8 files changed, 796 insertions, 978 deletions

diff --git a/src/lib/libcrypto/pem/pem.h b/src/lib/libcrypto/pem/pem.h
index 55fbaeffe2..3785fca77d 100644
--- a/src/lib/libcrypto/pem/pem.h
+++ b/src/lib/libcrypto/pem/pem.h
@@ -1,4 +1,4 @@
-/* crypto/pem/pem.org */
+/* crypto/pem/pem.h */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,23 +56,25 @@
  * [including the GNU Public Licence.]
  */
 
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
- *
- * Always modify pem.org since pem.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
 #ifndef HEADER_PEM_H
 #define HEADER_PEM_H
 
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#ifndef OPENSSL_NO_STACK
+#include <openssl/stack.h>
+#endif
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem2.h>
+#include <openssl/e_os2.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#include "evp.h"
-#include "x509.h"
+#define PEM_BUFSIZE             1024
 
 #define PEM_OBJ_UNDEF           0
 #define PEM_OBJ_X509            1
@@ -108,49 +110,25 @@ extern "C" {
 
 #define PEM_STRING_X509_OLD     "X509 CERTIFICATE"
 #define PEM_STRING_X509         "CERTIFICATE"
+#define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE"
 #define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST"
 #define PEM_STRING_X509_REQ     "CERTIFICATE REQUEST"
 #define PEM_STRING_X509_CRL     "X509 CRL"
-#define PEM_STRING_EVP_PKEY     "PRIVATE KEY"
+#define PEM_STRING_EVP_PKEY     "ANY PRIVATE KEY"
+#define PEM_STRING_PUBLIC       "PUBLIC KEY"
 #define PEM_STRING_RSA          "RSA PRIVATE KEY"
 #define PEM_STRING_RSA_PUBLIC   "RSA PUBLIC KEY"
 #define PEM_STRING_DSA          "DSA PRIVATE KEY"
+#define PEM_STRING_DSA_PUBLIC   "DSA PUBLIC KEY"
 #define PEM_STRING_PKCS7        "PKCS7"
+#define PEM_STRING_PKCS8        "ENCRYPTED PRIVATE KEY"
+#define PEM_STRING_PKCS8INF     "PRIVATE KEY"
 #define PEM_STRING_DHPARAMS     "DH PARAMETERS"
 #define PEM_STRING_SSL_SESSION  "SSL SESSION PARAMETERS"
 #define PEM_STRING_DSAPARAMS    "DSA PARAMETERS"
 
-#ifndef HEADER_ENVELOPE_H
-
-#define EVP_ENCODE_CTX_SIZE  96
-#define EVP_MD_SIZE  60
-#define EVP_MD_CTX_SIZE  152
-#define EVP_CIPHER_SIZE  40
-#define EVP_CIPHER_CTX_SIZE  4212
-#define EVP_MAX_MD_SIZE  20
-
-typedef struct evp_encode_ctx_st
-        {
-        char data[EVP_ENCODE_CTX_SIZE];
-        } EVP_ENCODE_CTX;
-
-typedef struct env_md_ctx_st
-        {
-        char data[EVP_MD_CTX_SIZE];
-        } EVP_MD_CTX;
-
-typedef struct evp_cipher_st
-        {
-        char data[EVP_CIPHER_SIZE];
-        } EVP_CIPHER;
-
-typedef struct evp_cipher_ctx_st
-        {
-        char data[EVP_CIPHER_CTX_SIZE];
-        } EVP_CIPHER_CTX;
-#endif
-
-
+  /* Note that this structure is initialised by PEM_SealInit and cleaned up
+     by PEM_SealFinal (at least for now) */
 typedef struct PEM_Encode_Seal_st
         {
         EVP_ENCODE_CTX encode;
@@ -195,7 +173,7 @@ typedef struct pem_ctx_st
         int num_recipient;
         PEM_USER **recipient;
 
-#ifdef HEADER_STACK_H
+#ifndef OPENSSL_NO_STACK
         STACK *x509_chain;      /* certificate chain */
 #else
         char *x509_chain;       /* certificate chain */
@@ -217,151 +195,324 @@ typedef struct pem_ctx_st
         unsigned char *data;
         } PEM_CTX;
 
+/* These macros make the PEM_read/PEM_write functions easier to maintain and
+ * write. Now they are all implemented with either:
+ * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...)
+ */
+
+#ifdef OPENSSL_NO_FP_API
+
+#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
+#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
+#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/
+
+#else
+
+#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
+type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
+{ \
+return((type *)PEM_ASN1_read((char *(*)())d2i_##asn1, str,fp,(char **)x,\
+        cb,u)); \
+} \
+
+#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x) \
+{ \
+return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, (char *)x, \
+                                                         NULL,NULL,0,NULL,NULL)); \
+} 
+
+#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, \
+                  void *u) \
+        { \
+        return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, \
+                (char *)x,enc,kstr,klen,cb,u)); \
+        }
+
+#endif
+
+#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
+type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
+{ \
+return((type *)PEM_ASN1_read_bio((char *(*)())d2i_##asn1, str,bp,\
+                                                        (char **)x,cb,u)); \
+}
+
+#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x) \
+{ \
+return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, (char *)x, \
+                                                         NULL,NULL,0,NULL,NULL)); \
+}
+
+#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
+        { \
+        return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, \
+                (char *)x,enc,kstr,klen,cb,u)); \
+        }
+
+#define IMPLEMENT_PEM_write(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_fp(name, type, str, asn1) 
+
+#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) 
+
+#define IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
+        IMPLEMENT_PEM_read_fp(name, type, str, asn1) 
+
+#define IMPLEMENT_PEM_rw(name, type, str, asn1) \
+        IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_write(name, type, str, asn1)
+
+#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
+        IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb(name, type, str, asn1)
+
+/* These are the same except they are for the declarations */
+
+#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_NO_FP_API)
+
+#define DECLARE_PEM_read_fp(name, type) /**/
+#define DECLARE_PEM_write_fp(name, type) /**/
+#define DECLARE_PEM_write_cb_fp(name, type) /**/
+
+#else
+
+#define DECLARE_PEM_read_fp(name, type) \
+        type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u);
+
+#define DECLARE_PEM_write_fp(name, type) \
+        int PEM_write_##name(FILE *fp, type *x);
+
+#define DECLARE_PEM_write_cb_fp(name, type) \
+        int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
+
+#endif
+
+#ifndef OPENSSL_NO_BIO
+#define DECLARE_PEM_read_bio(name, type) \
+        type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);
+
+#define DECLARE_PEM_write_bio(name, type) \
+        int PEM_write_bio_##name(BIO *bp, type *x);
+
+#define DECLARE_PEM_write_cb_bio(name, type) \
+        int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
+
+#else
+
+#define DECLARE_PEM_read_bio(name, type) /**/
+#define DECLARE_PEM_write_bio(name, type) /**/
+#define DECLARE_PEM_write_cb_bio(name, type) /**/
+
+#endif
+
+#define DECLARE_PEM_write(name, type) \
+        DECLARE_PEM_write_bio(name, type) \
+        DECLARE_PEM_write_fp(name, type) 
+
+#define DECLARE_PEM_write_cb(name, type) \
+        DECLARE_PEM_write_cb_bio(name, type) \
+        DECLARE_PEM_write_cb_fp(name, type) 
+
+#define DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_read_bio(name, type) \
+        DECLARE_PEM_read_fp(name, type)
+
+#define DECLARE_PEM_rw(name, type) \
+        DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_write(name, type)
+
+#define DECLARE_PEM_rw_cb(name, type) \
+        DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_write_cb(name, type)
+
 #ifdef SSLEAY_MACROS
 
 #define PEM_write_SSL_SESSION(fp,x) \
                 PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
-                        PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL)
+                        PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_X509(fp,x) \
                 PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
-                        (char *)x, NULL,NULL,0,NULL)
+                        (char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \
                 (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \
-                        NULL,NULL,0,NULL)
+                        NULL,NULL,0,NULL,NULL)
 #define PEM_write_X509_CRL(fp,x) \
                 PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \
-                        fp,(char *)x, NULL,NULL,0,NULL)
-#define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb) \
+                        fp,(char *)x, NULL,NULL,0,NULL,NULL)
+#define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
                 PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\
-                        (char *)x,enc,kstr,klen,cb)
+                        (char *)x,enc,kstr,klen,cb,u)
 #define PEM_write_RSAPublicKey(fp,x) \
                 PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\
-                        PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL)
-#define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb) \
+                        PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL)
+#define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
                 PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\
-                        (char *)x,enc,kstr,klen,cb)
-#define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb) \
+                        (char *)x,enc,kstr,klen,cb,u)
+#define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
                 PEM_ASN1_write((int (*)())i2d_PrivateKey,\
                 (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
-                        bp,(char *)x,enc,kstr,klen,cb)
+                        bp,(char *)x,enc,kstr,klen,cb,u)
 #define PEM_write_PKCS7(fp,x) \
                 PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \
-                        (char *)x, NULL,NULL,0,NULL)
+                        (char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_DHparams(fp,x) \
                 PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\
-                        (char *)x,NULL,NULL,0,NULL)
-
-#define PEM_read_SSL_SESSION(fp,x,cb) (SSL_SESSION *)PEM_ASN1_read( \
-        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb)
-#define PEM_read_X509(fp,x,cb) (X509 *)PEM_ASN1_read( \
-        (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb)
-#define PEM_read_X509_REQ(fp,x,cb) (X509_REQ *)PEM_ASN1_read( \
-        (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb)
-#define PEM_read_X509_CRL(fp,x,cb) (X509_CRL *)PEM_ASN1_read( \
-        (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb)
-#define PEM_read_RSAPrivateKey(fp,x,cb) (RSA *)PEM_ASN1_read( \
-        (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb)
-#define PEM_read_RSAPublicKey(fp,x,cb) (RSA *)PEM_ASN1_read( \
-        (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb)
-#define PEM_read_DSAPrivateKey(fp,x,cb) (DSA *)PEM_ASN1_read( \
-        (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb)
-#define PEM_read_PrivateKey(fp,x,cb) (EVP_PKEY *)PEM_ASN1_read( \
-        (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb)
-#define PEM_read_PKCS7(fp,x,cb) (PKCS7 *)PEM_ASN1_read( \
-        (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb)
-#define PEM_read_DHparams(fp,x,cb) (DH *)PEM_ASN1_read( \
-        (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb)
+                        (char *)x,NULL,NULL,0,NULL,NULL)
+
+#define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \
+                PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
+                        PEM_STRING_X509,fp, \
+                        (char *)x, NULL,NULL,0,NULL,NULL)
+
+#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
+        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
+#define PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \
+        (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u)
+#define PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \
+        (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u)
+#define PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \
+        (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u)
+#define PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
+        (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u)
+#define PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
+        (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u)
+#define PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \
+        (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u)
+#define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \
+        (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u)
+#define PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \
+        (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u)
+#define PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \
+        (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u)
+
+#define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \
+                (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \
+        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\
+                                                        (char **)x,cb,u)
 
 #define PEM_write_bio_SSL_SESSION(bp,x) \
                 PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \
-                        PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL)
+                        PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_X509(bp,x) \
                 PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \
-                        (char *)x, NULL,NULL,0,NULL)
+                        (char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \
                 (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \
-                        NULL,NULL,0,NULL)
+                        NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_X509_CRL(bp,x) \
                 PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\
-                        bp,(char *)x, NULL,NULL,0,NULL)
-#define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb) \
+                        bp,(char *)x, NULL,NULL,0,NULL,NULL)
+#define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
                 PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\
-                        bp,(char *)x,enc,kstr,klen,cb)
+                        bp,(char *)x,enc,kstr,klen,cb,u)
 #define PEM_write_bio_RSAPublicKey(bp,x) \
                 PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \
                         PEM_STRING_RSA_PUBLIC,\
-                        bp,(char *)x,NULL,NULL,0,NULL)
-#define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb) \
+                        bp,(char *)x,NULL,NULL,0,NULL,NULL)
+#define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
                 PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\
-                        bp,(char *)x,enc,kstr,klen,cb)
-#define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb) \
+                        bp,(char *)x,enc,kstr,klen,cb,u)
+#define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
                 PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\
                 (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
-                        bp,(char *)x,enc,kstr,klen,cb)
+                        bp,(char *)x,enc,kstr,klen,cb,u)
 #define PEM_write_bio_PKCS7(bp,x) \
                 PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \
-                        (char *)x, NULL,NULL,0,NULL)
+                        (char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_DHparams(bp,x) \
                 PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\
-                        bp,(char *)x,NULL,NULL,0,NULL)
+                        bp,(char *)x,NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_DSAparams(bp,x) \
                 PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \
-                        PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL)
-
-#define PEM_read_bio_SSL_SESSION(bp,x,cb) (SSL_SESSION *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb)
-#define PEM_read_bio_X509(bp,x,cb) (X509 *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb)
-#define PEM_read_bio_X509_REQ(bp,x,cb) (X509_REQ *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb)
-#define PEM_read_bio_X509_CRL(bp,x,cb) (X509_CRL *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb)
-#define PEM_read_bio_RSAPrivateKey(bp,x,cb) (RSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb)
-#define PEM_read_bio_RSAPublicKey(bp,x,cb) (RSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb)
-#define PEM_read_bio_DSAPrivateKey(bp,x,cb) (DSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb)
-#define PEM_read_bio_PrivateKey(bp,x,cb) (EVP_PKEY *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb)
-
-#define PEM_read_bio_PKCS7(bp,x,cb) (PKCS7 *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb)
-#define PEM_read_bio_DHparams(bp,x,cb) (DH *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb)
-#define PEM_read_bio_DSAparams(bp,x,cb) (DSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb)
+                        PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL)
+
+#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \
+                PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
+                        PEM_STRING_X509,bp, \
+                        (char *)x, NULL,NULL,0,NULL,NULL)
+
+#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u)
+#define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u)
+#define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u)
+#define PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u)
+#define PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u)
+#define PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u)
+#define PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u)
+#define PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u)
+
+#define PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u)
+#define PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u)
+#define PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u)
+
+#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \
+                (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,bp,\
+                                                        (char **)x,cb,u)
 
 #endif
 
-#ifndef NOPROTO
+#if 1
+/* "userdata": new with OpenSSL 0.9.4 */
+typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);
+#else
+/* OpenSSL 0.9.3, 0.9.3a */
+typedef int pem_password_cb(char *buf, int size, int rwflag);
+#endif
+
 int     PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
 int     PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
-                int (*callback)());
+        pem_password_cb *callback,void *u);
 
-#ifdef HEADER_BIO_H
+#ifndef OPENSSL_NO_BIO
 int     PEM_read_bio(BIO *bp, char **name, char **header,
                 unsigned char **data,long *len);
-int     PEM_write_bio(BIO *bp,char *name,char *hdr,unsigned char *data,
+int     PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data,
                 long len);
-char *  PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *bp,char **x,
-                int (*cb)());
-int     PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *bp,char *x,
-                EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
-STACK * PEM_X509_INFO_read_bio(BIO *bp, STACK *sk, int (*cb)());
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,
+             pem_password_cb *cb, void *u);
+char *  PEM_ASN1_read_bio(char *(*d2i)(),const char *name,BIO *bp,char **x,
+                pem_password_cb *cb, void *u);
+int     PEM_ASN1_write_bio(int (*i2d)(),const char *name,BIO *bp,char *x,
+                           const EVP_CIPHER *enc,unsigned char *kstr,int klen,
+                           pem_password_cb *cb, void *u);
+STACK_OF(X509_INFO) *   PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
 int     PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,
-                unsigned char *kstr, int klen, int (*cb)());
+                unsigned char *kstr, int klen, pem_password_cb *cd, void *u);
 #endif
 
-#ifndef WIN16
+#ifndef OPENSSL_SYS_WIN16
 int     PEM_read(FILE *fp, char **name, char **header,
                 unsigned char **data,long *len);
 int     PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len);
-char *  PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x,
-                int (*cb)());
-int     PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x,
-                EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
-STACK * PEM_X509_INFO_read(FILE *fp, STACK *sk, int (*cb)());
+char *  PEM_ASN1_read(char *(*d2i)(),const char *name,FILE *fp,char **x,
+        pem_password_cb *cb, void *u);
+int     PEM_ASN1_write(int (*i2d)(),const char *name,FILE *fp,char *x,
+                       const EVP_CIPHER *enc,unsigned char *kstr,int klen,
+                       pem_password_cb *callback, void *u);
+STACK_OF(X509_INFO) *   PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
+        pem_password_cb *cb, void *u);
 #endif
 
 int     PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
@@ -377,148 +528,102 @@ void    PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt);
 int     PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                 unsigned int *siglen, EVP_PKEY *pkey);
 
-void    ERR_load_PEM_strings(void);
-
+int     PEM_def_callback(char *buf, int num, int w, void *key);
 void    PEM_proc_type(char *buf, int type);
-void    PEM_dek_info(char *buf, char *type, int len, char *str);
+void    PEM_dek_info(char *buf, const char *type, int len, char *str);
 
 #ifndef SSLEAY_MACROS
 
-#ifndef WIN16
-X509 *PEM_read_X509(FILE *fp,X509 **x,int (*cb)());
-X509_REQ *PEM_read_X509_REQ(FILE *fp,X509_REQ **x,int (*cb)());
-X509_CRL *PEM_read_X509_CRL(FILE *fp,X509_CRL **x,int (*cb)());
-RSA *PEM_read_RSAPrivateKey(FILE *fp,RSA **x,int (*cb)());
-RSA *PEM_read_RSAPublicKey(FILE *fp,RSA **x,int (*cb)());
-DSA *PEM_read_DSAPrivateKey(FILE *fp,DSA **x,int (*cb)());
-EVP_PKEY *PEM_read_PrivateKey(FILE *fp,EVP_PKEY **x,int (*cb)());
-PKCS7 *PEM_read_PKCS7(FILE *fp,PKCS7 **x,int (*cb)());
-DH *PEM_read_DHparams(FILE *fp,DH **x,int (*cb)());
-DSA *PEM_read_DSAparams(FILE *fp,DSA **x,int (*cb)());
-int PEM_write_X509(FILE *fp,X509 *x);
-int PEM_write_X509_REQ(FILE *fp,X509_REQ *x);
-int PEM_write_X509_CRL(FILE *fp,X509_CRL *x);
-int PEM_write_RSAPrivateKey(FILE *fp,RSA *x,EVP_CIPHER *enc,unsigned char *kstr,
-        int klen,int (*cb)());
-int PEM_write_RSAPublicKey(FILE *fp,RSA *x);
-int PEM_write_DSAPrivateKey(FILE *fp,DSA *x,EVP_CIPHER *enc,unsigned char *kstr,
-        int klen,int (*cb)());
-int PEM_write_PrivateKey(FILE *fp,EVP_PKEY *x,EVP_CIPHER *enc,
-        unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_PKCS7(FILE *fp,PKCS7 *x);
-int PEM_write_DHparams(FILE *fp,DH *x);
-int PEM_write_DSAparams(FILE *fp,DSA *x);
-#endif
+#include <openssl/symhacks.h>
+
+DECLARE_PEM_rw(X509, X509)
+
+DECLARE_PEM_rw(X509_AUX, X509)
+
+DECLARE_PEM_rw(X509_REQ, X509_REQ)
+DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
+
+DECLARE_PEM_rw(X509_CRL, X509_CRL)
+
+DECLARE_PEM_rw(PKCS7, PKCS7)
+
+DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
+
+DECLARE_PEM_rw(PKCS8, X509_SIG)
+
+DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
+
+#ifndef OPENSSL_NO_RSA
+
+DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
+
+DECLARE_PEM_rw(RSAPublicKey, RSA)
+DECLARE_PEM_rw(RSA_PUBKEY, RSA)
 
-#ifdef HEADER_BIO_H
-X509 *PEM_read_bio_X509(BIO *bp,X509 **x,int (*cb)());
-X509_REQ *PEM_read_bio_X509_REQ(BIO *bp,X509_REQ **x,int (*cb)());
-X509_CRL *PEM_read_bio_X509_CRL(BIO *bp,X509_CRL **x,int (*cb)());
-RSA *PEM_read_bio_RSAPrivateKey(BIO *bp,RSA **x,int (*cb)());
-RSA *PEM_read_bio_RSAPublicKey(BIO *bp,RSA **x,int (*cb)());
-DSA *PEM_read_bio_DSAPrivateKey(BIO *bp,DSA **x,int (*cb)());
-EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp,EVP_PKEY **x,int (*cb)());
-PKCS7 *PEM_read_bio_PKCS7(BIO *bp,PKCS7 **x,int (*cb)());
-DH *PEM_read_bio_DHparams(BIO *bp,DH **x,int (*cb)());
-DSA *PEM_read_bio_DSAparams(BIO *bp,DSA **x,int (*cb)());
-int PEM_write_bio_X509(BIO *bp,X509 *x);
-int PEM_write_bio_X509_REQ(BIO *bp,X509_REQ *x);
-int PEM_write_bio_X509_CRL(BIO *bp,X509_CRL *x);
-int PEM_write_bio_RSAPrivateKey(BIO *fp,RSA *x,EVP_CIPHER *enc,
-        unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_bio_RSAPublicKey(BIO *fp,RSA *x);
-int PEM_write_bio_DSAPrivateKey(BIO *fp,DSA *x,EVP_CIPHER *enc,
-        unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_bio_PrivateKey(BIO *fp,EVP_PKEY *x,EVP_CIPHER *enc,
-        unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_bio_PKCS7(BIO *bp,PKCS7 *x);
-int PEM_write_bio_DHparams(BIO *bp,DH *x);
-int PEM_write_bio_DSAparams(BIO *bp,DSA *x);
 #endif
 
-#endif /* SSLEAY_MACROS */
+#ifndef OPENSSL_NO_DSA
 
+DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
 
-#else
+DECLARE_PEM_rw(DSA_PUBKEY, DSA)
+
+DECLARE_PEM_rw(DSAparams, DSA)
 
-int     PEM_get_EVP_CIPHER_INFO();
-int     PEM_do_header();
-int     PEM_read_bio();
-int     PEM_write_bio();
-#ifndef WIN16
-int     PEM_read();
-int     PEM_write();
-STACK * PEM_X509_INFO_read();
-char *  PEM_ASN1_read();
-int     PEM_ASN1_write();
 #endif
-STACK * PEM_X509_INFO_read_bio();
-int     PEM_X509_INFO_write_bio();
-char *  PEM_ASN1_read_bio();
-int     PEM_ASN1_write_bio();
-int     PEM_SealInit();
-void    PEM_SealUpdate();
-int     PEM_SealFinal();
-int     PEM_SignFinal();
 
-void    ERR_load_PEM_strings();
+#ifndef OPENSSL_NO_DH
 
-void    PEM_proc_type();
-void    PEM_dek_info();
+DECLARE_PEM_rw(DHparams, DH)
 
-#ifndef SSLEAY_MACROS
-#ifndef WIN16
-X509 *PEM_read_X509();
-X509_REQ *PEM_read_X509_REQ();
-X509_CRL *PEM_read_X509_CRL();
-RSA *PEM_read_RSAPrivateKey();
-RSA *PEM_read_RSAPublicKey();
-DSA *PEM_read_DSAPrivateKey();
-EVP_PKEY *PEM_read_PrivateKey();
-PKCS7 *PEM_read_PKCS7();
-DH *PEM_read_DHparams();
-DSA *PEM_read_DSAparams();
-int PEM_write_X509();
-int PEM_write_X509_REQ();
-int PEM_write_X509_CRL();
-int PEM_write_RSAPrivateKey();
-int PEM_write_RSAPublicKey();
-int PEM_write_DSAPrivateKey();
-int PEM_write_PrivateKey();
-int PEM_write_PKCS7();
-int PEM_write_DHparams();
-int PEM_write_DSAparams();
 #endif
 
-X509 *PEM_read_bio_X509();
-X509_REQ *PEM_read_bio_X509_REQ();
-X509_CRL *PEM_read_bio_X509_CRL();
-RSA *PEM_read_bio_RSAPrivateKey();
-RSA *PEM_read_bio_RSAPublicKey();
-DSA *PEM_read_bio_DSAPrivateKey();
-EVP_PKEY *PEM_read_bio_PrivateKey();
-PKCS7 *PEM_read_bio_PKCS7();
-DH *PEM_read_bio_DHparams();
-DSA *PEM_read_bio_DSAparams();
-int PEM_write_bio_X509();
-int PEM_write_bio_X509_REQ();
-int PEM_write_bio_X509_CRL();
-int PEM_write_bio_RSAPrivateKey();
-int PEM_write_bio_RSAPublicKey();
-int PEM_write_bio_DSAPrivateKey();
-int PEM_write_bio_PrivateKey();
-int PEM_write_bio_PKCS7();
-int PEM_write_bio_DHparams();
-int PEM_write_bio_DSAparams();
+DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
+
+DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
+
+int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u);
+int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *,
+                                  char *, int, pem_password_cb *, void *);
+int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u);
+int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u);
+EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
+
+int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u);
+int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u);
+int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u);
+
+EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
+
+int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc,
+                              char *kstr,int klen, pem_password_cb *cd, void *u);
 
 #endif /* SSLEAY_MACROS */
 
-#endif
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_PEM_strings(void);
+
 /* Error codes for the PEM functions. */
 
 /* Function codes. */
+#define PEM_F_D2I_PKCS8PRIVATEKEY_BIO                    120
+#define PEM_F_D2I_PKCS8PRIVATEKEY_FP                     121
 #define PEM_F_DEF_CALLBACK                               100
 #define PEM_F_LOAD_IV                                    101
 #define PEM_F_PEM_ASN1_READ                              102
@@ -526,6 +631,8 @@ int PEM_write_bio_DSAparams();
 #define PEM_F_PEM_ASN1_WRITE                             104
 #define PEM_F_PEM_ASN1_WRITE_BIO                         105
 #define PEM_F_PEM_DO_HEADER                              106
+#define PEM_F_PEM_F_DO_PK8KEY_FP                         122
+#define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY            118
 #define PEM_F_PEM_GET_EVP_CIPHER_INFO                    107
 #define PEM_F_PEM_READ                                   108
 #define PEM_F_PEM_READ_BIO                               109
@@ -534,6 +641,7 @@ int PEM_write_bio_DSAparams();
 #define PEM_F_PEM_SIGNFINAL                              112
 #define PEM_F_PEM_WRITE                                  113
 #define PEM_F_PEM_WRITE_BIO                              114
+#define PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY              119
 #define PEM_F_PEM_X509_INFO_READ                         115
 #define PEM_F_PEM_X509_INFO_READ_BIO                     116
 #define PEM_F_PEM_X509_INFO_WRITE_BIO                    117
@@ -544,6 +652,7 @@ int PEM_write_bio_DSAparams();
 #define PEM_R_BAD_END_LINE                               102
 #define PEM_R_BAD_IV_CHARS                               103
 #define PEM_R_BAD_PASSWORD_READ                          104
+#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY               115
 #define PEM_R_NOT_DEK_INFO                               105
 #define PEM_R_NOT_ENCRYPTED                              106
 #define PEM_R_NOT_PROC_TYPE                              107
@@ -554,9 +663,8 @@ int PEM_write_bio_DSAparams();
 #define PEM_R_SHORT_HEADER                               112
 #define PEM_R_UNSUPPORTED_CIPHER                         113
 #define PEM_R_UNSUPPORTED_ENCRYPTION                     114
- 
+
 #ifdef  __cplusplus
 }
 #endif
 #endif
-
diff --git a/src/lib/libcrypto/pem/pem2.h b/src/lib/libcrypto/pem/pem2.h
index 4a016aacd2..4e484bcd82 100644
--- a/src/lib/libcrypto/pem/pem2.h
+++ b/src/lib/libcrypto/pem/pem2.h
@@ -57,4 +57,12 @@
  * Ben 30 Jan 1999.
  */
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 void ERR_load_PEM_strings(void);
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c
index d1cda7aabe..e72b7134ce 100644
--- a/src/lib/libcrypto/pem/pem_all.c
+++ b/src/lib/libcrypto/pem/pem_all.c
@@ -59,430 +59,138 @@
 #include <stdio.h>
 #undef SSLEAY_MACROS
 #include "cryptlib.h"
-#include "bio.h"
-#include "evp.h"
-#include "x509.h"
-#include "pkcs7.h"
-#include "pem.h"
-
-#ifndef NO_FP_API
-/* The X509 functions */
-X509 *PEM_read_X509(fp,x,cb)
-FILE *fp;
-X509 **x;
-int (*cb)();
-        {
-        return((X509 *)PEM_ASN1_read((char *(*)())d2i_X509,
-                PEM_STRING_X509,fp,(char **)x,cb));
-        }
-#endif
-
-X509 *PEM_read_bio_X509(bp,x,cb)
-BIO *bp;
-X509 **x;
-int (*cb)();
-        {
-        return((X509 *)PEM_ASN1_read_bio((char *(*)())d2i_X509,
-                PEM_STRING_X509,bp,(char **)x,cb));
-        }
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
 
-#ifndef NO_FP_API
-int PEM_write_X509(fp,x)
-FILE *fp;
-X509 *x;
-        {
-        return(PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp,
-                (char *)x, NULL,NULL,0,NULL));
-        }
+#ifndef OPENSSL_NO_RSA
+static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa);
 #endif
-
-int PEM_write_bio_X509(bp,x)
-BIO *bp;
-X509 *x;
-        {
-        return(PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp,
-                (char *)x, NULL,NULL,0,NULL));
-        }
-
-#ifndef NO_FP_API
-/* The X509_REQ functions */
-X509_REQ *PEM_read_X509_REQ(fp,x,cb)
-FILE *fp;
-X509_REQ **x;
-int (*cb)();
-        {
-        return((X509_REQ *)PEM_ASN1_read((char *(*)())d2i_X509_REQ,
-                PEM_STRING_X509_REQ,fp,(char **)x,cb));
-        }
+#ifndef OPENSSL_NO_DSA
+static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa);
 #endif
 
-X509_REQ *PEM_read_bio_X509_REQ(bp,x,cb)
-BIO *bp;
-X509_REQ **x;
-int (*cb)();
-        {
-        return((X509_REQ *)PEM_ASN1_read_bio((char *(*)())d2i_X509_REQ,
-                PEM_STRING_X509_REQ,bp,(char **)x,cb));
-        }
+IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ)
 
-#ifndef NO_FP_API
-int PEM_write_X509_REQ(fp,x)
-FILE *fp;
-X509_REQ *x;
-        {
-        return(PEM_ASN1_write((int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,
-                (char *)x, NULL,NULL,0,NULL));
-        }
-#endif
+IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ)
 
-int PEM_write_bio_X509_REQ(bp,x)
-BIO *bp;
-X509_REQ *x;
-        {
-        return(PEM_ASN1_write_bio((int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,
-                bp,(char *)x, NULL,NULL,0,NULL));
-        }
+IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL)
 
-#ifndef NO_FP_API
-/* The X509_CRL functions */
-X509_CRL *PEM_read_X509_CRL(fp,x,cb)
-FILE *fp;
-X509_CRL **x;
-int (*cb)();
-        {
-        return((X509_CRL *)PEM_ASN1_read((char *(*)())d2i_X509_CRL,
-                PEM_STRING_X509_CRL,fp,(char **)x,cb));
-        }
-#endif
+IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7)
 
-X509_CRL *PEM_read_bio_X509_CRL(bp,x,cb)
-BIO *bp;
-X509_CRL **x;
-int (*cb)();
-        {
-        return((X509_CRL *)PEM_ASN1_read_bio((char *(*)())d2i_X509_CRL,
-                PEM_STRING_X509_CRL,bp,(char **)x,cb));
-        }
+IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
+                                        PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
 
-#ifndef NO_FP_API
-int PEM_write_X509_CRL(fp,x)
-FILE *fp;
-X509_CRL *x;
-        {
-        return(PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,fp,
-                (char *)x, NULL,NULL,0,NULL));
-        }
-#endif
-
-int PEM_write_bio_X509_CRL(bp,x)
-BIO *bp;
-X509_CRL *x;
-        {
-        return(PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,
-                bp,(char *)x, NULL,NULL,0,NULL));
-        }
 
-#ifndef NO_RSA
-#ifndef NO_FP_API
-/* The RSAPrivateKey functions */
-RSA *PEM_read_RSAPrivateKey(fp,x,cb)
-FILE *fp;
-RSA **x;
-int (*cb)();
-        {
-        return((RSA *)PEM_ASN1_read((char *(*)())d2i_RSAPrivateKey,
-                PEM_STRING_RSA,fp,(char **)x,cb));
-        }
-
-RSA *PEM_read_RSAPublicKey(fp,x,cb)
-FILE *fp;
-RSA **x;
-int (*cb)();
-        {
-        return((RSA *)PEM_ASN1_read((char *(*)())d2i_RSAPublicKey,
-                PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb));
-        }
-#endif
+#ifndef OPENSSL_NO_RSA
 
-RSA *PEM_read_bio_RSAPrivateKey(bp,x,cb)
-BIO *bp;
-RSA **x;
-int (*cb)();
-        {
-        return((RSA *)PEM_ASN1_read_bio((char *(*)())d2i_RSAPrivateKey,
-                PEM_STRING_RSA,bp,(char **)x,cb));
-        }
+/* We treat RSA or DSA private keys as a special case.
+ *
+ * For private keys we read in an EVP_PKEY structure with
+ * PEM_read_bio_PrivateKey() and extract the relevant private
+ * key: this means can handle "traditional" and PKCS#8 formats
+ * transparently.
+ */
 
-RSA *PEM_read_bio_RSAPublicKey(bp,x,cb)
-BIO *bp;
-RSA **x;
-int (*cb)();
-        {
-        return((RSA *)PEM_ASN1_read_bio((char *(*)())d2i_RSAPublicKey,
-                PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb));
+static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa)
+{
+        RSA *rtmp;
+        if(!key) return NULL;
+        rtmp = EVP_PKEY_get1_RSA(key);
+        EVP_PKEY_free(key);
+        if(!rtmp) return NULL;
+        if(rsa) {
+                RSA_free(*rsa);
+                *rsa = rtmp;
         }
+        return rtmp;
+}
 
-#ifndef NO_FP_API
-int PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb)
-FILE *fp;
-RSA *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
-        {
-        return(PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,
-                (char *)x,enc,kstr,klen,cb));
-        }
+RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb,
+                                                                void *u)
+{
+        EVP_PKEY *pktmp;
+        pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+        return pkey_get_rsa(pktmp, rsa);
+}
 
-int PEM_write_RSAPublicKey(fp,x)
-FILE *fp;
-RSA *x;
-        {
-        return(PEM_ASN1_write((int (*)())i2d_RSAPublicKey,
-                PEM_STRING_RSA_PUBLIC,fp,
-                (char *)x,NULL,NULL,0,NULL));
-        }
-#endif
+#ifndef OPENSSL_NO_FP_API
 
-int PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb)
-BIO *bp;
-RSA *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
-        {
-        return(PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,
-                bp,(char *)x,enc,kstr,klen,cb));
-        }
+RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
+                                                                void *u)
+{
+        EVP_PKEY *pktmp;
+        pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+        return pkey_get_rsa(pktmp, rsa);
+}
 
-int PEM_write_bio_RSAPublicKey(bp,x)
-BIO *bp;
-RSA *x;
-        {
-        return(PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey,
-                PEM_STRING_RSA_PUBLIC,
-                bp,(char *)x,NULL,NULL,0,NULL));
-        }
-#endif /* !NO_RSA */
-
-#ifndef NO_DSA
-#ifndef NO_FP_API
-/* The DSAPrivateKey functions */
-DSA *PEM_read_DSAPrivateKey(fp,x,cb)
-FILE *fp;
-DSA **x;
-int (*cb)();
-        {
-        return((DSA *)PEM_ASN1_read((char *(*)())d2i_DSAPrivateKey,
-                PEM_STRING_DSA,fp,(char **)x,cb));
-        }
 #endif
 
-DSA *PEM_read_bio_DSAPrivateKey(bp,x,cb)
-BIO *bp;
-DSA **x;
-int (*cb)();
-        {
-        return((DSA *)PEM_ASN1_read_bio((char *(*)())d2i_DSAPrivateKey,
-                PEM_STRING_DSA,bp,(char **)x,cb));
-        }
-
-#ifndef NO_FP_API
-int PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb)
-FILE *fp;
-DSA *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
-        {
-        return(PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,
-                (char *)x,enc,kstr,klen,cb));
-        }
-#endif
+IMPLEMENT_PEM_write_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
+IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
+IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
 
-int PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb)
-BIO *bp;
-DSA *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
-        {
-        return(PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,
-                bp,(char *)x,enc,kstr,klen,cb));
-        }
 #endif
 
-#ifndef NO_FP_API
-/* The PrivateKey functions */
-EVP_PKEY *PEM_read_PrivateKey(fp,x,cb)
-FILE *fp;
-EVP_PKEY **x;
-int (*cb)();
-        {
-        return((EVP_PKEY *)PEM_ASN1_read((char *(*)())d2i_PrivateKey,
-                PEM_STRING_EVP_PKEY,fp,(char **)x,cb));
-        }
-#endif
+#ifndef OPENSSL_NO_DSA
 
-EVP_PKEY *PEM_read_bio_PrivateKey(bp,x,cb)
-BIO *bp;
-EVP_PKEY **x;
-int (*cb)();
-        {
-        return((EVP_PKEY *)PEM_ASN1_read_bio((char *(*)())d2i_PrivateKey,
-                PEM_STRING_EVP_PKEY,bp,(char **)x,cb));
+static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa)
+{
+        DSA *dtmp;
+        if(!key) return NULL;
+        dtmp = EVP_PKEY_get1_DSA(key);
+        EVP_PKEY_free(key);
+        if(!dtmp) return NULL;
+        if(dsa) {
+                DSA_free(*dsa);
+                *dsa = dtmp;
         }
+        return dtmp;
+}
 
-#ifndef NO_FP_API
-int PEM_write_PrivateKey(fp,x,enc,kstr,klen,cb)
-FILE *fp;
-EVP_PKEY *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
-        {
-        return(PEM_ASN1_write((int (*)())i2d_PrivateKey,
-                ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
-                fp,(char *)x,enc,kstr,klen,cb));
-        }
-#endif
+DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
+                                                                void *u)
+{
+        EVP_PKEY *pktmp;
+        pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+        return pkey_get_dsa(pktmp, dsa);
+}
 
-int PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb)
-BIO *bp;
-EVP_PKEY *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
-        {
-        return(PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,
-                ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
-                bp,(char *)x,enc,kstr,klen,cb));
-        }
+IMPLEMENT_PEM_write_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
+IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
 
-#ifndef NO_FP_API
-/* The PKCS7 functions */
-PKCS7 *PEM_read_PKCS7(fp,x,cb)
-FILE *fp;
-PKCS7 **x;
-int (*cb)();
-        {
-        return((PKCS7 *)PEM_ASN1_read((char *(*)())d2i_PKCS7,
-                PEM_STRING_PKCS7,fp,(char **)x,cb));
-        }
-#endif
+#ifndef OPENSSL_NO_FP_API
 
-PKCS7 *PEM_read_bio_PKCS7(bp,x,cb)
-BIO *bp;
-PKCS7 **x;
-int (*cb)();
-        {
-        return((PKCS7 *)PEM_ASN1_read_bio((char *(*)())d2i_PKCS7,
-                PEM_STRING_PKCS7,bp,(char **)x,cb));
-        }
+DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb,
+                                                                void *u)
+{
+        EVP_PKEY *pktmp;
+        pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+        return pkey_get_dsa(pktmp, dsa);
+}
 
-#ifndef NO_FP_API
-int PEM_write_PKCS7(fp,x)
-FILE *fp;
-PKCS7 *x;
-        {
-        return(PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp,
-                (char *)x, NULL,NULL,0,NULL));
-        }
 #endif
 
-int PEM_write_bio_PKCS7(bp,x)
-BIO *bp;
-PKCS7 *x;
-        {
-        return(PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp,
-                (char *)x, NULL,NULL,0,NULL));
-        }
+IMPLEMENT_PEM_rw(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
 
-#ifndef NO_DH
-#ifndef NO_FP_API
-/* The DHparams functions */
-DH *PEM_read_DHparams(fp,x,cb)
-FILE *fp;
-DH **x;
-int (*cb)();
-        {
-        return((DH *)PEM_ASN1_read((char *(*)())d2i_DHparams,
-                PEM_STRING_DHPARAMS,fp,(char **)x,cb));
-        }
 #endif
 
-DH *PEM_read_bio_DHparams(bp,x,cb)
-BIO *bp;
-DH **x;
-int (*cb)();
-        {
-        return((DH *)PEM_ASN1_read_bio((char *(*)())d2i_DHparams,
-                PEM_STRING_DHPARAMS,bp,(char **)x,cb));
-        }
+#ifndef OPENSSL_NO_DH
 
-#ifndef NO_FP_API
-int PEM_write_DHparams(fp,x)
-FILE *fp;
-DH *x;
-        {
-        return(PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,
-                (char *)x, NULL,NULL,0,NULL));
-        }
-#endif
+IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
 
-int PEM_write_bio_DHparams(bp,x)
-BIO *bp;
-DH *x;
-        {
-        return(PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,
-                bp,(char *)x, NULL,NULL,0,NULL));
-        }
 #endif
 
-#ifndef NO_DSA
-#ifndef NO_FP_API
-/* The DSAparams functions */
-DSA *PEM_read_DSAparams(fp,x,cb)
-FILE *fp;
-DSA **x;
-int (*cb)();
-        {
-        return((DSA *)PEM_ASN1_read((char *(*)())d2i_DSAparams,
-                PEM_STRING_DSAPARAMS,fp,(char **)x,cb));
-        }
-#endif
 
-DSA *PEM_read_bio_DSAparams(bp,x,cb)
-BIO *bp;
-DSA **x;
-int (*cb)();
-        {
-        return((DSA *)PEM_ASN1_read_bio((char *(*)())d2i_DSAparams,
-                PEM_STRING_DSAPARAMS,bp,(char **)x,cb));
-        }
-
-#ifndef NO_FP_API
-int PEM_write_DSAparams(fp,x)
-FILE *fp;
-DSA *x;
-        {
-        return(PEM_ASN1_write((int (*)())i2d_DSAparams,PEM_STRING_DSAPARAMS,fp,
-                (char *)x, NULL,NULL,0,NULL));
-        }
-#endif
+/* The PrivateKey case is not that straightforward.
+ *   IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey)
+ * does not work, RSA and DSA keys have specific strings.
+ * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything
+ * appropriate.)
+ */
+IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), PrivateKey)
 
-int PEM_write_bio_DSAparams(bp,x)
-BIO *bp;
-DSA *x;
-        {
-        return(PEM_ASN1_write_bio((int (*)())i2d_DSAparams,PEM_STRING_DSAPARAMS,
-                bp,(char *)x, NULL,NULL,0,NULL));
-        }
-#endif
+IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
 
diff --git a/src/lib/libcrypto/pem/pem_err.c b/src/lib/libcrypto/pem/pem_err.c
index e17fcdb540..3b39b84d66 100644
--- a/src/lib/libcrypto/pem/pem_err.c
+++ b/src/lib/libcrypto/pem/pem_err.c
@@ -1,68 +1,73 @@
-/* lib/pem/pem_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/pem/pem_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "pem.h"
+#include <openssl/err.h>
+#include <openssl/pem.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA PEM_str_functs[]=
         {
+{ERR_PACK(0,PEM_F_D2I_PKCS8PRIVATEKEY_BIO,0),   "d2i_PKCS8PrivateKey_bio"},
+{ERR_PACK(0,PEM_F_D2I_PKCS8PRIVATEKEY_FP,0),    "d2i_PKCS8PrivateKey_fp"},
 {ERR_PACK(0,PEM_F_DEF_CALLBACK,0),      "DEF_CALLBACK"},
 {ERR_PACK(0,PEM_F_LOAD_IV,0),   "LOAD_IV"},
 {ERR_PACK(0,PEM_F_PEM_ASN1_READ,0),     "PEM_ASN1_read"},
@@ -70,6 +75,8 @@ static ERR_STRING_DATA PEM_str_functs[]=
 {ERR_PACK(0,PEM_F_PEM_ASN1_WRITE,0),    "PEM_ASN1_write"},
 {ERR_PACK(0,PEM_F_PEM_ASN1_WRITE_BIO,0),        "PEM_ASN1_write_bio"},
 {ERR_PACK(0,PEM_F_PEM_DO_HEADER,0),     "PEM_do_header"},
+{ERR_PACK(0,PEM_F_PEM_F_DO_PK8KEY_FP,0),        "PEM_F_DO_PK8KEY_FP"},
+{ERR_PACK(0,PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY,0),   "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
 {ERR_PACK(0,PEM_F_PEM_GET_EVP_CIPHER_INFO,0),   "PEM_get_EVP_CIPHER_INFO"},
 {ERR_PACK(0,PEM_F_PEM_READ,0),  "PEM_read"},
 {ERR_PACK(0,PEM_F_PEM_READ_BIO,0),      "PEM_read_bio"},
@@ -78,10 +85,11 @@ static ERR_STRING_DATA PEM_str_functs[]=
 {ERR_PACK(0,PEM_F_PEM_SIGNFINAL,0),     "PEM_SignFinal"},
 {ERR_PACK(0,PEM_F_PEM_WRITE,0), "PEM_write"},
 {ERR_PACK(0,PEM_F_PEM_WRITE_BIO,0),     "PEM_write_bio"},
+{ERR_PACK(0,PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,0),     "PEM_write_bio_PKCS8PrivateKey"},
 {ERR_PACK(0,PEM_F_PEM_X509_INFO_READ,0),        "PEM_X509_INFO_read"},
 {ERR_PACK(0,PEM_F_PEM_X509_INFO_READ_BIO,0),    "PEM_X509_INFO_read_bio"},
 {ERR_PACK(0,PEM_F_PEM_X509_INFO_WRITE_BIO,0),   "PEM_X509_INFO_write_bio"},
-{0,NULL},
+{0,NULL}
         };
 
 static ERR_STRING_DATA PEM_str_reasons[]=
@@ -91,6 +99,7 @@ static ERR_STRING_DATA PEM_str_reasons[]=
 {PEM_R_BAD_END_LINE                      ,"bad end line"},
 {PEM_R_BAD_IV_CHARS                      ,"bad iv chars"},
 {PEM_R_BAD_PASSWORD_READ                 ,"bad password read"},
+{PEM_R_ERROR_CONVERTING_PRIVATE_KEY      ,"error converting private key"},
 {PEM_R_NOT_DEK_INFO                      ,"not dek info"},
 {PEM_R_NOT_ENCRYPTED                     ,"not encrypted"},
 {PEM_R_NOT_PROC_TYPE                     ,"not proc type"},
@@ -101,19 +110,19 @@ static ERR_STRING_DATA PEM_str_reasons[]=
 {PEM_R_SHORT_HEADER                      ,"short header"},
 {PEM_R_UNSUPPORTED_CIPHER                ,"unsupported cipher"},
 {PEM_R_UNSUPPORTED_ENCRYPTION            ,"unsupported encryption"},
-{0,NULL},
+{0,NULL}
         };
 
 #endif
 
-void ERR_load_PEM_strings()
+void ERR_load_PEM_strings(void)
         {
         static int init=1;
 
-        if (init);
-                {;
+        if (init)
+                {
                 init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
                 ERR_load_strings(ERR_LIB_PEM,PEM_str_functs);
                 ERR_load_strings(ERR_LIB_PEM,PEM_str_reasons);
 #endif
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c
index 4b69833b62..9a6dffb45c 100644
--- a/src/lib/libcrypto/pem/pem_info.c
+++ b/src/lib/libcrypto/pem/pem_info.c
@@ -58,20 +58,17 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
-#ifndef NO_FP_API
-STACK *PEM_X509_INFO_read(fp,sk,cb)
-FILE *fp;
-STACK *sk;
-int (*cb)();
+#ifndef OPENSSL_NO_FP_API
+STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
         {
         BIO *b;
-        STACK *ret;
+        STACK_OF(X509_INFO) *ret;
 
         if ((b=BIO_new(BIO_s_file())) == NULL)
                 {
@@ -79,29 +76,26 @@ int (*cb)();
                 return(0);
                 }
         BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_X509_INFO_read_bio(b,sk,cb);
+        ret=PEM_X509_INFO_read_bio(b,sk,cb,u);
         BIO_free(b);
         return(ret);
         }
 #endif
 
-STACK *PEM_X509_INFO_read_bio(bp,sk,cb)
-BIO *bp;
-STACK *sk;
-int (*cb)();
+STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
         {
         X509_INFO *xi=NULL;
         char *name=NULL,*header=NULL,**pp;
         unsigned char *data=NULL,*p;
         long len,error=0;
         int ok=0;
-        STACK *ret=NULL;
+        STACK_OF(X509_INFO) *ret=NULL;
         unsigned int i,raw;
         char *(*d2i)();
 
         if (sk == NULL)
                 {
-                if ((ret=sk_new_null()) == NULL)
+                if ((ret=sk_X509_INFO_new_null()) == NULL)
                         {
                         PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_MALLOC_FAILURE);
                         goto err;
@@ -117,7 +111,7 @@ int (*cb)();
                 i=PEM_read_bio(bp,&name,&header,&data,&len);
                 if (i == 0)
                         {
-                        error=ERR_GET_REASON(ERR_peek_error());
+                        error=ERR_GET_REASON(ERR_peek_last_error());
                         if (error == PEM_R_NO_START_LINE)
                                 {
                                 ERR_clear_error();
@@ -132,7 +126,18 @@ start:
                         d2i=(char *(*)())d2i_X509;
                         if (xi->x509 != NULL)
                                 {
-                                if (!sk_push(ret,(char *)xi)) goto err;
+                                if (!sk_X509_INFO_push(ret,xi)) goto err;
+                                if ((xi=X509_INFO_new()) == NULL) goto err;
+                                goto start;
+                                }
+                        pp=(char **)&(xi->x509);
+                        }
+                else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0))
+                        {
+                        d2i=(char *(*)())d2i_X509_AUX;
+                        if (xi->x509 != NULL)
+                                {
+                                if (!sk_X509_INFO_push(ret,xi)) goto err;
                                 if ((xi=X509_INFO_new()) == NULL) goto err;
                                 goto start;
                                 }
@@ -143,20 +148,20 @@ start:
                         d2i=(char *(*)())d2i_X509_CRL;
                         if (xi->crl != NULL)
                                 {
-                                if (!sk_push(ret,(char *)xi)) goto err;
+                                if (!sk_X509_INFO_push(ret,xi)) goto err;
                                 if ((xi=X509_INFO_new()) == NULL) goto err;
                                 goto start;
                                 }
                         pp=(char **)&(xi->crl);
                         }
                 else
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
                         if (strcmp(name,PEM_STRING_RSA) == 0)
                         {
                         d2i=(char *(*)())d2i_RSAPrivateKey;
                         if (xi->x_pkey != NULL) 
                                 {
-                                if (!sk_push(ret,(char *)xi)) goto err;
+                                if (!sk_X509_INFO_push(ret,xi)) goto err;
                                 if ((xi=X509_INFO_new()) == NULL) goto err;
                                 goto start;
                                 }
@@ -174,13 +179,13 @@ start:
                         }
                 else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
                         if (strcmp(name,PEM_STRING_DSA) == 0)
                         {
                         d2i=(char *(*)())d2i_DSAPrivateKey;
                         if (xi->x_pkey != NULL) 
                                 {
-                                if (!sk_push(ret,(char *)xi)) goto err;
+                                if (!sk_X509_INFO_push(ret,xi)) goto err;
                                 if ((xi=X509_INFO_new()) == NULL) goto err;
                                 goto start;
                                 }
@@ -211,7 +216,7 @@ start:
 
                                 if (!PEM_get_EVP_CIPHER_INFO(header,&cipher))
                                         goto err;
-                                if (!PEM_do_header(&cipher,data,&len,cb))
+                                if (!PEM_do_header(&cipher,data,&len,cb,u))
                                         goto err;
                                 p=data;
                                 if (d2i(pp,&p,len) == NULL)
@@ -232,9 +237,9 @@ start:
                 else    {
                         /* unknown */
                         }
-                if (name != NULL) Free(name);
-                if (header != NULL) Free(header);
-                if (data != NULL) Free(data);
+                if (name != NULL) OPENSSL_free(name);
+                if (header != NULL) OPENSSL_free(header);
+                if (data != NULL) OPENSSL_free(data);
                 name=NULL;
                 header=NULL;
                 data=NULL;
@@ -246,7 +251,7 @@ start:
         if ((xi->x509 != NULL) || (xi->crl != NULL) ||
                 (xi->x_pkey != NULL) || (xi->enc_data != NULL))
                 {
-                if (!sk_push(ret,(char *)xi)) goto err;
+                if (!sk_X509_INFO_push(ret,xi)) goto err;
                 xi=NULL;
                 }
         ok=1;
@@ -254,36 +259,30 @@ err:
         if (xi != NULL) X509_INFO_free(xi);
         if (!ok)
                 {
-                for (i=0; ((int)i)<sk_num(ret); i++)
+                for (i=0; ((int)i)<sk_X509_INFO_num(ret); i++)
                         {
-                        xi=(X509_INFO *)sk_value(ret,i);
+                        xi=sk_X509_INFO_value(ret,i);
                         X509_INFO_free(xi);
                         }
-                if (ret != sk) sk_free(ret);
+                if (ret != sk) sk_X509_INFO_free(ret);
                 ret=NULL;
                 }
                 
-        if (name != NULL) Free(name);
-        if (header != NULL) Free(header);
-        if (data != NULL) Free(data);
+        if (name != NULL) OPENSSL_free(name);
+        if (header != NULL) OPENSSL_free(header);
+        if (data != NULL) OPENSSL_free(data);
         return(ret);
         }
 
 
 /* A TJH addition */
-int PEM_X509_INFO_write_bio(bp,xi,enc,kstr,klen,cb)
-BIO *bp;
-X509_INFO *xi;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
+int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
         {
         EVP_CIPHER_CTX ctx;
         int i,ret=0;
         unsigned char *data=NULL;
-        char *objstr=NULL;
-#define PEM_BUFSIZE     1024
+        const char *objstr=NULL;
         char buf[PEM_BUFSIZE];
         unsigned char *iv=NULL;
         
@@ -306,7 +305,7 @@ int (*cb)();
                 {
                 if ( (xi->enc_data!=NULL) && (xi->enc_len>0) )
                         {
-                        /* copy from wierdo names into more normal things */
+                        /* copy from weirdo names into more normal things */
                         iv=xi->enc_cipher.iv;
                         data=(unsigned char *)xi->enc_data;
                         i=xi->enc_len;
@@ -327,7 +326,7 @@ int (*cb)();
                         /* create the right magic header stuff */
                         buf[0]='\0';
                         PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
-                        PEM_dek_info(buf,objstr,8,(char *)iv);
+                        PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
 
                         /* use the normal code to write things out */
                         i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i);
@@ -336,18 +335,18 @@ int (*cb)();
                 else
                         {
                         /* Add DSA/DH */
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
                         /* normal optionally encrypted stuff */
                         if (PEM_write_bio_RSAPrivateKey(bp,
                                 xi->x_pkey->dec_pkey->pkey.rsa,
-                                enc,kstr,klen,cb)<=0)
+                                enc,kstr,klen,cb,u)<=0)
                                 goto err;
 #endif
                         }
                 }
 
         /* if we have a certificate then write it out now */
-        if ((xi->x509 != NULL) || (PEM_write_bio_X509(bp,xi->x509) <= 0))
+        if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp,xi->x509) <= 0))
                 goto err;
 
         /* we are ignoring anything else that is loaded into the X509_INFO
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index 7a2c0ad83b..18b751a91a 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -58,45 +58,40 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "objects.h"
-#include "evp.h"
-#include "rand.h"
-#include "x509.h"
-#include "pem.h"
-#ifndef NO_DES
-#include "des.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
+#ifndef OPENSSL_NO_DES
+#include <openssl/des.h>
 #endif
 
-char *PEM_version="PEM part of SSLeay 0.9.0b 29-Jun-1998";
+const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT;
 
 #define MIN_LENGTH      4
 
-/* PEMerr(PEM_F_PEM_WRITE_BIO,ERR_R_MALLOC_FAILURE);
- * PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
- */
-
-#ifndef NOPROTO
-static int def_callback(char *buf, int num, int w);
 static int load_iv(unsigned char **fromp,unsigned char *to, int num);
-#else
-static int def_callback();
-static int load_iv();
-#endif
+static int check_pem(const char *nm, const char *name);
 
-static int def_callback(buf, num, w)
-char *buf;
-int num;
-int w;
+int PEM_def_callback(char *buf, int num, int w, void *key)
         {
-#ifdef NO_FP_API
+#ifdef OPENSSL_NO_FP_API
         /* We should not ever call the default callback routine from
          * windows. */
         PEMerr(PEM_F_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return(-1);
 #else
         int i,j;
-        char *prompt;
+        const char *prompt;
+        if(key) {
+                i=strlen(key);
+                i=(i > num)?num:i;
+                memcpy(buf,key,i);
+                return(i);
+        }
 
         prompt=EVP_get_pw_prompt();
         if (prompt == NULL)
@@ -123,11 +118,9 @@ int w;
 #endif
         }
 
-void PEM_proc_type(buf, type)
-char *buf;
-int type;
+void PEM_proc_type(char *buf, int type)
         {
-        char *str;
+        const char *str;
 
         if (type == PEM_TYPE_ENCRYPTED)
                 str="ENCRYPTED";
@@ -143,11 +136,7 @@ int type;
         strcat(buf,"\n");
         }
 
-void PEM_dek_info(buf, type, len, str)
-char *buf;
-char *type;
-int len;
-char *str;
+void PEM_dek_info(char *buf, const char *type, int len, char *str)
         {
         static unsigned char map[17]="0123456789ABCDEF";
         long i;
@@ -166,13 +155,9 @@ char *str;
         buf[j+i*2+1]='\0';
         }
 
-#ifndef NO_FP_API
-char *PEM_ASN1_read(d2i,name,fp, x, cb)
-char *(*d2i)();
-char *name;
-FILE *fp;
-char **x;
-int (*cb)();
+#ifndef OPENSSL_NO_FP_API
+char *PEM_ASN1_read(char *(*d2i)(), const char *name, FILE *fp, char **x,
+             pem_password_cb *cb, void *u)
         {
         BIO *b;
         char *ret;
@@ -183,74 +168,97 @@ int (*cb)();
                 return(0);
                 }
         BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_ASN1_read_bio(d2i,name,b,x,cb);
+        ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u);
         BIO_free(b);
         return(ret);
         }
 #endif
 
-char *PEM_ASN1_read_bio(d2i,name,bp, x, cb)
-char *(*d2i)();
-char *name;
-BIO *bp;
-char **x;
-int (*cb)();
+static int check_pem(const char *nm, const char *name)
+{
+        /* Normal matching nm and name */
+        if (!strcmp(nm,name)) return 1;
+
+        /* Make PEM_STRING_EVP_PKEY match any private key */
+
+        if(!strcmp(nm,PEM_STRING_PKCS8) &&
+                !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+
+        if(!strcmp(nm,PEM_STRING_PKCS8INF) &&
+                 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+
+        if(!strcmp(nm,PEM_STRING_RSA) &&
+                !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+
+        if(!strcmp(nm,PEM_STRING_DSA) &&
+                 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+
+        /* Permit older strings */
+
+        if(!strcmp(nm,PEM_STRING_X509_OLD) &&
+                !strcmp(name,PEM_STRING_X509)) return 1;
+
+        if(!strcmp(nm,PEM_STRING_X509_REQ_OLD) &&
+                !strcmp(name,PEM_STRING_X509_REQ)) return 1;
+
+        /* Allow normal certs to be read as trusted certs */
+        if(!strcmp(nm,PEM_STRING_X509) &&
+                !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1;
+
+        if(!strcmp(nm,PEM_STRING_X509_OLD) &&
+                !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1;
+
+        /* Some CAs use PKCS#7 with CERTIFICATE headers */
+        if(!strcmp(nm, PEM_STRING_X509) &&
+                !strcmp(name, PEM_STRING_PKCS7)) return 1;
+
+        return 0;
+}
+
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,
+             pem_password_cb *cb, void *u)
         {
         EVP_CIPHER_INFO cipher;
         char *nm=NULL,*header=NULL;
-        unsigned char *p=NULL,*data=NULL;
+        unsigned char *data=NULL;
         long len;
-        char *ret=NULL;
+        int ret = 0;
 
         for (;;)
                 {
-                if (!PEM_read_bio(bp,&nm,&header,&data,&len)) return(NULL);
-                if (    (strcmp(nm,name) == 0) ||
-                        ((strcmp(nm,PEM_STRING_RSA) == 0) &&
-                         (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
-                        ((strcmp(nm,PEM_STRING_DSA) == 0) &&
-                         (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
-                        ((strcmp(nm,PEM_STRING_X509_OLD) == 0) &&
-                         (strcmp(name,PEM_STRING_X509) == 0)) ||
-                        ((strcmp(nm,PEM_STRING_X509_REQ_OLD) == 0) &&
-                         (strcmp(name,PEM_STRING_X509_REQ) == 0))
-                        )
-                        break;
-                Free(nm);
-                Free(header);
-                Free(data);
+                if (!PEM_read_bio(bp,&nm,&header,&data,&len)) {
+                        if(ERR_GET_REASON(ERR_peek_error()) ==
+                                PEM_R_NO_START_LINE)
+                                ERR_add_error_data(2, "Expecting: ", name);
+                        return 0;
                 }
-        if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err;
-        if (!PEM_do_header(&cipher,data,&len,cb)) goto err;
-        p=data;
-        if (strcmp(name,PEM_STRING_EVP_PKEY) == 0)
-                {
-                if (strcmp(nm,PEM_STRING_RSA) == 0)
-                        ret=d2i(EVP_PKEY_RSA,x,&p,len);
-                else if (strcmp(nm,PEM_STRING_DSA) == 0)
-                        ret=d2i(EVP_PKEY_DSA,x,&p,len);
+                if(check_pem(nm, name)) break;
+                OPENSSL_free(nm);
+                OPENSSL_free(header);
+                OPENSSL_free(data);
                 }
-        else    
-                ret=d2i(x,&p,len);
-        if (ret == NULL)
-                PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
+        if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err;
+        if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err;
+
+        *pdata = data;
+        *plen = len;
+
+        if (pnm)
+                *pnm = nm;
+
+        ret = 1;
+
 err:
-        Free(nm);
-        Free(header);
-        Free(data);
-        return(ret);
+        if (!pnm) OPENSSL_free(nm);
+        OPENSSL_free(header);
+        if (!ret) OPENSSL_free(data);
+        return ret;
         }
 
-#ifndef NO_FP_API
-int PEM_ASN1_write(i2d,name,fp, x, enc, kstr, klen, callback)
-int (*i2d)();
-char *name;
-FILE *fp;
-char *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*callback)();
+#ifndef OPENSSL_NO_FP_API
+int PEM_ASN1_write(int (*i2d)(), const char *name, FILE *fp, char *x,
+             const EVP_CIPHER *enc, unsigned char *kstr, int klen,
+             pem_password_cb *callback, void *u)
         {
         BIO *b;
         int ret;
@@ -261,27 +269,20 @@ int (*callback)();
                 return(0);
                 }
         BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback);
+        ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback,u);
         BIO_free(b);
         return(ret);
         }
 #endif
 
-int PEM_ASN1_write_bio(i2d,name,bp, x, enc, kstr, klen, callback)
-int (*i2d)();
-char *name;
-BIO *bp;
-char *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*callback)();
+int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
+             const EVP_CIPHER *enc, unsigned char *kstr, int klen,
+             pem_password_cb *callback, void *u)
         {
         EVP_CIPHER_CTX ctx;
         int dsize=0,i,j,ret=0;
         unsigned char *p,*data=NULL;
-        char *objstr=NULL;
-#define PEM_BUFSIZE     1024
+        const char *objstr=NULL;
         char buf[PEM_BUFSIZE];
         unsigned char key[EVP_MAX_KEY_LENGTH];
         unsigned char iv[EVP_MAX_IV_LENGTH];
@@ -303,7 +304,7 @@ int (*callback)();
                 goto err;
                 }
         /* dzise + 8 bytes are needed */
-        data=(unsigned char *)Malloc((unsigned int)dsize+20);
+        data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20);
         if (data == NULL)
                 {
                 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);
@@ -317,18 +318,23 @@ int (*callback)();
                 if (kstr == NULL)
                         {
                         if (callback == NULL)
-                                klen=def_callback(buf,PEM_BUFSIZE,1);
+                                klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u);
                         else
-                                klen=(*callback)(buf,PEM_BUFSIZE,1);
+                                klen=(*callback)(buf,PEM_BUFSIZE,1,u);
                         if (klen <= 0)
                                 {
                                 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY);
                                 goto err;
                                 }
+#ifdef CHARSET_EBCDIC
+                        /* Convert the pass phrase from EBCDIC */
+                        ebcdic2ascii(buf, buf, klen);
+#endif
                         kstr=(unsigned char *)buf;
                         }
-                RAND_seed(data,i);/* put in the RSA key. */
-                RAND_bytes(iv,8);       /* Generate a salt */
+                RAND_add(data,i,0);/* put in the RSA key. */
+                if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
+                        goto err;
                 /* The 'iv' is used as the iv and as a salt.  It is
                  * NOT taken from the BytesToKey function */
                 EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
@@ -337,12 +343,14 @@ int (*callback)();
 
                 buf[0]='\0';
                 PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
-                PEM_dek_info(buf,objstr,8,(char *)iv);
+                PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
                 /* k=strlen(buf); */
-        
-                EVP_EncryptInit(&ctx,enc,key,iv);
+
+                EVP_CIPHER_CTX_init(&ctx);
+                EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
                 EVP_EncryptUpdate(&ctx,data,&j,data,i);
-                EVP_EncryptFinal(&ctx,&(data[j]),&i);
+                EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
+                EVP_CIPHER_CTX_cleanup(&ctx);
                 i+=j;
                 ret=1;
                 }
@@ -359,15 +367,12 @@ err:
         memset((char *)&ctx,0,sizeof(ctx));
         memset(buf,0,PEM_BUFSIZE);
         memset(data,0,(unsigned int)dsize);
-        Free(data);
+        OPENSSL_free(data);
         return(ret);
         }
 
-int PEM_do_header(cipher, data, plen, callback)
-EVP_CIPHER_INFO *cipher;
-unsigned char *data;
-long *plen;
-int (*callback)();
+int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
+             pem_password_cb *callback,void *u)
         {
         int i,j,o,klen;
         long len;
@@ -379,21 +384,27 @@ int (*callback)();
 
         if (cipher->cipher == NULL) return(1);
         if (callback == NULL)
-                klen=def_callback(buf,PEM_BUFSIZE,0);
+                klen=PEM_def_callback(buf,PEM_BUFSIZE,0,u);
         else
-                klen=callback(buf,PEM_BUFSIZE,0);
+                klen=callback(buf,PEM_BUFSIZE,0,u);
         if (klen <= 0)
                 {
                 PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ);
                 return(0);
                 }
+#ifdef CHARSET_EBCDIC
+        /* Convert the pass phrase from EBCDIC */
+        ebcdic2ascii(buf, buf, klen);
+#endif
+
         EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
                 (unsigned char *)buf,klen,1,key,NULL);
 
         j=(int)len;
-        EVP_DecryptInit(&ctx,cipher->cipher,key,&(cipher->iv[0]));
+        EVP_CIPHER_CTX_init(&ctx);
+        EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
         EVP_DecryptUpdate(&ctx,data,&i,data,j);
-        o=EVP_DecryptFinal(&ctx,&(data[i]),&j);
+        o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
         EVP_CIPHER_CTX_cleanup(&ctx);
         memset((char *)buf,0,sizeof(buf));
         memset((char *)key,0,sizeof(key));
@@ -407,12 +418,10 @@ int (*callback)();
         return(1);
         }
 
-int PEM_get_EVP_CIPHER_INFO(header,cipher)
-char *header;
-EVP_CIPHER_INFO *cipher;
+int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
         {
         int o;
-        EVP_CIPHER *enc=NULL;
+        const EVP_CIPHER *enc=NULL;
         char *p,c;
 
         cipher->cipher=NULL;
@@ -438,9 +447,15 @@ EVP_CIPHER_INFO *cipher;
         for (;;)
                 {
                 c= *header;
+#ifndef CHARSET_EBCDIC
                 if (!(  ((c >= 'A') && (c <= 'Z')) || (c == '-') ||
                         ((c >= '0') && (c <= '9'))))
                         break;
+#else
+                if (!(  isupper(c) || (c == '-') ||
+                        isdigit(c)))
+                        break;
+#endif
                 header++;
                 }
         *header='\0';
@@ -454,14 +469,12 @@ EVP_CIPHER_INFO *cipher;
                 PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION);
                 return(0);
                 }
-        if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),8)) return(0);
+        if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),enc->iv_len)) return(0);
 
         return(1);
         }
 
-static int load_iv(fromp,to,num)
-unsigned char **fromp,*to;
-int num;
+static int load_iv(unsigned char **fromp, unsigned char *to, int num)
         {
         int v,i;
         unsigned char *from;
@@ -490,13 +503,9 @@ int num;
         return(1);
         }
 
-#ifndef NO_FP_API
-int PEM_write(fp, name, header, data,len)
-FILE *fp;
-char *name;
-char *header;
-unsigned char *data;
-long len;
+#ifndef OPENSSL_NO_FP_API
+int PEM_write(FILE *fp, char *name, char *header, unsigned char *data,
+             long len)
         {
         BIO *b;
         int ret;
@@ -513,12 +522,8 @@ long len;
         }
 #endif
 
-int PEM_write_bio(bp, name, header, data,len)
-BIO *bp;
-char *name;
-char *header;
-unsigned char *data;
-long len;
+int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
+             long len)
         {
         int nlen,n,i,j,outl;
         unsigned char *buf;
@@ -541,7 +546,7 @@ long len;
                         goto err;
                 }
 
-        buf=(unsigned char *)Malloc(PEM_BUFSIZE*8);
+        buf=(unsigned char *)OPENSSL_malloc(PEM_BUFSIZE*8);
         if (buf == NULL)
                 {
                 reason=ERR_R_MALLOC_FAILURE;
@@ -561,7 +566,7 @@ long len;
                 }
         EVP_EncodeFinal(&ctx,buf,&outl);
         if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
-        Free(buf);
+        OPENSSL_free(buf);
         if (    (BIO_write(bp,"-----END ",9) != 9) ||
                 (BIO_write(bp,name,nlen) != nlen) ||
                 (BIO_write(bp,"-----\n",6) != 6))
@@ -572,13 +577,9 @@ err:
         return(0);
         }
 
-#ifndef NO_FP_API
-int PEM_read(fp, name, header, data,len)
-FILE *fp;
-char **name;
-char **header;
-unsigned char **data;
-long *len;
+#ifndef OPENSSL_NO_FP_API
+int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
+             long *len)
         {
         BIO *b;
         int ret;
@@ -595,12 +596,8 @@ long *len;
         }
 #endif
 
-int PEM_read_bio(bp, name, header, data, len)
-BIO *bp;
-char **name;
-char **header;
-unsigned char **data;
-long *len;
+int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
+             long *len)
         {
         EVP_ENCODE_CTX ctx;
         int end=0,i,k,bl=0,hl=0,nohead=0;
@@ -643,7 +640,7 @@ long *len;
                                 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
                                 goto err;
                                 }
-                        strncpy(nameB->data,&(buf[11]),(unsigned int)i-6);
+                        memcpy(nameB->data,&(buf[11]),i-6);
                         nameB->data[i-6]='\0';
                         break;
                         }
@@ -668,7 +665,7 @@ long *len;
                         nohead=1;
                         break;
                         }
-                strncpy(&(headerB->data[hl]),buf,(unsigned int)i);
+                memcpy(&(headerB->data[hl]),buf,i);
                 headerB->data[hl+i]='\0';
                 hl+=i;
                 }
@@ -696,7 +693,7 @@ long *len;
                                 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
                                 goto err;
                                 }
-                        strncpy(&(dataB->data[bl]),buf,(unsigned int)i);
+                        memcpy(&(dataB->data[bl]),buf,i);
                         dataB->data[bl+i]='\0';
                         bl+=i;
                         if (end)
@@ -721,7 +718,7 @@ long *len;
                 }
         i=strlen(nameB->data);
         if (    (strncmp(buf,"-----END ",9) != 0) ||
-                (strncmp(nameB->data,&(buf[9]),(unsigned int)i) != 0) ||
+                (strncmp(nameB->data,&(buf[9]),i) != 0) ||
                 (strncmp(&(buf[9+i]),"-----\n",6) != 0))
                 {
                 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE);
@@ -750,9 +747,9 @@ long *len;
         *header=headerB->data;
         *data=(unsigned char *)dataB->data;
         *len=bl;
-        Free(nameB);
-        Free(headerB);
-        Free(dataB);
+        OPENSSL_free(nameB);
+        OPENSSL_free(headerB);
+        OPENSSL_free(dataB);
         return(1);
 err:
         BUF_MEM_free(nameB);
diff --git a/src/lib/libcrypto/pem/pem_seal.c b/src/lib/libcrypto/pem/pem_seal.c
index b4b36df453..ae463a301d 100644
--- a/src/lib/libcrypto/pem/pem_seal.c
+++ b/src/lib/libcrypto/pem/pem_seal.c
@@ -56,23 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "rand.h"
-#include "objects.h"
-#include "x509.h"
-#include "pem.h"
-
-int PEM_SealInit(ctx,type,md_type,ek,ekl,iv,pubk,npubk)
-PEM_ENCODE_SEAL_CTX *ctx;
-EVP_CIPHER *type;
-EVP_MD *md_type;
-unsigned char **ek;
-int *ekl;
-unsigned char *iv;
-EVP_PKEY **pubk;
-int npubk;
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
+             unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk,
+             int npubk)
         {
         unsigned char key[EVP_MAX_KEY_LENGTH];
         int ret= -1;
@@ -89,17 +84,20 @@ int npubk;
                 j=RSA_size(pubk[i]->pkey.rsa);
                 if (j > max) max=j;
                 }
-        s=(char *)Malloc(max*2);
+        s=(char *)OPENSSL_malloc(max*2);
         if (s == NULL)
                 {
                 PEMerr(PEM_F_PEM_SEALINIT,ERR_R_MALLOC_FAILURE);
                 goto err;
                 }
 
-        EVP_EncodeInit(&(ctx->encode));
-        EVP_SignInit(&(ctx->md),md_type);
+        EVP_EncodeInit(&ctx->encode);
+
+        EVP_MD_CTX_init(&ctx->md);
+        EVP_SignInit(&ctx->md,md_type);
 
-        ret=EVP_SealInit(&(ctx->cipher),type,ek,ekl,iv,pubk,npubk);
+        EVP_CIPHER_CTX_init(&ctx->cipher);
+        ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);
         if (!ret) goto err;
 
         /* base64 encode the keys */
@@ -113,23 +111,19 @@ int npubk;
 
         ret=npubk;
 err:
-        if (s != NULL) Free(s);
+        if (s != NULL) OPENSSL_free(s);
         memset(key,0,EVP_MAX_KEY_LENGTH);
         return(ret);
         }
 
-void PEM_SealUpdate(ctx,out,outl,in,inl)
-PEM_ENCODE_SEAL_CTX *ctx;
-unsigned char *out;
-int *outl;
-unsigned char *in;
-int inl;
+void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
+             unsigned char *in, int inl)
         {
         unsigned char buffer[1600];
         int i,j;
 
         *outl=0;
-        EVP_SignUpdate(&(ctx->md),in,inl);
+        EVP_SignUpdate(&ctx->md,in,inl);
         for (;;)
                 {
                 if (inl <= 0) break;
@@ -137,8 +131,8 @@ int inl;
                         i=1200;
                 else
                         i=inl;
-                EVP_EncryptUpdate(&(ctx->cipher),buffer,&j,in,i);
-                EVP_EncodeUpdate(&(ctx->encode),out,&j,buffer,j);
+                EVP_EncryptUpdate(&ctx->cipher,buffer,&j,in,i);
+                EVP_EncodeUpdate(&ctx->encode,out,&j,buffer,j);
                 *outl+=j;
                 out+=j;
                 in+=i;
@@ -146,13 +140,8 @@ int inl;
                 }
         }
 
-int PEM_SealFinal(ctx,sig,sigl,out,outl,priv)
-PEM_ENCODE_SEAL_CTX *ctx;
-unsigned char *sig;
-int *sigl;
-unsigned char *out;
-int *outl;
-EVP_PKEY *priv;
+int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
+             unsigned char *out, int *outl, EVP_PKEY *priv)
         {
         unsigned char *s=NULL;
         int ret=0,j;
@@ -165,27 +154,34 @@ EVP_PKEY *priv;
                 }
         i=RSA_size(priv->pkey.rsa);
         if (i < 100) i=100;
-        s=(unsigned char *)Malloc(i*2);
+        s=(unsigned char *)OPENSSL_malloc(i*2);
         if (s == NULL)
                 {
                 PEMerr(PEM_F_PEM_SEALFINAL,ERR_R_MALLOC_FAILURE);
                 goto err;
                 }
 
-        EVP_EncryptFinal(&(ctx->cipher),s,(int *)&i);
-        EVP_EncodeUpdate(&(ctx->encode),out,&j,s,i);
+        EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i);
+        EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
         *outl=j;
         out+=j;
-        EVP_EncodeFinal(&(ctx->encode),out,&j);
+        EVP_EncodeFinal(&ctx->encode,out,&j);
         *outl+=j;
 
-        if (!EVP_SignFinal(&(ctx->md),s,&i,priv)) goto err;
+        if (!EVP_SignFinal(&ctx->md,s,&i,priv)) goto err;
         *sigl=EVP_EncodeBlock(sig,s,i);
 
         ret=1;
 err:
-        memset((char *)&(ctx->md),0,sizeof(ctx->md));
-        memset((char *)&(ctx->cipher),0,sizeof(ctx->cipher));
-        if (s != NULL) Free(s);
+        EVP_MD_CTX_cleanup(&ctx->md);
+        EVP_CIPHER_CTX_cleanup(&ctx->cipher);
+        if (s != NULL) OPENSSL_free(s);
         return(ret);
         }
+#else /* !OPENSSL_NO_RSA */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
+#endif
diff --git a/src/lib/libcrypto/pem/pem_sign.c b/src/lib/libcrypto/pem/pem_sign.c
index d56f9f9e14..c3b9808cb2 100644
--- a/src/lib/libcrypto/pem/pem_sign.c
+++ b/src/lib/libcrypto/pem/pem_sign.c
@@ -58,38 +58,31 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "rand.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/rand.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
-void PEM_SignInit(ctx,type)
-EVP_MD_CTX *ctx;
-EVP_MD *type;
+void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
         {
-        EVP_DigestInit(ctx,type);
+        EVP_DigestInit_ex(ctx, type, NULL);
         }
 
-void PEM_SignUpdate(ctx,data,count)
-EVP_MD_CTX *ctx;
-unsigned char *data;
-unsigned int count;
+void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
+             unsigned int count)
         {
         EVP_DigestUpdate(ctx,data,count);
         }
 
-int PEM_SignFinal(ctx,sigret,siglen,pkey)
-EVP_MD_CTX *ctx;
-unsigned char *sigret;
-unsigned int *siglen;
-EVP_PKEY *pkey;
+int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
+             EVP_PKEY *pkey)
         {
         unsigned char *m;
         int i,ret=0;
         unsigned int m_len;
 
-        m=(unsigned char *)Malloc(EVP_PKEY_size(pkey)+2);
+        m=(unsigned char *)OPENSSL_malloc(EVP_PKEY_size(pkey)+2);
         if (m == NULL)
                 {
                 PEMerr(PEM_F_PEM_SIGNFINAL,ERR_R_MALLOC_FAILURE);
@@ -103,7 +96,7 @@ EVP_PKEY *pkey;
         ret=1;
 err:
         /* ctx has been zeroed by EVP_SignFinal() */
-        if (m != NULL) Free(m);
+        if (m != NULL) OPENSSL_free(m);
         return(ret);
         }