_spki.c
-t_x509.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
-t_x509.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-t_x509.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
-t_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-t_x509.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-t_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-t_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-t_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-t_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-t_x509.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_x509.o: ../cryptlib.h t_x509.c
-t_x509a.o: ../../e_os.h ../../include/openssl/aes.h
-t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-t_x509a.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-t_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-t_x509a.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-t_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-t_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_x509a.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-t_x509a.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-t_x509a.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-t_x509a.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-t_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-t_x509a.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_x509a.c
-tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-tasn_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-tasn_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-tasn_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-tasn_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-tasn_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-tasn_dec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-tasn_dec.o: ../../include/openssl/symhacks.h tasn_dec.c
-tasn_enc.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-tasn_enc.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-tasn_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-tasn_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-tasn_enc.o: ../../include/openssl/opensslconf.h
-tasn_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-tasn_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-tasn_enc.o: ../../include/openssl/symhacks.h tasn_enc.c
-tasn_fre.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-tasn_fre.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-tasn_fre.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-tasn_fre.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-tasn_fre.o: ../../include/openssl/opensslconf.h
-tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c
-tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-tasn_new.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-tasn_new.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-tasn_new.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-tasn_new.o: ../../include/openssl/opensslconf.h
-tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c
-tasn_typ.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-tasn_typ.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-tasn_typ.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-tasn_typ.o: ../../include/openssl/opensslconf.h
-tasn_typ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-tasn_typ.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-tasn_typ.o: ../../include/openssl/symhacks.h tasn_typ.c
-tasn_utl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-tasn_utl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-tasn_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-tasn_utl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-tasn_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-tasn_utl.o: ../../include/openssl/opensslconf.h
-tasn_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-tasn_utl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-tasn_utl.o: ../../include/openssl/symhacks.h tasn_utl.c
-x_algor.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-x_algor.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_algor.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-x_algor.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-x_algor.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-x_algor.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-x_algor.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_algor.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_algor.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_algor.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x_algor.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x_algor.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-x_algor.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_algor.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x_algor.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-x_algor.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_algor.o: x_algor.c
-x_attrib.o: ../../e_os.h ../../include/openssl/aes.h
-x_attrib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-x_attrib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_attrib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_attrib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_attrib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-x_attrib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_attrib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_attrib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_attrib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x_attrib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x_attrib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-x_attrib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_attrib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x_attrib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-x_attrib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_attrib.o: ../cryptlib.h x_attrib.c
-x_bignum.o: ../../e_os.h ../../include/openssl/asn1.h
-x_bignum.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_bignum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_bignum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-x_bignum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-x_bignum.o: ../../include/openssl/opensslconf.h
-x_bignum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_bignum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-x_bignum.o: ../../include/openssl/symhacks.h ../cryptlib.h x_bignum.c
-x_crl.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
-x_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-x_crl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-x_crl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-x_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_crl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x_crl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-x_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-x_crl.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-x_crl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_crl.c
-x_exten.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-x_exten.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_exten.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-x_exten.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-x_exten.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-x_exten.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_exten.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_exten.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_exten.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x_exten.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x_exten.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-x_exten.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_exten.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x_exten.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-x_exten.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_exten.o: x_exten.c
-x_info.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
-x_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_info.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_info.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-x_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_info.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_info.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_info.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_info.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-x_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x_info.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-x_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_info.o: ../cryptlib.h x_info.c
-x_long.o: ../../e_os.h ../../include/openssl/asn1.h
-x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_long.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-x_long.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x_long.o: ../cryptlib.h x_long.c
-x_name.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
-x_name.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-x_name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-x_name.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-x_name.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-x_name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_name.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x_name.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-x_name.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x_name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_name.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_name.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_name.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_name.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-x_name.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_name.c
-x_pkey.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
-x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
-x_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-x_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-x_pkey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-x_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_pkey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-x_pkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-x_pkey.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_pkey.c
-x_pubkey.o: ../../e_os.h ../../include/openssl/aes.h
-x_pubkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-x_pubkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_pubkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_pubkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_pubkey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-x_pubkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x_pubkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_pubkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_pubkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_pubkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x_pubkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x_pubkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_pubkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x_pubkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_pubkey.o: ../cryptlib.h x_pubkey.c
-x_req.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
-x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-x_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-x_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-x_req.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-x_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-x_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-x_req.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_req.c
-x_sig.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
-x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_sig.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-x_sig.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-x_sig.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-x_sig.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-x_sig.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_sig.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x_sig.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-x_sig.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x_sig.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_sig.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_sig.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_sig.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_sig.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_sig.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-x_sig.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_sig.c
-x_spki.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
-x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_spki.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-x_spki.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-x_spki.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-x_spki.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-x_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_spki.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x_spki.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-x_spki.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-x_spki.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_spki.c
-x_val.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
-x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_val.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-x_val.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-x_val.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-x_val.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-x_val.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x_val.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_val.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x_val.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-x_val.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x_val.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_val.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_val.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_val.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_val.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_val.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-x_val.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_val.c
-x_x509.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
-x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_x509.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-x_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-x_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-x_x509.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-x_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x_x509.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h x_x509.c
-x_x509a.o: ../../e_os.h ../../include/openssl/aes.h
-x_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-x_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_x509a.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_x509a.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-x_x509a.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_x509a.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_x509a.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x_x509a.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x_x509a.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-x_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x_x509a.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-x_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_x509a.o: ../cryptlib.h x_x509a.c
diff --git a/src/lib/libcrypto/asn1/a_bitstr.c b/src/lib/libcrypto/asn1/a_bitstr.c
index 0fb9ce0c2a..34179960b8 100644
--- a/src/lib/libcrypto/asn1/a_bitstr.c
+++ b/src/lib/libcrypto/asn1/a_bitstr.c
@@ -223,3 +223,26 @@ int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
         return((a->data[w]&v) != 0);
         }
 
+/*
+ * Checks if the given bit string contains only bits specified by 
+ * the flags vector. Returns 0 if there is at least one bit set in 'a'
+ * which is not specified in 'flags', 1 otherwise.
+ * 'len' is the length of 'flags'.
+ */
+int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a,
+                          unsigned char *flags, int flags_len)
+        {
+        int i, ok;
+        /* Check if there is one bit set at all. */
+        if (!a || !a->data) return 1;
+
+        /* Check each byte of the internal representation of the bit string. */
+        ok = 1;
+        for (i = 0; i < a->length && ok; ++i)
+                {
+                unsigned char mask = i < flags_len ? ~flags[i] : 0xff;
+                /* We are done if there is an unneeded bit set. */
+                ok = (a->data[i] & mask) == 0;
+                }
+        return ok;
+        }
diff --git a/src/lib/libcrypto/asn1/a_dup.c b/src/lib/libcrypto/asn1/a_dup.c
index 199d50f521..d98992548a 100644
--- a/src/lib/libcrypto/asn1/a_dup.c
+++ b/src/lib/libcrypto/asn1/a_dup.c
@@ -62,7 +62,7 @@
 
 #ifndef NO_OLD_ASN1
 
-void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x)
+void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x)
         {
         unsigned char *b,*p;
         const unsigned char *p2;
diff --git a/src/lib/libcrypto/asn1/a_gentm.c b/src/lib/libcrypto/asn1/a_gentm.c
index def79062a5..c79c6f538c 100644
--- a/src/lib/libcrypto/asn1/a_gentm.c
+++ b/src/lib/libcrypto/asn1/a_gentm.c
@@ -117,8 +117,8 @@ err:
 
 int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
         {
-        static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
-        static int max[9]={99, 99,12,31,23,59,59,12,59};
+        static const int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
+        static const int max[9]={99, 99,12,31,23,59,59,12,59};
         char *a;
         int n,i,l,o;
 
@@ -176,6 +176,11 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
                         o++;
                         }
                 }
+        else
+                {
+                /* Missing time zone information. */
+                goto err;
+                }
         return(o == l);
 err:
         return(0);
@@ -206,6 +211,12 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
              time_t t)
         {
+                return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0);
+        }
+
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
+             time_t t, int offset_day, long offset_sec)
+        {
         char *p;
         struct tm *ts;
         struct tm data;
@@ -220,13 +231,19 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
         if (ts == NULL)
                 return(NULL);
 
+        if (offset_day || offset_sec)
+                { 
+                if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
+                        return NULL;
+                }
+
         p=(char *)s->data;
         if ((p == NULL) || ((size_t)s->length < len))
                 {
                 p=OPENSSL_malloc(len);
                 if (p == NULL)
                         {
-                        ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET,
+                        ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ,
                                 ERR_R_MALLOC_FAILURE);
                         return(NULL);
                         }
diff --git a/src/lib/libcrypto/asn1/a_hdr.c b/src/lib/libcrypto/asn1/a_hdr.c
deleted file mode 100644
index d1c2a7b9e3..0000000000
--- a/src/lib/libcrypto/asn1/a_hdr.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/* crypto/asn1/a_hdr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1_mac.h>
-#include <openssl/asn1.h>
-
-int i2d_ASN1_HEADER(ASN1_HEADER *a, unsigned char **pp)
-        {
-        M_ASN1_I2D_vars(a);
-
-        M_ASN1_I2D_len(a->header,       i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_len(a->data,         a->meth->i2d);
-
-        M_ASN1_I2D_seq_total();
-
-        M_ASN1_I2D_put(a->header,       i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_put(a->data,         a->meth->i2d);
-
-        M_ASN1_I2D_finish();
-        }
-
-ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a, const unsigned char **pp,
-             long length)
-        {
-        M_ASN1_D2I_vars(a,ASN1_HEADER *,ASN1_HEADER_new);
-
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->header,d2i_ASN1_OCTET_STRING);
-        if (ret->meth != NULL)
-                {
-                M_ASN1_D2I_get_x(void,ret->data,ret->meth->d2i);
-                }
-        else
-                {
-                if (a != NULL) (*a)=ret;
-                return(ret);
-                }
-        M_ASN1_D2I_Finish(a,ASN1_HEADER_free,ASN1_F_D2I_ASN1_HEADER);
-        }
-
-ASN1_HEADER *ASN1_HEADER_new(void)
-        {
-        ASN1_HEADER *ret=NULL;
-        ASN1_CTX c;
-
-        M_ASN1_New_Malloc(ret,ASN1_HEADER);
-        M_ASN1_New(ret->header,M_ASN1_OCTET_STRING_new);
-        ret->meth=NULL;
-        ret->data=NULL;
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_ASN1_HEADER_NEW);
-        }
-
-void ASN1_HEADER_free(ASN1_HEADER *a)
-        {
-        if (a == NULL) return;
-        M_ASN1_OCTET_STRING_free(a->header);
-        if (a->meth != NULL)
-                a->meth->destroy(a->data);
-        OPENSSL_free(a);
-        }
diff --git a/src/lib/libcrypto/asn1/a_int.c b/src/lib/libcrypto/asn1/a_int.c
index f8d198efb1..c6fd204ae3 100644
--- a/src/lib/libcrypto/asn1/a_int.c
+++ b/src/lib/libcrypto/asn1/a_int.c
@@ -61,10 +61,10 @@
 #include <openssl/asn1.h>
 #include <openssl/bn.h>
 
-ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
+ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
 { return M_ASN1_INTEGER_dup(x);}
 
-int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
+int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
         { 
         int neg, ret;
         /* Compare signs */
@@ -373,7 +373,7 @@ int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
         return(1);
         }
 
-long ASN1_INTEGER_get(ASN1_INTEGER *a)
+long ASN1_INTEGER_get(const ASN1_INTEGER *a)
         {
         int neg=0,i;
         long r=0;
@@ -402,7 +402,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a)
         return(r);
         }
 
-ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
+ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
         {
         ASN1_INTEGER *ret;
         int len,j;
@@ -444,7 +444,7 @@ err:
         return(NULL);
         }
 
-BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
+BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
         {
         BIGNUM *ret;
 
diff --git a/src/lib/libcrypto/asn1/a_mbstr.c b/src/lib/libcrypto/asn1/a_mbstr.c
index 1bcd046893..1538e0a4fc 100644
--- a/src/lib/libcrypto/asn1/a_mbstr.c
+++ b/src/lib/libcrypto/asn1/a_mbstr.c
@@ -93,7 +93,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
         int str_type;
         int ret;
         char free_out;
-        int outform, outlen;
+        int outform, outlen = 0;
         ASN1_STRING *dest;
         unsigned char *p;
         int nchar;
diff --git a/src/lib/libcrypto/asn1/a_meth.c b/src/lib/libcrypto/asn1/a_meth.c
deleted file mode 100644
index 50bea917e3..0000000000
--- a/src/lib/libcrypto/asn1/a_meth.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/* crypto/asn1/a_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-
-static  ASN1_METHOD ia5string_meth={
-        (I2D_OF(void))  i2d_ASN1_IA5STRING,
-        (D2I_OF(void))  d2i_ASN1_IA5STRING,
-        (void *(*)(void))ASN1_STRING_new,
-        (void (*)(void *))ASN1_STRING_free};
-
-static  ASN1_METHOD bit_string_meth={
-        (I2D_OF(void))  i2d_ASN1_BIT_STRING,
-        (D2I_OF(void))  d2i_ASN1_BIT_STRING,
-        (void *(*)(void))ASN1_STRING_new,
-        (void (*)(void *))ASN1_STRING_free};
-
-ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void)
-        {
-        return(&ia5string_meth);
-        }
-
-ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void)
-        {
-        return(&bit_string_meth);
-        }
diff --git a/src/lib/libcrypto/asn1/a_object.c b/src/lib/libcrypto/asn1/a_object.c
index dc980421d0..e5fbe7cbb1 100644
--- a/src/lib/libcrypto/asn1/a_object.c
+++ b/src/lib/libcrypto/asn1/a_object.c
@@ -281,8 +281,6 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
         return ret;
 err:
         ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
-        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-                ASN1_OBJECT_free(ret);
         return(NULL);
 }
 ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
@@ -290,7 +288,19 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
         {
         ASN1_OBJECT *ret=NULL;
         const unsigned char *p;
+        unsigned char *data;
         int i;
+        /* Sanity check OID encoding: can't have leading 0x80 in
+         * subidentifiers, see: X.690 8.19.2
+         */
+        for (i = 0, p = *pp + 1; i < len - 1; i++, p++)
+                {
+                if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
+                        {
+                        ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING);
+                        return NULL;
+                        }
+                }
 
         /* only the ASN1_OBJECTs from the 'table' will have values
          * for ->sn or ->ln */
@@ -302,15 +312,22 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
         else    ret=(*a);
 
         p= *pp;
-        if ((ret->data == NULL) || (ret->length < len))
+        /* detach data from object */
+        data = (unsigned char *)ret->data;
+        ret->data = NULL;
+        /* once detached we can change it */
+        if ((data == NULL) || (ret->length < len))
                 {
-                if (ret->data != NULL) OPENSSL_free(ret->data);
-                ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1);
-                ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
-                if (ret->data == NULL)
+                ret->length=0;
+                if (data != NULL) OPENSSL_free(data);
+                data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1);
+                if (data == NULL)
                         { i=ERR_R_MALLOC_FAILURE; goto err; }
+                ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
                 }
-        memcpy(ret->data,p,(int)len);
+        memcpy(data,p,(int)len);
+        /* reattach data to object, after which it remains const */
+        ret->data  =data;
         ret->length=(int)len;
         ret->sn=NULL;
         ret->ln=NULL;
@@ -359,7 +376,7 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a)
                 }
         if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA)
                 {
-                if (a->data != NULL) OPENSSL_free(a->data);
+                if (a->data != NULL) OPENSSL_free((void *)a->data);
                 a->data=NULL;
                 a->length=0;
                 }
diff --git a/src/lib/libcrypto/asn1/a_octet.c b/src/lib/libcrypto/asn1/a_octet.c
index 24fd0f8e5a..e8725e44f1 100644
--- a/src/lib/libcrypto/asn1/a_octet.c
+++ b/src/lib/libcrypto/asn1/a_octet.c
@@ -60,10 +60,10 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 
-ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x)
+ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x)
 { return M_ASN1_OCTET_STRING_dup(x); }
 
-int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b)
+int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, const ASN1_OCTET_STRING *b)
 { return M_ASN1_OCTET_STRING_cmp(a, b); }
 
 int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len)
diff --git a/src/lib/libcrypto/asn1/a_set.c b/src/lib/libcrypto/asn1/a_set.c
index 958558c204..d726c8d3a8 100644
--- a/src/lib/libcrypto/asn1/a_set.c
+++ b/src/lib/libcrypto/asn1/a_set.c
@@ -85,8 +85,9 @@ static int SetBlobCmp(const void *elem1, const void *elem2 )
     }
 
 /* int is_set:  if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)    */
-int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
-                 int ex_class, int is_set)
+int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
+                 i2d_of_void *i2d, int ex_tag, int ex_class,
+                 int is_set)
         {
         int ret=0,r;
         int i;
@@ -96,8 +97,8 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
         int totSize;
 
         if (a == NULL) return(0);
-        for (i=sk_num(a)-1; i>=0; i--)
-                ret+=i2d(sk_value(a,i),NULL);
+        for (i=sk_OPENSSL_BLOCK_num(a)-1; i>=0; i--)
+                ret+=i2d(sk_OPENSSL_BLOCK_value(a,i),NULL);
         r=ASN1_object_size(1,ret,ex_tag);
         if (pp == NULL) return(r);
 
@@ -108,10 +109,10 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
         /* And then again by Ben */
         /* And again by Steve */
 
-        if(!is_set || (sk_num(a) < 2))
+        if(!is_set || (sk_OPENSSL_BLOCK_num(a) < 2))
                 {
-                for (i=0; i<sk_num(a); i++)
-                        i2d(sk_value(a,i),&p);
+                for (i=0; i<sk_OPENSSL_BLOCK_num(a); i++)
+                        i2d(sk_OPENSSL_BLOCK_value(a,i),&p);
 
                 *pp=p;
                 return(r);
@@ -119,17 +120,17 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
 
         pStart  = p; /* Catch the beg of Setblobs*/
                 /* In this array we will store the SET blobs */
-                rgSetBlob = (MYBLOB *)OPENSSL_malloc(sk_num(a) * sizeof(MYBLOB));
+                rgSetBlob = OPENSSL_malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB));
                 if (rgSetBlob == NULL)
                         {
                         ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
                         return(0);
                         }
 
-        for (i=0; i<sk_num(a); i++)
+        for (i=0; i<sk_OPENSSL_BLOCK_num(a); i++)
                 {
                 rgSetBlob[i].pbData = p;  /* catch each set encode blob */
-                i2d(sk_value(a,i),&p);
+                i2d(sk_OPENSSL_BLOCK_value(a,i),&p);
                 rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
 SetBlob
 */
@@ -139,7 +140,7 @@ SetBlob
 
  /* Now we have to sort the blobs. I am using a simple algo.
     *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
-        qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
+        qsort( rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
                 if (!(pTempMem = OPENSSL_malloc(totSize)))
                         {
                         ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
@@ -148,7 +149,7 @@ SetBlob
 
 /* Copy to temp mem */
         p = pTempMem;
-        for(i=0; i<sk_num(a); ++i)
+        for(i=0; i<sk_OPENSSL_BLOCK_num(a); ++i)
                 {
                 memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
                 p += rgSetBlob[i].cbData;
@@ -162,16 +163,18 @@ SetBlob
         return(r);
         }
 
-STACK *d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
-                    d2i_of_void *d2i, void (*free_func)(void *), int ex_tag,
-                    int ex_class)
+STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
+                              const unsigned char **pp,
+                              long length, d2i_of_void *d2i,
+                              void (*free_func)(OPENSSL_BLOCK), int ex_tag,
+                              int ex_class)
         {
         ASN1_const_CTX c;
-        STACK *ret=NULL;
+        STACK_OF(OPENSSL_BLOCK) *ret=NULL;
 
         if ((a == NULL) || ((*a) == NULL))
                 {
-                if ((ret=sk_new_null()) == NULL)
+                if ((ret=sk_OPENSSL_BLOCK_new_null()) == NULL)
                         {
                         ASN1err(ASN1_F_D2I_ASN1_SET,ERR_R_MALLOC_FAILURE);
                         goto err;
@@ -216,10 +219,10 @@ STACK *d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
                 if ((s=d2i(NULL,&c.p,c.slen)) == NULL)
                         {
                         ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_ERROR_PARSING_SET_ELEMENT);
-                        asn1_add_error(*pp,(int)(c.q- *pp));
+                        asn1_add_error(*pp,(int)(c.p- *pp));
                         goto err;
                         }
-                if (!sk_push(ret,s)) goto err;
+                if (!sk_OPENSSL_BLOCK_push(ret,s)) goto err;
                 }
         if (a != NULL) (*a)=ret;
         *pp=c.p;
@@ -228,9 +231,9 @@ err:
         if ((ret != NULL) && ((a == NULL) || (*a != ret)))
                 {
                 if (free_func != NULL)
-                        sk_pop_free(ret,free_func);
+                        sk_OPENSSL_BLOCK_pop_free(ret,free_func);
                 else
-                        sk_free(ret);
+                        sk_OPENSSL_BLOCK_free(ret);
                 }
         return(NULL);
         }
diff --git a/src/lib/libcrypto/asn1/a_sign.c b/src/lib/libcrypto/asn1/a_sign.c
index 4dee45fbb8..ff63bfc7be 100644
--- a/src/lib/libcrypto/asn1/a_sign.c
+++ b/src/lib/libcrypto/asn1/a_sign.c
@@ -123,6 +123,7 @@
 #include <openssl/x509.h>
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
+#include "asn1_locl.h"
 
 #ifndef NO_ASN1_OLD
 
@@ -218,45 +219,47 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
         {
         EVP_MD_CTX ctx;
         unsigned char *buf_in=NULL,*buf_out=NULL;
-        int i,inl=0,outl=0,outll=0;
-        X509_ALGOR *a;
+        int inl=0,outl=0,outll=0;
+        int signid, paramtype;
 
-        EVP_MD_CTX_init(&ctx);
-        for (i=0; i<2; i++)
+        if (type == NULL)
                 {
-                if (i == 0)
-                        a=algor1;
-                else
-                        a=algor2;
-                if (a == NULL) continue;
-                if (type->pkey_type == NID_dsaWithSHA1 ||
-                        type->pkey_type == NID_ecdsa_with_SHA1)
-                        {
-                        /* special case: RFC 3279 tells us to omit 'parameters'
-                         * with id-dsa-with-sha1 and ecdsa-with-SHA1 */
-                        ASN1_TYPE_free(a->parameter);
-                        a->parameter = NULL;
-                        }
-                else if ((a->parameter == NULL) || 
-                        (a->parameter->type != V_ASN1_NULL))
-                        {
-                        ASN1_TYPE_free(a->parameter);
-                        if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
-                        a->parameter->type=V_ASN1_NULL;
-                        }
-                ASN1_OBJECT_free(a->algorithm);
-                a->algorithm=OBJ_nid2obj(type->pkey_type);
-                if (a->algorithm == NULL)
-                        {
-                        ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
-                        goto err;
-                        }
-                if (a->algorithm->length == 0)
+                int def_nid;
+                if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
+                        type = EVP_get_digestbynid(def_nid);
+                }
+
+        if (type == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_NO_DEFAULT_DIGEST);
+                return 0;
+                }
+
+        if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
+                {
+                if (!pkey->ameth ||
+                        !OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type),
+                                                pkey->ameth->pkey_id))
                         {
-                        ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
-                        goto err;
+                        ASN1err(ASN1_F_ASN1_ITEM_SIGN,
+                                ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+                        return 0;
                         }
                 }
+        else
+                signid = type->pkey_type;
+
+        if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
+                paramtype = V_ASN1_NULL;
+        else
+                paramtype = V_ASN1_UNDEF;
+
+        if (algor1)
+                X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);
+        if (algor2)
+                X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);
+
+        EVP_MD_CTX_init(&ctx);
         inl=ASN1_item_i2d(asn,&buf_in, it);
         outll=outl=EVP_PKEY_size(pkey);
         buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
@@ -267,12 +270,7 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
                 goto err;
                 }
 
-        if (!EVP_SignInit_ex(&ctx,type, NULL))
-                {
-                outl=0;
-                ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB);
-                goto err;
-                }
+        EVP_SignInit_ex(&ctx,type, NULL);
         EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
         if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
                         (unsigned int *)&outl,pkey))
diff --git a/src/lib/libcrypto/asn1/a_strnid.c b/src/lib/libcrypto/asn1/a_strnid.c
index fe515b52ba..753021a7a2 100644
--- a/src/lib/libcrypto/asn1/a_strnid.c
+++ b/src/lib/libcrypto/asn1/a_strnid.c
@@ -67,7 +67,6 @@ static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
 static void st_free(ASN1_STRING_TABLE *tbl);
 static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
                         const ASN1_STRING_TABLE * const *b);
-static int table_cmp(const void *a, const void *b);
 
 
 /* This is the global mask for the mbstring functions: this is use to
@@ -158,7 +157,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
 
 /* This table must be kept in NID order */
 
-static ASN1_STRING_TABLE tbl_standard[] = {
+static const ASN1_STRING_TABLE tbl_standard[] = {
 {NID_commonName,                1, ub_common_name, DIRSTRING_TYPE, 0},
 {NID_countryName,               2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
 {NID_localityName,              1, ub_locality_name, DIRSTRING_TYPE, 0},
@@ -186,22 +185,23 @@ static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
         return (*a)->nid - (*b)->nid;
 }
 
-static int table_cmp(const void *a, const void *b)
+DECLARE_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table);
+
+static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b)
 {
-        const ASN1_STRING_TABLE *sa = a, *sb = b;
-        return sa->nid - sb->nid;
+        return a->nid - b->nid;
 }
 
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table);
+
 ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
 {
         int idx;
         ASN1_STRING_TABLE *ttmp;
         ASN1_STRING_TABLE fnd;
         fnd.nid = nid;
-        ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd,
-                                        (char *)tbl_standard, 
-                        sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
-                        sizeof(ASN1_STRING_TABLE), table_cmp);
+        ttmp = OBJ_bsearch_table(&fnd, tbl_standard, 
+                           sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE));
         if(ttmp) return ttmp;
         if(!stable) return NULL;
         idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
diff --git a/src/lib/libcrypto/asn1/a_time.c b/src/lib/libcrypto/asn1/a_time.c
index 159681fbcb..e2eb9b243e 100644
--- a/src/lib/libcrypto/asn1/a_time.c
+++ b/src/lib/libcrypto/asn1/a_time.c
@@ -100,18 +100,29 @@ int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
 
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
         {
+        return ASN1_TIME_adj(s, t, 0, 0);
+        }
+
+ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
+                                int offset_day, long offset_sec)
+        {
         struct tm *ts;
         struct tm data;
 
         ts=OPENSSL_gmtime(&t,&data);
         if (ts == NULL)
                 {
-                ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME);
+                ASN1err(ASN1_F_ASN1_TIME_ADJ, ASN1_R_ERROR_GETTING_TIME);
                 return NULL;
                 }
+        if (offset_day || offset_sec)
+                { 
+                if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
+                        return NULL;
+                }
         if((ts->tm_year >= 50) && (ts->tm_year < 150))
-                                        return ASN1_UTCTIME_set(s, t);
-        return ASN1_GENERALIZEDTIME_set(s,t);
+                        return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec);
+        return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
         }
 
 int ASN1_TIME_check(ASN1_TIME *t)
@@ -162,3 +173,26 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE
 
         return ret;
         }
+
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
+        {
+        ASN1_TIME t;
+
+        t.length = strlen(str);
+        t.data = (unsigned char *)str;
+        t.flags = 0;
+        
+        t.type = V_ASN1_UTCTIME;
+
+        if (!ASN1_TIME_check(&t))
+                {
+                t.type = V_ASN1_GENERALIZEDTIME;
+                if (!ASN1_TIME_check(&t))
+                        return 0;
+                }
+        
+        if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
+                        return 0;
+
+        return 1;
+        }
diff --git a/src/lib/libcrypto/asn1/a_type.c b/src/lib/libcrypto/asn1/a_type.c
index 36beceacdb..a45d2f9d12 100644
--- a/src/lib/libcrypto/asn1/a_type.c
+++ b/src/lib/libcrypto/asn1/a_type.c
@@ -77,7 +77,10 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
                 ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
                 }
         a->type=type;
-        a->value.ptr=value;
+        if (type == V_ASN1_BOOLEAN)
+                a->value.boolean = value ? 0xff : 0;
+        else
+                a->value.ptr=value;
         }
 
 int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
@@ -98,7 +101,7 @@ int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
         else
                 {
                 ASN1_STRING *sdup;
-                sdup = ASN1_STRING_dup((ASN1_STRING *)value);
+                sdup = ASN1_STRING_dup(value);
                 if (!sdup)
                         return 0;
                 ASN1_TYPE_set(a, type, sdup);
@@ -108,3 +111,49 @@ int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
 
 IMPLEMENT_STACK_OF(ASN1_TYPE)
 IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
+
+/* Returns 0 if they are equal, != 0 otherwise. */
+int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b)
+        {
+        int result = -1;
+
+        if (!a || !b || a->type != b->type) return -1;
+
+        switch (a->type)
+                {
+        case V_ASN1_OBJECT:
+                result = OBJ_cmp(a->value.object, b->value.object);
+                break;
+        case V_ASN1_NULL:
+                result = 0;     /* They do not have content. */
+                break;
+        case V_ASN1_INTEGER:
+        case V_ASN1_NEG_INTEGER:
+        case V_ASN1_ENUMERATED:
+        case V_ASN1_NEG_ENUMERATED:
+        case V_ASN1_BIT_STRING:
+        case V_ASN1_OCTET_STRING:
+        case V_ASN1_SEQUENCE:
+        case V_ASN1_SET:
+        case V_ASN1_NUMERICSTRING:
+        case V_ASN1_PRINTABLESTRING:
+        case V_ASN1_T61STRING:
+        case V_ASN1_VIDEOTEXSTRING:
+        case V_ASN1_IA5STRING:
+        case V_ASN1_UTCTIME:
+        case V_ASN1_GENERALIZEDTIME:
+        case V_ASN1_GRAPHICSTRING:
+        case V_ASN1_VISIBLESTRING:
+        case V_ASN1_GENERALSTRING:
+        case V_ASN1_UNIVERSALSTRING:
+        case V_ASN1_BMPSTRING:
+        case V_ASN1_UTF8STRING:
+        case V_ASN1_OTHER:
+        default:
+                result = ASN1_STRING_cmp((ASN1_STRING *) a->value.ptr,
+                                         (ASN1_STRING *) b->value.ptr);
+                break;
+                }
+
+        return result;
+        }
diff --git a/src/lib/libcrypto/asn1/a_utctm.c b/src/lib/libcrypto/asn1/a_utctm.c
index d31c028193..072e236592 100644
--- a/src/lib/libcrypto/asn1/a_utctm.c
+++ b/src/lib/libcrypto/asn1/a_utctm.c
@@ -114,8 +114,8 @@ err:
 
 int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
         {
-        static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
-        static int max[8]={99,12,31,23,59,59,12,59};
+        static const int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
+        static const int max[8]={99,12,31,23,59,59,12,59};
         char *a;
         int n,i,l,o;
 
@@ -186,6 +186,12 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
 
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
         {
+        return ASN1_UTCTIME_adj(s, t, 0, 0);
+        }
+
+ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
+                                int offset_day, long offset_sec)
+        {
         char *p;
         struct tm *ts;
         struct tm data;
@@ -200,13 +206,22 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
         if (ts == NULL)
                 return(NULL);
 
+        if (offset_day || offset_sec)
+                { 
+                if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
+                        return NULL;
+                }
+
+        if((ts->tm_year < 50) || (ts->tm_year >= 150))
+                return NULL;
+
         p=(char *)s->data;
         if ((p == NULL) || ((size_t)s->length < len))
                 {
                 p=OPENSSL_malloc(len);
                 if (p == NULL)
                         {
-                        ASN1err(ASN1_F_ASN1_UTCTIME_SET,ERR_R_MALLOC_FAILURE);
+                        ASN1err(ASN1_F_ASN1_UTCTIME_ADJ,ERR_R_MALLOC_FAILURE);
                         return(NULL);
                         }
                 if (s->data != NULL)
diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c
index da3efaaf8d..cecdb13c70 100644
--- a/src/lib/libcrypto/asn1/a_verify.c
+++ b/src/lib/libcrypto/asn1/a_verify.c
@@ -60,6 +60,7 @@
 #include <time.h>
 
 #include "cryptlib.h"
+#include "asn1_locl.h"
 
 #ifndef NO_SYS_TYPES_H
 # include <sys/types.h>
@@ -100,12 +101,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
         p=buf_in;
 
         i2d(data,&p);
-        if (!EVP_VerifyInit_ex(&ctx,type, NULL))
-                {
-                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
-                ret=0;
-                goto err;
-                }
+        EVP_VerifyInit_ex(&ctx,type, NULL);
         EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
 
         OPENSSL_cleanse(buf_in,(unsigned int)inl);
@@ -134,19 +130,34 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
              void *asn, EVP_PKEY *pkey)
         {
         EVP_MD_CTX ctx;
-        const EVP_MD *type;
+        const EVP_MD *type = NULL;
         unsigned char *buf_in=NULL;
-        int ret= -1,i,inl;
+        int ret= -1,inl;
+
+        int mdnid, pknid;
 
         EVP_MD_CTX_init(&ctx);
-        i=OBJ_obj2nid(a->algorithm);
-        type=EVP_get_digestbyname(OBJ_nid2sn(i));
+
+        /* Convert signature OID into digest and public key OIDs */
+        if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid))
+                {
+                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
+                goto err;
+                }
+        type=EVP_get_digestbynid(mdnid);
         if (type == NULL)
                 {
                 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
                 goto err;
                 }
 
+        /* Check public key OID matches public key type */
+        if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id)
+                {
+                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE);
+                goto err;
+                }
+
         if (!EVP_VerifyInit_ex(&ctx,type, NULL))
                 {
                 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h
index e3385226d4..f7718b5a94 100644
--- a/src/lib/libcrypto/asn1/asn1.h
+++ b/src/lib/libcrypto/asn1/asn1.h
@@ -213,7 +213,7 @@ typedef struct asn1_object_st
         const char *sn,*ln;
         int nid;
         int length;
-        unsigned char *data;
+        const unsigned char *data;      /* data remains const after init */
         int flags;      /* Should we free this one */
         } ASN1_OBJECT;
 
@@ -228,8 +228,12 @@ typedef struct asn1_object_st
  * complete and is a place holder for content when it had all been 
  * accessed. The flag will be reset when content has been written to it.
  */
-#define ASN1_STRING_FLAG_CONT 0x020 
 
+#define ASN1_STRING_FLAG_CONT 0x020 
+/* This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING
+ * type.
+ */
+#define ASN1_STRING_FLAG_MSTRING 0x040 
 /* This is the base type that holds just about everything :-) */
 typedef struct asn1_string_st
         {
@@ -330,6 +334,13 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;
         type *name##_new(void); \
         void name##_free(type *a);
 
+#define DECLARE_ASN1_PRINT_FUNCTION(stname) \
+        DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname)
+
+#define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \
+        int fname##_print_ctx(BIO *out, stname *x, int indent, \
+                                         const ASN1_PCTX *pctx);
+
 #define D2I_OF(type) type *(*)(type **,const unsigned char **,long)
 #define I2D_OF(type) int (*)(type *,unsigned char **)
 #define I2D_OF_const(type) int (*)(const type *,unsigned char **)
@@ -534,28 +545,23 @@ typedef struct asn1_type_st
                  * contain the set or sequence bytes */
                 ASN1_STRING *           set;
                 ASN1_STRING *           sequence;
-                ASN1_VALUE  *           asn1_value;
+                ASN1_VALUE *            asn1_value;
                 } value;
         } ASN1_TYPE;
 
 DECLARE_STACK_OF(ASN1_TYPE)
 DECLARE_ASN1_SET_OF(ASN1_TYPE)
 
-typedef struct asn1_method_st
-        {
-        i2d_of_void *i2d;
-        d2i_of_void *d2i;
-        void *(*create)(void);
-        void (*destroy)(void *);
-        } ASN1_METHOD;
-
-/* This is used when parsing some Netscape objects */
-typedef struct asn1_header_st
+typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;
+
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY)
+
+typedef struct NETSCAPE_X509_st
         {
         ASN1_OCTET_STRING *header;
-        void *data;
-        ASN1_METHOD *meth;
-        } ASN1_HEADER;
+        X509 *cert;
+        } NETSCAPE_X509;
 
 /* This is used to contain a list of bit names */
 typedef struct BIT_STRING_BITNAME_st {
@@ -575,32 +581,34 @@ typedef struct BIT_STRING_BITNAME_st {
                 ASN1_STRING_type_new(V_ASN1_BIT_STRING)
 #define M_ASN1_BIT_STRING_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
 #define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\
-                ASN1_STRING_dup((ASN1_STRING *)a)
+                ASN1_STRING_dup((const ASN1_STRING *)a)
 #define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\
-                (ASN1_STRING *)a,(ASN1_STRING *)b)
+                (const ASN1_STRING *)a,(const ASN1_STRING *)b)
 #define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
 
 #define M_ASN1_INTEGER_new()    (ASN1_INTEGER *)\
                 ASN1_STRING_type_new(V_ASN1_INTEGER)
 #define M_ASN1_INTEGER_free(a)          ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)\
+                ASN1_STRING_dup((const ASN1_STRING *)a)
 #define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\
-                (ASN1_STRING *)a,(ASN1_STRING *)b)
+                (const ASN1_STRING *)a,(const ASN1_STRING *)b)
 
 #define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\
                 ASN1_STRING_type_new(V_ASN1_ENUMERATED)
 #define M_ASN1_ENUMERATED_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)\
+                ASN1_STRING_dup((const ASN1_STRING *)a)
 #define M_ASN1_ENUMERATED_cmp(a,b)      ASN1_STRING_cmp(\
-                (ASN1_STRING *)a,(ASN1_STRING *)b)
+                (const ASN1_STRING *)a,(const ASN1_STRING *)b)
 
 #define M_ASN1_OCTET_STRING_new()       (ASN1_OCTET_STRING *)\
                 ASN1_STRING_type_new(V_ASN1_OCTET_STRING)
 #define M_ASN1_OCTET_STRING_free(a)     ASN1_STRING_free((ASN1_STRING *)a)
 #define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\
-                ASN1_STRING_dup((ASN1_STRING *)a)
+                ASN1_STRING_dup((const ASN1_STRING *)a)
 #define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\
-                (ASN1_STRING *)a,(ASN1_STRING *)b)
+                (const ASN1_STRING *)a,(const ASN1_STRING *)b)
 #define M_ASN1_OCTET_STRING_set(a,b,c)  ASN1_STRING_set((ASN1_STRING *)a,b,c)
 #define M_ASN1_OCTET_STRING_print(a,b)  ASN1_STRING_print(a,(ASN1_STRING *)b)
 #define M_i2d_ASN1_OCTET_STRING(a,pp) \
@@ -684,7 +692,7 @@ typedef struct BIT_STRING_BITNAME_st {
                 ASN1_STRING_type_new(V_ASN1_IA5STRING)
 #define M_ASN1_IA5STRING_free(a)        ASN1_STRING_free((ASN1_STRING *)a)
 #define M_ASN1_IA5STRING_dup(a) \
-                        (ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a)
+                (ASN1_IA5STRING *)ASN1_STRING_dup((const ASN1_STRING *)a)
 #define M_i2d_ASN1_IA5STRING(a,pp) \
                 i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\
                         V_ASN1_UNIVERSAL)
@@ -695,18 +703,20 @@ typedef struct BIT_STRING_BITNAME_st {
 #define M_ASN1_UTCTIME_new()    (ASN1_UTCTIME *)\
                 ASN1_STRING_type_new(V_ASN1_UTCTIME)
 #define M_ASN1_UTCTIME_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)\
+                ASN1_STRING_dup((const ASN1_STRING *)a)
 
 #define M_ASN1_GENERALIZEDTIME_new()    (ASN1_GENERALIZEDTIME *)\
                 ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME)
 #define M_ASN1_GENERALIZEDTIME_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
 #define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\
-        (ASN1_STRING *)a)
+        (const ASN1_STRING *)a)
 
 #define M_ASN1_TIME_new()       (ASN1_TIME *)\
                 ASN1_STRING_type_new(V_ASN1_UTCTIME)
 #define M_ASN1_TIME_free(a)     ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_TIME_dup(a) (ASN1_TIME *)\
+        ASN1_STRING_dup((const ASN1_STRING *)a)
 
 #define M_ASN1_GENERALSTRING_new()      (ASN1_GENERALSTRING *)\
                 ASN1_STRING_type_new(V_ASN1_GENERALSTRING)
@@ -767,6 +777,7 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
 int ASN1_TYPE_get(ASN1_TYPE *a);
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
 int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
+int            ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b);
 
 ASN1_OBJECT *   ASN1_OBJECT_new(void );
 void            ASN1_OBJECT_free(ASN1_OBJECT *a);
@@ -783,14 +794,15 @@ DECLARE_ASN1_SET_OF(ASN1_OBJECT)
 
 ASN1_STRING *   ASN1_STRING_new(void);
 void            ASN1_STRING_free(ASN1_STRING *a);
-ASN1_STRING *   ASN1_STRING_dup(ASN1_STRING *a);
+int             ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str);
+ASN1_STRING *   ASN1_STRING_dup(const ASN1_STRING *a);
 ASN1_STRING *   ASN1_STRING_type_new(int type );
-int             ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
+int             ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b);
   /* Since this is used to store all sorts of things, via macros, for now, make
      its data void * */
 int             ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
 void            ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
-int ASN1_STRING_length(ASN1_STRING *x);
+int ASN1_STRING_length(const ASN1_STRING *x);
 void ASN1_STRING_length_set(ASN1_STRING *x, int n);
 int ASN1_STRING_type(ASN1_STRING *x);
 unsigned char * ASN1_STRING_data(ASN1_STRING *x);
@@ -803,6 +815,8 @@ int		ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
                         int length );
 int             ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
 int             ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
+int            ASN1_BIT_STRING_check(ASN1_BIT_STRING *a,
+                                     unsigned char *flags, int flags_len);
 
 #ifndef OPENSSL_NO_BIO
 int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
@@ -821,13 +835,15 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,const unsigned char **pp,
                         long length);
 ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,const unsigned char **pp,
                         long length);
-ASN1_INTEGER *  ASN1_INTEGER_dup(ASN1_INTEGER *x);
-int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);
+ASN1_INTEGER *  ASN1_INTEGER_dup(const ASN1_INTEGER *x);
+int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y);
 
 DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
 
 int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
+ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
+                                int offset_day, long offset_sec);
 int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
 #if 0
@@ -836,11 +852,13 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
 
 int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
+             time_t t, int offset_day, long offset_sec);
 int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);
 
 DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
-ASN1_OCTET_STRING *     ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a);
-int     ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b);
+ASN1_OCTET_STRING *     ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a);
+int     ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, const ASN1_OCTET_STRING *b);
 int     ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len);
 
 DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
@@ -867,14 +885,20 @@ DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
 DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)
 
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
+ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s,time_t t,
+                                int offset_day, long offset_sec);
 int ASN1_TIME_check(ASN1_TIME *t);
 ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
 
-int i2d_ASN1_SET(STACK *a, unsigned char **pp,
-                 i2d_of_void *i2d, int ex_tag, int ex_class, int is_set);
-STACK * d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
-                     d2i_of_void *d2i, void (*free_func)(void *),
-                     int ex_tag, int ex_class);
+int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
+                 i2d_of_void *i2d, int ex_tag, int ex_class,
+                 int is_set);
+STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
+                              const unsigned char **pp,
+                              long length, d2i_of_void *d2i,
+                              void (*free_func)(OPENSSL_BLOCK), int ex_tag,
+                              int ex_class);
 
 #ifndef OPENSSL_NO_BIO
 int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
@@ -892,9 +916,9 @@ ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,
         const char *sn, const char *ln);
 
 int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
-long ASN1_INTEGER_get(ASN1_INTEGER *a);
-ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
-BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);
+long ASN1_INTEGER_get(const ASN1_INTEGER *a);
+ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
+BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai,BIGNUM *bn);
 
 int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
 long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a);
@@ -928,7 +952,7 @@ int ASN1_put_eoc(unsigned char **pp);
 int ASN1_object_size(int constructed, int length, int tag);
 
 /* Used to implement other functions */
-void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x);
+void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x);
 
 #define ASN1_dup_of(type,i2d,d2i,x) \
     ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
@@ -999,29 +1023,23 @@ int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x);
                   CHECKED_PTR_OF(const type, x)))
 
 int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
-int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
-int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
-int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
-int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);
+int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a);
+int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a);
+int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a);
+int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v);
 int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
+int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
+                                unsigned char *buf, int off);
 int ASN1_parse(BIO *bp,const unsigned char *pp,long len,int indent);
 int ASN1_parse_dump(BIO *bp,const unsigned char *pp,long len,int indent,int dump);
 #endif
 const char *ASN1_tag2str(int tag);
 
-/* Used to load and write netscape format cert/key */
-int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp);
-ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,const unsigned char **pp, long length);
-ASN1_HEADER *ASN1_HEADER_new(void );
-void ASN1_HEADER_free(ASN1_HEADER *a);
+/* Used to load and write netscape format cert */
 
-int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_X509)
 
-/* Not used that much at this point, except for the first two */
-ASN1_METHOD *X509_asn1_meth(void);
-ASN1_METHOD *RSAPrivateKey_asn1_meth(void);
-ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void);
-ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void);
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
 
 int ASN1_TYPE_set_octetstring(ASN1_TYPE *a,
         unsigned char *data, int len);
@@ -1032,9 +1050,9 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
 int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
         unsigned char *data, int max_len);
 
-STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
-                       d2i_of_void *d2i, void (*free_func)(void *));
-unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d,
+STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
+                                 d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK));
+unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
                              unsigned char **buf, int *len );
 void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i);
 void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
@@ -1077,15 +1095,58 @@ void ASN1_add_oid_module(void);
 ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
 ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
 
-typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
-                                        const ASN1_ITEM *it);
-
-int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+/* ASN1 Print flags */
+
+/* Indicate missing OPTIONAL fields */
+#define ASN1_PCTX_FLAGS_SHOW_ABSENT             0x001   
+/* Mark start and end of SEQUENCE */
+#define ASN1_PCTX_FLAGS_SHOW_SEQUENCE           0x002
+/* Mark start and end of SEQUENCE/SET OF */
+#define ASN1_PCTX_FLAGS_SHOW_SSOF               0x004
+/* Show the ASN1 type of primitives */
+#define ASN1_PCTX_FLAGS_SHOW_TYPE               0x008
+/* Don't show ASN1 type of ANY */
+#define ASN1_PCTX_FLAGS_NO_ANY_TYPE             0x010
+/* Don't show ASN1 type of MSTRINGs */
+#define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE         0x020
+/* Don't show field names in SEQUENCE */
+#define ASN1_PCTX_FLAGS_NO_FIELD_NAME           0x040
+/* Show structure names of each SEQUENCE field */
+#define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME  0x080
+/* Don't show structure name even at top level */
+#define ASN1_PCTX_FLAGS_NO_STRUCT_NAME          0x100
+
+int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
+                                const ASN1_ITEM *it, const ASN1_PCTX *pctx);
+ASN1_PCTX *ASN1_PCTX_new(void);
+void ASN1_PCTX_free(ASN1_PCTX *p);
+unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p);
+void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p);
+void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p);
+void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p);
+void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p);
+void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags);
+
+BIO_METHOD *BIO_f_asn1(void);
+
+BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it);
+
+int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                                const ASN1_ITEM *it);
+int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                                const char *hdr,
+                                const ASN1_ITEM *it);
+int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
                                 int ctype_nid, int econt_nid,
                                 STACK_OF(X509_ALGOR) *mdalgs,
-                                asn1_output_data_fn *data_fn,
                                 const ASN1_ITEM *it);
 ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
+int SMIME_text(BIO *in, BIO *out);
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -1116,6 +1177,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_ENUMERATED_TO_BN                     113
 #define ASN1_F_ASN1_EX_C2I                               204
 #define ASN1_F_ASN1_FIND_END                             190
+#define ASN1_F_ASN1_GENERALIZEDTIME_ADJ                  216
 #define ASN1_F_ASN1_GENERALIZEDTIME_SET                  185
 #define ASN1_F_ASN1_GENERATE_V3                          178
 #define ASN1_F_ASN1_GET_OBJECT                           114
@@ -1136,7 +1198,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_ITEM_VERIFY                          197
 #define ASN1_F_ASN1_MBSTRING_NCOPY                       122
 #define ASN1_F_ASN1_OBJECT_NEW                           123
-#define ASN1_F_ASN1_OUTPUT_DATA                          207
+#define ASN1_F_ASN1_OUTPUT_DATA                          214
 #define ASN1_F_ASN1_PACK_STRING                          124
 #define ASN1_F_ASN1_PCTX_NEW                             205
 #define ASN1_F_ASN1_PKCS5_PBE_SET                        125
@@ -1150,14 +1212,17 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_TEMPLATE_EX_D2I                      132
 #define ASN1_F_ASN1_TEMPLATE_NEW                         133
 #define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I                   131
+#define ASN1_F_ASN1_TIME_ADJ                             217
 #define ASN1_F_ASN1_TIME_SET                             175
 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING             134
 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING                 135
 #define ASN1_F_ASN1_UNPACK_STRING                        136
+#define ASN1_F_ASN1_UTCTIME_ADJ                          218
 #define ASN1_F_ASN1_UTCTIME_SET                          187
 #define ASN1_F_ASN1_VERIFY                               137
-#define ASN1_F_B64_READ_ASN1                             208
-#define ASN1_F_B64_WRITE_ASN1                            209
+#define ASN1_F_B64_READ_ASN1                             209
+#define ASN1_F_B64_WRITE_ASN1                            210
+#define ASN1_F_BIO_NEW_NDEF                              208
 #define ASN1_F_BITSTR_CB                                 180
 #define ASN1_F_BN_TO_ASN1_ENUMERATED                     138
 #define ASN1_F_BN_TO_ASN1_INTEGER                        139
@@ -1176,6 +1241,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_D2I_ASN1_TYPE_BYTES                       149
 #define ASN1_F_D2I_ASN1_UINTEGER                         150
 #define ASN1_F_D2I_ASN1_UTCTIME                          151
+#define ASN1_F_D2I_AUTOPRIVATEKEY                        207
 #define ASN1_F_D2I_NETSCAPE_RSA                          152
 #define ASN1_F_D2I_NETSCAPE_RSA_2                        153
 #define ASN1_F_D2I_PRIVATEKEY                            154
@@ -1185,6 +1251,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_D2I_X509                                  156
 #define ASN1_F_D2I_X509_CINF                             157
 #define ASN1_F_D2I_X509_PKEY                             159
+#define ASN1_F_I2D_ASN1_BIO_STREAM                       211
 #define ASN1_F_I2D_ASN1_SET                              188
 #define ASN1_F_I2D_ASN1_TIME                             160
 #define ASN1_F_I2D_DSA_PUBKEY                            161
@@ -1196,10 +1263,11 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_LONG_C2I                                  166
 #define ASN1_F_OID_MODULE_INIT                           174
 #define ASN1_F_PARSE_TAGGING                             182
-#define ASN1_F_PKCS5_PBE2_SET                            167
+#define ASN1_F_PKCS5_PBE2_SET_IV                         167
 #define ASN1_F_PKCS5_PBE_SET                             202
-#define ASN1_F_SMIME_READ_ASN1                           210
-#define ASN1_F_SMIME_TEXT                                211
+#define ASN1_F_PKCS5_PBE_SET0_ALGOR                      215
+#define ASN1_F_SMIME_READ_ASN1                           212
+#define ASN1_F_SMIME_TEXT                                213
 #define ASN1_F_X509_CINF_NEW                             168
 #define ASN1_F_X509_CRL_ADD0_REVOKED                     169
 #define ASN1_F_X509_INFO_NEW                             170
@@ -1211,14 +1279,14 @@ void ERR_load_ASN1_strings(void);
 
 /* Reason codes. */
 #define ASN1_R_ADDING_OBJECT                             171
-#define ASN1_R_ASN1_PARSE_ERROR                          198
-#define ASN1_R_ASN1_SIG_PARSE_ERROR                      199
+#define ASN1_R_ASN1_PARSE_ERROR                          203
+#define ASN1_R_ASN1_SIG_PARSE_ERROR                      204
 #define ASN1_R_AUX_ERROR                                 100
 #define ASN1_R_BAD_CLASS                                 101
 #define ASN1_R_BAD_OBJECT_HEADER                         102
 #define ASN1_R_BAD_PASSWORD_READ                         103
 #define ASN1_R_BAD_TAG                                   104
-#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH                 210
+#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH                 214
 #define ASN1_R_BN_LIB                                    105
 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                   106
 #define ASN1_R_BUFFER_TOO_SMALL                          107
@@ -1227,6 +1295,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_DECODE_ERROR                              110
 #define ASN1_R_DECODING_ERROR                            111
 #define ASN1_R_DEPTH_EXCEEDED                            174
+#define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED         198
 #define ASN1_R_ENCODE_ERROR                              112
 #define ASN1_R_ERROR_GETTING_TIME                        173
 #define ASN1_R_ERROR_LOADING_SECTION                     172
@@ -1260,9 +1329,10 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG                128
 #define ASN1_R_INVALID_BMPSTRING_LENGTH                  129
 #define ASN1_R_INVALID_DIGIT                             130
-#define ASN1_R_INVALID_MIME_TYPE                         200
+#define ASN1_R_INVALID_MIME_TYPE                         205
 #define ASN1_R_INVALID_MODIFIER                          186
 #define ASN1_R_INVALID_NUMBER                            187
+#define ASN1_R_INVALID_OBJECT_ENCODING                   216
 #define ASN1_R_INVALID_SEPARATOR                         131
 #define ASN1_R_INVALID_TIME_FORMAT                       132
 #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH            133
@@ -1270,9 +1340,9 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_IV_TOO_LARGE                              135
 #define ASN1_R_LENGTH_ERROR                              136
 #define ASN1_R_LIST_ERROR                                188
-#define ASN1_R_MIME_NO_CONTENT_TYPE                      201
-#define ASN1_R_MIME_PARSE_ERROR                          202
-#define ASN1_R_MIME_SIG_PARSE_ERROR                      203
+#define ASN1_R_MIME_NO_CONTENT_TYPE                      206
+#define ASN1_R_MIME_PARSE_ERROR                          207
+#define ASN1_R_MIME_SIG_PARSE_ERROR                      208
 #define ASN1_R_MISSING_EOC                               137
 #define ASN1_R_MISSING_SECOND_NUMBER                     138
 #define ASN1_R_MISSING_VALUE                             189
@@ -1282,11 +1352,12 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_NON_HEX_CHARACTERS                        141
 #define ASN1_R_NOT_ASCII_FORMAT                          190
 #define ASN1_R_NOT_ENOUGH_DATA                           142
-#define ASN1_R_NO_CONTENT_TYPE                           204
+#define ASN1_R_NO_CONTENT_TYPE                           209
+#define ASN1_R_NO_DEFAULT_DIGEST                         201
 #define ASN1_R_NO_MATCHING_CHOICE_TYPE                   143
-#define ASN1_R_NO_MULTIPART_BODY_FAILURE                 205
-#define ASN1_R_NO_MULTIPART_BOUNDARY                     206
-#define ASN1_R_NO_SIG_CONTENT_TYPE                       207
+#define ASN1_R_NO_MULTIPART_BODY_FAILURE                 210
+#define ASN1_R_NO_MULTIPART_BOUNDARY                     211
+#define ASN1_R_NO_SIG_CONTENT_TYPE                       212
 #define ASN1_R_NULL_IS_WRONG_LENGTH                      144
 #define ASN1_R_OBJECT_NOT_ASCII_FORMAT                   191
 #define ASN1_R_ODD_NUMBER_OF_CHARS                       145
@@ -1296,8 +1367,8 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_SEQUENCE_NOT_CONSTRUCTED                  149
 #define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG              192
 #define ASN1_R_SHORT_LINE                                150
-#define ASN1_R_SIG_INVALID_MIME_TYPE                     208
-#define ASN1_R_STREAMING_NOT_SUPPORTED                   209
+#define ASN1_R_SIG_INVALID_MIME_TYPE                     213
+#define ASN1_R_STREAMING_NOT_SUPPORTED                   202
 #define ASN1_R_STRING_TOO_LONG                           151
 #define ASN1_R_STRING_TOO_SHORT                          152
 #define ASN1_R_TAG_VALUE_TOO_HIGH                        153
@@ -1308,11 +1379,12 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY                  157
 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY          158
 #define ASN1_R_UNEXPECTED_EOC                            159
-#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH           211
+#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH           215
 #define ASN1_R_UNKNOWN_FORMAT                            160
 #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM          161
 #define ASN1_R_UNKNOWN_OBJECT_TYPE                       162
 #define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE                   163
+#define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM               199
 #define ASN1_R_UNKNOWN_TAG                               194
 #define ASN1_R_UNKOWN_FORMAT                             195
 #define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE           164
@@ -1320,6 +1392,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM          166
 #define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE               167
 #define ASN1_R_UNSUPPORTED_TYPE                          196
+#define ASN1_R_WRONG_PUBLIC_KEY_TYPE                     200
 #define ASN1_R_WRONG_TAG                                 168
 #define ASN1_R_WRONG_TYPE                                169
 
diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c
index 5f5de98eed..6e04d08f31 100644
--- a/src/lib/libcrypto/asn1/asn1_err.c
+++ b/src/lib/libcrypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
 /* crypto/asn1/asn1_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2009 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -90,10 +90,11 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN),        "ASN1_ENUMERATED_to_BN"},
 {ERR_FUNC(ASN1_F_ASN1_EX_C2I),  "ASN1_EX_C2I"},
 {ERR_FUNC(ASN1_F_ASN1_FIND_END),        "ASN1_FIND_END"},
+{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_ADJ),     "ASN1_GENERALIZEDTIME_adj"},
 {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET),     "ASN1_GENERALIZEDTIME_set"},
 {ERR_FUNC(ASN1_F_ASN1_GENERATE_V3),     "ASN1_generate_v3"},
 {ERR_FUNC(ASN1_F_ASN1_GET_OBJECT),      "ASN1_get_object"},
-{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW),      "ASN1_HEADER_new"},
+{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW),      "ASN1_HEADER_NEW"},
 {ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"},
 {ERR_FUNC(ASN1_F_ASN1_I2D_FP),  "ASN1_i2d_fp"},
 {ERR_FUNC(ASN1_F_ASN1_INTEGER_SET),     "ASN1_INTEGER_set"},
@@ -112,7 +113,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW),      "ASN1_OBJECT_new"},
 {ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA),     "ASN1_OUTPUT_DATA"},
 {ERR_FUNC(ASN1_F_ASN1_PACK_STRING),     "ASN1_pack_string"},
-{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW),        "ASN1_PCTX_NEW"},
+{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW),        "ASN1_PCTX_new"},
 {ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET),   "ASN1_PKCS5_PBE_SET"},
 {ERR_FUNC(ASN1_F_ASN1_SEQ_PACK),        "ASN1_seq_pack"},
 {ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK),      "ASN1_seq_unpack"},
@@ -124,14 +125,17 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"},
 {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW),    "ASN1_TEMPLATE_NEW"},
 {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I),      "ASN1_TEMPLATE_NOEXP_D2I"},
+{ERR_FUNC(ASN1_F_ASN1_TIME_ADJ),        "ASN1_TIME_adj"},
 {ERR_FUNC(ASN1_F_ASN1_TIME_SET),        "ASN1_TIME_set"},
 {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING),        "ASN1_TYPE_get_int_octetstring"},
 {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING),    "ASN1_TYPE_get_octetstring"},
 {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING),   "ASN1_unpack_string"},
+{ERR_FUNC(ASN1_F_ASN1_UTCTIME_ADJ),     "ASN1_UTCTIME_adj"},
 {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET),     "ASN1_UTCTIME_set"},
 {ERR_FUNC(ASN1_F_ASN1_VERIFY),  "ASN1_verify"},
 {ERR_FUNC(ASN1_F_B64_READ_ASN1),        "B64_READ_ASN1"},
 {ERR_FUNC(ASN1_F_B64_WRITE_ASN1),       "B64_WRITE_ASN1"},
+{ERR_FUNC(ASN1_F_BIO_NEW_NDEF), "BIO_new_NDEF"},
 {ERR_FUNC(ASN1_F_BITSTR_CB),    "BITSTR_CB"},
 {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED),        "BN_to_ASN1_ENUMERATED"},
 {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER),   "BN_to_ASN1_INTEGER"},
@@ -143,13 +147,14 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN),     "d2i_ASN1_BOOLEAN"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_BYTES),       "d2i_ASN1_bytes"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME),     "D2I_ASN1_GENERALIZEDTIME"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER),      "d2i_ASN1_HEADER"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER),      "D2I_ASN1_HEADER"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER),     "D2I_ASN1_INTEGER"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT),      "d2i_ASN1_OBJECT"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES),  "d2i_ASN1_type_bytes"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER),    "d2i_ASN1_UINTEGER"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME),     "D2I_ASN1_UTCTIME"},
+{ERR_FUNC(ASN1_F_D2I_AUTOPRIVATEKEY),   "d2i_AutoPrivateKey"},
 {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA),     "d2i_Netscape_RSA"},
 {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2),   "D2I_NETSCAPE_RSA_2"},
 {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY),       "d2i_PrivateKey"},
@@ -159,6 +164,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_D2I_X509),     "D2I_X509"},
 {ERR_FUNC(ASN1_F_D2I_X509_CINF),        "D2I_X509_CINF"},
 {ERR_FUNC(ASN1_F_D2I_X509_PKEY),        "d2i_X509_PKEY"},
+{ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM),  "i2d_ASN1_bio_stream"},
 {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
 {ERR_FUNC(ASN1_F_I2D_ASN1_TIME),        "I2D_ASN1_TIME"},
 {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY),       "i2d_DSA_PUBKEY"},
@@ -170,8 +176,9 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_LONG_C2I),     "LONG_C2I"},
 {ERR_FUNC(ASN1_F_OID_MODULE_INIT),      "OID_MODULE_INIT"},
 {ERR_FUNC(ASN1_F_PARSE_TAGGING),        "PARSE_TAGGING"},
-{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET),       "PKCS5_pbe2_set"},
+{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV),    "PKCS5_pbe2_set_iv"},
 {ERR_FUNC(ASN1_F_PKCS5_PBE_SET),        "PKCS5_pbe_set"},
+{ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR), "PKCS5_pbe_set0_algor"},
 {ERR_FUNC(ASN1_F_SMIME_READ_ASN1),      "SMIME_read_ASN1"},
 {ERR_FUNC(ASN1_F_SMIME_TEXT),   "SMIME_text"},
 {ERR_FUNC(ASN1_F_X509_CINF_NEW),        "X509_CINF_NEW"},
@@ -204,6 +211,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_DECODE_ERROR)         ,"decode error"},
 {ERR_REASON(ASN1_R_DECODING_ERROR)       ,"decoding error"},
 {ERR_REASON(ASN1_R_DEPTH_EXCEEDED)       ,"depth exceeded"},
+{ERR_REASON(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED),"digest and key type not supported"},
 {ERR_REASON(ASN1_R_ENCODE_ERROR)         ,"encode error"},
 {ERR_REASON(ASN1_R_ERROR_GETTING_TIME)   ,"error getting time"},
 {ERR_REASON(ASN1_R_ERROR_LOADING_SECTION),"error loading section"},
@@ -240,6 +248,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_INVALID_MIME_TYPE)    ,"invalid mime type"},
 {ERR_REASON(ASN1_R_INVALID_MODIFIER)     ,"invalid modifier"},
 {ERR_REASON(ASN1_R_INVALID_NUMBER)       ,"invalid number"},
+{ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING),"invalid object encoding"},
 {ERR_REASON(ASN1_R_INVALID_SEPARATOR)    ,"invalid separator"},
 {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT)  ,"invalid time format"},
 {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"},
@@ -260,6 +269,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT)     ,"not ascii format"},
 {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA)      ,"not enough data"},
 {ERR_REASON(ASN1_R_NO_CONTENT_TYPE)      ,"no content type"},
+{ERR_REASON(ASN1_R_NO_DEFAULT_DIGEST)    ,"no default digest"},
 {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"},
 {ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
 {ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
@@ -290,6 +300,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
 {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE)  ,"unknown object type"},
 {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
+{ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),"unknown signature algorithm"},
 {ERR_REASON(ASN1_R_UNKNOWN_TAG)          ,"unknown tag"},
 {ERR_REASON(ASN1_R_UNKOWN_FORMAT)        ,"unkown format"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
@@ -297,6 +308,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),"unsupported public key type"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_TYPE)     ,"unsupported type"},
+{ERR_REASON(ASN1_R_WRONG_PUBLIC_KEY_TYPE),"wrong public key type"},
 {ERR_REASON(ASN1_R_WRONG_TAG)            ,"wrong tag"},
 {ERR_REASON(ASN1_R_WRONG_TYPE)           ,"wrong type"},
 {0,NULL}
diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c
index 5af559ef8d..1bcb44aee2 100644
--- a/src/lib/libcrypto/asn1/asn1_lib.c
+++ b/src/lib/libcrypto/asn1/asn1_lib.c
@@ -340,20 +340,31 @@ int asn1_GetSequence(ASN1_const_CTX *c, long *length)
         return(1);
         }
 
-ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *str)
+int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str)
         {
-        ASN1_STRING *ret;
+        if (str == NULL)
+                return 0;
+        dst->type = str->type;
+        if (!ASN1_STRING_set(dst,str->data,str->length))
+                return 0;
+        dst->flags = str->flags;
+        return 1;
+        }
 
-        if (str == NULL) return(NULL);
-        if ((ret=ASN1_STRING_type_new(str->type)) == NULL)
-                return(NULL);
-        if (!ASN1_STRING_set(ret,str->data,str->length))
+ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str)
+        {
+        ASN1_STRING *ret;
+        if (!str)
+                 return NULL;
+        ret=ASN1_STRING_new();
+        if (!ret)
+                return NULL;
+        if (!ASN1_STRING_copy(ret,str))
                 {
                 ASN1_STRING_free(ret);
-                return(NULL);
+                return NULL;
                 }
-        ret->flags = str->flags;
-        return(ret);
+        return ret;
         }
 
 int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
@@ -427,11 +438,12 @@ ASN1_STRING *ASN1_STRING_type_new(int type)
 void ASN1_STRING_free(ASN1_STRING *a)
         {
         if (a == NULL) return;
-        if (a->data != NULL) OPENSSL_free(a->data);
+        if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF))
+                OPENSSL_free(a->data);
         OPENSSL_free(a);
         }
 
-int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
+int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
         {
         int i;
 
@@ -457,7 +469,7 @@ void asn1_add_error(const unsigned char *address, int offset)
         ERR_add_error_data(4,"address=",buf1," offset=",buf2);
         }
 
-int ASN1_STRING_length(ASN1_STRING *x)
+int ASN1_STRING_length(const ASN1_STRING *x)
 { return M_ASN1_STRING_length(x); }
 
 void ASN1_STRING_length_set(ASN1_STRING *x, int len)
diff --git a/src/lib/libcrypto/asn1/asn1_mac.h b/src/lib/libcrypto/asn1/asn1_mac.h
index d958ca60d9..87bd0e9e1d 100644
--- a/src/lib/libcrypto/asn1/asn1_mac.h
+++ b/src/lib/libcrypto/asn1/asn1_mac.h
@@ -153,6 +153,13 @@ err:\
                 M_ASN1_D2I_get(b,func); \
                 }
 
+#define M_ASN1_D2I_get_int_opt(b,func,type) \
+        if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \
+                == (V_ASN1_UNIVERSAL|(type)))) \
+                { \
+                M_ASN1_D2I_get_int(b,func); \
+                }
+
 #define M_ASN1_D2I_get_imp(b,func, type) \
         M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
         c.q=c.p; \
diff --git a/src/lib/libcrypto/asn1/asn1_par.c b/src/lib/libcrypto/asn1/asn1_par.c
index 8657f73d66..aaca69aebd 100644
--- a/src/lib/libcrypto/asn1/asn1_par.c
+++ b/src/lib/libcrypto/asn1/asn1_par.c
@@ -70,9 +70,8 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
              int indent)
         {
         static const char fmt[]="%-18s";
-        static const char fmt2[]="%2d %-15s";
         char str[128];
-        const char *p,*p2=NULL;
+        const char *p;
 
         if (constructed & V_ASN1_CONSTRUCTED)
                 p="cons: ";
@@ -93,14 +92,8 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
         else
                 p = ASN1_tag2str(tag);
 
-        if (p2 != NULL)
-                {
-                if (BIO_printf(bp,fmt2,tag,p2) <= 0) goto err;
-                }
-        else
-                {
-                if (BIO_printf(bp,fmt,p) <= 0) goto err;
-                }
+        if (BIO_printf(bp,fmt,p) <= 0)
+                goto err;
         return(1);
 err:
         return(0);
@@ -246,7 +239,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse
                                 ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl);
                                 if (ii < 0)
                                         {
-                                        if (BIO_write(bp,"Bad boolean\n",12))
+                                        if (BIO_write(bp,"Bad boolean\n",12) <= 0)
                                                 goto end;
                                         }
                                 BIO_printf(bp,":%d",ii);
@@ -424,7 +417,7 @@ end:
 
 const char *ASN1_tag2str(int tag)
 {
-        static const char *tag2str[] = {
+        static const char * const tag2str[] = {
          "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */
          "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */
          "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>",      /* 10-13 */
diff --git a/src/lib/libcrypto/asn1/asn1t.h b/src/lib/libcrypto/asn1/asn1t.h
index ac14f9415b..d230e4bf70 100644
--- a/src/lib/libcrypto/asn1/asn1t.h
+++ b/src/lib/libcrypto/asn1/asn1t.h
@@ -3,7 +3,7 @@
  * project 2000.
  */
 /* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -218,6 +218,18 @@ extern "C" {
                 #stname \
         ASN1_ITEM_end(tname)
 
+#define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_NDEF_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                &tname##_aux,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
 
 /* This pair helps declare a CHOICE type. We can do:
  *
@@ -651,8 +663,13 @@ typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM
 typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
 typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
 
+typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval, 
+                                                int indent, const char *fname, 
+                                                const ASN1_PCTX *pctx);
+
 typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
 typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx);
 
 typedef struct ASN1_COMPAT_FUNCS_st {
         ASN1_new_func *asn1_new;
@@ -668,6 +685,7 @@ typedef struct ASN1_EXTERN_FUNCS_st {
         ASN1_ex_free_func *asn1_ex_clear;
         ASN1_ex_d2i *asn1_ex_d2i;
         ASN1_ex_i2d *asn1_ex_i2d;
+        ASN1_ex_print_func *asn1_ex_print;
 } ASN1_EXTERN_FUNCS;
 
 typedef struct ASN1_PRIMITIVE_FUNCS_st {
@@ -678,6 +696,7 @@ typedef struct ASN1_PRIMITIVE_FUNCS_st {
         ASN1_ex_free_func *prim_clear;
         ASN1_primitive_c2i *prim_c2i;
         ASN1_primitive_i2c *prim_i2c;
+        ASN1_primitive_print *prim_print;
 } ASN1_PRIMITIVE_FUNCS;
 
 /* This is the ASN1_AUX structure: it handles various
@@ -697,7 +716,8 @@ typedef struct ASN1_PRIMITIVE_FUNCS_st {
  * then an external type is more appropriate.
  */
 
-typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it);
+typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it,
+                                void *exarg);
 
 typedef struct ASN1_AUX_st {
         void *app_data;
@@ -708,6 +728,23 @@ typedef struct ASN1_AUX_st {
         int enc_offset;         /* Offset of ASN1_ENCODING structure */
 } ASN1_AUX;
 
+/* For print related callbacks exarg points to this structure */
+typedef struct ASN1_PRINT_ARG_st {
+        BIO *out;
+        int indent;
+        const ASN1_PCTX *pctx;
+} ASN1_PRINT_ARG;
+
+/* For streaming related callbacks exarg points to this structure */
+typedef struct ASN1_STREAM_ARG_st {
+        /* BIO to stream through */
+        BIO *out;
+        /* BIO with filters appended */
+        BIO *ndef_bio;
+        /* Streaming I/O boundary */
+        unsigned char **boundary;
+} ASN1_STREAM_ARG;
+
 /* Flags in ASN1_AUX */
 
 /* Use a reference count */
@@ -727,6 +764,12 @@ typedef struct ASN1_AUX_st {
 #define ASN1_OP_D2I_POST        5
 #define ASN1_OP_I2D_PRE         6
 #define ASN1_OP_I2D_POST        7
+#define ASN1_OP_PRINT_PRE       8
+#define ASN1_OP_PRINT_POST      9
+#define ASN1_OP_STREAM_PRE      10
+#define ASN1_OP_STREAM_POST     11
+#define ASN1_OP_DETACHED_PRE    12
+#define ASN1_OP_DETACHED_POST   13
 
 /* Macro to implement a primitive type */
 #define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
@@ -782,9 +825,22 @@ typedef struct ASN1_AUX_st {
 #define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
                         IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
 
+#define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \
+                IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname)
+
 #define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \
                 IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)
 
+#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \
+        pre stname *fname##_new(void) \
+        { \
+                return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
+        } \
+        pre void fname##_free(stname *a) \
+        { \
+                ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
+        }
+
 #define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
         stname *fname##_new(void) \
         { \
@@ -834,6 +890,17 @@ typedef struct ASN1_AUX_st {
         return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
         }
 
+#define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \
+        IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname)
+
+#define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \
+        int fname##_print_ctx(BIO *out, stname *x, int indent, \
+                                                const ASN1_PCTX *pctx) \
+        { \
+                return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \
+                        ASN1_ITEM_rptr(itname), pctx); \
+        } 
+
 #define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
                 IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
 
diff --git a/src/lib/libcrypto/asn1/asn_mime.c b/src/lib/libcrypto/asn1/asn_mime.c
index d8d9e76cc0..c1d1b12291 100644
--- a/src/lib/libcrypto/asn1/asn_mime.c
+++ b/src/lib/libcrypto/asn1/asn_mime.c
@@ -59,6 +59,7 @@
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
+#include "asn1_locl.h"
 
 /* Generalised MIME like utilities for streaming ASN1. Although many
  * have a PKCS7/CMS like flavour others are more general purpose.
@@ -86,6 +87,8 @@ STACK_OF(MIME_PARAM) *params;		/* Zero or more parameters */
 DECLARE_STACK_OF(MIME_HEADER)
 IMPLEMENT_STACK_OF(MIME_HEADER)
 
+static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+                                        const ASN1_ITEM *it);
 static char * strip_ends(char *name);
 static char * strip_start(char *name);
 static char * strip_end(char *name);
@@ -107,6 +110,39 @@ static void mime_hdr_free(MIME_HEADER *hdr);
 #define MAX_SMLEN 1024
 #define mime_debug(x) /* x */
 
+/* Output an ASN1 structure in BER format streaming if necessary */
+
+int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                                const ASN1_ITEM *it)
+        {
+        /* If streaming create stream BIO and copy all content through it */
+        if (flags & SMIME_STREAM)
+                {
+                BIO *bio, *tbio;
+                bio = BIO_new_NDEF(out, val, it);
+                if (!bio)
+                        {
+                        ASN1err(ASN1_F_I2D_ASN1_BIO_STREAM,ERR_R_MALLOC_FAILURE);
+                        return 0;
+                        }
+                SMIME_crlf_copy(in, bio, flags);
+                (void)BIO_flush(bio);
+                /* Free up successive BIOs until we hit the old output BIO */
+                do
+                        {
+                        tbio = BIO_pop(bio);
+                        BIO_free(bio);
+                        bio = tbio;
+                        } while (bio != out);
+                }
+        /* else just write out ASN1 structure which will have all content
+         * stored internally
+         */
+        else
+                ASN1_item_i2d_bio(it, out, val);
+        return 1;
+        }
+
 /* Base 64 read and write of ASN1 structure */
 
 static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
@@ -123,13 +159,26 @@ static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
         /* prepend the b64 BIO so all data is base64 encoded.
          */
         out = BIO_push(b64, out);
-        r = ASN1_item_i2d_bio(it, out, val);
+        r = i2d_ASN1_bio_stream(out, val, in, flags, it);
         (void)BIO_flush(out);
         BIO_pop(out);
         BIO_free(b64);
         return r;
         }
 
+/* Streaming ASN1 PEM write */
+
+int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                                const char *hdr,
+                                const ASN1_ITEM *it)
+        {
+        int r;
+        BIO_printf(out, "-----BEGIN %s-----\n", hdr);
+        r = B64_write_ASN1(out, val, in, flags, it);
+        BIO_printf(out, "-----END %s-----\n", hdr);
+        return r;
+        }
+
 static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
 {
         BIO *b64;
@@ -152,7 +201,8 @@ static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
 
 static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
         {
-        int i, have_unknown = 0, write_comma, md_nid;
+        const EVP_MD *md;
+        int i, have_unknown = 0, write_comma, ret = 0, md_nid;
         have_unknown = 0;
         write_comma = 0;
         for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++)
@@ -161,6 +211,21 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
                         BIO_write(out, ",", 1);
                 write_comma = 1;
                 md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
+                md = EVP_get_digestbynid(md_nid);
+                if (md && md->md_ctrl)
+                        {
+                        int rv;
+                        char *micstr;
+                        rv = md->md_ctrl(NULL, EVP_MD_CTRL_MICALG, 0, &micstr);
+                        if (rv > 0)
+                                {
+                                BIO_puts(out, micstr);
+                                OPENSSL_free(micstr);
+                                continue;
+                                }
+                        if (rv != -2)
+                                goto err;
+                        }
                 switch(md_nid)
                         {
                         case NID_sha1:
@@ -183,6 +248,11 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
                         BIO_puts(out, "sha-512");
                         break;
 
+                        case NID_id_GostR3411_94:
+                        BIO_puts(out, "gostr3411-94");
+                                goto err;
+                        break;
+
                         default:
                         if (have_unknown)
                                 write_comma = 0;
@@ -196,16 +266,18 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
                         }
                 }
 
-        return 1;
+        ret = 1;
+        err:
+
+        return ret;
 
         }
 
 /* SMIME sender */
 
-int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
                                 int ctype_nid, int econt_nid,
                                 STACK_OF(X509_ALGOR) *mdalgs,
-                                asn1_output_data_fn *data_fn,
                                 const ASN1_ITEM *it)
 {
         char bound[33], c;
@@ -243,7 +315,7 @@ int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
                                                 mime_eol, mime_eol);
                 /* Now write out the first part */
                 BIO_printf(bio, "------%s%s", bound, mime_eol);
-                if (!data_fn(bio, data, val, flags, it))
+                if (!asn1_output_data(bio, data, val, flags, it))
                         return 0;
                 BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
 
@@ -296,8 +368,6 @@ int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
         return 1;
 }
 
-#if 0
-
 /* Handle output of ASN1 data */
 
 
@@ -350,8 +420,6 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
 
         }
 
-#endif
-
 /* SMIME reader: handle multipart/signed and opaque signing.
  * in multipart case the content is placed in a memory BIO
  * pointed to by "bcont". In opaque this is set to NULL
diff --git a/src/lib/libcrypto/asn1/asn_pack.c b/src/lib/libcrypto/asn1/asn_pack.c
index f1a5a05632..ad738217d7 100644
--- a/src/lib/libcrypto/asn1/asn_pack.c
+++ b/src/lib/libcrypto/asn1/asn_pack.c
@@ -66,10 +66,10 @@
 
 /* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
 
-STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
-                       d2i_of_void *d2i,void (*free_func)(void *))
+STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
+                         d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK))
 {
-    STACK *sk;
+    STACK_OF(OPENSSL_BLOCK) *sk;
     const unsigned char *pbuf;
     pbuf =  buf;
     if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
@@ -82,7 +82,7 @@ STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
  * OPENSSL_malloc'ed buffer
  */
 
-unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d,
+unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
                              unsigned char **buf, int *len)
 {
         int safelen;
diff --git a/src/lib/libcrypto/asn1/charmap.h b/src/lib/libcrypto/asn1/charmap.h
index bd020a9562..b55e638725 100644
--- a/src/lib/libcrypto/asn1/charmap.h
+++ b/src/lib/libcrypto/asn1/charmap.h
@@ -2,7 +2,7 @@
  * Mask of various character properties
  */
 
-static unsigned char char_type[] = {
+static const unsigned char char_type[] = {
  2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
  2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
 120, 0, 1,40, 0, 0, 0,16,16,16, 0,25,25,16,16,16,
diff --git a/src/lib/libcrypto/asn1/d2i_pr.c b/src/lib/libcrypto/asn1/d2i_pr.c
index 207ccda5ac..2828944777 100644
--- a/src/lib/libcrypto/asn1/d2i_pr.c
+++ b/src/lib/libcrypto/asn1/d2i_pr.c
@@ -61,16 +61,12 @@
 #include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/asn1.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
 #endif
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include "asn1_locl.h"
 
 EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
              long length)
@@ -85,47 +81,43 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
                         return(NULL);
                         }
                 }
-        else    ret= *a;
-
-        ret->save_type=type;
-        ret->type=EVP_PKEY_type(type);
-        switch (ret->type)
+        else
                 {
-#ifndef OPENSSL_NO_RSA
-        case EVP_PKEY_RSA:
-                if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,
-                        (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
+                ret= *a;
+#ifndef OPENSSL_NO_ENGINE
+                if (ret->engine)
                         {
-                        ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
-                        goto err;
+                        ENGINE_finish(ret->engine);
+                        ret->engine = NULL;
                         }
-                break;
 #endif
-#ifndef OPENSSL_NO_DSA
-        case EVP_PKEY_DSA:
-                if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,
-                        (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
+                }
+
+        if (!EVP_PKEY_set_type(ret, type))
+                {
+                ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+                goto err;
+                }
+
+        if (!ret->ameth->old_priv_decode ||
+                        !ret->ameth->old_priv_decode(ret, pp, length))
+                {
+                if (ret->ameth->priv_decode) 
                         {
-                        ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
-                        goto err;
-                        }
-                break;
-#endif
-#ifndef OPENSSL_NO_EC
-        case EVP_PKEY_EC:
-                if ((ret->pkey.ec = d2i_ECPrivateKey(NULL, 
-                        (const unsigned char **)pp, length)) == NULL)
+                        PKCS8_PRIV_KEY_INFO *p8=NULL;
+                        p8=d2i_PKCS8_PRIV_KEY_INFO(NULL,pp,length);
+                        if (!p8) goto err;
+                        EVP_PKEY_free(ret);
+                        ret = EVP_PKCS82PKEY(p8);
+                        PKCS8_PRIV_KEY_INFO_free(p8);
+
+                        } 
+                else 
                         {
-                        ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
+                        ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
                         goto err;
                         }
-                break;
-#endif
-        default:
-                ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
-                goto err;
-                /* break; */
-                }
+                }       
         if (a != NULL) (*a)=ret;
         return(ret);
 err:
@@ -146,8 +138,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
          * by analyzing it we can determine the passed structure: this
          * assumes the input is surrounded by an ASN1 SEQUENCE.
          */
-        inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE, 
-                        ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+        inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
         /* Since we only need to discern "traditional format" RSA and DSA
          * keys we can just count the elements.
          */
@@ -155,6 +146,24 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
                 keytype = EVP_PKEY_DSA;
         else if (sk_ASN1_TYPE_num(inkey) == 4)
                 keytype = EVP_PKEY_EC;
+        else if (sk_ASN1_TYPE_num(inkey) == 3)  
+                { /* This seems to be PKCS8, not traditional format */
+                        PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL,pp,length);
+                        EVP_PKEY *ret;
+
+                        sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
+                        if (!p8) 
+                                {
+                                ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+                                return NULL;
+                                }
+                        ret = EVP_PKCS82PKEY(p8);
+                        PKCS8_PRIV_KEY_INFO_free(p8);
+                        if (a) {
+                                *a = ret;
+                        }       
+                        return ret;
+                }
         else keytype = EVP_PKEY_RSA;
         sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
         return d2i_PrivateKey(keytype, a, pp, length);
diff --git a/src/lib/libcrypto/asn1/d2i_pu.c b/src/lib/libcrypto/asn1/d2i_pu.c
index 3694f51a8c..c8f39ceb03 100644
--- a/src/lib/libcrypto/asn1/d2i_pu.c
+++ b/src/lib/libcrypto/asn1/d2i_pu.c
@@ -87,9 +87,13 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
                 }
         else    ret= *a;
 
-        ret->save_type=type;
-        ret->type=EVP_PKEY_type(type);
-        switch (ret->type)
+        if (!EVP_PKEY_set_type(ret, type))
+                {
+                ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB);
+                goto err;
+                }
+
+        switch (EVP_PKEY_id(ret))
                 {
 #ifndef OPENSSL_NO_RSA
         case EVP_PKEY_RSA:
diff --git a/src/lib/libcrypto/asn1/f.c b/src/lib/libcrypto/asn1/f.c
deleted file mode 100644
index 82bccdfd51..0000000000
--- a/src/lib/libcrypto/asn1/f.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/* crypto/asn1/f.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include <openssl/asn1.h>
-#include <openssl/err.h>
-
-main()
-        {
-        ASN1_TYPE *at;
-        char buf[512];
-        int n;
-        long l;
-
-        at=ASN1_TYPE_new();
-
-        n=ASN1_TYPE_set_int_octetstring(at,98736,"01234567",8);
-        printf("%d\n",n);
-        n=ASN1_TYPE_get_int_octetstring(at,&l,buf,8);
-        buf[8]='\0';
-        printf("%ld %d %d\n",l,n,buf[8]);
-        buf[8]='\0';
-        printf("%s\n",buf);
-        ERR_load_crypto_strings();
-        ERR_print_errors_fp(stderr);
-        }
diff --git a/src/lib/libcrypto/asn1/i2d_pr.c b/src/lib/libcrypto/asn1/i2d_pr.c
index 0be52c5b76..e398b62666 100644
--- a/src/lib/libcrypto/asn1/i2d_pr.c
+++ b/src/lib/libcrypto/asn1/i2d_pr.c
@@ -58,41 +58,22 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/bn.h>
 #include <openssl/evp.h>
-#include <openssl/objects.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
+#include <openssl/x509.h>
+#include "asn1_locl.h"
 
 int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
         {
-#ifndef OPENSSL_NO_RSA
-        if (a->type == EVP_PKEY_RSA)
+        if (a->ameth && a->ameth->old_priv_encode)
                 {
-                return(i2d_RSAPrivateKey(a->pkey.rsa,pp));
+                return a->ameth->old_priv_encode(a, pp);
                 }
-        else
-#endif
-#ifndef OPENSSL_NO_DSA
-        if (a->type == EVP_PKEY_DSA)
-                {
-                return(i2d_DSAPrivateKey(a->pkey.dsa,pp));
-                }
-#endif
-#ifndef OPENSSL_NO_EC
-        if (a->type == EVP_PKEY_EC)
-                {
-                return(i2d_ECPrivateKey(a->pkey.ec, pp));
-                }
-#endif
-
+        if (a->ameth && a->ameth->priv_encode) {
+                PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a);
+                int ret = i2d_PKCS8_PRIV_KEY_INFO(p8,pp);
+                PKCS8_PRIV_KEY_INFO_free(p8);
+                return ret;
+        }       
         ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
         return(-1);
         }
diff --git a/src/lib/libcrypto/asn1/nsseq.c b/src/lib/libcrypto/asn1/nsseq.c
index e551c57d59..b8c4202230 100644
--- a/src/lib/libcrypto/asn1/nsseq.c
+++ b/src/lib/libcrypto/asn1/nsseq.c
@@ -3,7 +3,7 @@
  * project 1999.
  */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -62,7 +62,8 @@
 #include <openssl/x509.h>
 #include <openssl/objects.h>
 
-static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                        void *exarg)
 {
         if(operation == ASN1_OP_NEW_POST) {
                 NETSCAPE_CERT_SEQUENCE *nsseq;
diff --git a/src/lib/libcrypto/asn1/p5_pbe.c b/src/lib/libcrypto/asn1/p5_pbe.c
index c4582f8041..94bc38b99f 100644
--- a/src/lib/libcrypto/asn1/p5_pbe.c
+++ b/src/lib/libcrypto/asn1/p5_pbe.c
@@ -71,61 +71,78 @@ ASN1_SEQUENCE(PBEPARAM) = {
 
 IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
 
-/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
 
-X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
-             int saltlen)
-{
+/* Set an algorithm identifier for a PKCS#5 PBE algorithm */
+
+int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
+                                const unsigned char *salt, int saltlen)
+        {
         PBEPARAM *pbe=NULL;
-        ASN1_OBJECT *al;
-        X509_ALGOR *algor;
-        ASN1_TYPE *astype=NULL;
+        ASN1_STRING *pbe_str=NULL;
+        unsigned char *sstr;
 
-        if (!(pbe = PBEPARAM_new ())) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+        pbe = PBEPARAM_new();
+        if (!pbe)
+                {
+                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
                 goto err;
-        }
-        if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
-        if (!ASN1_INTEGER_set(pbe->iter, iter)) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+                }
+        if(iter <= 0)
+                iter = PKCS5_DEFAULT_ITER;
+        if (!ASN1_INTEGER_set(pbe->iter, iter))
+                {
+                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
                 goto err;
-        }
-        if (!saltlen) saltlen = PKCS5_SALT_LEN;
-        if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+                }
+        if (!saltlen)
+                saltlen = PKCS5_SALT_LEN;
+        if (!ASN1_STRING_set(pbe->salt, NULL, saltlen))
+                {
+                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
                 goto err;
-        }
-        pbe->salt->length = saltlen;
-        if (salt) memcpy (pbe->salt->data, salt, saltlen);
-        else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0)
+                }
+        sstr = ASN1_STRING_data(pbe->salt);
+        if (salt)
+                memcpy(sstr, salt, saltlen);
+        else if (RAND_pseudo_bytes(sstr, saltlen) < 0)
                 goto err;
 
-        if (!(astype = ASN1_TYPE_new())) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+        if(!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str))
+                {
+                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
                 goto err;
-        }
+                }
 
-        astype->type = V_ASN1_SEQUENCE;
-        if(!ASN1_pack_string_of(PBEPARAM, pbe, i2d_PBEPARAM,
-                                &astype->value.sequence)) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        PBEPARAM_free (pbe);
+        PBEPARAM_free(pbe);
         pbe = NULL;
-        
-        al = OBJ_nid2obj(alg); /* never need to free al */
-        if (!(algor = X509_ALGOR_new())) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        ASN1_OBJECT_free(algor->algorithm);
-        algor->algorithm = al;
-        algor->parameter = astype;
 
-        return (algor);
+        if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str))
+                return 1;
+
 err:
-        if (pbe != NULL) PBEPARAM_free(pbe);
-        if (astype != NULL) ASN1_TYPE_free(astype);
+        if (pbe != NULL)
+                PBEPARAM_free(pbe);
+        if (pbe_str != NULL)
+                ASN1_STRING_free(pbe_str);
+        return 0;
+        }
+
+/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
+
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
+                                const unsigned char *salt, int saltlen)
+        {
+        X509_ALGOR *ret;
+        ret = X509_ALGOR_new();
+        if (!ret)
+                {
+                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+
+        if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen)) 
+                return ret;
+
+        X509_ALGOR_free(ret);
         return NULL;
-}
+        }
diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c
index 2b0516afee..cb49b6651d 100644
--- a/src/lib/libcrypto/asn1/p5_pbev2.c
+++ b/src/lib/libcrypto/asn1/p5_pbev2.c
@@ -82,10 +82,13 @@ IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
 
 /* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
  * yes I know this is horrible!
+ *
+ * Extended version to allow application supplied PRF NID and IV.
  */
 
-X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
-                                 unsigned char *salt, int saltlen)
+X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
+                                 unsigned char *salt, int saltlen,
+                                 unsigned char *aiv, int prf_nid)
 {
         X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
         int alg_nid;
@@ -98,7 +101,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
 
         alg_nid = EVP_CIPHER_type(cipher);
         if(alg_nid == NID_undef) {
-                ASN1err(ASN1_F_PKCS5_PBE2_SET,
+                ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
                                 ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
                 goto err;
         }
@@ -113,20 +116,33 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
         if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
 
         /* Create random IV */
-        if (EVP_CIPHER_iv_length(cipher) &&
-                RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
-                goto err;
+        if (EVP_CIPHER_iv_length(cipher))
+                {
+                if (aiv)
+                        memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
+                else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+                        goto err;
+                }
 
         EVP_CIPHER_CTX_init(&ctx);
 
-        /* Dummy cipherinit to just setup the IV */
+        /* Dummy cipherinit to just setup the IV, and PRF */
         EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
         if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
-                ASN1err(ASN1_F_PKCS5_PBE2_SET,
+                ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
                                         ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
                 EVP_CIPHER_CTX_cleanup(&ctx);
                 goto err;
         }
+        /* If prf NID unspecified see if cipher has a preference.
+         * An error is OK here: just means use default PRF.
+         */
+        if ((prf_nid == -1) && 
+        EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0)
+                {
+                ERR_clear_error();
+                prf_nid = NID_hmacWithSHA1;
+                }
         EVP_CIPHER_CTX_cleanup(&ctx);
 
         if(!(kdf = PBKDF2PARAM_new())) goto merr;
@@ -154,7 +170,15 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
                                  EVP_CIPHER_key_length(cipher))) goto merr;
         }
 
-        /* prf can stay NULL because we are using hmacWithSHA1 */
+        /* prf can stay NULL if we are using hmacWithSHA1 */
+        if (prf_nid != NID_hmacWithSHA1)
+                {
+                kdf->prf = X509_ALGOR_new();
+                if (!kdf->prf)
+                        goto merr;
+                X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
+                                        V_ASN1_NULL, NULL);
+                }
 
         /* Now setup the PBE2PARAM keyfunc structure */
 
@@ -164,7 +188,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
 
         if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr;
 
-        if(!ASN1_pack_string_of(PBKDF2PARAM, kdf, i2d_PBKDF2PARAM,
+        if(!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
                          &pbe2->keyfunc->parameter->value.sequence)) goto merr;
         pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;
 
@@ -180,7 +204,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
 
         /* Encode PBE2PARAM into parameter */
 
-        if(!ASN1_pack_string_of(PBE2PARAM, pbe2, i2d_PBE2PARAM,
+        if(!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM),
                                  &ret->parameter->value.sequence)) goto merr;
         ret->parameter->type = V_ASN1_SEQUENCE;
 
@@ -190,7 +214,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
         return ret;
 
         merr:
-        ASN1err(ASN1_F_PKCS5_PBE2_SET,ERR_R_MALLOC_FAILURE);
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,ERR_R_MALLOC_FAILURE);
 
         err:
         PBE2PARAM_free(pbe2);
@@ -203,3 +227,9 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
         return NULL;
 
 }
+
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+                                 unsigned char *salt, int saltlen)
+        {
+        return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
+        }
diff --git a/src/lib/libcrypto/asn1/p8_key.c b/src/lib/libcrypto/asn1/p8_key.c
deleted file mode 100644
index 3a31248e14..0000000000
--- a/src/lib/libcrypto/asn1/p8_key.c
+++ /dev/null
@@ -1,131 +0,0 @@
-/* crypto/asn1/p8_key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1_mac.h>
-#include <openssl/objects.h>
-
-int i2d_X509_KEY(X509 *a, unsigned char **pp)
-        {
-        M_ASN1_I2D_vars(a);
-
-        M_ASN1_I2D_len(a->cert_info,    i2d_X509_CINF);
-        M_ASN1_I2D_len(a->sig_alg,      i2d_X509_ALGOR);
-        M_ASN1_I2D_len(a->signature,    i2d_ASN1_BIT_STRING);
-
-        M_ASN1_I2D_seq_total();
-
-        M_ASN1_I2D_put(a->cert_info,    i2d_X509_CINF);
-        M_ASN1_I2D_put(a->sig_alg,      i2d_X509_ALGOR);
-        M_ASN1_I2D_put(a->signature,    i2d_ASN1_BIT_STRING);
-
-        M_ASN1_I2D_finish();
-        }
-
-X509 *d2i_X509_KEY(X509 **a, unsigned char **pp, long length)
-        {
-        M_ASN1_D2I_vars(a,X509 *,X509_new);
-
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF);
-        M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
-        M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
-        M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509);
-        }
-
-X509 *X509_KEY_new(void)
-        {
-        X509_KEY *ret=NULL;
-
-        M_ASN1_New_OPENSSL_malloc(ret,X509_KEY);
-        ret->references=1;
-        ret->type=NID
-        M_ASN1_New(ret->cert_info,X509_CINF_new);
-        M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
-        M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_X509_NEW);
-        }
-
-void X509_KEY_free(X509 *a)
-        {
-        int i;
-
-        if (a == NULL) return;
-
-        i=CRYPTO_add_lock(&a->references,-1,CRYPTO_LOCK_X509_KEY);
-#ifdef REF_PRINT
-        REF_PRINT("X509_KEY",a);
-#endif
-        if (i > 0) return;
-#ifdef REF_CHECK
-        if (i < 0)
-                {
-                fprintf(stderr,"X509_KEY_free, bad reference count\n");
-                abort();
-                }
-#endif
-
-        X509_CINF_free(a->cert_info);
-        X509_ALGOR_free(a->sig_alg);
-        ASN1_BIT_STRING_free(a->signature);
-        OPENSSL_free(a);
-        }
-
diff --git a/src/lib/libcrypto/asn1/p8_pkey.c b/src/lib/libcrypto/asn1/p8_pkey.c
index 0a1957556e..17b68d386d 100644
--- a/src/lib/libcrypto/asn1/p8_pkey.c
+++ b/src/lib/libcrypto/asn1/p8_pkey.c
@@ -3,7 +3,7 @@
  * project 1999.
  */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -62,7 +62,8 @@
 #include <openssl/x509.h>
 
 /* Minor tweak to operation: zero private key data */
-static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                        void *exarg)
 {
         /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
         if(operation == ASN1_OP_FREE_PRE) {
@@ -82,3 +83,73 @@ ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
 } ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
 
 IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
+
+int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
+                                        int version,
+                                        int ptype, void *pval,
+                                        unsigned char *penc, int penclen)
+        {
+        unsigned char **ppenc = NULL;
+        if (version >= 0)
+                {
+                if (!ASN1_INTEGER_set(priv->version, version))
+                        return 0;
+                }
+        if (penc)
+                {
+                int pmtype;
+                ASN1_OCTET_STRING *oct;
+                oct = ASN1_OCTET_STRING_new();
+                if (!oct)
+                        return 0;
+                oct->data = penc;
+                ppenc = &oct->data;
+                oct->length = penclen;
+                if (priv->broken == PKCS8_NO_OCTET)
+                        pmtype = V_ASN1_SEQUENCE;
+                else
+                        pmtype = V_ASN1_OCTET_STRING;
+                ASN1_TYPE_set(priv->pkey, pmtype, oct);
+                }
+        if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval))
+                {
+                /* If call fails do not swallow 'enc' */
+                if (ppenc)
+                        *ppenc = NULL;
+                return 0;
+                }
+        return 1;
+        }
+
+int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
+                const unsigned char **pk, int *ppklen,
+                X509_ALGOR **pa,
+                PKCS8_PRIV_KEY_INFO *p8)
+        {
+        if (ppkalg)
+                *ppkalg = p8->pkeyalg->algorithm;
+        if(p8->pkey->type == V_ASN1_OCTET_STRING)
+                {
+                p8->broken = PKCS8_OK;
+                if (pk)
+                        {
+                        *pk = p8->pkey->value.octet_string->data;
+                        *ppklen = p8->pkey->value.octet_string->length;
+                        }
+                }
+        else if (p8->pkey->type == V_ASN1_SEQUENCE)
+                {
+                p8->broken = PKCS8_NO_OCTET;
+                if (pk)
+                        {
+                        *pk = p8->pkey->value.sequence->data;
+                        *ppklen = p8->pkey->value.sequence->length;
+                        }
+                }
+        else
+                return 0;
+        if (pa)
+                *pa = p8->pkeyalg;
+        return 1;
+        }
+
diff --git a/src/lib/libcrypto/asn1/t_pkey.c b/src/lib/libcrypto/asn1/t_pkey.c
index afb95d6712..9dd18f6579 100644
--- a/src/lib/libcrypto/asn1/t_pkey.c
+++ b/src/lib/libcrypto/asn1/t_pkey.c
@@ -55,520 +55,15 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Binary polynomial ECC support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
 
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 #include <openssl/bn.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
-
-static int print(BIO *fp,const char *str, const BIGNUM *num,
-                unsigned char *buf,int off);
-#ifndef OPENSSL_NO_EC
-static int print_bin(BIO *fp, const char *str, const unsigned char *num,
-                size_t len, int off);
-#endif
-#ifndef OPENSSL_NO_RSA
-#ifndef OPENSSL_NO_FP_API
-int RSA_print_fp(FILE *fp, const RSA *x, int off)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=RSA_print(b,x,off);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int RSA_print(BIO *bp, const RSA *x, int off)
-        {
-        char str[128];
-        const char *s;
-        unsigned char *m=NULL;
-        int ret=0, mod_len = 0;
-        size_t buf_len=0, i;
-
-        if (x->n)
-                buf_len = (size_t)BN_num_bytes(x->n);
-        if (x->e)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->e)))
-                        buf_len = i;
-        if (x->d)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->d)))
-                        buf_len = i;
-        if (x->p)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->p)))
-                        buf_len = i;
-        if (x->q)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
-                        buf_len = i;
-        if (x->dmp1)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1)))
-                        buf_len = i;
-        if (x->dmq1)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1)))
-                        buf_len = i;
-        if (x->iqmp)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp)))
-                        buf_len = i;
-
-        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
-        if (m == NULL)
-                {
-                RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        if (x->n != NULL)
-                mod_len = BN_num_bits(x->n);
-
-        if (x->d != NULL)
-                {
-                if(!BIO_indent(bp,off,128))
-                   goto err;
-                if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len)
-                        <= 0) goto err;
-                }
-
-        if (x->d == NULL)
-                BIO_snprintf(str,sizeof str,"Modulus (%d bit):", mod_len);
-        else
-                BUF_strlcpy(str,"modulus:",sizeof str);
-        if (!print(bp,str,x->n,m,off)) goto err;
-        s=(x->d == NULL)?"Exponent:":"publicExponent:";
-        if ((x->e != NULL) && !print(bp,s,x->e,m,off))
-                goto err;
-        if ((x->d != NULL) && !print(bp,"privateExponent:",x->d,m,off))
-                goto err;
-        if ((x->p != NULL) && !print(bp,"prime1:",x->p,m,off))
-                goto err;
-        if ((x->q != NULL) && !print(bp,"prime2:",x->q,m,off))
-                goto err;
-        if ((x->dmp1 != NULL) && !print(bp,"exponent1:",x->dmp1,m,off))
-                goto err;
-        if ((x->dmq1 != NULL) && !print(bp,"exponent2:",x->dmq1,m,off))
-                goto err;
-        if ((x->iqmp != NULL) && !print(bp,"coefficient:",x->iqmp,m,off))
-                goto err;
-        ret=1;
-err:
-        if (m != NULL) OPENSSL_free(m);
-        return(ret);
-        }
-#endif /* OPENSSL_NO_RSA */
-
-#ifndef OPENSSL_NO_DSA
-#ifndef OPENSSL_NO_FP_API
-int DSA_print_fp(FILE *fp, const DSA *x, int off)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=DSA_print(b,x,off);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int DSA_print(BIO *bp, const DSA *x, int off)
-        {
-        unsigned char *m=NULL;
-        int ret=0;
-        size_t buf_len=0,i;
-
-        if (x->p)
-                buf_len = (size_t)BN_num_bytes(x->p);
-        else
-                {
-                DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS);
-                goto err;
-                }
-        if (x->q)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
-                        buf_len = i;
-        if (x->g)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
-                        buf_len = i;
-        if (x->priv_key)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key)))
-                        buf_len = i;
-        if (x->pub_key)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key)))
-                        buf_len = i;
-
-        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
-        if (m == NULL)
-                {
-                DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        if (x->priv_key != NULL)
-                {
-                if(!BIO_indent(bp,off,128))
-                   goto err;
-                if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p))
-                        <= 0) goto err;
-                }
-
-        if ((x->priv_key != NULL) && !print(bp,"priv:",x->priv_key,m,off))
-                goto err;
-        if ((x->pub_key  != NULL) && !print(bp,"pub: ",x->pub_key,m,off))
-                goto err;
-        if ((x->p != NULL) && !print(bp,"P:   ",x->p,m,off)) goto err;
-        if ((x->q != NULL) && !print(bp,"Q:   ",x->q,m,off)) goto err;
-        if ((x->g != NULL) && !print(bp,"G:   ",x->g,m,off)) goto err;
-        ret=1;
-err:
-        if (m != NULL) OPENSSL_free(m);
-        return(ret);
-        }
-#endif /* !OPENSSL_NO_DSA */
-
-#ifndef OPENSSL_NO_EC
-#ifndef OPENSSL_NO_FP_API
-int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                ECerr(EC_F_ECPKPARAMETERS_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b, fp, BIO_NOCLOSE);
-        ret = ECPKParameters_print(b, x, off);
-        BIO_free(b);
-        return(ret);
-        }
-
-int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off)
-        {
-        BIO *b;
-        int ret;
- 
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB);
-                return(0);
-                }
-        BIO_set_fp(b, fp, BIO_NOCLOSE);
-        ret = EC_KEY_print(b, x, off);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
-        {
-        unsigned char *buffer=NULL;
-        size_t  buf_len=0, i;
-        int     ret=0, reason=ERR_R_BIO_LIB;
-        BN_CTX  *ctx=NULL;
-        const EC_POINT *point=NULL;
-        BIGNUM  *p=NULL, *a=NULL, *b=NULL, *gen=NULL,
-                *order=NULL, *cofactor=NULL;
-        const unsigned char *seed;
-        size_t  seed_len=0;
-        
-        static const char *gen_compressed = "Generator (compressed):";
-        static const char *gen_uncompressed = "Generator (uncompressed):";
-        static const char *gen_hybrid = "Generator (hybrid):";
- 
-        if (!x)
-                {
-                reason = ERR_R_PASSED_NULL_PARAMETER;
-                goto err;
-                }
-
-        if (EC_GROUP_get_asn1_flag(x))
-                {
-                /* the curve parameter are given by an asn1 OID */
-                int nid;
-
-                if (!BIO_indent(bp, off, 128))
-                        goto err;
-
-                nid = EC_GROUP_get_curve_name(x);
-                if (nid == 0)
-                        goto err;
-
-                if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)
-                        goto err;
-                if (BIO_printf(bp, "\n") <= 0)
-                        goto err;
-                }
-        else
-                {
-                /* explicit parameters */
-                int is_char_two = 0;
-                point_conversion_form_t form;
-                int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x));
-
-                if (tmp_nid == NID_X9_62_characteristic_two_field)
-                        is_char_two = 1;
-
-                if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
-                        (b = BN_new()) == NULL || (order = BN_new()) == NULL ||
-                        (cofactor = BN_new()) == NULL)
-                        {
-                        reason = ERR_R_MALLOC_FAILURE;
-                        goto err;
-                        }
-
-                if (is_char_two)
-                        {
-                        if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx))
-                                {
-                                reason = ERR_R_EC_LIB;
-                                goto err;
-                                }
-                        }
-                else /* prime field */
-                        {
-                        if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx))
-                                {
-                                reason = ERR_R_EC_LIB;
-                                goto err;
-                                }
-                        }
-
-                if ((point = EC_GROUP_get0_generator(x)) == NULL)
-                        {
-                        reason = ERR_R_EC_LIB;
-                        goto err;
-                        }
-                if (!EC_GROUP_get_order(x, order, NULL) || 
-                        !EC_GROUP_get_cofactor(x, cofactor, NULL))
-                        {
-                        reason = ERR_R_EC_LIB;
-                        goto err;
-                        }
-                
-                form = EC_GROUP_get_point_conversion_form(x);
-
-                if ((gen = EC_POINT_point2bn(x, point, 
-                                form, NULL, ctx)) == NULL)
-                        {
-                        reason = ERR_R_EC_LIB;
-                        goto err;
-                        }
-
-                buf_len = (size_t)BN_num_bytes(p);
-                if (buf_len < (i = (size_t)BN_num_bytes(a)))
-                        buf_len = i;
-                if (buf_len < (i = (size_t)BN_num_bytes(b)))
-                        buf_len = i;
-                if (buf_len < (i = (size_t)BN_num_bytes(gen)))
-                        buf_len = i;
-                if (buf_len < (i = (size_t)BN_num_bytes(order)))
-                        buf_len = i;
-                if (buf_len < (i = (size_t)BN_num_bytes(cofactor))) 
-                        buf_len = i;
-
-                if ((seed = EC_GROUP_get0_seed(x)) != NULL)
-                        seed_len = EC_GROUP_get_seed_len(x);
-
-                buf_len += 10;
-                if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
-                        {
-                        reason = ERR_R_MALLOC_FAILURE;
-                        goto err;
-                        }
-
-                if (!BIO_indent(bp, off, 128))
-                        goto err;
-
-                /* print the 'short name' of the field type */
-                if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid))
-                        <= 0)
-                        goto err;  
-
-                if (is_char_two)
-                        {
-                        /* print the 'short name' of the base type OID */
-                        int basis_type = EC_GROUP_get_basis_type(x);
-                        if (basis_type == 0)
-                                goto err;
-
-                        if (!BIO_indent(bp, off, 128))
-                                goto err;
-
-                        if (BIO_printf(bp, "Basis Type: %s\n", 
-                                OBJ_nid2sn(basis_type)) <= 0)
-                                goto err;
-
-                        /* print the polynomial */
-                        if ((p != NULL) && !print(bp, "Polynomial:", p, buffer,
-                                off))
-                                goto err;
-                        }
-                else
-                        {
-                        if ((p != NULL) && !print(bp, "Prime:", p, buffer,off))
-                                goto err;
-                        }
-                if ((a != NULL) && !print(bp, "A:   ", a, buffer, off)) 
-                        goto err;
-                if ((b != NULL) && !print(bp, "B:   ", b, buffer, off))
-                        goto err;
-                if (form == POINT_CONVERSION_COMPRESSED)
-                        {
-                        if ((gen != NULL) && !print(bp, gen_compressed, gen,
-                                buffer, off))
-                                goto err;
-                        }
-                else if (form == POINT_CONVERSION_UNCOMPRESSED)
-                        {
-                        if ((gen != NULL) && !print(bp, gen_uncompressed, gen,
-                                buffer, off))
-                                goto err;
-                        }
-                else /* form == POINT_CONVERSION_HYBRID */
-                        {
-                        if ((gen != NULL) && !print(bp, gen_hybrid, gen,
-                                buffer, off))
-                                goto err;
-                        }
-                if ((order != NULL) && !print(bp, "Order: ", order, 
-                        buffer, off)) goto err;
-                if ((cofactor != NULL) && !print(bp, "Cofactor: ", cofactor, 
-                        buffer, off)) goto err;
-                if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
-                        goto err;
-                }
-        ret=1;
-err:
-        if (!ret)
-                ECerr(EC_F_ECPKPARAMETERS_PRINT, reason);
-        if (p) 
-                BN_free(p);
-        if (a) 
-                BN_free(a);
-        if (b)
-                BN_free(b);
-        if (gen)
-                BN_free(gen);
-        if (order)
-                BN_free(order);
-        if (cofactor)
-                BN_free(cofactor);
-        if (ctx)
-                BN_CTX_free(ctx);
-        if (buffer != NULL) 
-                OPENSSL_free(buffer);
-        return(ret);    
-        }
 
-int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
-        {
-        unsigned char *buffer=NULL;
-        size_t  buf_len=0, i;
-        int     ret=0, reason=ERR_R_BIO_LIB;
-        BIGNUM  *pub_key=NULL, *order=NULL;
-        BN_CTX  *ctx=NULL;
-        const EC_GROUP *group;
-        const EC_POINT *public_key;
-        const BIGNUM *priv_key;
- 
-        if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL)
-                {
-                reason = ERR_R_PASSED_NULL_PARAMETER;
-                goto err;
-                }
-
-        public_key = EC_KEY_get0_public_key(x);
-        if ((pub_key = EC_POINT_point2bn(group, public_key,
-                EC_KEY_get_conv_form(x), NULL, ctx)) == NULL)
-                {
-                reason = ERR_R_EC_LIB;
-                goto err;
-                }
-
-        buf_len = (size_t)BN_num_bytes(pub_key);
-        priv_key = EC_KEY_get0_private_key(x);
-        if (priv_key != NULL)
-                {
-                if ((i = (size_t)BN_num_bytes(priv_key)) > buf_len)
-                        buf_len = i;
-                }
-
-        buf_len += 10;
-        if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
-                {
-                reason = ERR_R_MALLOC_FAILURE;
-                goto err;
-                }
-
-        if (priv_key != NULL)
-                {
-                if (!BIO_indent(bp, off, 128))
-                        goto err;
-                if ((order = BN_new()) == NULL)
-                        goto err;
-                if (!EC_GROUP_get_order(group, order, NULL))
-                        goto err;
-                if (BIO_printf(bp, "Private-Key: (%d bit)\n", 
-                        BN_num_bits(order)) <= 0) goto err;
-                }
-  
-        if ((priv_key != NULL) && !print(bp, "priv:", priv_key, 
-                buffer, off))
-                goto err;
-        if ((pub_key != NULL) && !print(bp, "pub: ", pub_key,
-                buffer, off))
-                goto err;
-        if (!ECPKParameters_print(bp, group, off))
-                goto err;
-        ret=1;
-err:
-        if (!ret)
-                ECerr(EC_F_EC_KEY_PRINT, reason);
-        if (pub_key) 
-                BN_free(pub_key);
-        if (order)
-                BN_free(order);
-        if (ctx)
-                BN_CTX_free(ctx);
-        if (buffer != NULL)
-                OPENSSL_free(buffer);
-        return(ret);
-        }
-#endif /* OPENSSL_NO_EC */
-
-static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *buf,
-             int off)
+int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
+                        unsigned char *buf, int off)
         {
         int n,i;
         const char *neg;
@@ -617,223 +112,3 @@ static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *
                 }
         return(1);
         }
-
-#ifndef OPENSSL_NO_EC
-static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
-                size_t len, int off)
-        {
-        size_t i;
-        char str[128];
-
-        if (buf == NULL)
-                return 1;
-        if (off)
-                {
-                if (off > 128)
-                        off=128;
-                memset(str,' ',off);
-                if (BIO_write(fp, str, off) <= 0)
-                        return 0;
-                }
-
-        if (BIO_printf(fp,"%s", name) <= 0)
-                return 0;
-
-        for (i=0; i<len; i++)
-                {
-                if ((i%15) == 0)
-                        {
-                        str[0]='\n';
-                        memset(&(str[1]),' ',off+4);
-                        if (BIO_write(fp, str, off+1+4) <= 0)
-                                return 0;
-                        }
-                if (BIO_printf(fp,"%02x%s",buf[i],((i+1) == len)?"":":") <= 0)
-                        return 0;
-                }
-        if (BIO_write(fp,"\n",1) <= 0)
-                return 0;
-
-        return 1;
-        }
-#endif
-
-#ifndef OPENSSL_NO_DH
-#ifndef OPENSSL_NO_FP_API
-int DHparams_print_fp(FILE *fp, const DH *x)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=DHparams_print(b, x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int DHparams_print(BIO *bp, const DH *x)
-        {
-        unsigned char *m=NULL;
-        int reason=ERR_R_BUF_LIB,ret=0;
-        size_t buf_len=0, i;
-
-        if (x->p)
-                buf_len = (size_t)BN_num_bytes(x->p);
-        else
-                {
-                reason = ERR_R_PASSED_NULL_PARAMETER;
-                goto err;
-                }
-        if (x->g)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
-                        buf_len = i;
-        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
-        if (m == NULL)
-                {
-                reason=ERR_R_MALLOC_FAILURE;
-                goto err;
-                }
-
-        if (BIO_printf(bp,"Diffie-Hellman-Parameters: (%d bit)\n",
-                BN_num_bits(x->p)) <= 0)
-                goto err;
-        if (!print(bp,"prime:",x->p,m,4)) goto err;
-        if (!print(bp,"generator:",x->g,m,4)) goto err;
-        if (x->length != 0)
-                {
-                if (BIO_printf(bp,"    recommended-private-length: %d bits\n",
-                        (int)x->length) <= 0) goto err;
-                }
-        ret=1;
-        if (0)
-                {
-err:
-                DHerr(DH_F_DHPARAMS_PRINT,reason);
-                }
-        if (m != NULL) OPENSSL_free(m);
-        return(ret);
-        }
-#endif
-
-#ifndef OPENSSL_NO_DSA
-#ifndef OPENSSL_NO_FP_API
-int DSAparams_print_fp(FILE *fp, const DSA *x)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=DSAparams_print(b, x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int DSAparams_print(BIO *bp, const DSA *x)
-        {
-        unsigned char *m=NULL;
-        int ret=0;
-        size_t buf_len=0,i;
-
-        if (x->p)
-                buf_len = (size_t)BN_num_bytes(x->p);
-        else
-                {
-                DSAerr(DSA_F_DSAPARAMS_PRINT,DSA_R_MISSING_PARAMETERS);
-                goto err;
-                }
-        if (x->q)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
-                        buf_len = i;
-        if (x->g)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
-                        buf_len = i;
-        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
-        if (m == NULL)
-                {
-                DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        if (BIO_printf(bp,"DSA-Parameters: (%d bit)\n",
-                BN_num_bits(x->p)) <= 0)
-                goto err;
-        if (!print(bp,"p:",x->p,m,4)) goto err;
-        if ((x->q != NULL) && !print(bp,"q:",x->q,m,4)) goto err;
-        if ((x->g != NULL) && !print(bp,"g:",x->g,m,4)) goto err;
-        ret=1;
-err:
-        if (m != NULL) OPENSSL_free(m);
-        return(ret);
-        }
-
-#endif /* !OPENSSL_NO_DSA */
-
-#ifndef OPENSSL_NO_EC
-#ifndef OPENSSL_NO_FP_API
-int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
-        {
-        BIO *b;
-        int ret;
- 
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);
-                return(0);
-                }
-        BIO_set_fp(b, fp, BIO_NOCLOSE);
-        ret = ECParameters_print(b, x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int ECParameters_print(BIO *bp, const EC_KEY *x)
-        {
-        int     reason=ERR_R_EC_LIB, ret=0;
-        BIGNUM  *order=NULL;
-        const EC_GROUP *group;
- 
-        if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL)
-                {
-                reason = ERR_R_PASSED_NULL_PARAMETER;;
-                goto err;
-                }
-
-        if ((order = BN_new()) == NULL)
-                {
-                reason = ERR_R_MALLOC_FAILURE;
-                goto err;
-                }
-
-        if (!EC_GROUP_get_order(group, order, NULL))
-                {
-                reason = ERR_R_EC_LIB;
-                goto err;
-                }
- 
-        if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n", 
-                BN_num_bits(order)) <= 0)
-                goto err;
-        if (!ECPKParameters_print(bp, group, 4))
-                goto err;
-        ret=1;
-err:
-        if (order)
-                BN_free(order);
-        ECerr(EC_F_ECPARAMETERS_PRINT, reason);
-        return(ret);
-        }
-  
-#endif
diff --git a/src/lib/libcrypto/asn1/t_req.c b/src/lib/libcrypto/asn1/t_req.c
index 5557e06584..ea1794e3e0 100644
--- a/src/lib/libcrypto/asn1/t_req.c
+++ b/src/lib/libcrypto/asn1/t_req.c
@@ -149,34 +149,10 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long
                         ERR_print_errors(bp);
                         }
                 else
-#ifndef OPENSSL_NO_RSA
-                if (pkey->type == EVP_PKEY_RSA)
-                        {
-                        BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
-                        BN_num_bits(pkey->pkey.rsa->n));
-                        RSA_print(bp,pkey->pkey.rsa,16);
-                        }
-                else
-#endif
-#ifndef OPENSSL_NO_DSA
-                if (pkey->type == EVP_PKEY_DSA)
                         {
-                        BIO_printf(bp,"%12sDSA Public Key:\n","");
-                        DSA_print(bp,pkey->pkey.dsa,16);
+                        EVP_PKEY_print_public(bp, pkey, 16, NULL);
+                        EVP_PKEY_free(pkey);
                         }
-                else
-#endif
-#ifndef OPENSSL_NO_EC
-                if (pkey->type == EVP_PKEY_EC)
-                {
-                        BIO_printf(bp, "%12sEC Public Key: \n","");
-                        EC_KEY_print(bp, pkey->pkey.ec, 16);
-                }
-        else
-#endif
-                        BIO_printf(bp,"%12sUnknown Public Key:\n","");
-
-                EVP_PKEY_free(pkey);
                 }
 
         if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
diff --git a/src/lib/libcrypto/asn1/t_spki.c b/src/lib/libcrypto/asn1/t_spki.c
index a73369b949..079c081a81 100644
--- a/src/lib/libcrypto/asn1/t_spki.c
+++ b/src/lib/libcrypto/asn1/t_spki.c
@@ -82,36 +82,11 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
                                 (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
         pkey = X509_PUBKEY_get(spki->spkac->pubkey);
         if(!pkey) BIO_printf(out, "  Unable to load public key\n");
-        else {
-#ifndef OPENSSL_NO_RSA
-                if (pkey->type == EVP_PKEY_RSA)
-                        {
-                        BIO_printf(out,"  RSA Public Key: (%d bit)\n",
-                                BN_num_bits(pkey->pkey.rsa->n));
-                        RSA_print(out,pkey->pkey.rsa,2);
-                        }
-                else 
-#endif
-#ifndef OPENSSL_NO_DSA
-                if (pkey->type == EVP_PKEY_DSA)
-                {
-                BIO_printf(out,"  DSA Public Key:\n");
-                DSA_print(out,pkey->pkey.dsa,2);
-                }
-                else
-#endif
-#ifndef OPENSSL_NO_EC
-                if (pkey->type == EVP_PKEY_EC)
+        else
                 {
-                        BIO_printf(out, "  EC Public Key:\n");
-                        EC_KEY_print(out, pkey->pkey.ec,2);
-                }
-                else
-#endif
-
-                        BIO_printf(out,"  Unknown Public Key:\n");
+                EVP_PKEY_print_public(out, pkey, 4, NULL);
                 EVP_PKEY_free(pkey);
-        }
+                }
         chal = spki->spkac->challenge;
         if(chal->length)
                 BIO_printf(out, "  Challenge String: %s\n", chal->data);
diff --git a/src/lib/libcrypto/asn1/t_x509.c b/src/lib/libcrypto/asn1/t_x509.c
index 8f746f9c05..e061f2ffad 100644
--- a/src/lib/libcrypto/asn1/t_x509.c
+++ b/src/lib/libcrypto/asn1/t_x509.c
@@ -111,7 +111,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
         ASN1_INTEGER *bs;
         EVP_PKEY *pkey=NULL;
         const char *neg;
-        ASN1_STRING *str=NULL;
 
         if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
                         mlch = '\n';
@@ -215,34 +214,10 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
                         ERR_print_errors(bp);
                         }
                 else
-#ifndef OPENSSL_NO_RSA
-                if (pkey->type == EVP_PKEY_RSA)
-                        {
-                        BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
-                        BN_num_bits(pkey->pkey.rsa->n));
-                        RSA_print(bp,pkey->pkey.rsa,16);
-                        }
-                else
-#endif
-#ifndef OPENSSL_NO_DSA
-                if (pkey->type == EVP_PKEY_DSA)
-                        {
-                        BIO_printf(bp,"%12sDSA Public Key:\n","");
-                        DSA_print(bp,pkey->pkey.dsa,16);
-                        }
-                else
-#endif
-#ifndef OPENSSL_NO_EC
-                if (pkey->type == EVP_PKEY_EC)
                         {
-                        BIO_printf(bp, "%12sEC Public Key:\n","");
-                        EC_KEY_print(bp, pkey->pkey.ec, 16);
+                        EVP_PKEY_print_public(bp, pkey, 16, NULL);
+                        EVP_PKEY_free(pkey);
                         }
-                else
-#endif
-                        BIO_printf(bp,"%12sUnknown Public Key:\n","");
-
-                EVP_PKEY_free(pkey);
                 }
 
         if (!(cflag & X509_FLAG_NO_EXTENSIONS))
@@ -259,7 +234,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
                 }
         ret=1;
 err:
-        if (str != NULL) ASN1_STRING_free(str);
         if (m != NULL) OPENSSL_free(m);
         return(ret);
         }
@@ -329,14 +303,15 @@ int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
         return 1;
 }
 
-int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
+int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v)
         {
         int i,n;
-        char buf[80],*p;
+        char buf[80];
+        const char *p;
 
         if (v == NULL) return(0);
         n=0;
-        p=(char *)v->data;
+        p=(const char *)v->data;
         for (i=0; i<v->length; i++)
                 {
                 if ((p[i] > '~') || ((p[i] < ' ') &&
@@ -358,7 +333,7 @@ int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
         return(1);
         }
 
-int ASN1_TIME_print(BIO *bp, ASN1_TIME *tm)
+int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
 {
         if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm);
         if(tm->type == V_ASN1_GENERALIZEDTIME)
@@ -373,12 +348,14 @@ static const char *mon[12]=
     "Jul","Aug","Sep","Oct","Nov","Dec"
     };
 
-int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm)
+int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm)
         {
         char *v;
         int gmt=0;
         int i;
         int y=0,M=0,d=0,h=0,m=0,s=0;
+        char *f = NULL;
+        int f_len = 0;
 
         i=tm->length;
         v=(char *)tm->data;
@@ -396,10 +373,21 @@ int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm)
         if (tm->length >= 14 &&
             (v[12] >= '0') && (v[12] <= '9') &&
             (v[13] >= '0') && (v[13] <= '9'))
+                {
                 s=  (v[12]-'0')*10+(v[13]-'0');
+                /* Check for fractions of seconds. */
+                if (tm->length >= 15 && v[14] == '.')
+                        {
+                        int l = tm->length;
+                        f = &v[14];     /* The decimal point. */
+                        f_len = 1;
+                        while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9')
+                                ++f_len;
+                        }
+                }
 
-        if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
-                mon[M-1],d,h,m,s,y,(gmt)?" GMT":"") <= 0)
+        if (BIO_printf(bp,"%s %2d %02d:%02d:%02d%.*s %d%s",
+                mon[M-1],d,h,m,s,f_len,f,y,(gmt)?" GMT":"") <= 0)
                 return(0);
         else
                 return(1);
@@ -408,15 +396,15 @@ err:
         return(0);
         }
 
-int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm)
+int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm)
         {
-        char *v;
+        const char *v;
         int gmt=0;
         int i;
         int y=0,M=0,d=0,h=0,m=0,s=0;
 
         i=tm->length;
-        v=(char *)tm->data;
+        v=(const char *)tm->data;
 
         if (i < 10) goto err;
         if (v[i-1] == 'Z') gmt=1;
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c
index 48bc1c0d4d..3bee439968 100644
--- a/src/lib/libcrypto/asn1/tasn_dec.c
+++ b/src/lib/libcrypto/asn1/tasn_dec.c
@@ -114,6 +114,8 @@ unsigned long ASN1_tag2bit(int tag)
 /* Macro to initialize and invalidate the cache */
 
 #define asn1_tlc_clear(c)       if (c) (c)->valid = 0
+/* Version to avoid compiler warning about 'c' always non-NULL */
+#define asn1_tlc_clear_nc(c)    (c)->valid = 0
 
 /* Decode an ASN1 item, this currently behaves just 
  * like a standard 'd2i' function. 'in' points to 
@@ -130,7 +132,7 @@ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
         ASN1_VALUE *ptmpval = NULL;
         if (!pval)
                 pval = &ptmpval;
-        c.valid = 0;
+        asn1_tlc_clear_nc(&c);
         if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
                 return *pval;
         return NULL;
@@ -140,7 +142,7 @@ int ASN1_template_d2i(ASN1_VALUE **pval,
                 const unsigned char **in, long len, const ASN1_TEMPLATE *tt)
         {
         ASN1_TLC c;
-        c.valid = 0;
+        asn1_tlc_clear_nc(&c);
         return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
         }
 
@@ -306,7 +308,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
 
 
                 case ASN1_ITYPE_CHOICE:
-                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
                                 goto auxerr;
 
                 /* Allocate structure */
@@ -356,7 +358,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
 
                 asn1_set_choice_selector(pval, i, it);
                 *in = p;
-                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
                                 goto auxerr;
                 return 1;
 
@@ -403,7 +405,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                         goto err;
                         }
 
-                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
                                 goto auxerr;
 
                 /* Get each field entry */
@@ -505,7 +507,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                 if (!asn1_enc_save(pval, *in, p - *in, it))
                         goto auxerr;
                 *in = p;
-                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
                                 goto auxerr;
                 return 1;
 
@@ -665,11 +667,12 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
                 else
                         {
                         /* We've got a valid STACK: free up any items present */
-                        STACK *sktmp = (STACK *)*val;
+                        STACK_OF(ASN1_VALUE) *sktmp
+                            = (STACK_OF(ASN1_VALUE) *)*val;
                         ASN1_VALUE *vtmp;
-                        while(sk_num(sktmp) > 0)
+                        while(sk_ASN1_VALUE_num(sktmp) > 0)
                                 {
-                                vtmp = (ASN1_VALUE *)sk_pop(sktmp);
+                                vtmp = sk_ASN1_VALUE_pop(sktmp);
                                 ASN1_item_ex_free(&vtmp,
                                                 ASN1_ITEM_ptr(tt->item));
                                 }
@@ -710,7 +713,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
                                 goto err;
                                 }
                         len -= p - q;
-                        if (!sk_push((STACK *)*val, (char *)skfield))
+                        if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val,
+                                                skfield))
                                 {
                                 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
                                                 ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libcrypto/asn1/tasn_enc.c b/src/lib/libcrypto/asn1/tasn_enc.c
index 2721f904a6..936ad1f767 100644
--- a/src/lib/libcrypto/asn1/tasn_enc.c
+++ b/src/lib/libcrypto/asn1/tasn_enc.c
@@ -158,7 +158,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
                 return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
 
                 case ASN1_ITYPE_CHOICE:
-                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
                                 return 0;
                 i = asn1_get_choice_selector(pval, it);
                 if ((i >= 0) && (i < it->tcount))
@@ -171,7 +171,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
                                                                 -1, aclass);
                         }
                 /* Fixme: error condition if selector out of range */
-                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
                                 return 0;
                 break;
 
@@ -216,7 +216,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
                         aclass = (aclass & ~ASN1_TFLG_TAG_CLASS)
                                         | V_ASN1_UNIVERSAL;
                         }
-                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
                                 return 0;
                 /* First work out sequence content length */
                 for (i = 0, tt = it->templates; i < it->tcount; tt++, i++)
@@ -250,7 +250,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
                         }
                 if (ndef == 2)
                         ASN1_put_eoc(out);
-                if (asn1_cb  && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
                                 return 0;
                 return seqlen;
 
@@ -569,7 +569,8 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
         ASN1_STRING *strtmp;
         ASN1_OBJECT *otmp;
         int utype;
-        unsigned char *cont, c;
+        const unsigned char *cont;
+        unsigned char c;
         int len;
         const ASN1_PRIMITIVE_FUNCS *pf;
         pf = it->funcs;
diff --git a/src/lib/libcrypto/asn1/tasn_fre.c b/src/lib/libcrypto/asn1/tasn_fre.c
index d7c017fa1d..77d3092d31 100644
--- a/src/lib/libcrypto/asn1/tasn_fre.c
+++ b/src/lib/libcrypto/asn1/tasn_fre.c
@@ -110,7 +110,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c
                 case ASN1_ITYPE_CHOICE:
                 if (asn1_cb)
                         {
-                        i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+                        i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
                         if (i == 2)
                                 return;
                         }
@@ -123,7 +123,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c
                         ASN1_template_free(pchval, tt);
                         }
                 if (asn1_cb)
-                        asn1_cb(ASN1_OP_FREE_POST, pval, it);
+                        asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
                 if (!combine)
                         {
                         OPENSSL_free(*pval);
@@ -149,7 +149,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c
                         return;
                 if (asn1_cb)
                         {
-                        i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+                        i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
                         if (i == 2)
                                 return;
                         }               
@@ -170,7 +170,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c
                         ASN1_template_free(pseqval, seqtt);
                         }
                 if (asn1_cb)
-                        asn1_cb(ASN1_OP_FREE_POST, pval, it);
+                        asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
                 if (!combine)
                         {
                         OPENSSL_free(*pval);
diff --git a/src/lib/libcrypto/asn1/tasn_new.c b/src/lib/libcrypto/asn1/tasn_new.c
index 5c6a2ebd4d..0d9e78cc7c 100644
--- a/src/lib/libcrypto/asn1/tasn_new.c
+++ b/src/lib/libcrypto/asn1/tasn_new.c
@@ -68,7 +68,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
                                                                 int combine);
 static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
 
 ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it)
         {
@@ -146,7 +146,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
                 case ASN1_ITYPE_CHOICE:
                 if (asn1_cb)
                         {
-                        i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
+                        i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL);
                         if (!i)
                                 goto auxerr;
                         if (i==2)
@@ -166,7 +166,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
                         memset(*pval, 0, it->size);
                         }
                 asn1_set_choice_selector(pval, -1, it);
-                if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
                                 goto auxerr;
                 break;
 
@@ -174,7 +174,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
                 case ASN1_ITYPE_SEQUENCE:
                 if (asn1_cb)
                         {
-                        i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
+                        i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL);
                         if (!i)
                                 goto auxerr;
                         if (i==2)
@@ -201,7 +201,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
                         if (!ASN1_template_new(pseqval, tt))
                                 goto memerr;
                         }
-                if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
                                 goto auxerr;
                 break;
         }
@@ -325,6 +325,7 @@ static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
 int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
         {
         ASN1_TYPE *typ;
+        ASN1_STRING *str;
         int utype;
 
         if (it && it->funcs)
@@ -345,10 +346,7 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
                 return 1;
 
                 case V_ASN1_BOOLEAN:
-                if (it)
-                        *(ASN1_BOOLEAN *)pval = it->size;
-                else
-                        *(ASN1_BOOLEAN *)pval = -1;
+                *(ASN1_BOOLEAN *)pval = it->size;
                 return 1;
 
                 case V_ASN1_NULL:
@@ -365,7 +363,10 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
                 break;
 
                 default:
-                *pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype);
+                str = ASN1_STRING_type_new(utype);
+                if (it->itype == ASN1_ITYPE_MSTRING && str)
+                        str->flags |= ASN1_STRING_FLAG_MSTRING;
+                *pval = (ASN1_VALUE *)str;
                 break;
                 }
         if (*pval)
@@ -373,7 +374,7 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
         return 0;
         }
 
-void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
         {
         int utype;
         if (it && it->funcs)
diff --git a/src/lib/libcrypto/asn1/tasn_prn.c b/src/lib/libcrypto/asn1/tasn_prn.c
index b9c96a6dbe..453698012d 100644
--- a/src/lib/libcrypto/asn1/tasn_prn.c
+++ b/src/lib/libcrypto/asn1/tasn_prn.c
@@ -3,7 +3,7 @@
  * project 2000.
  */
 /* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000,2005 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -58,141 +58,570 @@
 
 
 #include <stddef.h>
+#include "cryptlib.h"
 #include <openssl/asn1.h>
+#include <openssl/asn1t.h>
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 #include <openssl/err.h>
-#include <openssl/nasn.h>
+#include <openssl/x509v3.h>
+#include "asn1_locl.h"
 
-/* Print routines. Print out a whole structure from a template.
+/* Print routines.
  */
 
-static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name);
+/* ASN1_PCTX routines */
 
-int ASN1_item_print(BIO *out, void *fld, int indent, const ASN1_ITEM *it)
-{
-        return asn1_item_print_nm(out, fld, indent, it, it->sname);
-}
+ASN1_PCTX default_pctx = 
+        {
+        ASN1_PCTX_FLAGS_SHOW_ABSENT,    /* flags */
+        0,      /* nm_flags */
+        0,      /* cert_flags */
+        0,      /* oid_flags */
+        0       /* str_flags */
+        };
+        
 
-static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name)
-{
-        ASN1_STRING *str;
+ASN1_PCTX *ASN1_PCTX_new(void)
+        {
+        ASN1_PCTX *ret;
+        ret = OPENSSL_malloc(sizeof(ASN1_PCTX));
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_PCTX_NEW, ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+        ret->flags = 0;
+        ret->nm_flags = 0;
+        ret->cert_flags = 0;
+        ret->oid_flags = 0;
+        ret->str_flags = 0;
+        return ret;
+        }
+
+void ASN1_PCTX_free(ASN1_PCTX *p)
+        {
+        OPENSSL_free(p);
+        }
+
+unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p)
+        {
+        return p->flags;
+        }
+
+void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags)
+        {
+        p->flags = flags;
+        }
+
+unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p)
+        {
+        return p->nm_flags;
+        }
+
+void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags)
+        {
+        p->nm_flags = flags;
+        }
+
+unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p)
+        {
+        return p->cert_flags;
+        }
+
+void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags)
+        {
+        p->cert_flags = flags;
+        }
+
+unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p)
+        {
+        return p->oid_flags;
+        }
+
+void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags)
+        {
+        p->oid_flags = flags;
+        }
+
+unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p)
+        {
+        return p->str_flags;
+        }
+
+void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags)
+        {
+        p->str_flags = flags;
+        }
+
+/* Main print routines */
+
+static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                                const ASN1_ITEM *it,
+                                const char *fname, const char *sname,
+                                int nohdr, const ASN1_PCTX *pctx);
+
+int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                                const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx);
+
+static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
+                                const ASN1_ITEM *it, int indent,
+                                const char *fname, const char *sname,
+                                const ASN1_PCTX *pctx);
+
+static int asn1_print_fsname(BIO *out, int indent,
+                        const char *fname, const char *sname,
+                        const ASN1_PCTX *pctx);
+
+int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
+                                const ASN1_ITEM *it, const ASN1_PCTX *pctx)
+        {
+        const char *sname;
+        if (pctx == NULL)
+                pctx = &default_pctx;
+        if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME)
+                sname = NULL;
+        else
+                sname = it->sname;
+        return asn1_item_print_ctx(out, &ifld, indent, it,
+                                                        NULL, sname, 0, pctx);
+        }
+
+static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                                const ASN1_ITEM *it,
+                                const char *fname, const char *sname,
+                                int nohdr, const ASN1_PCTX *pctx)
+        {
         const ASN1_TEMPLATE *tt;
-        void *tmpfld;
+        const ASN1_EXTERN_FUNCS *ef;
+        ASN1_VALUE **tmpfld;
+        const ASN1_AUX *aux = it->funcs;
+        ASN1_aux_cb *asn1_cb;
+        ASN1_PRINT_ARG parg;
         int i;
-        if(!fld) {
-                BIO_printf(out, "%*s%s ABSENT\n", indent, "", name);
+        if (aux && aux->asn1_cb)
+                {
+                parg.out = out;
+                parg.indent = indent;
+                parg.pctx = pctx;
+                asn1_cb = aux->asn1_cb;
+                }
+        else asn1_cb = 0;
+
+        if(*fld == NULL)
+                {
+                if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_ABSENT)
+                        {
+                        if (!nohdr && !asn1_print_fsname(out, indent,
+                                                        fname, sname, pctx))
+                                return 0;
+                        if (BIO_puts(out, "<ABSENT>\n") <= 0)
+                                return 0;
+                        }
                 return 1;
-        }
-        switch(it->itype) {
+                }
 
+        switch(it->itype)
+                {
                 case ASN1_ITYPE_PRIMITIVE:
                 if(it->templates)
-                        return ASN1_template_print(out, fld, indent, it->templates);
-                return asn1_primitive_print(out, fld, it->utype, indent, name);
-                break;
-
+                        {
+                        if (!asn1_template_print_ctx(out, fld, indent,
+                                                        it->templates, pctx))
+                                return 0;
+                        }
+                /* fall thru */
                 case ASN1_ITYPE_MSTRING:
-                str = fld;
-                return asn1_primitive_print(out, fld, str->type, indent, name);
+                if (!asn1_primitive_print(out, fld, it,
+                                indent, fname, sname,pctx))
+                        return 0;
+                break;
 
                 case ASN1_ITYPE_EXTERN:
-                BIO_printf(out, "%*s%s:EXTERNAL TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");
-                return 1;
-                case ASN1_ITYPE_COMPAT:
-                BIO_printf(out, "%*s%s:COMPATIBLE TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");
-                return 1;
-
+                if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
+                        return 0;
+                /* Use new style print routine if possible */
+                ef = it->funcs;
+                if (ef && ef->asn1_ex_print)
+                        {
+                        i = ef->asn1_ex_print(out, fld, indent, "", pctx);
+                        if (!i)
+                                return 0;
+                        if ((i == 2) && (BIO_puts(out, "\n") <= 0))
+                                return 0;
+                        return 1;
+                        }
+                else if (sname && 
+                        BIO_printf(out, ":EXTERNAL TYPE %s\n", sname) <= 0)
+                        return 0;
+                break;
 
                 case ASN1_ITYPE_CHOICE:
+#if 0
+                if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
+                        return 0;
+#endif
                 /* CHOICE type, get selector */
                 i = asn1_get_choice_selector(fld, it);
                 /* This should never happen... */
-                if((i < 0) || (i >= it->tcount)) {
-                        BIO_printf(out, "%s selector [%d] out of range\n", it->sname, i);
+                if((i < 0) || (i >= it->tcount))
+                        {
+                        if (BIO_printf(out,
+                                "ERROR: selector [%d] invalid\n", i) <= 0)
+                                return 0;
                         return 1;
-                }
+                        }
                 tt = it->templates + i;
-                tmpfld = asn1_get_field(fld, tt);
-                return ASN1_template_print(out, tmpfld, indent, tt);
+                tmpfld = asn1_get_field_ptr(fld, tt);
+                if (!asn1_template_print_ctx(out, tmpfld, indent, tt, pctx))
+                        return 0;
+                break;
 
                 case ASN1_ITYPE_SEQUENCE:
-                BIO_printf(out, "%*s%s {\n", indent, "", name);
-                /* Get each field entry */
-                for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
-                        tmpfld = asn1_get_field(fld, tt);
-                        ASN1_template_print(out, tmpfld, indent + 2, tt);
-                }
-                BIO_printf(out, "%*s}\n", indent, "");
-                return 1;
+                case ASN1_ITYPE_NDEF_SEQUENCE:
+                if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
+                        return 0;
+                if (fname || sname)
+                        {
+                        if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE)
+                                {
+                                if (BIO_puts(out, " {\n") <= 0)
+                                        return 0;
+                                }
+                        else
+                                {
+                                if (BIO_puts(out, "\n") <= 0)
+                                        return 0;
+                                }
+                        }
+
+                if (asn1_cb)
+                        {
+                        i = asn1_cb(ASN1_OP_PRINT_PRE, fld, it, &parg);
+                        if (i == 0)
+                                return 0;
+                        if (i == 2)
+                                return 1;
+                        }
+
+                /* Print each field entry */
+                for(i = 0, tt = it->templates; i < it->tcount; i++, tt++)
+                        {
+                        const ASN1_TEMPLATE *seqtt;
+                        seqtt = asn1_do_adb(fld, tt, 1);
+                        tmpfld = asn1_get_field_ptr(fld, seqtt);
+                        if (!asn1_template_print_ctx(out, tmpfld,
+                                                indent + 2, seqtt, pctx))
+                                return 0;
+                        }
+                if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE)
+                        {
+                        if (BIO_printf(out, "%*s}\n", indent, "") < 0)
+                                return 0;
+                        }
+
+                if (asn1_cb)
+                        {
+                        i = asn1_cb(ASN1_OP_PRINT_POST, fld, it, &parg);
+                        if (i == 0)
+                                return 0;
+                        }
+                break;
 
                 default:
+                BIO_printf(out, "Unprocessed type %d\n", it->itype);
                 return 0;
+                }
+
+        return 1;
         }
-}
 
-int ASN1_template_print(BIO *out, void *fld, int indent, const ASN1_TEMPLATE *tt)
-{
+int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                                const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx)
+        {
         int i, flags;
-#if 0
-        if(!fld) return 0; 
-#endif
+        const char *sname, *fname;
         flags = tt->flags;
-        if(flags & ASN1_TFLG_SK_MASK) {
+        if(pctx->flags & ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME)
+                sname = ASN1_ITEM_ptr(tt->item)->sname;
+        else
+                sname = NULL;
+        if(pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME)
+                fname = NULL;
+        else
+                fname = tt->field_name;
+        if(flags & ASN1_TFLG_SK_MASK)
+                {
                 char *tname;
-                void *skitem;
+                ASN1_VALUE *skitem;
+                STACK_OF(ASN1_VALUE) *stack;
+
                 /* SET OF, SEQUENCE OF */
-                if(flags & ASN1_TFLG_SET_OF) tname = "SET";
-                else tname = "SEQUENCE";
-                if(fld) {
-                        BIO_printf(out, "%*s%s OF %s {\n", indent, "", tname, tt->field_name);
-                        for(i = 0; i < sk_num(fld); i++) {
-                                skitem = sk_value(fld, i);
-                                asn1_item_print_nm(out, skitem, indent + 2, tt->item, "");
+                if (fname)
+                        {
+                        if(pctx->flags & ASN1_PCTX_FLAGS_SHOW_SSOF)
+                                {
+                                if(flags & ASN1_TFLG_SET_OF)
+                                        tname = "SET";
+                                else
+                                        tname = "SEQUENCE";
+                                if (BIO_printf(out, "%*s%s OF %s {\n",
+                                        indent, "", tname, tt->field_name) <= 0)
+                                        return 0;
+                                }
+                        else if (BIO_printf(out, "%*s%s:\n", indent, "",
+                                        fname) <= 0)
+                                return 0;
+                        }
+                stack = (STACK_OF(ASN1_VALUE) *)*fld;
+                for(i = 0; i < sk_ASN1_VALUE_num(stack); i++)
+                        {
+                        if ((i > 0) && (BIO_puts(out, "\n") <= 0))
+                                return 0;
+
+                        skitem = sk_ASN1_VALUE_value(stack, i);
+                        if (!asn1_item_print_ctx(out, &skitem, indent + 2,
+                                ASN1_ITEM_ptr(tt->item), NULL, NULL, 1, pctx))
+                                return 0;
+                        }
+                if (!i && BIO_printf(out, "%*s<EMPTY>\n", indent + 2, "") <= 0)
+                                return 0;
+                if(pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE)
+                        {
+                        if (BIO_printf(out, "%*s}\n", indent, "") <= 0)
+                                return 0;
                         }
-                        BIO_printf(out, "%*s}\n", indent, "");
-                } else 
-                        BIO_printf(out, "%*s%s OF %s ABSENT\n", indent, "", tname, tt->field_name);
                 return 1;
+                }
+        return asn1_item_print_ctx(out, fld, indent, ASN1_ITEM_ptr(tt->item),
+                                                        fname, sname, 0, pctx);
         }
-        return asn1_item_print_nm(out, fld, indent, tt->item, tt->field_name);
-}
-
-static int asn1_primitive_print(BIO *out, void *fld, long utype, int indent, const char *name)
-{
-        ASN1_STRING *str = fld;
-        if(fld) {
-                if(utype == V_ASN1_BOOLEAN) {
-                        int *bool = fld;
-if(*bool == -1) printf("BOOL MISSING\n");
-                        BIO_printf(out, "%*s%s:%s", indent, "", "BOOLEAN", *bool ? "TRUE" : "FALSE");
-                } else if((utype == V_ASN1_INTEGER) 
-                          || (utype == V_ASN1_ENUMERATED)) {
-                        char *s, *nm;
-                        s = i2s_ASN1_INTEGER(NULL, fld);
-                        if(utype == V_ASN1_INTEGER) nm = "INTEGER";
-                        else nm = "ENUMERATED";
-                        BIO_printf(out, "%*s%s:%s", indent, "", nm, s);
-                        OPENSSL_free(s);
-                } else if(utype == V_ASN1_NULL) {
-                        BIO_printf(out, "%*s%s", indent, "", "NULL");
-                } else if(utype == V_ASN1_UTCTIME) {
-                        BIO_printf(out, "%*s%s:%s:", indent, "", name, "UTCTIME");
-                        ASN1_UTCTIME_print(out, str);
-                } else if(utype == V_ASN1_GENERALIZEDTIME) {
-                        BIO_printf(out, "%*s%s:%s:", indent, "", name, "GENERALIZEDTIME");
-                        ASN1_GENERALIZEDTIME_print(out, str);
-                } else if(utype == V_ASN1_OBJECT) {
-                        char objbuf[80], *ln;
-                        ln = OBJ_nid2ln(OBJ_obj2nid(fld));
-                        if(!ln) ln = "";
-                        OBJ_obj2txt(objbuf, sizeof objbuf, fld, 1);
-                        BIO_printf(out, "%*s%s:%s (%s)", indent, "", "OBJECT", ln, objbuf);
-                } else {
-                        BIO_printf(out, "%*s%s:", indent, "", name);
-                        ASN1_STRING_print_ex(out, str, ASN1_STRFLGS_DUMP_UNKNOWN|ASN1_STRFLGS_SHOW_TYPE);
+
+static int asn1_print_fsname(BIO *out, int indent,
+                        const char *fname, const char *sname,
+                        const ASN1_PCTX *pctx)
+        {
+        static char spaces[] = "                    ";
+        const int nspaces = sizeof(spaces) - 1;
+
+#if 0
+        if (!sname && !fname)
+                return 1;
+#endif
+
+        while (indent > nspaces)
+                {
+                if (BIO_write(out, spaces, nspaces) != nspaces)
+                        return 0;
+                indent -= nspaces;
+                }
+        if (BIO_write(out, spaces, indent) != indent)
+                return 0;
+        if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME)
+                sname = NULL;
+        if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME)
+                fname = NULL;
+        if (!sname && !fname)
+                return 1;
+        if (fname)
+                {
+                if (BIO_puts(out, fname) <= 0)
+                        return 0;
                 }
-                BIO_printf(out, "\n");
-        } else BIO_printf(out, "%*s%s [ABSENT]\n", indent, "", name);
+        if (sname)
+                {
+                if (fname)
+                        {
+                        if (BIO_printf(out, " (%s)", sname) <= 0)
+                                return 0;
+                        }
+                else
+                        {
+                        if (BIO_puts(out, sname) <= 0)
+                                return 0;
+                        }
+                }
+        if (BIO_write(out, ": ", 2) != 2)
+                return 0;
         return 1;
-}
+        }
+
+static int asn1_print_boolean_ctx(BIO *out, const int bool,
+                                                        const ASN1_PCTX *pctx)
+        {
+        const char *str;
+        switch (bool)
+                {
+                case -1:
+                str = "BOOL ABSENT";
+                break;
+
+                case 0:
+                str = "FALSE";
+                break;
+
+                default:
+                str = "TRUE";
+                break;
+
+                }
+
+        if (BIO_puts(out, str) <= 0)
+                return 0;
+        return 1;
+
+        }
+
+static int asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str,
+                                                const ASN1_PCTX *pctx)
+        {
+        char *s;
+        int ret = 1;
+        s = i2s_ASN1_INTEGER(NULL, str);
+        if (BIO_puts(out, s) <= 0)
+                ret = 0;
+        OPENSSL_free(s);
+        return ret;
+        }
+
+static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid,
+                                                const ASN1_PCTX *pctx)
+        {
+        char objbuf[80];
+        const char *ln;
+        ln = OBJ_nid2ln(OBJ_obj2nid(oid));
+        if(!ln)
+                ln = "";
+        OBJ_obj2txt(objbuf, sizeof objbuf, oid, 1);
+        if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0)
+                return 0;
+        return 1;
+        }
+
+static int asn1_print_obstring_ctx(BIO *out, ASN1_STRING *str, int indent,
+                                                const ASN1_PCTX *pctx)
+        {
+        if (str->type == V_ASN1_BIT_STRING)
+                {
+                if (BIO_printf(out, " (%ld unused bits)\n",
+                                        str->flags & 0x7) <= 0)
+                                return 0;
+                }
+        else if (BIO_puts(out, "\n") <= 0)
+                return 0;
+        if ((str->length > 0)
+                && BIO_dump_indent(out, (char *)str->data, str->length,
+                                indent + 2) <= 0)
+                return 0;
+        return 1;
+        }
+
+static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
+                                const ASN1_ITEM *it, int indent,
+                                const char *fname, const char *sname,
+                                const ASN1_PCTX *pctx)
+        {
+        long utype;
+        ASN1_STRING *str;
+        int ret = 1, needlf = 1;
+        const char *pname;
+        const ASN1_PRIMITIVE_FUNCS *pf;
+        pf = it->funcs;
+        if (!asn1_print_fsname(out, indent, fname, sname, pctx))
+                        return 0;
+        if (pf && pf->prim_print)
+                return pf->prim_print(out, fld, it, indent, pctx);
+        str = (ASN1_STRING *)*fld;
+        if (it->itype == ASN1_ITYPE_MSTRING)
+                utype = str->type & ~V_ASN1_NEG;
+        else
+                utype = it->utype;
+        if (utype == V_ASN1_ANY)
+                {
+                ASN1_TYPE *atype = (ASN1_TYPE *)*fld;
+                utype = atype->type;
+                fld = &atype->value.asn1_value;
+                str = (ASN1_STRING *)*fld;
+                if (pctx->flags & ASN1_PCTX_FLAGS_NO_ANY_TYPE)
+                        pname = NULL;
+                else 
+                        pname = ASN1_tag2str(utype);
+                }
+        else
+                {
+                if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_TYPE)
+                        pname = ASN1_tag2str(utype);
+                else 
+                        pname = NULL;
+                }
+
+        if (utype == V_ASN1_NULL)
+                {
+                if (BIO_puts(out, "NULL\n") <= 0)
+                        return 0;
+                return 1;
+                }
+
+        if (pname)
+                {
+                if (BIO_puts(out, pname) <= 0)
+                        return 0;
+                if (BIO_puts(out, ":") <= 0)
+                        return 0;
+                }
+
+        switch (utype)
+                {
+                case V_ASN1_BOOLEAN:
+                        {
+                        int bool = *(int *)fld;
+                        if (bool == -1)
+                                bool = it->size;
+                        ret = asn1_print_boolean_ctx(out, bool, pctx);
+                        }
+                break;
+
+                case V_ASN1_INTEGER:
+                case V_ASN1_ENUMERATED:
+                ret = asn1_print_integer_ctx(out, str, pctx);
+                break;
+
+                case V_ASN1_UTCTIME:
+                ret = ASN1_UTCTIME_print(out, str);
+                break;
+
+                case V_ASN1_GENERALIZEDTIME:
+                ret = ASN1_GENERALIZEDTIME_print(out, str);
+                break;
+
+                case V_ASN1_OBJECT:
+                ret = asn1_print_oid_ctx(out, (const ASN1_OBJECT *)*fld, pctx);
+                break;
+
+                case V_ASN1_OCTET_STRING:
+                case V_ASN1_BIT_STRING:
+                ret = asn1_print_obstring_ctx(out, str, indent, pctx);
+                needlf = 0;
+                break;
+
+                case V_ASN1_SEQUENCE:
+                case V_ASN1_SET:
+                case V_ASN1_OTHER:
+                if (BIO_puts(out, "\n") <= 0)
+                        return 0;
+                if (ASN1_parse_dump(out, str->data, str->length,
+                                                indent, 0) <= 0)
+                        ret = 0;
+                needlf = 0;
+                break;
+
+                default:
+                ret = ASN1_STRING_print_ex(out, str, pctx->str_flags);
+
+                }
+        if (!ret)
+                return 0;
+        if (needlf && BIO_puts(out, "\n") <= 0)
+                return 0;
+        return 1;
+        }
diff --git a/src/lib/libcrypto/asn1/tasn_typ.c b/src/lib/libcrypto/asn1/tasn_typ.c
index 6252213d15..6fb1c372da 100644
--- a/src/lib/libcrypto/asn1/tasn_typ.c
+++ b/src/lib/libcrypto/asn1/tasn_typ.c
@@ -135,3 +135,14 @@ IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0)
 /* Special, OCTET STRING with indefinite length constructed support */
 
 IMPLEMENT_ASN1_TYPE_ex(ASN1_OCTET_STRING_NDEF, ASN1_OCTET_STRING, ASN1_TFLG_NDEF)
+
+ASN1_ITEM_TEMPLATE(ASN1_SEQUENCE_ANY) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, ASN1_SEQUENCE_ANY, ASN1_ANY)
+ASN1_ITEM_TEMPLATE_END(ASN1_SEQUENCE_ANY)
+
+ASN1_ITEM_TEMPLATE(ASN1_SET_ANY) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, ASN1_SET_ANY, ASN1_ANY)
+ASN1_ITEM_TEMPLATE_END(ASN1_SET_ANY)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ASN1_SEQUENCE_ANY, ASN1_SET_ANY, ASN1_SET_ANY)
diff --git a/src/lib/libcrypto/asn1/x_cinf.c b/src/lib/libcrypto/asn1/x_cinf.c
deleted file mode 100644
index 339a110eef..0000000000
--- a/src/lib/libcrypto/asn1/x_cinf.c
+++ /dev/null
@@ -1,201 +0,0 @@
-/* crypto/asn1/x_cinf.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1_mac.h>
-#include <openssl/x509.h>
-
-int i2d_X509_CINF(X509_CINF *a, unsigned char **pp)
-        {
-        int v1=0,v2=0;
-        M_ASN1_I2D_vars(a);
-
-        M_ASN1_I2D_len_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1);
-        M_ASN1_I2D_len(a->serialNumber,         i2d_ASN1_INTEGER);
-        M_ASN1_I2D_len(a->signature,            i2d_X509_ALGOR);
-        M_ASN1_I2D_len(a->issuer,               i2d_X509_NAME);
-        M_ASN1_I2D_len(a->validity,             i2d_X509_VAL);
-        M_ASN1_I2D_len(a->subject,              i2d_X509_NAME);
-        M_ASN1_I2D_len(a->key,                  i2d_X509_PUBKEY);
-        M_ASN1_I2D_len_IMP_opt(a->issuerUID,    i2d_ASN1_BIT_STRING);
-        M_ASN1_I2D_len_IMP_opt(a->subjectUID,   i2d_ASN1_BIT_STRING);
-        M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
-                                             i2d_X509_EXTENSION,3,
-                                             V_ASN1_SEQUENCE,v2);
-
-        M_ASN1_I2D_seq_total();
-
-        M_ASN1_I2D_put_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1);
-        M_ASN1_I2D_put(a->serialNumber,         i2d_ASN1_INTEGER);
-        M_ASN1_I2D_put(a->signature,            i2d_X509_ALGOR);
-        M_ASN1_I2D_put(a->issuer,               i2d_X509_NAME);
-        M_ASN1_I2D_put(a->validity,             i2d_X509_VAL);
-        M_ASN1_I2D_put(a->subject,              i2d_X509_NAME);
-        M_ASN1_I2D_put(a->key,                  i2d_X509_PUBKEY);
-        M_ASN1_I2D_put_IMP_opt(a->issuerUID,    i2d_ASN1_BIT_STRING,1);
-        M_ASN1_I2D_put_IMP_opt(a->subjectUID,   i2d_ASN1_BIT_STRING,2);
-        M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
-                                             i2d_X509_EXTENSION,3,
-                                             V_ASN1_SEQUENCE,v2);
-
-        M_ASN1_I2D_finish();
-        }
-
-X509_CINF *d2i_X509_CINF(X509_CINF **a, unsigned char **pp, long length)
-        {
-        int ver=0;
-        M_ASN1_D2I_vars(a,X509_CINF *,X509_CINF_new);
-
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        /* we have the optional version field */
-        if (M_ASN1_next == (V_ASN1_CONTEXT_SPECIFIC | V_ASN1_CONSTRUCTED | 0))
-                {
-                M_ASN1_D2I_get_EXP_opt(ret->version,d2i_ASN1_INTEGER,0);
-                if (ret->version->data != NULL)
-                        ver=ret->version->data[0];
-                }
-        else
-                {
-                if (ret->version != NULL)
-                        {
-                        M_ASN1_INTEGER_free(ret->version);
-                        ret->version=NULL;
-                        }
-                }
-        M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER);
-        M_ASN1_D2I_get(ret->signature,d2i_X509_ALGOR);
-        M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
-        M_ASN1_D2I_get(ret->validity,d2i_X509_VAL);
-        M_ASN1_D2I_get(ret->subject,d2i_X509_NAME);
-        M_ASN1_D2I_get(ret->key,d2i_X509_PUBKEY);
-        if (ver >= 1) /* version 2 extensions */
-                {
-                if (ret->issuerUID != NULL)
-                        {
-                        M_ASN1_BIT_STRING_free(ret->issuerUID);
-                        ret->issuerUID=NULL;
-                        }
-                if (ret->subjectUID != NULL)
-                        {
-                        M_ASN1_BIT_STRING_free(ret->subjectUID);
-                        ret->subjectUID=NULL;
-                        }
-                M_ASN1_D2I_get_IMP_opt(ret->issuerUID,d2i_ASN1_BIT_STRING,  1,
-                        V_ASN1_BIT_STRING);
-                M_ASN1_D2I_get_IMP_opt(ret->subjectUID,d2i_ASN1_BIT_STRING, 2,
-                        V_ASN1_BIT_STRING);
-                }
-/* Note: some broken certificates include extensions but don't set
- * the version number properly. By bypassing this check they can
- * be parsed.
- */
-
-#ifdef VERSION_EXT_CHECK
-        if (ver >= 2) /* version 3 extensions */
-#endif
-                {
-                if (ret->extensions != NULL)
-                        while (sk_X509_EXTENSION_num(ret->extensions))
-                                X509_EXTENSION_free(
-                                      sk_X509_EXTENSION_pop(ret->extensions));
-                M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,ret->extensions,
-                                                d2i_X509_EXTENSION,
-                                                X509_EXTENSION_free,3,
-                                                V_ASN1_SEQUENCE);
-                }
-        M_ASN1_D2I_Finish(a,X509_CINF_free,ASN1_F_D2I_X509_CINF);
-        }
-
-X509_CINF *X509_CINF_new(void)
-        {
-        X509_CINF *ret=NULL;
-        ASN1_CTX c;
-
-        M_ASN1_New_Malloc(ret,X509_CINF);
-        ret->version=NULL;
-        M_ASN1_New(ret->serialNumber,M_ASN1_INTEGER_new);
-        M_ASN1_New(ret->signature,X509_ALGOR_new);
-        M_ASN1_New(ret->issuer,X509_NAME_new);
-        M_ASN1_New(ret->validity,X509_VAL_new);
-        M_ASN1_New(ret->subject,X509_NAME_new);
-        M_ASN1_New(ret->key,X509_PUBKEY_new);
-        ret->issuerUID=NULL;
-        ret->subjectUID=NULL;
-        ret->extensions=NULL;
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_X509_CINF_NEW);
-        }
-
-void X509_CINF_free(X509_CINF *a)
-        {
-        if (a == NULL) return;
-        M_ASN1_INTEGER_free(a->version);
-        M_ASN1_INTEGER_free(a->serialNumber);
-        X509_ALGOR_free(a->signature);
-        X509_NAME_free(a->issuer);
-        X509_VAL_free(a->validity);
-        X509_NAME_free(a->subject);
-        X509_PUBKEY_free(a->key);
-        M_ASN1_BIT_STRING_free(a->issuerUID);
-        M_ASN1_BIT_STRING_free(a->subjectUID);
-        sk_X509_EXTENSION_pop_free(a->extensions,X509_EXTENSION_free);
-        OPENSSL_free(a);
-        }
-
diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c
index 70d56a67f2..c51c690ba9 100644
--- a/src/lib/libcrypto/asn1/x_crl.c
+++ b/src/lib/libcrypto/asn1/x_crl.c
@@ -58,11 +58,14 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
+#include "asn1_locl.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
+#include <openssl/x509v3.h>
 
 static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
                                 const X509_REVOKED * const *b);
+static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
 
 ASN1_SEQUENCE(X509_REVOKED) = {
         ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
@@ -70,11 +73,26 @@ ASN1_SEQUENCE(X509_REVOKED) = {
         ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
 } ASN1_SEQUENCE_END(X509_REVOKED)
 
+static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r);
+static int def_crl_lookup(X509_CRL *crl,
+                X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer);
+
+static X509_CRL_METHOD int_crl_meth =
+        {
+        0,
+        0,0,
+        def_crl_lookup,
+        def_crl_verify
+        };
+
+static const X509_CRL_METHOD *default_crl_method = &int_crl_meth;
+
 /* The X509_CRL_INFO structure needs a bit of customisation.
  * Since we cache the original encoding the signature wont be affected by
  * reordering of the revoked field.
  */
-static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                                void *exarg)
 {
         X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
 
@@ -101,7 +119,237 @@ ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
         ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
 } ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO)
 
-ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = {
+/* Set CRL entry issuer according to CRL certificate issuer extension.
+ * Check for unhandled critical CRL entry extensions.
+ */
+
+static int crl_set_issuers(X509_CRL *crl)
+        {
+
+        int i, j;
+        GENERAL_NAMES *gens, *gtmp;
+        STACK_OF(X509_REVOKED) *revoked;
+
+        revoked = X509_CRL_get_REVOKED(crl);
+
+        gens = NULL;
+        for (i = 0; i < sk_X509_REVOKED_num(revoked); i++)
+                {
+                X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i);
+                STACK_OF(X509_EXTENSION) *exts;
+                ASN1_ENUMERATED *reason;
+                X509_EXTENSION *ext;
+                gtmp = X509_REVOKED_get_ext_d2i(rev, 
+                                                NID_certificate_issuer,
+                                                &j, NULL);
+                if (!gtmp && (j != -1))
+                        {
+                        crl->flags |= EXFLAG_INVALID;
+                        return 1;
+                        }
+
+                if (gtmp)
+                        {
+                        gens = gtmp;
+                        if (!crl->issuers)
+                                {
+                                crl->issuers = sk_GENERAL_NAMES_new_null();
+                                if (!crl->issuers)
+                                        return 0;
+                                }
+                        if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp))
+                                return 0;
+                        }
+                rev->issuer = gens;
+
+                reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason,
+                                                                &j, NULL);
+                if (!reason && (j != -1))
+                        {
+                        crl->flags |= EXFLAG_INVALID;
+                        return 1;
+                        }
+
+                if (reason)
+                        {
+                        rev->reason = ASN1_ENUMERATED_get(reason);
+                        ASN1_ENUMERATED_free(reason);
+                        }
+                else
+                        rev->reason = CRL_REASON_NONE;  
+
+                /* Check for critical CRL entry extensions */
+
+                exts = rev->extensions;
+
+                for (j = 0; j < sk_X509_EXTENSION_num(exts); j++)
+                        {
+                        ext = sk_X509_EXTENSION_value(exts, j);
+                        if (ext->critical > 0)
+                                {
+                                if (OBJ_obj2nid(ext->object) ==
+                                        NID_certificate_issuer)
+                                        continue;
+                                crl->flags |= EXFLAG_CRITICAL;
+                                break;
+                                }
+                        }
+
+
+                }
+
+        return 1;
+
+        }
+
+/* The X509_CRL structure needs a bit of customisation. Cache some extensions
+ * and hash of the whole CRL.
+ */
+static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                                void *exarg)
+        {
+        X509_CRL *crl = (X509_CRL *)*pval;
+        STACK_OF(X509_EXTENSION) *exts;
+        X509_EXTENSION *ext;
+        int idx;
+
+        switch(operation)
+                {
+                case ASN1_OP_NEW_POST:
+                crl->idp = NULL;
+                crl->akid = NULL;
+                crl->flags = 0;
+                crl->idp_flags = 0;
+                crl->idp_reasons = CRLDP_ALL_REASONS;
+                crl->meth = default_crl_method;
+                crl->meth_data = NULL;
+                crl->issuers = NULL;
+                crl->crl_number = NULL;
+                crl->base_crl_number = NULL;
+                break;
+
+                case ASN1_OP_D2I_POST:
+#ifndef OPENSSL_NO_SHA
+                X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL);
+#endif
+                crl->idp = X509_CRL_get_ext_d2i(crl,
+                                NID_issuing_distribution_point, NULL, NULL);
+                if (crl->idp)
+                        setup_idp(crl, crl->idp);
+
+                crl->akid = X509_CRL_get_ext_d2i(crl,
+                                NID_authority_key_identifier, NULL, NULL);      
+
+                crl->crl_number = X509_CRL_get_ext_d2i(crl,
+                                NID_crl_number, NULL, NULL);    
+
+                crl->base_crl_number = X509_CRL_get_ext_d2i(crl,
+                                NID_delta_crl, NULL, NULL);     
+                /* Delta CRLs must have CRL number */
+                if (crl->base_crl_number && !crl->crl_number)
+                        crl->flags |= EXFLAG_INVALID;
+
+                /* See if we have any unhandled critical CRL extensions and 
+                 * indicate this in a flag. We only currently handle IDP so
+                 * anything else critical sets the flag.
+                 *
+                 * This code accesses the X509_CRL structure directly:
+                 * applications shouldn't do this.
+                 */
+
+                exts = crl->crl->extensions;
+
+                for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)
+                        {
+                        int nid;
+                        ext = sk_X509_EXTENSION_value(exts, idx);
+                        nid = OBJ_obj2nid(ext->object);
+                        if (nid == NID_freshest_crl)
+                                crl->flags |= EXFLAG_FRESHEST;
+                        if (ext->critical > 0)
+                                {
+                                /* We handle IDP and deltas */
+                                if ((nid == NID_issuing_distribution_point)
+                                        || (nid == NID_delta_crl))
+                                        break;;
+                                crl->flags |= EXFLAG_CRITICAL;
+                                break;
+                                }
+                        }
+
+
+                if (!crl_set_issuers(crl))
+                        return 0;
+
+                if (crl->meth->crl_init)
+                        {
+                        if (crl->meth->crl_init(crl) == 0)
+                                return 0;
+                        }
+                break;
+
+                case ASN1_OP_FREE_POST:
+                if (crl->meth->crl_free)
+                        {
+                        if (!crl->meth->crl_free(crl))
+                                return 0;
+                        }
+                if (crl->akid)
+                        AUTHORITY_KEYID_free(crl->akid);
+                if (crl->idp)
+                        ISSUING_DIST_POINT_free(crl->idp);
+                ASN1_INTEGER_free(crl->crl_number);
+                ASN1_INTEGER_free(crl->base_crl_number);
+                sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free);
+                break;
+                }
+        return 1;
+        }
+
+/* Convert IDP into a more convenient form */
+
+static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
+        {
+        int idp_only = 0;
+        /* Set various flags according to IDP */
+        crl->idp_flags |= IDP_PRESENT;
+        if (idp->onlyuser > 0)
+                {
+                idp_only++;
+                crl->idp_flags |= IDP_ONLYUSER;
+                }
+        if (idp->onlyCA > 0)
+                {
+                idp_only++;
+                crl->idp_flags |= IDP_ONLYCA;
+                }
+        if (idp->onlyattr > 0)
+                {
+                idp_only++;
+                crl->idp_flags |= IDP_ONLYATTR;
+                }
+
+        if (idp_only > 1)
+                crl->idp_flags |= IDP_INVALID;
+
+        if (idp->indirectCRL > 0)
+                crl->idp_flags |= IDP_INDIRECT;
+
+        if (idp->onlysomereasons)
+                {
+                crl->idp_flags |= IDP_REASONS;
+                if (idp->onlysomereasons->length > 0)
+                        crl->idp_reasons = idp->onlysomereasons->data[0];
+                if (idp->onlysomereasons->length > 1)
+                        crl->idp_reasons |=
+                                (idp->onlysomereasons->data[1] << 8);
+                crl->idp_reasons &= CRLDP_ALL_REASONS;
+                }
+
+        DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl));
+        }
+
+ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = {
         ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
         ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
         ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
@@ -134,6 +382,145 @@ int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
         return 1;
 }
 
+int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r)
+        {
+        if (crl->meth->crl_verify)
+                return crl->meth->crl_verify(crl, r);
+        return 0;
+        }
+
+int X509_CRL_get0_by_serial(X509_CRL *crl,
+                X509_REVOKED **ret, ASN1_INTEGER *serial)
+        {
+        if (crl->meth->crl_lookup)
+                return crl->meth->crl_lookup(crl, ret, serial, NULL);
+        return 0;
+        }
+
+int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
+        {
+        if (crl->meth->crl_lookup)
+                return crl->meth->crl_lookup(crl, ret,
+                                                X509_get_serialNumber(x),
+                                                X509_get_issuer_name(x));
+        return 0;
+        }
+
+static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
+        {
+        return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
+                crl->sig_alg, crl->signature,crl->crl,r));
+        }
+
+static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm,
+                                                X509_REVOKED *rev)
+        {
+        int i;
+
+        if (!rev->issuer)
+                {
+                if (!nm)
+                        return 1;
+                if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
+                        return 1;
+                return 0;
+                }
+
+        if (!nm)
+                nm = X509_CRL_get_issuer(crl);
+
+        for (i = 0; i < sk_GENERAL_NAME_num(rev->issuer); i++)
+                {
+                GENERAL_NAME *gen = sk_GENERAL_NAME_value(rev->issuer, i);
+                if (gen->type != GEN_DIRNAME)
+                        continue;
+                if (!X509_NAME_cmp(nm, gen->d.directoryName))
+                        return 1;
+                }
+        return 0;
+
+        }
+
+static int def_crl_lookup(X509_CRL *crl,
+                X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer)
+        {
+        X509_REVOKED rtmp, *rev;
+        int idx;
+        rtmp.serialNumber = serial;
+        /* Sort revoked into serial number order if not already sorted.
+         * Do this under a lock to avoid race condition.
+         */
+        if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked))
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);
+                sk_X509_REVOKED_sort(crl->crl->revoked);
+                CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
+                }
+        idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
+        if(idx < 0)
+                return 0;
+        /* Need to look for matching name */
+        for(;idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++)
+                {
+                rev = sk_X509_REVOKED_value(crl->crl->revoked, idx);
+                if (ASN1_INTEGER_cmp(rev->serialNumber, serial))
+                        return 0;
+                if (crl_revoked_issuer_match(crl, issuer, rev))
+                        {
+                        if (ret)
+                                *ret = rev;
+                        if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
+                                return 2;
+                        return 1;
+                        }
+                }
+        return 0;
+        }
+
+void X509_CRL_set_default_method(const X509_CRL_METHOD *meth)
+        {
+        if (meth == NULL)
+                default_crl_method = &int_crl_meth;
+        else 
+                default_crl_method = meth;
+        }
+
+X509_CRL_METHOD *X509_CRL_METHOD_new(
+        int (*crl_init)(X509_CRL *crl),
+        int (*crl_free)(X509_CRL *crl),
+        int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
+                                ASN1_INTEGER *ser, X509_NAME *issuer),
+        int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk))
+        {
+        X509_CRL_METHOD *m;
+        m = OPENSSL_malloc(sizeof(X509_CRL_METHOD));
+        if (!m)
+                return NULL;
+        m->crl_init = crl_init;
+        m->crl_free = crl_free;
+        m->crl_lookup = crl_lookup;
+        m->crl_verify = crl_verify;
+        m->flags = X509_CRL_METHOD_DYNAMIC;
+        return m;
+        }
+
+void X509_CRL_METHOD_free(X509_CRL_METHOD *m)
+        {
+        if (!(m->flags & X509_CRL_METHOD_DYNAMIC))
+                return;
+        OPENSSL_free(m);
+        }
+
+void X509_CRL_set_meth_data(X509_CRL *crl, void *dat)
+        {
+        crl->meth_data = dat;
+        }
+
+void *X509_CRL_get_meth_data(X509_CRL *crl)
+        {
+        return crl->meth_data;
+        }
+
 IMPLEMENT_STACK_OF(X509_REVOKED)
 IMPLEMENT_ASN1_SET_OF(X509_REVOKED)
 IMPLEMENT_STACK_OF(X509_CRL)
diff --git a/src/lib/libcrypto/asn1/x_long.c b/src/lib/libcrypto/asn1/x_long.c
index bf35457c1f..75317418e1 100644
--- a/src/lib/libcrypto/asn1/x_long.c
+++ b/src/lib/libcrypto/asn1/x_long.c
@@ -71,6 +71,7 @@ static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
 
 static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
 static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx);
 
 static ASN1_PRIMITIVE_FUNCS long_pf = {
         NULL, 0,
@@ -78,7 +79,8 @@ static ASN1_PRIMITIVE_FUNCS long_pf = {
         long_free,
         long_free,      /* Clear should set to initial value */
         long_c2i,
-        long_i2c
+        long_i2c,
+        long_print
 };
 
 ASN1_ITEM_start(LONG)
@@ -169,3 +171,9 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
         memcpy(cp, &ltmp, sizeof(long));
         return 1;
 }
+
+static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                        int indent, const ASN1_PCTX *pctx)
+        {
+        return BIO_printf(out, "%ld\n", *(long *)pval);
+        }
diff --git a/src/lib/libcrypto/asn1/x_name.c b/src/lib/libcrypto/asn1/x_name.c
index 04380abc3f..caa4409feb 100644
--- a/src/lib/libcrypto/asn1/x_name.c
+++ b/src/lib/libcrypto/asn1/x_name.c
@@ -57,18 +57,36 @@
  */
 
 #include <stdio.h>
+#include <ctype.h>
 #include "cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
+#include "asn1_locl.h"
 
-static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it,
-                                        int tag, int aclass, char opt, ASN1_TLC *ctx);
+typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
+DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
 
-static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+static int x509_name_ex_d2i(ASN1_VALUE **val,
+                                const unsigned char **in, long len,
+                                const ASN1_ITEM *it,
+                                int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
+                                const ASN1_ITEM *it, int tag, int aclass);
 static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
 static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
 
 static int x509_name_encode(X509_NAME *a);
+static int x509_name_canon(X509_NAME *a);
+static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in);
+static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname,
+                          unsigned char **in);
+
+
+static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
+                                                int indent,
+                                                const char *fname, 
+                                                const ASN1_PCTX *pctx);
 
 ASN1_SEQUENCE(X509_NAME_ENTRY) = {
         ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
@@ -102,7 +120,8 @@ const ASN1_EXTERN_FUNCS x509_name_ff = {
         x509_name_ex_free,
         0,      /* Default clear behaviour is OK */
         x509_name_ex_d2i,
-        x509_name_ex_i2d
+        x509_name_ex_i2d,
+        x509_name_ex_print
 };
 
 IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) 
@@ -118,6 +137,8 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
         if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL)
                 goto memerr;
         if((ret->bytes = BUF_MEM_new()) == NULL) goto memerr;
+        ret->canon_enc = NULL;
+        ret->canon_enclen = 0;
         ret->modified=1;
         *val = (ASN1_VALUE *)ret;
         return 1;
@@ -142,25 +163,19 @@ static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 
         BUF_MEM_free(a->bytes);
         sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
+        if (a->canon_enc)
+                OPENSSL_free(a->canon_enc);
         OPENSSL_free(a);
         *pval = NULL;
 }
 
-/* Used with sk_pop_free() to free up the internal representation.
- * NB: we only free the STACK and not its contents because it is
- * already present in the X509_NAME structure.
- */
-
-static void sk_internal_free(void *a)
-{
-        sk_free(a);
-}
-
-static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it,
-                                        int tag, int aclass, char opt, ASN1_TLC *ctx)
+static int x509_name_ex_d2i(ASN1_VALUE **val,
+                        const unsigned char **in, long len, const ASN1_ITEM *it,
+                                int tag, int aclass, char opt, ASN1_TLC *ctx)
 {
         const unsigned char *p = *in, *q;
-        union { STACK *s; ASN1_VALUE *a; } intname = {NULL};
+        union { STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+                ASN1_VALUE *a; } intname = {NULL};
         union { X509_NAME *x; ASN1_VALUE *a; } nm = {NULL};
         int i, j, ret;
         STACK_OF(X509_NAME_ENTRY) *entries;
@@ -181,8 +196,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len
         memcpy(nm.x->bytes->data, q, p - q);
 
         /* Convert internal representation to X509_NAME structure */
-        for(i = 0; i < sk_num(intname.s); i++) {
-                entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname.s, i);
+        for(i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) {
+                entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i);
                 for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
                         entry = sk_X509_NAME_ENTRY_value(entries, j);
                         entry->set = i;
@@ -191,7 +206,10 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len
                 }
                 sk_X509_NAME_ENTRY_free(entries);
         }
-        sk_free(intname.s);
+        sk_STACK_OF_X509_NAME_ENTRY_free(intname.s);
+        ret = x509_name_canon(nm.x);
+        if (!ret)
+                goto err;
         nm.x->modified = 0;
         *val = nm.a;
         *in = p;
@@ -206,8 +224,12 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_IT
         int ret;
         X509_NAME *a = (X509_NAME *)*val;
         if(a->modified) {
-                ret = x509_name_encode((X509_NAME *)a);
-                if(ret < 0) return ret;
+                ret = x509_name_encode(a);
+                if(ret < 0)
+                        return ret;
+                ret = x509_name_canon(a);
+                if(ret < 0)
+                        return ret;
         }
         ret = a->bytes->length;
         if(out != NULL) {
@@ -217,22 +239,35 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_IT
         return ret;
 }
 
+static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
+        {
+        sk_X509_NAME_ENTRY_free(ne);
+        }
+
+static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
+        {
+        sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free);
+        }
+
 static int x509_name_encode(X509_NAME *a)
 {
-        union { STACK *s; ASN1_VALUE *a; } intname = {NULL};
+        union { STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+                ASN1_VALUE *a; } intname = {NULL};
         int len;
         unsigned char *p;
         STACK_OF(X509_NAME_ENTRY) *entries = NULL;
         X509_NAME_ENTRY *entry;
         int i, set = -1;
-        intname.s = sk_new_null();
+        intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null();
         if(!intname.s) goto memerr;
         for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
                 entry = sk_X509_NAME_ENTRY_value(a->entries, i);
                 if(entry->set != set) {
                         entries = sk_X509_NAME_ENTRY_new_null();
                         if(!entries) goto memerr;
-                        if(!sk_push(intname.s, (char *)entries)) goto memerr;
+                        if(!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s,
+                                                             entries))
+                                goto memerr;
                         set = entry->set;
                 }
                 if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
@@ -243,15 +278,222 @@ static int x509_name_encode(X509_NAME *a)
         p=(unsigned char *)a->bytes->data;
         ASN1_item_ex_i2d(&intname.a,
                          &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
-        sk_pop_free(intname.s, sk_internal_free);
+        sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
+                                             local_sk_X509_NAME_ENTRY_free);
         a->modified = 0;
         return len;
-        memerr:
-        sk_pop_free(intname.s, sk_internal_free);
+memerr:
+        sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
+                                             local_sk_X509_NAME_ENTRY_free);
         ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
         return -1;
 }
 
+static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
+                                                int indent,
+                                                const char *fname, 
+                                                const ASN1_PCTX *pctx)
+        {
+        if (X509_NAME_print_ex(out, (X509_NAME *)*pval,
+                                        indent, pctx->nm_flags) <= 0)
+                return 0;
+        return 2;
+        }
+
+/* This function generates the canonical encoding of the Name structure.
+ * In it all strings are converted to UTF8, leading, trailing and
+ * multiple spaces collapsed, converted to lower case and the leading
+ * SEQUENCE header removed.
+ *
+ * In future we could also normalize the UTF8 too.
+ *
+ * By doing this comparison of Name structures can be rapidly
+ * perfomed by just using memcmp() of the canonical encoding.
+ * By omitting the leading SEQUENCE name constraints of type
+ * dirName can also be checked with a simple memcmp().
+ */
+
+static int x509_name_canon(X509_NAME *a)
+        {
+        unsigned char *p;
+        STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL;
+        STACK_OF(X509_NAME_ENTRY) *entries = NULL;
+        X509_NAME_ENTRY *entry, *tmpentry = NULL;
+        int i, set = -1, ret = 0;
+
+        if (a->canon_enc)
+                {
+                OPENSSL_free(a->canon_enc);
+                a->canon_enc = NULL;
+                }
+        /* Special case: empty X509_NAME => null encoding */
+        if (sk_X509_NAME_ENTRY_num(a->entries) == 0)
+                {
+                a->canon_enclen = 0;
+                return 1;
+                }
+        intname = sk_STACK_OF_X509_NAME_ENTRY_new_null();
+        if(!intname)
+                goto err;
+        for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++)
+                {
+                entry = sk_X509_NAME_ENTRY_value(a->entries, i);
+                if(entry->set != set)
+                        {
+                        entries = sk_X509_NAME_ENTRY_new_null();
+                        if(!entries)
+                                goto err;
+                        if(!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries))
+                                goto err;
+                        set = entry->set;
+                        }
+                tmpentry = X509_NAME_ENTRY_new();
+                tmpentry->object = OBJ_dup(entry->object);
+                if (!asn1_string_canon(tmpentry->value, entry->value))
+                        goto err;
+                if(!sk_X509_NAME_ENTRY_push(entries, tmpentry))
+                        goto err;
+                tmpentry = NULL;
+                }
+
+        /* Finally generate encoding */
+
+        a->canon_enclen = i2d_name_canon(intname, NULL);
+
+        p = OPENSSL_malloc(a->canon_enclen);
+
+        if (!p)
+                goto err;
+
+        a->canon_enc = p;
+
+        i2d_name_canon(intname, &p);
+
+        ret = 1;
+
+        err:
+
+        if (tmpentry)
+                X509_NAME_ENTRY_free(tmpentry);
+        if (intname)
+                sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
+                                        local_sk_X509_NAME_ENTRY_pop_free);
+        return ret;
+        }
+
+/* Bitmap of all the types of string that will be canonicalized. */
+
+#define ASN1_MASK_CANON \
+        (B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \
+        | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \
+        | B_ASN1_VISIBLESTRING)
+        
+
+static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
+        {
+        unsigned char *to, *from;
+        int len, i;
+
+        /* If type not in bitmask just copy string across */
+        if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON))
+                {
+                out->type = in->type;
+                if (!ASN1_STRING_set(out, in->data, in->length))
+                        return 0;
+                return 1;
+                }
+
+        out->type = V_ASN1_UTF8STRING;
+        out->length = ASN1_STRING_to_UTF8(&out->data, in);
+        if (out->length == -1)
+                return 0;
+
+        to = out->data;
+        from = to;
+
+        len = out->length;
+
+        /* Convert string in place to canonical form.
+         * Ultimately we may need to handle a wider range of characters
+         * but for now ignore anything with MSB set and rely on the
+         * isspace() and tolower() functions.
+         */
+
+        /* Ignore leading spaces */
+        while((len > 0) && !(*from & 0x80) && isspace(*from))
+                {
+                from++;
+                len--;
+                }
+
+        to = from + len - 1;
+
+        /* Ignore trailing spaces */
+        while ((len > 0) && !(*to & 0x80) && isspace(*to))
+                {
+                to--;
+                len--;
+                }
+
+        to = out->data;
+
+        i = 0;
+        while(i < len)
+                {
+                /* If MSB set just copy across */
+                if (*from & 0x80)
+                        {
+                        *to++ = *from++;
+                        i++;
+                        }
+                /* Collapse multiple spaces */
+                else if (isspace(*from))
+                        {
+                        /* Copy one space across */
+                        *to++ = ' ';
+                        /* Ignore subsequent spaces. Note: don't need to
+                         * check len here because we know the last 
+                         * character is a non-space so we can't overflow.
+                         */
+                        do
+                                {
+                                from++;
+                                i++;
+                                }
+                        while(!(*from & 0x80) && isspace(*from));
+                        }
+                else
+                        {
+                        *to++ = tolower(*from++);
+                        i++;
+                        }
+                }
+
+        out->length = to - out->data;
+
+        return 1;
+
+        }
+
+static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname,
+                          unsigned char **in)
+        {
+        int i, len, ltmp;
+        ASN1_VALUE *v;
+        STACK_OF(ASN1_VALUE) *intname = (STACK_OF(ASN1_VALUE) *)_intname;
+
+        len = 0;
+        for (i = 0; i < sk_ASN1_VALUE_num(intname); i++)
+                {
+                v = sk_ASN1_VALUE_value(intname, i);
+                ltmp = ASN1_item_ex_i2d(&v, in,
+                        ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1);
+                if (ltmp < 0)
+                        return ltmp;
+                len += ltmp;
+                }
+        return len;
+        }
 
 int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
         {
diff --git a/src/lib/libcrypto/asn1/x_pubkey.c b/src/lib/libcrypto/asn1/x_pubkey.c
index 91c2756116..d42b6a2c54 100644
--- a/src/lib/libcrypto/asn1/x_pubkey.c
+++ b/src/lib/libcrypto/asn1/x_pubkey.c
@@ -60,6 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
+#include "asn1_locl.h"
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
@@ -68,7 +69,8 @@
 #endif
 
 /* Minor tweak to operation: free up EVP_PKEY */
-static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                        void *exarg)
         {
         if (operation == ASN1_OP_FREE_POST)
                 {
@@ -88,169 +90,42 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
 int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
         {
         X509_PUBKEY *pk=NULL;
-        X509_ALGOR *a;
-        ASN1_OBJECT *o;
-        unsigned char *s,*p = NULL;
-        int i;
 
         if (x == NULL) return(0);
 
-        if ((pk=X509_PUBKEY_new()) == NULL) goto err;
-        a=pk->algor;
+        if ((pk=X509_PUBKEY_new()) == NULL) goto error;
 
-        /* set the algorithm id */
-        if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;
-        ASN1_OBJECT_free(a->algorithm);
-        a->algorithm=o;
-
-        /* Set the parameter list */
-        if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA))
+        if (pkey->ameth)
                 {
-                if ((a->parameter == NULL) ||
-                        (a->parameter->type != V_ASN1_NULL))
+                if (pkey->ameth->pub_encode)
                         {
-                        ASN1_TYPE_free(a->parameter);
-                        if (!(a->parameter=ASN1_TYPE_new()))
+                        if (!pkey->ameth->pub_encode(pk, pkey))
                                 {
-                                X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-                                goto err;
+                                X509err(X509_F_X509_PUBKEY_SET,
+                                        X509_R_PUBLIC_KEY_ENCODE_ERROR);
+                                goto error;
                                 }
-                        a->parameter->type=V_ASN1_NULL;
-                        }
-                }
-#ifndef OPENSSL_NO_DSA
-        else if (pkey->type == EVP_PKEY_DSA)
-                {
-                unsigned char *pp;
-                DSA *dsa;
-                
-                dsa=pkey->pkey.dsa;
-                dsa->write_params=0;
-                ASN1_TYPE_free(a->parameter);
-                if ((i=i2d_DSAparams(dsa,NULL)) <= 0)
-                        goto err;
-                if (!(p=(unsigned char *)OPENSSL_malloc(i)))
-                        {
-                        X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                pp=p;
-                i2d_DSAparams(dsa,&pp);
-                if (!(a->parameter=ASN1_TYPE_new()))
-                        {
-                        OPENSSL_free(p);
-                        X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                a->parameter->type=V_ASN1_SEQUENCE;
-                if (!(a->parameter->value.sequence=ASN1_STRING_new()))
-                        {
-                        OPENSSL_free(p);
-                        X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-                        goto err;
                         }
-                if (!ASN1_STRING_set(a->parameter->value.sequence,p,i))
+                else
                         {
-                        OPENSSL_free(p);
-                        X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-                        goto err;
+                        X509err(X509_F_X509_PUBKEY_SET,
+                                X509_R_METHOD_NOT_SUPPORTED);
+                        goto error;
                         }
-                OPENSSL_free(p);
                 }
-#endif
-#ifndef OPENSSL_NO_EC
-        else if (pkey->type == EVP_PKEY_EC)
-                {
-                int nid=0;
-                unsigned char *pp;
-                EC_KEY *ec_key;
-                const EC_GROUP *group;
-                
-                ec_key = pkey->pkey.ec;
-                ASN1_TYPE_free(a->parameter);
-
-                if ((a->parameter = ASN1_TYPE_new()) == NULL)
-                        {
-                        X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
-                        goto err;
-                        }
-
-                group = EC_KEY_get0_group(ec_key);
-                if (EC_GROUP_get_asn1_flag(group)
-                     && (nid = EC_GROUP_get_curve_name(group)))
-                        {
-                        /* just set the OID */
-                        a->parameter->type = V_ASN1_OBJECT;
-                        a->parameter->value.object = OBJ_nid2obj(nid);
-                        }
-                else /* explicit parameters */
-                        {
-                        if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
-                                {
-                                X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
-                                goto err;
-                                }
-                        if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
-                                {
-                                X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }       
-                        pp = p;
-                        if (!i2d_ECParameters(ec_key, &pp))
-                                {
-                                X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
-                                OPENSSL_free(p);
-                                goto err;
-                                }
-                        a->parameter->type = V_ASN1_SEQUENCE;
-                        if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL)
-                                {
-                                X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
-                                OPENSSL_free(p);
-                                goto err;
-                                }
-                        ASN1_STRING_set(a->parameter->value.sequence, p, i);
-                        OPENSSL_free(p);
-                        }
-                }
-#endif
-        else if (1)
+        else
                 {
                 X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
-                goto err;
+                goto error;
                 }
 
-        if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
-        if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL)
-                {
-                X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        p=s;
-        i2d_PublicKey(pkey,&p);
-        if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i))
-                {
-                X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        /* Set number of unused bits to zero */
-        pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-        pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
-
-        OPENSSL_free(s);
-
-#if 0
-        CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
-        pk->pkey=pkey;
-#endif
-
         if (*x != NULL)
                 X509_PUBKEY_free(*x);
 
         *x=pk;
 
         return 1;
-err:
+error:
         if (pk != NULL) X509_PUBKEY_free(pk);
         return 0;
         }
@@ -258,119 +133,50 @@ err:
 EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
         {
         EVP_PKEY *ret=NULL;
-        long j;
-        int type;
-        const unsigned char *p;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
-        const unsigned char *cp;
-        X509_ALGOR *a;
-#endif
 
-        if (key == NULL) goto err;
+        if (key == NULL) goto error;
 
         if (key->pkey != NULL)
                 {
                 CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
-                return(key->pkey);
+                return key->pkey;
                 }
 
-        if (key->public_key == NULL) goto err;
+        if (key->public_key == NULL) goto error;
 
-        type=OBJ_obj2nid(key->algor->algorithm);
         if ((ret = EVP_PKEY_new()) == NULL)
                 {
                 X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
-                goto err;
+                goto error;
                 }
-        ret->type = EVP_PKEY_type(type);
-
-        /* the parameters must be extracted before the public key (ECDSA!) */
-        
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
-        a=key->algor;
-#endif
 
-        if (0)
-                ;
-#ifndef OPENSSL_NO_DSA
-        else if (ret->type == EVP_PKEY_DSA)
+        if (!EVP_PKEY_set_type(ret, OBJ_obj2nid(key->algor->algorithm)))
                 {
-                if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
-                        {
-                        if ((ret->pkey.dsa = DSA_new()) == NULL)
-                                {
-                                X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }
-                        ret->pkey.dsa->write_params=0;
-                        cp=p=a->parameter->value.sequence->data;
-                        j=a->parameter->value.sequence->length;
-                        if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j))
-                                goto err;
-                        }
-                ret->save_parameters=1;
+                X509err(X509_F_X509_PUBKEY_GET,X509_R_UNSUPPORTED_ALGORITHM);
+                goto error;
                 }
-#endif
-#ifndef OPENSSL_NO_EC
-        else if (ret->type == EVP_PKEY_EC)
+
+        if (ret->ameth->pub_decode)
                 {
-                if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
+                if (!ret->ameth->pub_decode(ret, key))
                         {
-                        /* type == V_ASN1_SEQUENCE => we have explicit parameters
-                         * (e.g. parameters in the X9_62_EC_PARAMETERS-structure )
-                         */
-                        if ((ret->pkey.ec= EC_KEY_new()) == NULL)
-                                {
-                                X509err(X509_F_X509_PUBKEY_GET, 
-                                        ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }
-                        cp = p = a->parameter->value.sequence->data;
-                        j = a->parameter->value.sequence->length;
-                        if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j))
-                                {
-                                X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB);
-                                goto err;
-                                }
-                        }
-                else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT))
-                        {
-                        /* type == V_ASN1_OBJECT => the parameters are given
-                         * by an asn1 OID
-                         */
-                        EC_KEY   *ec_key;
-                        EC_GROUP *group;
-
-                        if (ret->pkey.ec == NULL)
-                                ret->pkey.ec = EC_KEY_new();
-                        ec_key = ret->pkey.ec;
-                        if (ec_key == NULL)
-                                goto err;
-                        group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
-                        if (group == NULL)
-                                goto err;
-                        EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
-                        if (EC_KEY_set_group(ec_key, group) == 0)
-                                goto err;
-                        EC_GROUP_free(group);
+                        X509err(X509_F_X509_PUBKEY_GET,
+                                                X509_R_PUBLIC_KEY_DECODE_ERROR);
+                        goto error;
                         }
-                        /* the case implicitlyCA is currently not implemented */
-                ret->save_parameters = 1;
                 }
-#endif
-
-        p=key->public_key->data;
-        j=key->public_key->length;
-        if (!d2i_PublicKey(type, &ret, &p, (long)j))
+        else
                 {
-                X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB);
-                goto err;
+                X509err(X509_F_X509_PUBKEY_GET, X509_R_METHOD_NOT_SUPPORTED);
+                goto error;
                 }
 
         key->pkey = ret;
         CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
-        return(ret);
-err:
+
+        return ret;
+
+        error:
         if (ret != NULL)
                 EVP_PKEY_free(ret);
         return(NULL);
@@ -529,3 +335,39 @@ int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
         return(ret);
         }
 #endif
+
+int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
+                                        int ptype, void *pval,
+                                        unsigned char *penc, int penclen)
+        {
+        if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval))
+                return 0;
+        if (penc)
+                {
+                if (pub->public_key->data)
+                        OPENSSL_free(pub->public_key->data);
+                pub->public_key->data = penc;
+                pub->public_key->length = penclen;
+                /* Set number of unused bits to zero */
+                pub->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+                pub->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+                }
+        return 1;
+        }
+
+int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
+                const unsigned char **pk, int *ppklen,
+                X509_ALGOR **pa,
+                X509_PUBKEY *pub)
+        {
+        if (ppkalg)
+                *ppkalg = pub->algor->algorithm;
+        if (pk)
+                {
+                *pk = pub->public_key->data;
+                *ppklen = pub->public_key->length;
+                }
+        if (pa)
+                *pa = pub->algor;
+        return 1;
+        }
diff --git a/src/lib/libcrypto/asn1/x_req.c b/src/lib/libcrypto/asn1/x_req.c
index 59ca8ce329..d57555827c 100644
--- a/src/lib/libcrypto/asn1/x_req.c
+++ b/src/lib/libcrypto/asn1/x_req.c
@@ -79,7 +79,8 @@
  *
  */
 
-static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                        void *exarg)
 {
         X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
 
diff --git a/src/lib/libcrypto/asn1/x_x509.c b/src/lib/libcrypto/asn1/x_x509.c
index e118696625..dafd3cc921 100644
--- a/src/lib/libcrypto/asn1/x_x509.c
+++ b/src/lib/libcrypto/asn1/x_x509.c
@@ -81,7 +81,8 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
 
 extern void policy_cache_free(X509_POLICY_CACHE *cache);
 
-static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                                void *exarg)
 {
         X509 *ret = (X509 *)*pval;
 
@@ -99,6 +100,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
                 ret->rfc3779_asid = NULL;
 #endif
                 ret->aux = NULL;
+                ret->crldp = NULL;
                 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
                 break;
 
@@ -112,7 +114,10 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
                 X509_CERT_AUX_free(ret->aux);
                 ASN1_OCTET_STRING_free(ret->skid);
                 AUTHORITY_KEYID_free(ret->akid);
+                CRL_DIST_POINTS_free(ret->crldp);
                 policy_cache_free(ret->policy_cache);
+                GENERAL_NAMES_free(ret->altname);
+                NAME_CONSTRAINTS_free(ret->nc);
 #ifndef OPENSSL_NO_RFC3779
                 sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
                 ASIdentifiers_free(ret->rfc3779_asid);
@@ -136,19 +141,6 @@ ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
 IMPLEMENT_ASN1_FUNCTIONS(X509)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509)
 
-static ASN1_METHOD meth=
-    {
-    (I2D_OF(void))  i2d_X509,
-    (D2I_OF(void)) d2i_X509,
-    (void *(*)(void))X509_new,
-    (void (*)(void *)) X509_free
-    };
-
-ASN1_METHOD *X509_asn1_meth(void)
-        {
-        return(&meth);
-        }
-
 int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
              CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
         {