Vendor import of OpenSSL release 0.9.7. This release includes

support for AES and OpenBSD's hardware crypto.

69 files changed, 6797 insertions, 4427 deletions

diff --git a/crypto/openssl/crypto/asn1/Makefile.ssl b/crypto/openssl/crypto/asn1/Makefile.ssl
index 73ef4d2ca937..944d8f164ae6 100644
--- a/crypto/openssl/crypto/asn1/Makefile.ssl
+++ b/crypto/openssl/crypto/asn1/Makefile.ssl
@@ -5,13 +5,14 @@
 DIR=	asn1
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -23,39 +24,33 @@ APPS=
 
 LIB=$(TOP)/libcrypto.a
 LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
-	a_null.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_bmp.c \
-	a_enum.c a_vis.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
-	x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c \
-	x_name.c x_cinf.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
-	d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c \
-	d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c \
+	a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
+	a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
+	x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c \
+	x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
 	d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
 	t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
-	p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c \
-	p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c \
-	f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \
+	tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
+	f_int.c f_string.c n_pkey.c \
 	f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \
 	asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \
-	evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c
+	evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
 LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
-	a_null.o a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_bmp.o \
-	a_enum.o a_vis.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
-	x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o \
-	x_name.o x_cinf.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
-	d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o \
-	d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o \
+	a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
+	a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
+	x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o \
+	x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
 	d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
 	t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
-	p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o \
-	p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o \
-	f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \
+	tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
+	f_int.o f_string.o n_pkey.o \
 	f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \
 	asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \
-	evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o
+	evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o
 
 SRC= $(LIBSRC)
 
-EXHEADER=  asn1.h asn1_mac.h
+EXHEADER=  asn1.h asn1_mac.h asn1t.h
 HEADER=	$(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -75,8 +70,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
@@ -104,7 +98,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -116,1230 +110,1043 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-a_bitstr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_bitstr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_bitstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_bitstr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bitstr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_bitstr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_bitstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 a_bitstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_bitstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_bitstr.o: ../cryptlib.h
-a_bmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_bmp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_bmp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_bmp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_bmp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_bmp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_bmp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_bmp.o: ../cryptlib.h
-a_bool.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_bitstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bitstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bitstr.c
+a_bool.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bool.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 a_bool.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_bool.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_bool.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_bool.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_bool.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_bool.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_bool.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_bool.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_bool.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 a_bool.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_bool.o: ../cryptlib.h
-a_bytes.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+a_bool.o: ../cryptlib.h a_bool.c
+a_bytes.o: ../../e_os.h ../../include/openssl/asn1.h
 a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 a_bytes.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_bytes.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-a_bytes.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_bytes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_bytes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_bytes.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_bytes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 a_bytes.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_bytes.o: ../../include/openssl/symhacks.h ../cryptlib.h
-a_d2i_fp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-a_d2i_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_d2i_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_d2i_fp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_bytes.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bytes.c
+a_d2i_fp.o: ../../e_os.h ../../include/openssl/asn1.h
+a_d2i_fp.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_d2i_fp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_d2i_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_d2i_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 a_d2i_fp.o: ../../include/openssl/opensslconf.h
-a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_d2i_fp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_d2i_fp.o: ../cryptlib.h
+a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_d2i_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_d2i_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_d2i_fp.c
+a_digest.o: ../../e_os.h ../../include/openssl/aes.h
 a_digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_digest.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 a_digest.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-a_digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-a_digest.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_digest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+a_digest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 a_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 a_digest.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 a_digest.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 a_digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 a_digest.o: ../../include/openssl/opensslconf.h
-a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-a_digest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-a_digest.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-a_digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-a_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-a_digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-a_dup.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-a_dup.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_dup.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_dup.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+a_digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+a_digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_digest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+a_digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_digest.o: ../cryptlib.h a_digest.c
+a_dup.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_dup.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_dup.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_dup.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 a_dup.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_dup.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_dup.o: ../../include/openssl/symhacks.h ../cryptlib.h
-a_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_dup.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_dup.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_dup.o: ../cryptlib.h a_dup.c
+a_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_enum.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 a_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_enum.o: ../cryptlib.h
-a_gentm.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_gentm.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_gentm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_enum.o: ../cryptlib.h a_enum.c
+a_gentm.o: ../../e_os.h ../../include/openssl/asn1.h
+a_gentm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_gentm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_gentm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 a_gentm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_gentm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_gentm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_gentm.o: ../cryptlib.h
-a_hdr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-a_hdr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_hdr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_hdr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_gentm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_gentm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_gentm.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_gentm.c
+a_hdr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_hdr.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_hdr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_hdr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_hdr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 a_hdr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_hdr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_hdr.o: ../../include/openssl/symhacks.h ../cryptlib.h
-a_i2d_fp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+a_hdr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_hdr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_hdr.o: ../cryptlib.h a_hdr.c
+a_i2d_fp.o: ../../e_os.h ../../include/openssl/asn1.h
 a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 a_i2d_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_i2d_fp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-a_i2d_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_i2d_fp.o: ../../include/openssl/opensslconf.h
-a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_i2d_fp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_i2d_fp.o: ../cryptlib.h
-a_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_i2d_fp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_i2d_fp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_i2d_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_i2d_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_i2d_fp.c
+a_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_int.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_int.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 a_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_int.o: ../cryptlib.h
-a_mbstr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_mbstr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_mbstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_int.o: ../cryptlib.h a_int.c
+a_mbstr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_mbstr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_mbstr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_mbstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 a_mbstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_mbstr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_mbstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_mbstr.o: ../cryptlib.h
-a_meth.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_mbstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_mbstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_mbstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_mbstr.c
+a_meth.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_meth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_meth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_meth.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_meth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_meth.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_meth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_meth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 a_meth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_meth.o: ../cryptlib.h
-a_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_null.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_null.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_null.o: ../cryptlib.h
-a_object.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_object.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_object.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_meth.o: ../cryptlib.h a_meth.c
+a_object.o: ../../e_os.h ../../include/openssl/asn1.h
+a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_object.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 a_object.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_object.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_object.o: ../cryptlib.h
-a_octet.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_octet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_octet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_object.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_object.o: ../../include/openssl/symhacks.h ../cryptlib.h a_object.c
+a_octet.o: ../../e_os.h ../../include/openssl/asn1.h
+a_octet.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_octet.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_octet.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 a_octet.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_octet.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_octet.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_octet.o: ../cryptlib.h
-a_print.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_print.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_octet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_octet.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_octet.o: ../../include/openssl/symhacks.h ../cryptlib.h a_octet.c
+a_print.o: ../../e_os.h ../../include/openssl/asn1.h
+a_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 a_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_print.o: ../cryptlib.h
-a_set.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-a_set.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_set.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_set.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_print.o: ../../include/openssl/symhacks.h ../cryptlib.h a_print.c
+a_set.o: ../../e_os.h ../../include/openssl/asn1.h
+a_set.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_set.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_set.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_set.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 a_set.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_set.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_set.o: ../../include/openssl/symhacks.h ../cryptlib.h
-a_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-a_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_set.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_set.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_set.o: ../cryptlib.h a_set.c
+a_sign.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+a_sign.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_sign.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+a_sign.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 a_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-a_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-a_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-a_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-a_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-a_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+a_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+a_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+a_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+a_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 a_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 a_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_sign.o: ../cryptlib.h
+a_sign.o: ../cryptlib.h a_sign.c
+a_strex.o: ../../e_os.h ../../include/openssl/aes.h
 a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_strex.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-a_strex.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-a_strex.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
+a_strex.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+a_strex.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+a_strex.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 a_strex.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 a_strex.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 a_strex.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_strex.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-a_strex.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-a_strex.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_strex.o: charmap.h
-a_strnid.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_strnid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_strex.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+a_strex.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+a_strex.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+a_strex.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+a_strex.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+a_strex.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_strex.c charmap.h
+a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h
+a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_strnid.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_strnid.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 a_strnid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 a_strnid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-a_strnid.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_strnid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_strnid.o: ../cryptlib.h
-a_time.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_strnid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_strnid.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_strnid.o: ../../include/openssl/symhacks.h ../cryptlib.h a_strnid.c
+a_time.o: ../../e_os.h ../../include/openssl/asn1.h
+a_time.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 a_time.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_time.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_time.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_time.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_time.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_time.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_time.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_time.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_time.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 a_time.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_time.o: ../cryptlib.h
-a_type.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-a_type.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_type.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_type.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_time.o: ../cryptlib.h ../o_time.h a_time.c
+a_type.o: ../../e_os.h ../../include/openssl/asn1.h
+a_type.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_type.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_type.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_type.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 a_type.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_type.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_type.o: ../../include/openssl/symhacks.h ../cryptlib.h
-a_utctm.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_utctm.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_utctm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_type.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_type.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_type.o: ../cryptlib.h a_type.c
+a_utctm.o: ../../e_os.h ../../include/openssl/asn1.h
+a_utctm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_utctm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_utctm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 a_utctm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_utctm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_utctm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_utctm.o: ../cryptlib.h
-a_utf8.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_utctm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_utctm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_utctm.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_utctm.c
+a_utf8.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_utf8.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_utf8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_utf8.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_utf8.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_utf8.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_utf8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_utf8.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_utf8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_utf8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 a_utf8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_utf8.o: ../cryptlib.h
+a_utf8.o: ../cryptlib.h a_utf8.c
+a_verify.o: ../../e_os.h ../../include/openssl/aes.h
 a_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 a_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-a_verify.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-a_verify.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_verify.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+a_verify.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 a_verify.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 a_verify.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 a_verify.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 a_verify.o: ../../include/openssl/opensslconf.h
-a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-a_verify.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-a_verify.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-a_verify.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-a_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-a_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-a_vis.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_vis.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_vis.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-a_vis.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_vis.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_vis.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_vis.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_vis.o: ../cryptlib.h
+a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+a_verify.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+a_verify.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_verify.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_verify.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_verify.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+a_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_verify.o: ../cryptlib.h a_verify.c
 asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 asn1_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-asn1_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-asn1_err.o: ../../include/openssl/opensslconf.h
-asn1_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-asn1_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-asn1_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-asn1_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-asn1_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-asn1_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+asn1_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn1_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+asn1_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_err.o: ../../include/openssl/symhacks.h asn1_err.c
+asn1_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+asn1_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+asn1_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 asn1_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 asn1_lib.o: ../../include/openssl/opensslconf.h
-asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-asn1_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-asn1_lib.o: ../cryptlib.h
-asn1_par.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-asn1_par.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-asn1_par.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_lib.c
+asn1_par.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_par.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+asn1_par.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 asn1_par.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 asn1_par.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 asn1_par.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-asn1_par.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-asn1_par.o: ../cryptlib.h
-asn_pack.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-asn_pack.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-asn_pack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_par.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_par.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_par.c
+asn_moid.o: ../../e_os.h ../../include/openssl/aes.h
+asn_moid.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+asn_moid.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+asn_moid.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+asn_moid.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+asn_moid.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+asn_moid.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+asn_moid.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+asn_moid.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+asn_moid.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+asn_moid.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+asn_moid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn_moid.o: ../../include/openssl/opensslconf.h
+asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+asn_moid.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+asn_moid.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+asn_moid.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+asn_moid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+asn_moid.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+asn_moid.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+asn_moid.o: ../cryptlib.h asn_moid.c
+asn_pack.o: ../../e_os.h ../../include/openssl/asn1.h
+asn_pack.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+asn_pack.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 asn_pack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 asn_pack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-asn_pack.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-asn_pack.o: ../cryptlib.h
-d2i_dhp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-d2i_dhp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-d2i_dhp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-d2i_dhp.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
-d2i_dhp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-d2i_dhp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-d2i_dhp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-d2i_dhp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-d2i_dhp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-d2i_dhp.o: ../cryptlib.h
-d2i_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-d2i_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-d2i_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-d2i_dsap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-d2i_dsap.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-d2i_dsap.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-d2i_dsap.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-d2i_dsap.o: ../../include/openssl/opensslconf.h
-d2i_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-d2i_dsap.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-d2i_dsap.o: ../cryptlib.h
-d2i_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-d2i_pr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-d2i_pr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_pack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn_pack.o: ../../include/openssl/symhacks.h ../cryptlib.h asn_pack.c
+d2i_pr.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+d2i_pr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+d2i_pr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+d2i_pr.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 d2i_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-d2i_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-d2i_pr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-d2i_pr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-d2i_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-d2i_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-d2i_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+d2i_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+d2i_pr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+d2i_pr.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+d2i_pr.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 d2i_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 d2i_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 d2i_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-d2i_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
-d2i_pu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-d2i_pu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-d2i_pu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+d2i_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+d2i_pr.o: ../../include/openssl/ui_compat.h ../cryptlib.h d2i_pr.c
+d2i_pu.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+d2i_pu.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+d2i_pu.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+d2i_pu.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 d2i_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-d2i_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-d2i_pu.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-d2i_pu.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-d2i_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-d2i_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-d2i_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+d2i_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+d2i_pu.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+d2i_pu.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+d2i_pu.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+d2i_pu.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 d2i_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 d2i_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 d2i_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-d2i_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
-d2i_r_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-d2i_r_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-d2i_r_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-d2i_r_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-d2i_r_pr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-d2i_r_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-d2i_r_pr.o: ../../include/openssl/opensslconf.h
-d2i_r_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
-d2i_r_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-d2i_r_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
-d2i_r_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-d2i_r_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-d2i_r_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-d2i_r_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-d2i_r_pu.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-d2i_r_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-d2i_r_pu.o: ../../include/openssl/opensslconf.h
-d2i_r_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
-d2i_r_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-d2i_r_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
-d2i_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-d2i_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-d2i_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-d2i_s_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-d2i_s_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-d2i_s_pr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-d2i_s_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-d2i_s_pr.o: ../../include/openssl/opensslconf.h
-d2i_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-d2i_s_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-d2i_s_pr.o: ../cryptlib.h
-d2i_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-d2i_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-d2i_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-d2i_s_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-d2i_s_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-d2i_s_pu.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-d2i_s_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-d2i_s_pu.o: ../../include/openssl/opensslconf.h
-d2i_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-d2i_s_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-d2i_s_pu.o: ../cryptlib.h
-evp_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-evp_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-evp_asn1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_pu.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+d2i_pu.o: ../../include/openssl/ui_compat.h ../cryptlib.h d2i_pu.c
+evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+evp_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+evp_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 evp_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 evp_asn1.o: ../../include/openssl/opensslconf.h
-evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-evp_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_asn1.o: ../cryptlib.h
-f_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_asn1.c
+f_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 f_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-f_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-f_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-f_enum.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-f_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+f_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+f_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+f_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+f_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 f_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-f_enum.o: ../cryptlib.h
-f_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_enum.o: ../cryptlib.h f_enum.c
+f_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 f_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-f_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-f_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-f_int.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-f_int.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+f_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+f_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+f_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+f_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 f_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-f_int.o: ../cryptlib.h
-f_string.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-f_string.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-f_string.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+f_int.o: ../cryptlib.h f_int.c
+f_string.o: ../../e_os.h ../../include/openssl/asn1.h
+f_string.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+f_string.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 f_string.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 f_string.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-f_string.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-f_string.o: ../cryptlib.h
-i2d_dhp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-i2d_dhp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-i2d_dhp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_dhp.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
-i2d_dhp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-i2d_dhp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-i2d_dhp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-i2d_dhp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-i2d_dhp.o: ../cryptlib.h
-i2d_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-i2d_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-i2d_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_dsap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-i2d_dsap.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-i2d_dsap.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-i2d_dsap.o: ../../include/openssl/opensslconf.h
-i2d_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-i2d_dsap.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-i2d_dsap.o: ../cryptlib.h
-i2d_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-i2d_pr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-i2d_pr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c
+i2d_pr.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+i2d_pr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+i2d_pr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+i2d_pr.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 i2d_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-i2d_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-i2d_pr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-i2d_pr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-i2d_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-i2d_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-i2d_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+i2d_pr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+i2d_pr.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+i2d_pr.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 i2d_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 i2d_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 i2d_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 i2d_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-i2d_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
-i2d_pu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-i2d_pu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-i2d_pu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+i2d_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+i2d_pr.o: ../../include/openssl/ui_compat.h ../cryptlib.h i2d_pr.c
+i2d_pu.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+i2d_pu.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+i2d_pu.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+i2d_pu.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 i2d_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-i2d_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-i2d_pu.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-i2d_pu.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-i2d_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-i2d_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-i2d_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+i2d_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+i2d_pu.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+i2d_pu.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+i2d_pu.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+i2d_pu.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 i2d_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 i2d_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 i2d_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-i2d_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
-i2d_r_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-i2d_r_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-i2d_r_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_r_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-i2d_r_pr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-i2d_r_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-i2d_r_pr.o: ../../include/openssl/opensslconf.h
-i2d_r_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
-i2d_r_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-i2d_r_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
-i2d_r_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-i2d_r_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-i2d_r_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_r_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-i2d_r_pu.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-i2d_r_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-i2d_r_pu.o: ../../include/openssl/opensslconf.h
-i2d_r_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
-i2d_r_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-i2d_r_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
-i2d_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-i2d_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-i2d_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_s_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-i2d_s_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-i2d_s_pr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-i2d_s_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-i2d_s_pr.o: ../../include/openssl/opensslconf.h
-i2d_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-i2d_s_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-i2d_s_pr.o: ../cryptlib.h
-i2d_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-i2d_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-i2d_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_s_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-i2d_s_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-i2d_s_pu.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-i2d_s_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-i2d_s_pu.o: ../../include/openssl/opensslconf.h
-i2d_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-i2d_s_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-i2d_s_pu.o: ../cryptlib.h
-n_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+i2d_pu.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+i2d_pu.o: ../../include/openssl/ui_compat.h ../cryptlib.h i2d_pu.c
+n_pkey.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h
 n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 n_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 n_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-n_pkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-n_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+n_pkey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+n_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 n_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 n_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 n_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 n_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 n_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-n_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-n_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-nsseq.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-nsseq.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-nsseq.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-nsseq.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+n_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+n_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+n_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+n_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+n_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+n_pkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+n_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+n_pkey.o: ../cryptlib.h n_pkey.c
+nsseq.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+nsseq.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+nsseq.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+nsseq.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+nsseq.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
 nsseq.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-nsseq.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-nsseq.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-nsseq.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-nsseq.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-nsseq.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-nsseq.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+nsseq.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+nsseq.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+nsseq.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+nsseq.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+nsseq.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+nsseq.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 nsseq.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 nsseq.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 nsseq.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p5_pbe.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p5_pbe.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p5_pbe.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p5_pbe.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p5_pbe.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p5_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p5_pbe.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p5_pbe.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p5_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p5_pbe.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p5_pbe.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+nsseq.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h nsseq.c
+p5_pbe.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+p5_pbe.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p5_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p5_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p5_pbe.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p5_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p5_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_pbe.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p5_pbe.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p5_pbe.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p5_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p5_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
 p5_pbe.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 p5_pbe.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_pbe.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p5_pbe.o: ../cryptlib.h
-p5_pbev2.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p5_pbe.o: ../cryptlib.h p5_pbe.c
+p5_pbev2.o: ../../e_os.h ../../include/openssl/aes.h
+p5_pbev2.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 p5_pbev2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 p5_pbev2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 p5_pbev2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p5_pbev2.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p5_pbev2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p5_pbev2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p5_pbev2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 p5_pbev2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 p5_pbev2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 p5_pbev2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p5_pbev2.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
-p5_pbev2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p5_pbev2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p5_pbev2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p5_pbev2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p5_pbev2.o: ../cryptlib.h
-p7_dgst.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_dgst.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_dgst.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_dgst.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_dgst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_dgst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_dgst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_dgst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_dgst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_dgst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_dgst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_dgst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_dgst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_dgst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_dgst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_dgst.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_enc.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_enc.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_enc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_enc.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_enc.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_enc.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_enc.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_enc.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_enc.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_enc.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_enc_c.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_enc_c.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_enc_c.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_enc_c.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_enc_c.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_enc_c.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_enc_c.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_enc_c.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_enc_c.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_enc_c.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_enc_c.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_enc_c.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_enc_c.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_enc_c.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_enc_c.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_enc_c.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_enc_c.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_enc_c.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_enc_c.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_evp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_evp.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_evp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_evp.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_evp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_evp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_evp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_evp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_evp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_evp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_evp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_evp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_evp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_evp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_evp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_evp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_evp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_evp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_evp.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_i_s.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_i_s.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_i_s.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_i_s.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_i_s.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_i_s.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_i_s.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_i_s.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_i_s.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_i_s.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_i_s.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_i_s.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_i_s.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_i_s.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_i_s.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_i_s.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_i_s.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_i_s.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_i_s.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_lib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_recip.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_recip.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_recip.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_recip.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_recip.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_recip.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_recip.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_recip.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_recip.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_recip.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_recip.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_recip.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_recip.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_recip.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_recip.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_recip.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_recip.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_recip.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_recip.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_s_e.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_s_e.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_s_e.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_s_e.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_s_e.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_s_e.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_s_e.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_s_e.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_s_e.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_s_e.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_s_e.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_s_e.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_s_e.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_s_e.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_s_e.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_s_e.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_s_e.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_s_e.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_s_e.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_signd.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_signd.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_signd.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_signd.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_signd.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_signd.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_signd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_signd.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_signd.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_signd.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_signd.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_signd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_signd.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_signd.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_signd.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_signd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_signd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_signd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_signd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p7_signi.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-p7_signi.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-p7_signi.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p7_signi.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p7_signi.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p7_signi.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-p7_signi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-p7_signi.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_signi.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-p7_signi.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-p7_signi.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-p7_signi.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p7_signi.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p7_signi.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_signi.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p7_signi.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p7_signi.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_signi.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p7_signi.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-p8_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p5_pbev2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p5_pbev2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p5_pbev2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p5_pbev2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_pbev2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p5_pbev2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p5_pbev2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_pbev2.c
+p8_pkey.o: ../../e_os.h ../../include/openssl/aes.h
+p8_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 p8_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 p8_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 p8_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p8_pkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p8_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p8_pkey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p8_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 p8_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 p8_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 p8_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p8_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p8_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p8_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p8_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p8_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p8_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p8_pkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p8_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p8_pkey.o: ../cryptlib.h p8_pkey.c
+t_bitst.o: ../../e_os.h ../../include/openssl/aes.h
 t_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 t_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-t_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-t_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+t_bitst.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+t_bitst.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 t_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 t_bitst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 t_bitst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-t_bitst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_bitst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-t_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_bitst.o: ../cryptlib.h
-t_crl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-t_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-t_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-t_crl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-t_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-t_crl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-t_crl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-t_crl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_bitst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h t_bitst.c
+t_crl.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+t_crl.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_crl.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+t_crl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_crl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+t_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_crl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_crl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 t_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 t_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 t_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+t_crl.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
 t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_crl.o: ../cryptlib.h
-t_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-t_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-t_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-t_pkey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+t_crl.o: ../cryptlib.h t_crl.c
+t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+t_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 t_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 t_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-t_pkey.o: ../cryptlib.h
-t_req.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-t_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-t_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-t_req.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_req.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-t_req.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_req.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-t_req.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-t_req.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-t_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+t_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+t_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+t_pkey.o: ../../include/openssl/symhacks.h ../cryptlib.h t_pkey.c
+t_req.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+t_req.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+t_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_req.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+t_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_req.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 t_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 t_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+t_req.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
 t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_req.o: ../cryptlib.h
-t_spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+t_req.o: ../cryptlib.h t_req.c
+t_spki.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
 t_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_spki.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-t_spki.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-t_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+t_spki.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+t_spki.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 t_spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 t_spki.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 t_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-t_spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-t_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-t_x509.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-t_x509.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-t_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-t_x509.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-t_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-t_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-t_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-t_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_spki.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_spki.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_spki.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_spki.o: ../cryptlib.h t_spki.c
+t_x509.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+t_x509.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_x509.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+t_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_x509.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 t_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 t_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+t_x509.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
 t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_x509.o: ../cryptlib.h
-t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-t_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-t_x509a.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-t_x509a.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-t_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-t_x509a.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-t_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-t_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+t_x509.o: ../cryptlib.h t_x509.c
+t_x509a.o: ../../e_os.h ../../include/openssl/aes.h
+t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_x509a.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+t_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_x509a.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+t_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_x509a.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_x509a.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_x509a.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 t_x509a.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 t_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 t_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_algor.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_algor.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_algor.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_algor.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_algor.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_algor.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_algor.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+t_x509a.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_x509a.c
+tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+tasn_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+tasn_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tasn_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tasn_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_dec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_dec.o: ../../include/openssl/symhacks.h tasn_dec.c
+tasn_enc.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_enc.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_enc.o: ../../include/openssl/opensslconf.h
+tasn_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_enc.o: ../../include/openssl/symhacks.h tasn_enc.c
+tasn_fre.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_fre.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_fre.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_fre.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_fre.o: ../../include/openssl/opensslconf.h
+tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c
+tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_new.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_new.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tasn_new.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_new.o: ../../include/openssl/opensslconf.h
+tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c
+tasn_typ.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_typ.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_typ.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_typ.o: ../../include/openssl/opensslconf.h
+tasn_typ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_typ.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_typ.o: ../../include/openssl/symhacks.h tasn_typ.c
+tasn_utl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_utl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_utl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tasn_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_utl.o: ../../include/openssl/opensslconf.h
+tasn_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_utl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_utl.o: ../../include/openssl/symhacks.h tasn_utl.c
+x_algor.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_algor.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_algor.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_algor.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_algor.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_algor.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_algor.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 x_algor.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 x_algor.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 x_algor.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_algor.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_algor.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_algor.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_algor.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_attrib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_algor.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_algor.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_algor.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_algor.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_algor.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_algor.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_algor.o: x_algor.c
+x_attrib.o: ../../e_os.h ../../include/openssl/aes.h
+x_attrib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 x_attrib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 x_attrib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 x_attrib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_attrib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_attrib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_attrib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_attrib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x_attrib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 x_attrib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 x_attrib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_attrib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_attrib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_attrib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_attrib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_attrib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_cinf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_cinf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_cinf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_cinf.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_cinf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_cinf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_cinf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_cinf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_cinf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_cinf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_cinf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_cinf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_cinf.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_cinf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_cinf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_cinf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_cinf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_cinf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_cinf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_crl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_crl.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_crl.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_crl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_crl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_crl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_crl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_crl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_attrib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_attrib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_attrib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_attrib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_attrib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_attrib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_attrib.o: ../cryptlib.h x_attrib.c
+x_bignum.o: ../../e_os.h ../../include/openssl/asn1.h
+x_bignum.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_bignum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_bignum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_bignum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+x_bignum.o: ../../include/openssl/opensslconf.h
+x_bignum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_bignum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+x_bignum.o: ../../include/openssl/symhacks.h ../cryptlib.h x_bignum.c
+x_crl.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_crl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_crl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_crl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_crl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 x_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_crl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_exten.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_exten.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_exten.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_exten.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_exten.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_exten.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_crl.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_crl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_crl.c
+x_exten.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_exten.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_exten.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_exten.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_exten.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_exten.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 x_exten.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 x_exten.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 x_exten.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_exten.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_exten.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_exten.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_exten.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_exten.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_exten.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_exten.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_exten.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_exten.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_exten.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_exten.o: x_exten.c
+x_info.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
 x_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 x_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 x_info.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_info.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_info.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x_info.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 x_info.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 x_info.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 x_info.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_name.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_name.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_name.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_name.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_name.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_name.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_name.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_name.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_name.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_info.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_info.o: ../cryptlib.h x_info.c
+x_long.o: ../../e_os.h ../../include/openssl/asn1.h
+x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_long.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_long.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_long.o: ../cryptlib.h x_long.c
+x_name.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_name.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_name.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_name.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_name.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_name.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_name.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_name.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_name.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 x_name.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x_name.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_pkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_name.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_name.c
+x_pkey.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+x_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_pkey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_pkey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_pkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 x_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_pubkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_pkey.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_pkey.c
+x_pubkey.o: ../../e_os.h ../../include/openssl/aes.h
+x_pubkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 x_pubkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 x_pubkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 x_pubkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_pubkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_pubkey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_pubkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x_pubkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 x_pubkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 x_pubkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 x_pubkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_pubkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_pubkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_pubkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_pubkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_pubkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_pubkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_req.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_req.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_req.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_req.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_req.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_req.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_req.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_req.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_req.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_pubkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_pubkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_pubkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_pubkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_pubkey.o: ../cryptlib.h x_pubkey.c
+x_req.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_req.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 x_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_sig.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_sig.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_sig.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_sig.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_sig.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_sig.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_sig.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_sig.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_sig.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_sig.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_sig.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_req.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_req.c
+x_sig.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_sig.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_sig.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_sig.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_sig.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_sig.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_sig.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_sig.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_sig.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_sig.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_sig.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_sig.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 x_sig.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x_sig.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_sig.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_spki.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_spki.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_spki.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_spki.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_sig.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_sig.c
+x_spki.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_spki.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_spki.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_spki.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_spki.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_spki.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_spki.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_spki.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 x_spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x_spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_val.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_val.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_val.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_val.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_val.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_val.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x_val.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x_val.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_val.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-x_val.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-x_val.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_spki.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_spki.c
+x_val.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_val.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_val.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_val.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_val.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_val.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_val.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_val.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_val.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_val.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_val.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_val.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_val.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 x_val.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x_val.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_val.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
-x_x509.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-x_x509.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-x_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_x509.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
-x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_val.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_val.c
+x_x509.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_x509.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x_x509.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 x_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-x_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-x_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 x_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 x_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_x509.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h
-x_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h x_x509.c
+x_x509a.o: ../../e_os.h ../../include/openssl/aes.h
+x_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 x_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 x_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 x_x509a.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_x509a.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_x509a.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_x509a.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x_x509a.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 x_x509a.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 x_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_x509a.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_x509a.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_x509a.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_x509a.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_x509a.o: ../cryptlib.h x_x509a.c
diff --git a/crypto/openssl/crypto/asn1/a_bitstr.c b/crypto/openssl/crypto/asn1/a_bitstr.c
index ecc0d4b8cd4a..f4ea96cd54e8 100644
--- a/crypto/openssl/crypto/asn1/a_bitstr.c
+++ b/crypto/openssl/crypto/asn1/a_bitstr.c
@@ -60,27 +60,9 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 
-ASN1_BIT_STRING *ASN1_BIT_STRING_new(void)
-{ return M_ASN1_BIT_STRING_new(); }
-
-void ASN1_BIT_STRING_free(ASN1_BIT_STRING *x)
-{ M_ASN1_BIT_STRING_free(x); }
-
 int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
 { return M_ASN1_BIT_STRING_set(x, d, len); }
 
-int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
-{
-	int len, ret;
-	len = i2c_ASN1_BIT_STRING(a, NULL);	
-	ret=ASN1_object_size(0,len,V_ASN1_BIT_STRING);
-	if(pp) {
-		ASN1_put_object(pp,0,len,V_ASN1_BIT_STRING,V_ASN1_UNIVERSAL);
-		i2c_ASN1_BIT_STRING(a, pp);	
-	}
-	return ret;
-}
-
 int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 	{
 	int ret,j,bits,len;
@@ -131,40 +113,6 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 	return(ret);
 	}
 
-
-/* Convert DER encoded ASN1 BIT_STRING to ASN1_BIT_STRING structure */
-ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
-	     long length)
-{
-	unsigned char *p;
-	long len;
-	int i;
-	int inf,tag,xclass;
-	ASN1_BIT_STRING *ret;
-
-	p= *pp;
-	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-	if (inf & 0x80)
-		{
-		i=ASN1_R_BAD_OBJECT_HEADER;
-		goto err;
-		}
-
-	if (tag != V_ASN1_BIT_STRING)
-		{
-		i=ASN1_R_EXPECTING_A_BIT_STRING;
-		goto err;
-		}
-	if (len < 1) { i=ASN1_R_STRING_TOO_SHORT; goto err; }
-	ret = c2i_ASN1_BIT_STRING(a, &p, len);
-	if(ret) *pp = p;
-	return ret;
-err:
-	ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i);
-	return(NULL);
-
-}
-
 ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
 	     long len)
 	{
@@ -172,6 +120,12 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
 	unsigned char *p,*s;
 	int i;
 
+	if (len < 1)
+		{
+		i=ASN1_R_STRING_TOO_SHORT;
+		goto err;
+		}
+
 	if ((a == NULL) || ((*a) == NULL))
 		{
 		if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
@@ -237,7 +191,9 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
 		if (a->data == NULL)
 			c=(unsigned char *)OPENSSL_malloc(w+1);
 		else
-			c=(unsigned char *)OPENSSL_realloc(a->data,w+1);
+			c=(unsigned char *)OPENSSL_realloc_clean(a->data,
+								 a->length,
+								 w+1);
 		if (c == NULL) return(0);
 		if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
 		a->data=c;
diff --git a/crypto/openssl/crypto/asn1/a_bool.c b/crypto/openssl/crypto/asn1/a_bool.c
index 18fa61840b4b..24333ea4d525 100644
--- a/crypto/openssl/crypto/asn1/a_bool.c
+++ b/crypto/openssl/crypto/asn1/a_bool.c
@@ -58,7 +58,7 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
 
 int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
 	{
@@ -110,3 +110,5 @@ err:
 	ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i);
 	return(ret);
 	}
+
+
diff --git a/crypto/openssl/crypto/asn1/a_bytes.c b/crypto/openssl/crypto/asn1/a_bytes.c
index 3a0c0c783551..afd27b80e1b0 100644
--- a/crypto/openssl/crypto/asn1/a_bytes.c
+++ b/crypto/openssl/crypto/asn1/a_bytes.c
@@ -58,18 +58,7 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
-
-static unsigned long tag2bit[32]={
-0,	0,	0,	B_ASN1_BIT_STRING,	/* tags  0 -  3 */
-B_ASN1_OCTET_STRING,	0,	0,		B_ASN1_UNKNOWN,/* tags  4- 7 */
-B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,/* tags  8-11 */
-B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
-0,	0,	B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,
-B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,0,
-0,B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,
-B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN,
-	};
+#include <openssl/asn1.h>
 
 static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c);
 /* type is a 'bitmap' of acceptable string types.
@@ -92,7 +81,7 @@ ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp,
 		i=ASN1_R_TAG_VALUE_TOO_HIGH;;
 		goto err;
 		}
-	if (!(tag2bit[tag] & type))
+	if (!(ASN1_tag2bit(tag) & type))
 		{
 		i=ASN1_R_WRONG_TYPE;
 		goto err;
@@ -296,7 +285,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
 			goto err;
 			}
 
-		if (!BUF_MEM_grow(&b,num+os->length))
+		if (!BUF_MEM_grow_clean(&b,num+os->length))
 			{
 			c->error=ERR_R_BUF_LIB;
 			goto err;
diff --git a/crypto/openssl/crypto/asn1/a_d2i_fp.c b/crypto/openssl/crypto/asn1/a_d2i_fp.c
index a49d1cb28977..b67b75e7c27e 100644
--- a/crypto/openssl/crypto/asn1/a_d2i_fp.c
+++ b/crypto/openssl/crypto/asn1/a_d2i_fp.c
@@ -61,9 +61,11 @@
 #include <openssl/buffer.h>
 #include <openssl/asn1_mac.h>
 
-#define HEADER_SIZE   8
+static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
+
+#ifndef NO_OLD_ASN1
+#ifndef OPENSSL_NO_FP_API
 
-#ifndef NO_FP_API
 char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in,
 	     unsigned char **x)
         {
@@ -85,21 +87,81 @@ char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in,
 char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
 	     unsigned char **x)
 	{
+	BUF_MEM *b = NULL;
+	unsigned char *p;
+	char *ret=NULL;
+	int len;
+
+	len = asn1_d2i_read_bio(in, &b);
+	if(len < 0) goto err;
+
+	p=(unsigned char *)b->data;
+	ret=d2i(x,&p,len);
+err:
+	if (b != NULL) BUF_MEM_free(b);
+	return(ret);
+	}
+
+#endif
+
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
+	{
+	BUF_MEM *b = NULL;
+	unsigned char *p;
+	void *ret=NULL;
+	int len;
+
+	len = asn1_d2i_read_bio(in, &b);
+	if(len < 0) goto err;
+
+	p=(unsigned char *)b->data;
+	ret=ASN1_item_d2i(x,&p,len, it);
+err:
+	if (b != NULL) BUF_MEM_free(b);
+	return(ret);
+	}
+
+#ifndef OPENSSL_NO_FP_API
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
+        {
+        BIO *b;
+        char *ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB);
+                return(NULL);
+		}
+        BIO_set_fp(b,in,BIO_NOCLOSE);
+        ret=ASN1_item_d2i_bio(it,b,x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+#define HEADER_SIZE   8
+static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
+	{
 	BUF_MEM *b;
 	unsigned char *p;
 	int i;
-	char *ret=NULL;
+	int ret=-1;
 	ASN1_CTX c;
 	int want=HEADER_SIZE;
 	int eos=0;
+#if defined(__GNUC__) && defined(__ia64)
+	/* pathetic compiler bug in all known versions as of Nov. 2002 */
+	long off=0;
+#else
 	int off=0;
+#endif
 	int len=0;
 
 	b=BUF_MEM_new();
 	if (b == NULL)
 		{
 		ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
-		return(NULL);
+		return -1;
 		}
 
 	ERR_clear_error();
@@ -109,7 +171,7 @@ char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
 			{
 			want-=(len-off);
 
-			if (!BUF_MEM_grow(b,len+want))
+			if (!BUF_MEM_grow_clean(b,len+want))
 				{
 				ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
 				goto err;
@@ -164,18 +226,23 @@ char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
 			if (want > (len-off))
 				{
 				want-=(len-off);
-				if (!BUF_MEM_grow(b,len+want))
+				if (!BUF_MEM_grow_clean(b,len+want))
 					{
 					ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
 					goto err;
 					}
-				i=BIO_read(in,&(b->data[len]),want);
-				if (i <= 0)
+				while (want > 0)
 					{
-					ASN1err(ASN1_F_ASN1_D2I_BIO,ASN1_R_NOT_ENOUGH_DATA);
-					goto err;
+					i=BIO_read(in,&(b->data[len]),want);
+					if (i <= 0)
+						{
+						ASN1err(ASN1_F_ASN1_D2I_BIO,
+						    ASN1_R_NOT_ENOUGH_DATA);
+						goto err;
+						}
+					len+=i;
+					want -= i;
 					}
-				len+=i;
 				}
 			off+=(int)c.slen;
 			if (eos <= 0)
@@ -187,8 +254,8 @@ char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
 			}
 		}
 
-	p=(unsigned char *)b->data;
-	ret=d2i(x,&p,off);
+	*pb = b;
+	return off;
 err:
 	if (b != NULL) BUF_MEM_free(b);
 	return(ret);
diff --git a/crypto/openssl/crypto/asn1/a_digest.c b/crypto/openssl/crypto/asn1/a_digest.c
index 8257b8639e12..4931e222a05e 100644
--- a/crypto/openssl/crypto/asn1/a_digest.c
+++ b/crypto/openssl/crypto/asn1/a_digest.c
@@ -69,10 +69,11 @@
 #include <openssl/buffer.h>
 #include <openssl/x509.h>
 
+#ifndef NO_ASN1_OLD
+
 int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
 		unsigned char *md, unsigned int *len)
 	{
-	EVP_MD_CTX ctx;
 	int i;
 	unsigned char *str,*p;
 
@@ -81,9 +82,24 @@ int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
 	p=str;
 	i2d(data,&p);
 
-	EVP_DigestInit(&ctx,type);
-	EVP_DigestUpdate(&ctx,str,i);
-	EVP_DigestFinal(&ctx,md,len);
+	EVP_Digest(str, i, md, len, type, NULL);
+	OPENSSL_free(str);
+	return(1);
+	}
+
+#endif
+
+
+int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
+		unsigned char *md, unsigned int *len)
+	{
+	int i;
+	unsigned char *str = NULL;
+
+	i=ASN1_item_i2d(asn,&str, it);
+	if (!str) return(0);
+
+	EVP_Digest(str, i, md, len, type, NULL);
 	OPENSSL_free(str);
 	return(1);
 	}
diff --git a/crypto/openssl/crypto/asn1/a_dup.c b/crypto/openssl/crypto/asn1/a_dup.c
index c3bda58a5d9e..58a017884cb5 100644
--- a/crypto/openssl/crypto/asn1/a_dup.c
+++ b/crypto/openssl/crypto/asn1/a_dup.c
@@ -58,9 +58,9 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1.h>
 
-#define READ_CHUNK   2048
+#ifndef NO_OLD_ASN1
 
 char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
 	{
@@ -81,3 +81,27 @@ char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
 	OPENSSL_free(b);
 	return(ret);
 	}
+
+#endif
+
+/* ASN1_ITEM version of dup: this follows the model above except we don't need
+ * to allocate the buffer. At some point this could be rewritten to directly dup
+ * the underlying structure instead of doing and encode and decode.
+ */
+
+void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
+	{
+	unsigned char *b = NULL, *p;
+	long i;
+	void *ret;
+
+	if (x == NULL) return(NULL);
+
+	i=ASN1_item_i2d(x,&b,it);
+	if (b == NULL)
+		{ ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
+	p= b;
+	ret=ASN1_item_d2i(NULL,&p,i, it);
+	OPENSSL_free(b);
+	return(ret);
+	}
diff --git a/crypto/openssl/crypto/asn1/a_enum.c b/crypto/openssl/crypto/asn1/a_enum.c
index 105717128b3e..ad8f0ffd1ab3 100644
--- a/crypto/openssl/crypto/asn1/a_enum.c
+++ b/crypto/openssl/crypto/asn1/a_enum.c
@@ -65,60 +65,6 @@
  * for comments on encoding see a_int.c
  */
 
-ASN1_ENUMERATED *ASN1_ENUMERATED_new(void)
-{ return M_ASN1_ENUMERATED_new(); }
-
-void ASN1_ENUMERATED_free(ASN1_ENUMERATED *x)
-{ M_ASN1_ENUMERATED_free(x); }
-
-
-int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **pp)
-{
-	int len, ret;
-	if(!a) return 0;
-	len = i2c_ASN1_INTEGER(a, NULL);	
-	ret=ASN1_object_size(0,len,V_ASN1_ENUMERATED);
-	if(pp) {
-		ASN1_put_object(pp,0,len,V_ASN1_ENUMERATED,V_ASN1_UNIVERSAL);
-		i2c_ASN1_INTEGER(a, pp);	
-	}
-	return ret;
-}
-
-ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, unsigned char **pp,
-	     long length)
-{
-	unsigned char *p;
-	long len;
-	int i;
-	int inf,tag,xclass;
-	ASN1_ENUMERATED *ret;
-
-	p= *pp;
-	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-	if (inf & 0x80)
-		{
-		i=ASN1_R_BAD_OBJECT_HEADER;
-		goto err;
-		}
-
-	if (tag != V_ASN1_ENUMERATED)
-		{
-		i=ASN1_R_EXPECTING_AN_ENUMERATED;
-		goto err;
-		}
-	ret = c2i_ASN1_INTEGER(a, &p, len);
-	if(ret) {
-		ret->type = (V_ASN1_NEG & ret->type) | V_ASN1_ENUMERATED;
-		*pp = p;
-	}
-	return ret;
-err:
-	ASN1err(ASN1_F_D2I_ASN1_ENUMERATED,i);
-	return(NULL);
-
-}
-
 int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
 	{
 	int i,j,k;
@@ -168,7 +114,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
 	if (i == V_ASN1_NEG_ENUMERATED)
 		neg=1;
 	else if (i != V_ASN1_ENUMERATED)
-		return(0);
+		return -1;
 	
 	if (a->length > sizeof(long))
 		{
@@ -176,7 +122,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
 		return(0xffffffffL);
 		}
 	if (a->data == NULL)
-		return(0);
+		return 0;
 
 	for (i=0; i<a->length; i++)
 		{
@@ -207,8 +153,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
 	len=((j == 0)?0:((j/8)+1));
 	if (ret->length < len+4)
 		{
-		unsigned char *new_data=
-			OPENSSL_realloc(ret->data, len+4);
+		unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
 		if (!new_data)
 			{
 			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
diff --git a/crypto/openssl/crypto/asn1/a_gentm.c b/crypto/openssl/crypto/asn1/a_gentm.c
index b55f882b7638..cd09f68b38f6 100644
--- a/crypto/openssl/crypto/asn1/a_gentm.c
+++ b/crypto/openssl/crypto/asn1/a_gentm.c
@@ -61,13 +61,10 @@
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
+#include "o_time.h"
 #include <openssl/asn1.h>
 
-ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_new(void)
-{ return M_ASN1_GENERALIZEDTIME_new(); }
-
-void ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *x)
-{ M_ASN1_GENERALIZEDTIME_free(x); }
+#if 0
 
 int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
 	{
@@ -116,6 +113,8 @@ err:
 	return(NULL);
 	}
 
+#endif
+
 int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
 	{
 	static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
@@ -147,6 +146,19 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
 
 		if ((n < min[i]) || (n > max[i])) goto err;
 		}
+	/* Optional fractional seconds: decimal point followed by one
+	 * or more digits.
+	 */
+	if (a[o] == '.')
+		{
+		if (++o > l) goto err;
+		i = o;
+		while ((a[o] >= '0') && (a[o] <= '9') && (o <= l))
+			o++;
+		/* Must have at least one digit after decimal point */
+		if (i == o) goto err;
+		}
+
 	if (a[o] == 'Z')
 		o++;
 	else if ((a[o] == '+') || (a[o] == '-'))
@@ -182,6 +194,7 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str)
 			{
 			ASN1_STRING_set((ASN1_STRING *)s,
 				(unsigned char *)str,t.length);
+			s->type=V_ASN1_GENERALIZEDTIME;
 			}
 		return(1);
 		}
@@ -194,21 +207,17 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
 	{
 	char *p;
 	struct tm *ts;
-#if defined(THREADS) && !defined(WIN32)
 	struct tm data;
-#endif
 
 	if (s == NULL)
 		s=M_ASN1_GENERALIZEDTIME_new();
 	if (s == NULL)
 		return(NULL);
 
-#if defined(THREADS) && !defined(WIN32) && ! defined(_DARWIN)
-	gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
-	ts=&data;
-#else
-	ts=gmtime(&t);
-#endif
+	ts=OPENSSL_gmtime(&t, &data);
+	if (ts == NULL)
+		return(NULL);
+
 	p=(char *)s->data;
 	if ((p == NULL) || (s->length < 16))
 		{
diff --git a/crypto/openssl/crypto/asn1/a_i2d_fp.c b/crypto/openssl/crypto/asn1/a_i2d_fp.c
index aee29a779000..f4f1b73ebe88 100644
--- a/crypto/openssl/crypto/asn1/a_i2d_fp.c
+++ b/crypto/openssl/crypto/asn1/a_i2d_fp.c
@@ -59,9 +59,11 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1.h>
 
-#ifndef NO_FP_API
+#ifndef NO_OLD_ASN1
+
+#ifndef OPENSSL_NO_FP_API
 int ASN1_i2d_fp(int (*i2d)(), FILE *out, unsigned char *x)
         {
         BIO *b;
@@ -111,3 +113,51 @@ int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x)
 	OPENSSL_free(b);
 	return(ret);
 	}
+
+#endif
+
+#ifndef OPENSSL_NO_FP_API
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB);
+                return(0);
+		}
+        BIO_set_fp(b,out,BIO_NOCLOSE);
+        ret=ASN1_item_i2d_bio(it,b,x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
+	{
+	unsigned char *b = NULL;
+	int i,j=0,n,ret=1;
+
+	n = ASN1_item_i2d(x, &b, it);
+	if (b == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+
+	for (;;)
+		{
+		i=BIO_write(out,&(b[j]),n);
+		if (i == n) break;
+		if (i <= 0)
+			{
+			ret=0;
+			break;
+			}
+		j+=i;
+		n-=i;
+		}
+	OPENSSL_free(b);
+	return(ret);
+	}
diff --git a/crypto/openssl/crypto/asn1/a_int.c b/crypto/openssl/crypto/asn1/a_int.c
index 0a24bef68504..edb243c0217e 100644
--- a/crypto/openssl/crypto/asn1/a_int.c
+++ b/crypto/openssl/crypto/asn1/a_int.c
@@ -60,33 +60,12 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 
-ASN1_INTEGER *ASN1_INTEGER_new(void)
-{ return M_ASN1_INTEGER_new();}
-
-void ASN1_INTEGER_free(ASN1_INTEGER *x)
-{ M_ASN1_INTEGER_free(x);}
-
 ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
 { return M_ASN1_INTEGER_dup(x);}
 
 int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
 { return M_ASN1_INTEGER_cmp(x,y);}
 
-/* Output ASN1 INTEGER including tag+length */
-
-int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
-{
-	int len, ret;
-	if(!a) return 0;
-	len = i2c_ASN1_INTEGER(a, NULL);	
-	ret=ASN1_object_size(0,len,V_ASN1_INTEGER);
-	if(pp) {
-		ASN1_put_object(pp,0,len,V_ASN1_INTEGER,V_ASN1_UNIVERSAL);
-		i2c_ASN1_INTEGER(a, pp);	
-	}
-	return ret;
-}
-
 /* 
  * This converts an ASN1 INTEGER into its content encoding.
  * The internal representation is an ASN1_STRING whose data is a big endian
@@ -174,39 +153,6 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
 	return(ret);
 	}
 
-/* Convert DER encoded ASN1 INTEGER to ASN1_INTEGER structure */
-ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
-	     long length)
-{
-	unsigned char *p;
-	long len;
-	int i;
-	int inf,tag,xclass;
-	ASN1_INTEGER *ret;
-
-	p= *pp;
-	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-	if (inf & 0x80)
-		{
-		i=ASN1_R_BAD_OBJECT_HEADER;
-		goto err;
-		}
-
-	if (tag != V_ASN1_INTEGER)
-		{
-		i=ASN1_R_EXPECTING_AN_INTEGER;
-		goto err;
-		}
-	ret = c2i_ASN1_INTEGER(a, &p, len);
-	if(ret) *pp = p;
-	return ret;
-err:
-	ASN1err(ASN1_F_D2I_ASN1_INTEGER,i);
-	return(NULL);
-
-}
-
-
 /* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
 
 ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
@@ -414,7 +360,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a)
 	if (i == V_ASN1_NEG_INTEGER)
 		neg=1;
 	else if (i != V_ASN1_INTEGER)
-		return(0);
+		return -1;
 	
 	if (a->length > sizeof(long))
 		{
@@ -422,7 +368,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a)
 		return(0xffffffffL);
 		}
 	if (a->data == NULL)
-		return(0);
+		return 0;
 
 	for (i=0; i<a->length; i++)
 		{
@@ -453,7 +399,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
 	len=((j == 0)?0:((j/8)+1));
 	if (ret->length < len+4)
 		{
-		unsigned char *new_data= OPENSSL_realloc(ret->data, len+4);
+		unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
 		if (!new_data)
 			{
 			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
@@ -462,6 +408,12 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
 		ret->data=new_data;
 		}
 	ret->length=BN_bn2bin(bn,ret->data);
+	/* Correct zero case */
+	if(!ret->length)
+		{
+		ret->data[0] = 0;
+		ret->length = 1;
+		}
 	return(ret);
 err:
 	if (ret != ai) M_ASN1_INTEGER_free(ret);
diff --git a/crypto/openssl/crypto/asn1/a_object.c b/crypto/openssl/crypto/asn1/a_object.c
index 20caa2d3bde6..0a8e6c287cc3 100644
--- a/crypto/openssl/crypto/asn1/a_object.c
+++ b/crypto/openssl/crypto/asn1/a_object.c
@@ -183,8 +183,8 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
 
 	if ((a == NULL) || (a->data == NULL))
 		return(BIO_write(bp,"NULL",4));
-	i=i2t_ASN1_OBJECT(buf,80,a);
-	if (i > 80) i=80;
+	i=i2t_ASN1_OBJECT(buf,sizeof buf,a);
+	if (i > sizeof buf) i=sizeof buf;
 	BIO_write(bp,buf,i);
 	return(i);
 	}
@@ -302,7 +302,7 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a)
 	}
 
 ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
-	     char *sn, char *ln)
+	     const char *sn, const char *ln)
 	{
 	ASN1_OBJECT o;
 
diff --git a/crypto/openssl/crypto/asn1/a_octet.c b/crypto/openssl/crypto/asn1/a_octet.c
index 2586f4327dc6..9690bae0f12d 100644
--- a/crypto/openssl/crypto/asn1/a_octet.c
+++ b/crypto/openssl/crypto/asn1/a_octet.c
@@ -60,12 +60,6 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 
-ASN1_OCTET_STRING *ASN1_OCTET_STRING_new(void)
-{ return M_ASN1_OCTET_STRING_new(); }
-
-void ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *x)
-{ M_ASN1_OCTET_STRING_free(x); }
-
 ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x)
 { return M_ASN1_OCTET_STRING_dup(x); }
 
@@ -75,21 +69,3 @@ int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b)
 int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, unsigned char *d, int len)
 { return M_ASN1_OCTET_STRING_set(x, d, len); }
 
-int i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a, unsigned char **pp)
-{ return M_i2d_ASN1_OCTET_STRING(a, pp); }
-
-ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a,
-	     unsigned char **pp, long length)
-	{
-	ASN1_OCTET_STRING *ret=NULL;
-
-	ret=(ASN1_OCTET_STRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
-		pp,length,V_ASN1_OCTET_STRING,V_ASN1_UNIVERSAL);
-	if (ret == NULL)
-		{
-		ASN1err(ASN1_F_D2I_ASN1_OCTET_STRING,ERR_R_NESTED_ASN1_ERROR);
-		return(NULL);
-		}
-	return(ret);
-	}
-
diff --git a/crypto/openssl/crypto/asn1/a_print.c b/crypto/openssl/crypto/asn1/a_print.c
index b7bd2bd18aeb..8035513f0478 100644
--- a/crypto/openssl/crypto/asn1/a_print.c
+++ b/crypto/openssl/crypto/asn1/a_print.c
@@ -60,50 +60,6 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 
-ASN1_IA5STRING *ASN1_IA5STRING_new(void)
-{ return M_ASN1_IA5STRING_new();}
-
-void ASN1_IA5STRING_free(ASN1_IA5STRING *x)
-{ M_ASN1_IA5STRING_free(x);}
-
-int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a, unsigned char **pp)
-	{ return(M_i2d_ASN1_IA5STRING(a,pp)); }
-
-ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a, unsigned char **pp,
-	     long l)
-	{ return(M_d2i_ASN1_IA5STRING(a,pp,l)); }
-
-ASN1_T61STRING *ASN1_T61STRING_new(void)
-{ return M_ASN1_T61STRING_new();}
-
-void ASN1_T61STRING_free(ASN1_T61STRING *x)
-{ M_ASN1_T61STRING_free(x);}
-
-ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a, unsigned char **pp,
-	     long l)
-	{ return(M_d2i_ASN1_T61STRING(a,pp,l)); }
-
-ASN1_PRINTABLESTRING *ASN1_PRINTABLESTRING_new(void)
-{ return M_ASN1_PRINTABLESTRING_new();}
-
-void ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *x)
-{ M_ASN1_PRINTABLESTRING_free(x);}
-
-ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a,
-	     unsigned char **pp, long l)
-	{ return(M_d2i_ASN1_PRINTABLESTRING(a,pp,
-	     l)); }
-
-int i2d_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING *a, unsigned char **pp)
-	{ return(M_i2d_ASN1_PRINTABLESTRING(a,pp)); }
-
-int i2d_ASN1_PRINTABLE(ASN1_STRING *a, unsigned char **pp)
-	{ return(M_i2d_ASN1_PRINTABLE(a,pp)); }
-
-ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a, unsigned char **pp,
-	     long l)
-	{ return(M_d2i_ASN1_PRINTABLE(a,pp,l)); }
-
 int ASN1_PRINTABLE_type(unsigned char *s, int len)
 	{
 	int c;
@@ -169,29 +125,3 @@ int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
 	s->type=ASN1_PRINTABLE_type(s->data,s->length);
 	return(1);
 	}
-
-ASN1_STRING *DIRECTORYSTRING_new(void)
-{ return M_DIRECTORYSTRING_new();}
-
-void DIRECTORYSTRING_free(ASN1_STRING *x)
-{ M_DIRECTORYSTRING_free(x);}
-
-int i2d_DIRECTORYSTRING(ASN1_STRING *a, unsigned char **pp)
-	{ return(M_i2d_DIRECTORYSTRING(a,pp)); }
-
-ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **a, unsigned char **pp,
-	     long l)
-	{ return(M_d2i_DIRECTORYSTRING(a,pp,l)); }
-
-ASN1_STRING *DISPLAYTEXT_new(void)
-{ return M_DISPLAYTEXT_new();}
-
-void DISPLAYTEXT_free(ASN1_STRING *x)
-{ M_DISPLAYTEXT_free(x);}
-
-int i2d_DISPLAYTEXT(ASN1_STRING *a, unsigned char **pp)
-	{ return(M_i2d_DISPLAYTEXT(a,pp)); }
-
-ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **a, unsigned char **pp,
-	     long l)
-	{ return(M_d2i_DISPLAYTEXT(a,pp,l)); }
diff --git a/crypto/openssl/crypto/asn1/a_set.c b/crypto/openssl/crypto/asn1/a_set.c
index 5b0938e97b1c..0f839822ff22 100644
--- a/crypto/openssl/crypto/asn1/a_set.c
+++ b/crypto/openssl/crypto/asn1/a_set.c
@@ -60,6 +60,8 @@
 #include "cryptlib.h"
 #include <openssl/asn1_mac.h>
 
+#ifndef NO_ASN1_OLD
+
 typedef struct
     {
     unsigned char *pbData;
@@ -215,3 +217,4 @@ err:
 	return(NULL);
 	}
 
+#endif
diff --git a/crypto/openssl/crypto/asn1/a_sign.c b/crypto/openssl/crypto/asn1/a_sign.c
index 94829d889e0d..52ce7e39740b 100644
--- a/crypto/openssl/crypto/asn1/a_sign.c
+++ b/crypto/openssl/crypto/asn1/a_sign.c
@@ -124,6 +124,8 @@
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 
+#ifndef NO_ASN1_OLD
+
 int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 	     ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
 	     const EVP_MD *type)
@@ -133,6 +135,7 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 	int i,inl=0,outl=0,outll=0;
 	X509_ALGOR *a;
 
+	EVP_MD_CTX_init(&ctx);
 	for (i=0; i<2; i++)
 		{
 		if (i == 0)
@@ -180,7 +183,90 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 	p=buf_in;
 
 	i2d(data,&p);
-	EVP_SignInit(&ctx,type);
+	EVP_SignInit_ex(&ctx,type, NULL);
+	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
+	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
+			(unsigned int *)&outl,pkey))
+		{
+		outl=0;
+		ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
+		goto err;
+		}
+	if (signature->data != NULL) OPENSSL_free(signature->data);
+	signature->data=buf_out;
+	buf_out=NULL;
+	signature->length=outl;
+	/* In the interests of compatibility, I'll make sure that
+	 * the bit string has a 'not-used bits' value of 0
+	 */
+	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+err:
+	EVP_MD_CTX_cleanup(&ctx);
+	if (buf_in != NULL)
+		{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
+	if (buf_out != NULL)
+		{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
+	return(outl);
+	}
+
+#endif
+
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
+	     ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey,
+	     const EVP_MD *type)
+	{
+	EVP_MD_CTX ctx;
+	unsigned char *buf_in=NULL,*buf_out=NULL;
+	int i,inl=0,outl=0,outll=0;
+	X509_ALGOR *a;
+
+	EVP_MD_CTX_init(&ctx);
+	for (i=0; i<2; i++)
+		{
+		if (i == 0)
+			a=algor1;
+		else
+			a=algor2;
+		if (a == NULL) continue;
+                if (type->pkey_type == NID_dsaWithSHA1)
+			{
+			/* special case: RFC 2459 tells us to omit 'parameters'
+			 * with id-dsa-with-sha1 */
+			ASN1_TYPE_free(a->parameter);
+			a->parameter = NULL;
+			}
+		else if ((a->parameter == NULL) || 
+			(a->parameter->type != V_ASN1_NULL))
+			{
+			ASN1_TYPE_free(a->parameter);
+			if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
+			a->parameter->type=V_ASN1_NULL;
+			}
+		ASN1_OBJECT_free(a->algorithm);
+		a->algorithm=OBJ_nid2obj(type->pkey_type);
+		if (a->algorithm == NULL)
+			{
+			ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
+			goto err;
+			}
+		if (a->algorithm->length == 0)
+			{
+			ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+			goto err;
+			}
+		}
+	inl=ASN1_item_i2d(asn,&buf_in, it);
+	outll=outl=EVP_PKEY_size(pkey);
+	buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
+	if ((buf_in == NULL) || (buf_out == NULL))
+		{
+		outl=0;
+		ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	EVP_SignInit_ex(&ctx,type, NULL);
 	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
 	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
 			(unsigned int *)&outl,pkey))
@@ -199,10 +285,10 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
 	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
 err:
-	memset(&ctx,0,sizeof(ctx));
+	EVP_MD_CTX_cleanup(&ctx);
 	if (buf_in != NULL)
-		{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
+		{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
 	if (buf_out != NULL)
-		{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
+		{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
 	return(outl);
 	}
diff --git a/crypto/openssl/crypto/asn1/a_strex.c b/crypto/openssl/crypto/asn1/a_strex.c
index 569b81199858..1def6c654943 100644
--- a/crypto/openssl/crypto/asn1/a_strex.c
+++ b/crypto/openssl/crypto/asn1/a_strex.c
@@ -63,6 +63,7 @@
 #include <openssl/asn1.h>
 
 #include "charmap.h"
+#include "cryptlib.h"
 
 /* ASN1_STRING_print_ex() and X509_NAME_print_ex().
  * Enhanced string and name printing routines handling
@@ -77,8 +78,8 @@
 /* Three IO functions for sending data to memory, a BIO and
  * and a FILE pointer.
  */
-
-int send_mem_chars(void *arg, const void *buf, int len)
+#if 0				/* never used */
+static int send_mem_chars(void *arg, const void *buf, int len)
 {
 	unsigned char **out = arg;
 	if(!out) return 1;
@@ -86,15 +87,16 @@ int send_mem_chars(void *arg, const void *buf, int len)
 	*out += len;
 	return 1;
 }
+#endif
 
-int send_bio_chars(void *arg, const void *buf, int len)
+static int send_bio_chars(void *arg, const void *buf, int len)
 {
 	if(!arg) return 1;
 	if(BIO_write(arg, buf, len) != len) return 0;
 	return 1;
 }
 
-int send_fp_chars(void *arg, const void *buf, int len)
+static int send_fp_chars(void *arg, const void *buf, int len)
 {
 	if(!arg) return 1;
 	if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;
@@ -113,14 +115,17 @@ typedef int char_io(void *arg, const void *buf, int len);
 static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg)
 {
 	unsigned char chflgs, chtmp;
-	char tmphex[11];
+	char tmphex[HEX_SIZE(long)+3];
+
+	if(c > 0xffffffffL)
+		return -1;
 	if(c > 0xffff) {
-		BIO_snprintf(tmphex, 11, "\\W%08lX", c);
+		BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c);
 		if(!io_ch(arg, tmphex, 10)) return -1;
 		return 10;
 	}
 	if(c > 0xff) {
-		BIO_snprintf(tmphex, 11, "\\U%04lX", c);
+		BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c);
 		if(!io_ch(arg, tmphex, 6)) return -1;
 		return 6;
 	}
@@ -194,7 +199,7 @@ static int do_buf(unsigned char *buf, int buflen,
 		if(type & BUF_TYPE_CONVUTF8) {
 			unsigned char utfbuf[6];
 			int utflen;
-			utflen = UTF8_putc(utfbuf, 6, c);
+			utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
 			for(i = 0; i < utflen; i++) {
 				/* We don't need to worry about setting orflags correctly
 				 * because if utflen==1 its value will be correct anyway 
@@ -240,7 +245,7 @@ static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen
  * #01234 format.
  */
 
-int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
+static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
 {
 	/* Placing the ASN1_STRING in a temp ASN1_TYPE allows
 	 * the DER encoding to readily obtained
@@ -371,6 +376,8 @@ static int do_indent(char_io *io_ch, void *arg, int indent)
 	return 1;
 }
 
+#define FN_WIDTH_LN	25
+#define FN_WIDTH_SN	10
 
 static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
 				int indent, unsigned long flags)
@@ -456,19 +463,29 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
 		val = X509_NAME_ENTRY_get_data(ent);
 		fn_nid = OBJ_obj2nid(fn);
 		if(fn_opt != XN_FLAG_FN_NONE) {
-			int objlen;
+			int objlen, fld_len;
 			if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) {
-				OBJ_obj2txt(objtmp, 80, fn, 1);
+				OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
+				fld_len = 0; /* XXX: what should this be? */
 				objbuf = objtmp;
 			} else {
-				if(fn_opt == XN_FLAG_FN_SN) 
+				if(fn_opt == XN_FLAG_FN_SN) {
+					fld_len = FN_WIDTH_SN;
 					objbuf = OBJ_nid2sn(fn_nid);
-				else if(fn_opt == XN_FLAG_FN_LN)
+				} else if(fn_opt == XN_FLAG_FN_LN) {
+					fld_len = FN_WIDTH_LN;
 					objbuf = OBJ_nid2ln(fn_nid);
-				else objbuf = "";
+				} else {
+					fld_len = 0; /* XXX: what should this be? */
+					objbuf = "";
+				}
 			}
 			objlen = strlen(objbuf);
 			if(!io_ch(arg, objbuf, objlen)) return -1;
+			if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
+				if (!do_indent(io_ch, arg, fld_len - objlen)) return -1;
+				outlen += fld_len - objlen;
+			}
 			if(!io_ch(arg, sep_eq, sep_eq_len)) return -1;
 			outlen += objlen + sep_eq_len;
 		}
@@ -491,12 +508,24 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
 
 int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags)
 {
+	if(flags == XN_FLAG_COMPAT)
+		return X509_NAME_print(out, nm, indent);
 	return do_name_ex(send_bio_chars, out, nm, indent, flags);
 }
 
 
 int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags)
 {
+	if(flags == XN_FLAG_COMPAT)
+		{
+		BIO *btmp;
+		int ret;
+		btmp = BIO_new_fp(fp, BIO_NOCLOSE);
+		if(!btmp) return -1;
+		ret = X509_NAME_print(btmp, nm, indent);
+		BIO_free(btmp);
+		return ret;
+		}
 	return do_name_ex(send_fp_chars, fp, nm, indent, flags);
 }
 
@@ -519,7 +548,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
 {
 	ASN1_STRING stmp, *str = &stmp;
 	int mbflag, type, ret;
-	if(!*out || !in) return -1;
+	if(!in) return -1;
 	type = in->type;
 	if((type < 0) || (type > 30)) return -1;
 	mbflag = tag2nbyte[type];
@@ -528,6 +557,6 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
 	stmp.data = NULL;
 	ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
 	if(ret < 0) return ret;
-	if(out) *out = stmp.data;
+	*out = stmp.data;
 	return stmp.length;
 }
diff --git a/crypto/openssl/crypto/asn1/a_strnid.c b/crypto/openssl/crypto/asn1/a_strnid.c
index b7db6813f9f4..04789d1c63fa 100644
--- a/crypto/openssl/crypto/asn1/a_strnid.c
+++ b/crypto/openssl/crypto/asn1/a_strnid.c
@@ -105,7 +105,7 @@ int ASN1_STRING_set_default_mask_asc(char *p)
 		mask = strtoul(p + 5, &end, 0);
 		if(*end) return 0;
 	} else if(!strcmp(p, "nombstr"))
-		mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING));
+			 mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING));
 	else if(!strcmp(p, "pkix"))
 			mask = ~((unsigned long)B_ASN1_T61STRING);
 	else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING;
@@ -170,8 +170,10 @@ static ASN1_STRING_TABLE tbl_standard[] = {
 {NID_givenName,			1, ub_name, DIRSTRING_TYPE, 0},
 {NID_surname,			1, ub_name, DIRSTRING_TYPE, 0},
 {NID_initials,			1, ub_name, DIRSTRING_TYPE, 0},
+{NID_friendlyName,		-1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
 {NID_name,			1, ub_name, DIRSTRING_TYPE, 0},
-{NID_dnQualifier,		-1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}
+{NID_dnQualifier,		-1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+{NID_ms_csp_name,		-1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
 };
 
 static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
diff --git a/crypto/openssl/crypto/asn1/a_time.c b/crypto/openssl/crypto/asn1/a_time.c
index 17475e0f492c..6e5e9d845dc3 100644
--- a/crypto/openssl/crypto/asn1/a_time.c
+++ b/crypto/openssl/crypto/asn1/a_time.c
@@ -64,14 +64,14 @@
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
-#include <openssl/asn1.h>
+#include "o_time.h"
+#include <openssl/asn1t.h>
 
-ASN1_TIME *ASN1_TIME_new(void)
-{ return M_ASN1_TIME_new(); }
+IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
 
-void ASN1_TIME_free(ASN1_TIME *x)
-{ M_ASN1_TIME_free(x); }
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
 
+#if 0
 int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
 	{
 #ifdef CHARSET_EBCDIC
@@ -95,33 +95,64 @@ int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
 	ASN1err(ASN1_F_I2D_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
 	return -1;
 	}
-
-
-ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, unsigned char **pp, long length)
-	{
-	unsigned char tag;
-	tag = **pp & ~V_ASN1_CONSTRUCTED;
-	if(tag == (V_ASN1_UTCTIME|V_ASN1_UNIVERSAL))
-					 return d2i_ASN1_UTCTIME(a, pp, length);
-	if(tag == (V_ASN1_GENERALIZEDTIME|V_ASN1_UNIVERSAL))
-				return d2i_ASN1_GENERALIZEDTIME(a, pp, length);
-	ASN1err(ASN1_F_D2I_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
-	return(NULL);
-	}
+#endif
 
 
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
 	{
 	struct tm *ts;
-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
 	struct tm data;
 
-	gmtime_r(&t,&data);
-	ts=&data; /* should return &data, but doesn't on some systems, so we don't even look at the return value */
-#else
-	ts=gmtime(&t);
-#endif
+	ts=OPENSSL_gmtime(&t,&data);
+	if (ts == NULL)
+		return NULL;
 	if((ts->tm_year >= 50) && (ts->tm_year < 150))
 					return ASN1_UTCTIME_set(s, t);
 	return ASN1_GENERALIZEDTIME_set(s,t);
 	}
+
+int ASN1_TIME_check(ASN1_TIME *t)
+	{
+	if (t->type == V_ASN1_GENERALIZEDTIME)
+		return ASN1_GENERALIZEDTIME_check(t);
+	else if (t->type == V_ASN1_UTCTIME)
+		return ASN1_UTCTIME_check(t);
+	return 0;
+	}
+
+/* Convert an ASN1_TIME structure to GeneralizedTime */
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
+	{
+	ASN1_GENERALIZEDTIME *ret;
+	char *str;
+
+	if (!ASN1_TIME_check(t)) return NULL;
+
+	if (!out || !*out)
+		{
+		if (!(ret = ASN1_GENERALIZEDTIME_new ()))
+			return NULL;
+		if (out) *out = ret;
+		}
+	else ret = *out;
+
+	/* If already GeneralizedTime just copy across */
+	if (t->type == V_ASN1_GENERALIZEDTIME)
+		{
+		if(!ASN1_STRING_set(ret, t->data, t->length))
+			return NULL;
+		return ret;
+		}
+
+	/* grow the string */
+	if (!ASN1_STRING_set(ret, NULL, t->length + 2))
+		return NULL;
+	str = (char *)ret->data;
+	/* Work out the century and prepend */
+	if (t->data[0] >= '5') strcpy(str, "19");
+	else strcpy(str, "20");
+
+	BUF_strlcat(str, (char *)t->data, t->length+2);
+
+	return ret;
+	}
diff --git a/crypto/openssl/crypto/asn1/a_type.c b/crypto/openssl/crypto/asn1/a_type.c
index e72a6b29e0f0..fe3fcd40b0b2 100644
--- a/crypto/openssl/crypto/asn1/a_type.c
+++ b/crypto/openssl/crypto/asn1/a_type.c
@@ -57,240 +57,12 @@
  */
 
 #include <stdio.h>
+#include <openssl/asn1t.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
-
-static void ASN1_TYPE_component_free(ASN1_TYPE *a);
-int i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **pp)
-	{
-	int r=0;
-
-	if (a == NULL) return(0);
-
-	switch (a->type)
-		{
-	case V_ASN1_NULL:
-		if (pp != NULL)
-			ASN1_put_object(pp,0,0,V_ASN1_NULL,V_ASN1_UNIVERSAL);
-		r=2;
-		break;
-	case V_ASN1_INTEGER:
-	case V_ASN1_NEG_INTEGER:
-		r=i2d_ASN1_INTEGER(a->value.integer,pp);
-		break;
-	case V_ASN1_ENUMERATED:
-	case V_ASN1_NEG_ENUMERATED:
-		r=i2d_ASN1_ENUMERATED(a->value.enumerated,pp);
-		break;
-	case V_ASN1_BIT_STRING:
-		r=i2d_ASN1_BIT_STRING(a->value.bit_string,pp);
-		break;
-	case V_ASN1_OCTET_STRING:
-		r=i2d_ASN1_OCTET_STRING(a->value.octet_string,pp);
-		break;
-	case V_ASN1_OBJECT:
-		r=i2d_ASN1_OBJECT(a->value.object,pp);
-		break;
-	case V_ASN1_PRINTABLESTRING:
-		r=M_i2d_ASN1_PRINTABLESTRING(a->value.printablestring,pp);
-		break;
-	case V_ASN1_T61STRING:
-		r=M_i2d_ASN1_T61STRING(a->value.t61string,pp);
-		break;
-	case V_ASN1_IA5STRING:
-		r=M_i2d_ASN1_IA5STRING(a->value.ia5string,pp);
-		break;
-	case V_ASN1_GENERALSTRING:
-		r=M_i2d_ASN1_GENERALSTRING(a->value.generalstring,pp);
-		break;
-	case V_ASN1_UNIVERSALSTRING:
-		r=M_i2d_ASN1_UNIVERSALSTRING(a->value.universalstring,pp);
-		break;
-	case V_ASN1_UTF8STRING:
-		r=M_i2d_ASN1_UTF8STRING(a->value.utf8string,pp);
-		break;
-	case V_ASN1_VISIBLESTRING:
-		r=M_i2d_ASN1_VISIBLESTRING(a->value.visiblestring,pp);
-		break;
-	case V_ASN1_BMPSTRING:
-		r=M_i2d_ASN1_BMPSTRING(a->value.bmpstring,pp);
-		break;
-	case V_ASN1_UTCTIME:
-		r=i2d_ASN1_UTCTIME(a->value.utctime,pp);
-		break;
-	case V_ASN1_GENERALIZEDTIME:
-		r=i2d_ASN1_GENERALIZEDTIME(a->value.generalizedtime,pp);
-		break;
-	case V_ASN1_SET:
-	case V_ASN1_SEQUENCE:
-	case V_ASN1_OTHER:
-	default:
-		if (a->value.set == NULL)
-			r=0;
-		else
-			{
-			r=a->value.set->length;
-			if (pp != NULL)
-				{
-				memcpy(*pp,a->value.set->data,r);
-				*pp+=r;
-				}
-			}
-		break;
-		}
-	return(r);
-	}
-
-ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
-	{
-	ASN1_TYPE *ret=NULL;
-	unsigned char *q,*p,*max;
-	int inf,tag,xclass;
-	long len;
-
-	if ((a == NULL) || ((*a) == NULL))
-		{
-		if ((ret=ASN1_TYPE_new()) == NULL) goto err;
-		}
-	else
-		ret=(*a);
-
-	p= *pp;
-	q=p;
-	max=(p+length);
-
-	inf=ASN1_get_object(&q,&len,&tag,&xclass,length);
-	if (inf & 0x80) goto err;
-	/* If not universal tag we've no idea what it is */
-	if(xclass != V_ASN1_UNIVERSAL) tag = V_ASN1_OTHER;
-	
-	ASN1_TYPE_component_free(ret);
-
-	switch (tag)
-		{
-	case V_ASN1_NULL:
-		p=q;
-		ret->value.ptr=NULL;
-		break;
-	case V_ASN1_INTEGER:
-		if ((ret->value.integer=
-			d2i_ASN1_INTEGER(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_ENUMERATED:
-		if ((ret->value.enumerated=
-			d2i_ASN1_ENUMERATED(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_BIT_STRING:
-		if ((ret->value.bit_string=
-			d2i_ASN1_BIT_STRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_OCTET_STRING:
-		if ((ret->value.octet_string=
-			d2i_ASN1_OCTET_STRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_VISIBLESTRING:
-		if ((ret->value.visiblestring=
-			d2i_ASN1_VISIBLESTRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_UTF8STRING:
-		if ((ret->value.utf8string=
-			d2i_ASN1_UTF8STRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_OBJECT:
-		if ((ret->value.object=
-			d2i_ASN1_OBJECT(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_PRINTABLESTRING:
-		if ((ret->value.printablestring=
-			d2i_ASN1_PRINTABLESTRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_T61STRING:
-		if ((ret->value.t61string=
-			M_d2i_ASN1_T61STRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_IA5STRING:
-		if ((ret->value.ia5string=
-			M_d2i_ASN1_IA5STRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_GENERALSTRING:
-		if ((ret->value.generalstring=
-			M_d2i_ASN1_GENERALSTRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_UNIVERSALSTRING:
-		if ((ret->value.universalstring=
-			M_d2i_ASN1_UNIVERSALSTRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_BMPSTRING:
-		if ((ret->value.bmpstring=
-			M_d2i_ASN1_BMPSTRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_UTCTIME:
-		if ((ret->value.utctime=
-			d2i_ASN1_UTCTIME(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_GENERALIZEDTIME:
-		if ((ret->value.generalizedtime=
-			d2i_ASN1_GENERALIZEDTIME(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_SET:
-	case V_ASN1_SEQUENCE:
-	case V_ASN1_OTHER:
-	default:
-		/* Sets and sequences are left complete */
-		if ((ret->value.set=ASN1_STRING_new()) == NULL) goto err;
-		ret->value.set->type=tag;
-		len+=(q-p);
-		if (!ASN1_STRING_set(ret->value.set,p,(int)len)) goto err;
-		p+=len;
-		break;
-		}
-
-	ret->type=tag;
-	if (a != NULL) (*a)=ret;
-	*pp=p;
-	return(ret);
-err:
-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) ASN1_TYPE_free(ret);
-	return(NULL);
-	}
-
-ASN1_TYPE *ASN1_TYPE_new(void)
-	{
-	ASN1_TYPE *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,ASN1_TYPE);
-	ret->type= -1;
-	ret->value.ptr=NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_ASN1_TYPE_NEW);
-	}
-
-void ASN1_TYPE_free(ASN1_TYPE *a)
-	{
-	if (a == NULL) return;
-	ASN1_TYPE_component_free(a);
-	OPENSSL_free(a);
-	}
 
 int ASN1_TYPE_get(ASN1_TYPE *a)
 	{
-	if (a->value.ptr != NULL)
+	if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
 		return(a->type);
 	else
 		return(0);
@@ -299,54 +71,11 @@ int ASN1_TYPE_get(ASN1_TYPE *a)
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
 	{
 	if (a->value.ptr != NULL)
-		ASN1_TYPE_component_free(a);
+		ASN1_primitive_free((ASN1_VALUE **)&a, NULL);
 	a->type=type;
 	a->value.ptr=value;
 	}
 
-static void ASN1_TYPE_component_free(ASN1_TYPE *a)
-	{
-	if (a == NULL) return;
-
-	if (a->value.ptr != NULL)
-		{
-		switch (a->type)
-			{
-		case V_ASN1_OBJECT:
-			ASN1_OBJECT_free(a->value.object);
-			break;
-		case V_ASN1_NULL:
-			break;
-		case V_ASN1_INTEGER:
-		case V_ASN1_NEG_INTEGER:
-		case V_ASN1_ENUMERATED:
-		case V_ASN1_NEG_ENUMERATED:
-		case V_ASN1_BIT_STRING:
-		case V_ASN1_OCTET_STRING:
-		case V_ASN1_SEQUENCE:
-		case V_ASN1_SET:
-		case V_ASN1_NUMERICSTRING:
-		case V_ASN1_PRINTABLESTRING:
-		case V_ASN1_T61STRING:
-		case V_ASN1_VIDEOTEXSTRING:
-		case V_ASN1_IA5STRING:
-		case V_ASN1_UTCTIME:
-		case V_ASN1_GENERALIZEDTIME:
-		case V_ASN1_GRAPHICSTRING:
-		case V_ASN1_VISIBLESTRING:
-		case V_ASN1_GENERALSTRING:
-		case V_ASN1_UNIVERSALSTRING:
-		case V_ASN1_BMPSTRING:
-		case V_ASN1_UTF8STRING:
-		case V_ASN1_OTHER:
-		default:
-			ASN1_STRING_free((ASN1_STRING *)a->value.ptr);
-			break;
-			}
-		a->type=0;
-		a->value.ptr=NULL;
-		}
-	}
 
 IMPLEMENT_STACK_OF(ASN1_TYPE)
 IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
diff --git a/crypto/openssl/crypto/asn1/a_utctm.c b/crypto/openssl/crypto/asn1/a_utctm.c
index dd5955ac9fdd..dbb4a42c9d15 100644
--- a/crypto/openssl/crypto/asn1/a_utctm.c
+++ b/crypto/openssl/crypto/asn1/a_utctm.c
@@ -58,20 +58,11 @@
 
 #include <stdio.h>
 #include <time.h>
-#ifdef VMS
-#include <descrip.h>
-#include <lnmdef.h>
-#include <starlet.h>
-#endif
 #include "cryptlib.h"
+#include "o_time.h"
 #include <openssl/asn1.h>
 
-ASN1_UTCTIME *ASN1_UTCTIME_new(void)
-{ return M_ASN1_UTCTIME_new(); }
-
-void ASN1_UTCTIME_free(ASN1_UTCTIME *x)
-{ M_ASN1_UTCTIME_free(x); }
-
+#if 0
 int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
 	{
 #ifndef CHARSET_EBCDIC
@@ -119,6 +110,8 @@ err:
 	return(NULL);
 	}
 
+#endif
+
 int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
 	{
 	static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
@@ -182,6 +175,7 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str)
 			{
 			ASN1_STRING_set((ASN1_STRING *)s,
 				(unsigned char *)str,t.length);
+			s->type = V_ASN1_UTCTIME;
 			}
 		return(1);
 		}
@@ -193,59 +187,17 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 	{
 	char *p;
 	struct tm *ts;
-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
-
 	struct tm data;
-#endif
 
 	if (s == NULL)
 		s=M_ASN1_UTCTIME_new();
 	if (s == NULL)
 		return(NULL);
 
-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
-	gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
-	ts=&data;
-#else
-	ts=gmtime(&t);
-#endif
-#ifdef VMS
+	ts=OPENSSL_gmtime(&t, &data);
 	if (ts == NULL)
-		{
-		static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL");
-		static $DESCRIPTOR(lognam,"SYS$TIMEZONE_DIFFERENTIAL");
-		char result[256];
-		unsigned int reslen = 0;
-		struct {
-			short buflen;
-			short code;
-			void *bufaddr;
-			unsigned int *reslen;
-		} itemlist[] = {
-			{ 0, LNM$_STRING, 0, 0 },
-			{ 0, 0, 0, 0 },
-		};
-		int status;
-
-		/* Get the value for SYS$TIMEZONE_DIFFERENTIAL */
-		itemlist[0].buflen = sizeof(result);
-		itemlist[0].bufaddr = result;
-		itemlist[0].reslen = &reslen;
-		status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist);
-		if (!(status & 1))
-			return NULL;
-		result[reslen] = '\0';
-
-		/* Get the numerical value of the equivalence string */
-		status = atoi(result);
-
-		/* and use it to move time to GMT */
-		t -= status;
-
-		/* then convert the result to the time structure */
-		ts=(struct tm *)localtime(&t);
-		}
-#endif
+		return(NULL);
+
 	p=(char *)s->data;
 	if ((p == NULL) || (s->length < 14))
 		{
@@ -270,9 +222,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 	{
 	struct tm *tm;
-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
 	struct tm data;
-#endif
 	int offset;
 	int year;
 
@@ -289,12 +239,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 
 	t -= offset*60; /* FIXME: may overflow in extreme cases */
 
-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
-	gmtime_r(&t, &data);
-	tm = &data;
-#else
-	tm = gmtime(&t);
-#endif
+	tm = OPENSSL_gmtime(&t, &data);
 	
 #define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
 	year = g2(s->data);
diff --git a/crypto/openssl/crypto/asn1/a_utf8.c b/crypto/openssl/crypto/asn1/a_utf8.c
index 854278f136e7..508e11e527c8 100644
--- a/crypto/openssl/crypto/asn1/a_utf8.c
+++ b/crypto/openssl/crypto/asn1/a_utf8.c
@@ -60,33 +60,6 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 
-ASN1_UTF8STRING *ASN1_UTF8STRING_new(void)
-{ return M_ASN1_UTF8STRING_new();}
-
-void ASN1_UTF8STRING_free(ASN1_UTF8STRING *x)
-{ M_ASN1_UTF8STRING_free(x);}
-
-int i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a, unsigned char **pp)
-	{
-	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
-		V_ASN1_UTF8STRING,V_ASN1_UNIVERSAL));
-	}
-
-ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a, unsigned char **pp,
-	     long length)
-	{
-	ASN1_UTF8STRING *ret=NULL;
-
-	ret=(ASN1_UTF8STRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
-		pp,length,V_ASN1_UTF8STRING,V_ASN1_UNIVERSAL);
-	if (ret == NULL)
-		{
-		ASN1err(ASN1_F_D2I_ASN1_UTF8STRING,ERR_R_NESTED_ASN1_ERROR);
-		return(NULL);
-		}
-	return(ret);
-	}
-
 
 /* UTF8 utilities */
 
diff --git a/crypto/openssl/crypto/asn1/a_verify.c b/crypto/openssl/crypto/asn1/a_verify.c
index 2a11927e5c1c..da2a0a6d6950 100644
--- a/crypto/openssl/crypto/asn1/a_verify.c
+++ b/crypto/openssl/crypto/asn1/a_verify.c
@@ -71,6 +71,8 @@
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
 
+#ifndef NO_ASN1_OLD
+
 int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
 	     char *data, EVP_PKEY *pkey)
 	{
@@ -79,6 +81,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
 	unsigned char *p,*buf_in=NULL;
 	int ret= -1,i,inl;
 
+	EVP_MD_CTX_init(&ctx);
 	i=OBJ_obj2nid(a->algorithm);
 	type=EVP_get_digestbyname(OBJ_nid2sn(i));
 	if (type == NULL)
@@ -97,10 +100,10 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
 	p=buf_in;
 
 	i2d(data,&p);
-	EVP_VerifyInit(&ctx,type);
+	EVP_VerifyInit_ex(&ctx,type, NULL);
 	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
 
-	memset(buf_in,0,(unsigned int)inl);
+	OPENSSL_cleanse(buf_in,(unsigned int)inl);
 	OPENSSL_free(buf_in);
 
 	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
@@ -115,5 +118,58 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
 	/* memset(&ctx,0,sizeof(ctx)); */
 	ret=1;
 err:
+	EVP_MD_CTX_cleanup(&ctx);
 	return(ret);
 	}
+
+#endif
+
+
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,
+	     void *asn, EVP_PKEY *pkey)
+	{
+	EVP_MD_CTX ctx;
+	const EVP_MD *type;
+	unsigned char *buf_in=NULL;
+	int ret= -1,i,inl;
+
+	EVP_MD_CTX_init(&ctx);
+	i=OBJ_obj2nid(a->algorithm);
+	type=EVP_get_digestbyname(OBJ_nid2sn(i));
+	if (type == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+		goto err;
+		}
+
+	inl = ASN1_item_i2d(asn, &buf_in, it);
+	
+	if (buf_in == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	EVP_VerifyInit_ex(&ctx,type, NULL);
+	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+
+	OPENSSL_cleanse(buf_in,(unsigned int)inl);
+	OPENSSL_free(buf_in);
+
+	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+			(unsigned int)signature->length,pkey) <= 0)
+		{
+		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+		ret=0;
+		goto err;
+		}
+	/* we don't need to zero the 'ctx' because we just checked
+	 * public information */
+	/* memset(&ctx,0,sizeof(ctx)); */
+	ret=1;
+err:
+	EVP_MD_CTX_cleanup(&ctx);
+	return(ret);
+	}
+
+
diff --git a/crypto/openssl/crypto/asn1/asn1.h b/crypto/openssl/crypto/asn1/asn1.h
index 65dc5eda27ba..28b5b008f876 100644
--- a/crypto/openssl/crypto/asn1/asn1.h
+++ b/crypto/openssl/crypto/asn1/asn1.h
@@ -60,15 +60,23 @@
 #define HEADER_ASN1_H
 
 #include <time.h>
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
+#include <openssl/e_os2.h>
 #include <openssl/bn.h>
 #include <openssl/stack.h>
 #include <openssl/safestack.h>
 
 #include <openssl/symhacks.h>
 
+#include <openssl/ossl_typ.h>
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -84,6 +92,7 @@ extern "C" {
 
 #define V_ASN1_APP_CHOOSE		-2	/* let the recipient choose */
 #define V_ASN1_OTHER			-3	/* used in ASN1_TYPE */
+#define V_ASN1_ANY			-4	/* used in ASN1 template code */
 
 #define V_ASN1_NEG			0x100	/* negative flag */
 
@@ -136,6 +145,8 @@ extern "C" {
 #define B_ASN1_BMPSTRING	0x0800
 #define B_ASN1_UNKNOWN		0x1000
 #define B_ASN1_UTF8STRING	0x2000
+#define B_ASN1_UTCTIME		0x4000
+#define B_ASN1_GENERALIZEDTIME	0x8000
 
 /* For use with ASN1_mbstring_copy() */
 #define MBSTRING_FLAG		0x1000
@@ -193,6 +204,21 @@ typedef struct asn1_string_st
 	long flags;
 	} ASN1_STRING;
 
+/* ASN1_ENCODING structure: this is used to save the received
+ * encoding of an ASN1 type. This is useful to get round
+ * problems with invalid encodings which can break signatures.
+ */
+
+typedef struct ASN1_ENCODING_st
+	{
+	unsigned char *enc;	/* DER encoding */
+	long len;		/* Length of encoding */
+	int modified;		 /* set to 1 if 'enc' is invalid */
+	} ASN1_ENCODING;
+
+/* Used with ASN1 LONG type: if a long is set to this it is omitted */
+#define ASN1_LONG_UNDEF	0x7fffffffL
+
 #define STABLE_FLAGS_MALLOC	0x01
 #define STABLE_NO_MASK		0x02
 #define DIRSTRING_TYPE	\
@@ -220,43 +246,116 @@ DECLARE_STACK_OF(ASN1_STRING_TABLE)
 #define ub_title			64
 #define ub_email_address		128
 
-#ifdef NO_ASN1_TYPEDEFS
-#define ASN1_INTEGER		ASN1_STRING
-#define ASN1_ENUMERATED		ASN1_STRING
-#define ASN1_BIT_STRING		ASN1_STRING
-#define ASN1_OCTET_STRING	ASN1_STRING
-#define ASN1_PRINTABLESTRING	ASN1_STRING
-#define ASN1_T61STRING		ASN1_STRING
-#define ASN1_IA5STRING		ASN1_STRING
-#define ASN1_UTCTIME		ASN1_STRING
-#define ASN1_GENERALIZEDTIME	ASN1_STRING
-#define ASN1_TIME		ASN1_STRING
-#define ASN1_GENERALSTRING	ASN1_STRING
-#define ASN1_UNIVERSALSTRING	ASN1_STRING
-#define ASN1_BMPSTRING		ASN1_STRING
-#define ASN1_VISIBLESTRING	ASN1_STRING
-#define ASN1_UTF8STRING		ASN1_STRING
-#define ASN1_BOOLEAN		int
+/* Declarations for template structures: for full definitions
+ * see asn1t.h
+ */
+typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
+typedef struct ASN1_ITEM_st ASN1_ITEM;
+typedef struct ASN1_TLC_st ASN1_TLC;
+/* This is just an opaque pointer */
+typedef struct ASN1_VALUE_st ASN1_VALUE;
+
+/* Declare ASN1 functions: the implement macro in in asn1t.h */
+
+#define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
+
+#define DECLARE_ASN1_FUNCTIONS_name(type, name) \
+	type *name##_new(void); \
+	void name##_free(type *a); \
+	DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
+
+#define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
+	type *name##_new(void); \
+	void name##_free(type *a); \
+	DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
+
+#define	DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
+	type *d2i_##name(type **a, unsigned char **in, long len); \
+	int i2d_##name(type *a, unsigned char **out); \
+	DECLARE_ASN1_ITEM(itname)
+
+#define	DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \
+	type *d2i_##name(type **a, const unsigned char **in, long len); \
+	int i2d_##name(const type *a, unsigned char **out); \
+	DECLARE_ASN1_ITEM(name)
+
+#define DECLARE_ASN1_FUNCTIONS_const(name) \
+	name *name##_new(void); \
+	void name##_free(name *a);
+
+
+/* The following macros and typedefs allow an ASN1_ITEM
+ * to be embedded in a structure and referenced. Since
+ * the ASN1_ITEM pointers need to be globally accessible
+ * (possibly from shared libraries) they may exist in
+ * different forms. On platforms that support it the
+ * ASN1_ITEM structure itself will be globally exported.
+ * Other platforms will export a function that returns
+ * an ASN1_ITEM pointer.
+ *
+ * To handle both cases transparently the macros below
+ * should be used instead of hard coding an ASN1_ITEM
+ * pointer in a structure.
+ *
+ * The structure will look like this:
+ *
+ * typedef struct SOMETHING_st {
+ *      ...
+ *      ASN1_ITEM_EXP *iptr;
+ *      ...
+ * } SOMETHING; 
+ *
+ * It would be initialised as e.g.:
+ *
+ * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};
+ *
+ * and the actual pointer extracted with:
+ *
+ * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);
+ *
+ * Finally an ASN1_ITEM pointer can be extracted from an
+ * appropriate reference with: ASN1_ITEM_rptr(X509). This
+ * would be used when a function takes an ASN1_ITEM * argument.
+ *
+ */
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM ASN1_ITEM_EXP;
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+#define ASN1_ITEM_ptr(iptr) (iptr)
+
+/* Macro to include ASN1_ITEM pointer from base type */
+#define ASN1_ITEM_ref(iptr) (&(iptr##_it))
+
+#define ASN1_ITEM_rptr(ref) (&(ref##_it))
+
+#define DECLARE_ASN1_ITEM(name) \
+	OPENSSL_EXTERN const ASN1_ITEM name##_it;
+
 #else
-typedef struct asn1_string_st ASN1_INTEGER;
-typedef struct asn1_string_st ASN1_ENUMERATED;
-typedef struct asn1_string_st ASN1_BIT_STRING;
-typedef struct asn1_string_st ASN1_OCTET_STRING;
-typedef struct asn1_string_st ASN1_PRINTABLESTRING;
-typedef struct asn1_string_st ASN1_T61STRING;
-typedef struct asn1_string_st ASN1_IA5STRING;
-typedef struct asn1_string_st ASN1_GENERALSTRING;
-typedef struct asn1_string_st ASN1_UNIVERSALSTRING;
-typedef struct asn1_string_st ASN1_BMPSTRING;
-typedef struct asn1_string_st ASN1_UTCTIME;
-typedef struct asn1_string_st ASN1_TIME;
-typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
-typedef struct asn1_string_st ASN1_VISIBLESTRING;
-typedef struct asn1_string_st ASN1_UTF8STRING;
-typedef int ASN1_BOOLEAN;
-#endif
 
-typedef int ASN1_NULL;
+/* Platforms that can't easily handle shared global variables are declared
+ * as functions returning ASN1_ITEM pointers.
+ */
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM * ASN1_ITEM_EXP(void);
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+#define ASN1_ITEM_ptr(iptr) (iptr())
+
+/* Macro to include ASN1_ITEM pointer from base type */
+#define ASN1_ITEM_ref(iptr) (iptr##_it)
+
+#define ASN1_ITEM_rptr(ref) (ref##_it())
+
+#define DECLARE_ASN1_ITEM(name) \
+	const ASN1_ITEM * name##_it(void);
+
+#endif
 
 /* Parameters used by ASN1_STRING_print_ex() */
 
@@ -340,6 +439,8 @@ typedef int ASN1_NULL;
 DECLARE_STACK_OF(ASN1_INTEGER)
 DECLARE_ASN1_SET_OF(ASN1_INTEGER)
 
+DECLARE_STACK_OF(ASN1_GENERALSTRING)
+
 typedef struct asn1_type_st
 	{
 	int type;
@@ -438,12 +539,11 @@ typedef struct BIT_STRING_BITNAME_st {
 		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\
 		V_ASN1_UNIVERSAL)
 
-#define M_ASN1_PRINTABLE_new()	ASN1_STRING_type_new(V_ASN1_T61STRING)
-#define M_ASN1_PRINTABLE_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
-		pp,a->type,V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_PRINTABLE(a,pp,l) \
-		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+#define B_ASN1_TIME \
+			B_ASN1_UTCTIME | \
+			B_ASN1_GENERALIZEDTIME
+
+#define B_ASN1_PRINTABLE \
 			B_ASN1_PRINTABLESTRING| \
 			B_ASN1_T61STRING| \
 			B_ASN1_IA5STRING| \
@@ -451,7 +551,28 @@ typedef struct BIT_STRING_BITNAME_st {
 			B_ASN1_UNIVERSALSTRING|\
 			B_ASN1_BMPSTRING|\
 			B_ASN1_UTF8STRING|\
-			B_ASN1_UNKNOWN)
+			B_ASN1_UNKNOWN
+
+#define B_ASN1_DIRECTORYSTRING \
+			B_ASN1_PRINTABLESTRING| \
+			B_ASN1_TELETEXSTRING|\
+			B_ASN1_BMPSTRING|\
+			B_ASN1_UNIVERSALSTRING|\
+			B_ASN1_UTF8STRING
+
+#define B_ASN1_DISPLAYTEXT \
+			B_ASN1_IA5STRING| \
+			B_ASN1_VISIBLESTRING| \
+			B_ASN1_BMPSTRING|\
+			B_ASN1_UTF8STRING
+
+#define M_ASN1_PRINTABLE_new()	ASN1_STRING_type_new(V_ASN1_T61STRING)
+#define M_ASN1_PRINTABLE_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+		pp,a->type,V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_PRINTABLE(a,pp,l) \
+		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+			B_ASN1_PRINTABLE)
 
 #define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
 #define M_DIRECTORYSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
@@ -459,11 +580,7 @@ typedef struct BIT_STRING_BITNAME_st {
 						pp,a->type,V_ASN1_UNIVERSAL)
 #define M_d2i_DIRECTORYSTRING(a,pp,l) \
 		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
-			B_ASN1_PRINTABLESTRING| \
-			B_ASN1_TELETEXSTRING|\
-			B_ASN1_BMPSTRING|\
-			B_ASN1_UNIVERSALSTRING|\
-			B_ASN1_UTF8STRING)
+			B_ASN1_DIRECTORYSTRING)
 
 #define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
 #define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a)
@@ -471,9 +588,7 @@ typedef struct BIT_STRING_BITNAME_st {
 						pp,a->type,V_ASN1_UNIVERSAL)
 #define M_d2i_DISPLAYTEXT(a,pp,l) \
 		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
-			B_ASN1_VISIBLESTRING| \
-			B_ASN1_BMPSTRING|\
-			B_ASN1_UTF8STRING)
+			B_ASN1_DISPLAYTEXT)
 
 #define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\
 		ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
@@ -577,10 +692,8 @@ typedef struct BIT_STRING_BITNAME_st {
 #define IS_SEQUENCE	0
 #define IS_SET		1
 
-ASN1_TYPE *	ASN1_TYPE_new(void );
-void		ASN1_TYPE_free(ASN1_TYPE *a);
-int		i2d_ASN1_TYPE(ASN1_TYPE *a,unsigned char **pp);
-ASN1_TYPE *	d2i_ASN1_TYPE(ASN1_TYPE **a,unsigned char **pp,long length);
+DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
 int ASN1_TYPE_get(ASN1_TYPE *a);
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
 
@@ -592,6 +705,8 @@ ASN1_OBJECT *	c2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
 ASN1_OBJECT *	d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
 			long length);
 
+DECLARE_ASN1_ITEM(ASN1_OBJECT)
+
 DECLARE_STACK_OF(ASN1_OBJECT)
 DECLARE_ASN1_SET_OF(ASN1_OBJECT)
 
@@ -608,12 +723,8 @@ void ASN1_STRING_length_set(ASN1_STRING *x, int n);
 int ASN1_STRING_type(ASN1_STRING *x);
 unsigned char * ASN1_STRING_data(ASN1_STRING *x);
 
-ASN1_BIT_STRING *	ASN1_BIT_STRING_new(void);
-void		ASN1_BIT_STRING_free(ASN1_BIT_STRING *a);
-int		i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
+DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
 int		i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
-ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
-			long length);
 ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
 			long length);
 int		ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
@@ -621,7 +732,7 @@ int		ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
 int		ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
 int		ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
 
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
 				BIT_STRING_BITNAME *tbl, int indent);
 #endif
@@ -632,12 +743,8 @@ int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
 int		i2d_ASN1_BOOLEAN(int a,unsigned char **pp);
 int 		d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length);
 
-ASN1_INTEGER *	ASN1_INTEGER_new(void);
-void		ASN1_INTEGER_free(ASN1_INTEGER *a);
-int		i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
+DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
 int		i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
-ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
-			long length);
 ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
 			long length);
 ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp,
@@ -645,11 +752,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp,
 ASN1_INTEGER *	ASN1_INTEGER_dup(ASN1_INTEGER *x);
 int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);
 
-ASN1_ENUMERATED *	ASN1_ENUMERATED_new(void);
-void		ASN1_ENUMERATED_free(ASN1_ENUMERATED *a);
-int		i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a,unsigned char **pp);
-ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a,unsigned char **pp,
-			long length);
+DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
 
 int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
@@ -663,91 +766,35 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
 int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str); 
 
-ASN1_OCTET_STRING *	ASN1_OCTET_STRING_new(void);
-void		ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *a);
-int		i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a,unsigned char **pp);
-ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a,
-			unsigned char **pp,long length);
+DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
 ASN1_OCTET_STRING *	ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a);
 int 	ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b);
 int 	ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, unsigned char *data, int len);
 
-ASN1_VISIBLESTRING *	ASN1_VISIBLESTRING_new(void);
-void		ASN1_VISIBLESTRING_free(ASN1_VISIBLESTRING *a);
-int	i2d_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING *a,unsigned char **pp);
-ASN1_VISIBLESTRING *d2i_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING **a,
-			unsigned char **pp,long length);
-
-ASN1_UTF8STRING *	ASN1_UTF8STRING_new(void);
-void		ASN1_UTF8STRING_free(ASN1_UTF8STRING *a);
-int		i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a,unsigned char **pp);
-ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a,
-			unsigned char **pp,long length);
-
-ASN1_NULL *	ASN1_NULL_new(void);
-void		ASN1_NULL_free(ASN1_NULL *a);
-int		i2d_ASN1_NULL(ASN1_NULL *a,unsigned char **pp);
-ASN1_NULL *d2i_ASN1_NULL(ASN1_NULL **a, unsigned char **pp,long length);
-
-ASN1_BMPSTRING *	ASN1_BMPSTRING_new(void);
-void		ASN1_BMPSTRING_free(ASN1_BMPSTRING *a);
-int i2d_ASN1_BMPSTRING(ASN1_BMPSTRING *a, unsigned char **pp);
-ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **a, unsigned char **pp,
-	long length);
-
+DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_NULL)
+DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
 
 int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
 int UTF8_putc(unsigned char *str, int len, unsigned long value);
 
-int i2d_ASN1_PRINTABLE(ASN1_STRING *a,unsigned char **pp);
-ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a,
-	unsigned char **pp, long l);
-
-ASN1_PRINTABLESTRING *	ASN1_PRINTABLESTRING_new(void);
-void		ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *a);
-ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a,
-	unsigned char **pp, long l);
-int i2d_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING *a, unsigned char **pp);
-
-ASN1_STRING *	DIRECTORYSTRING_new(void);
-void		DIRECTORYSTRING_free(ASN1_STRING *a);
-int	i2d_DIRECTORYSTRING(ASN1_STRING *a,unsigned char **pp);
-ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **a, unsigned char **pp,
-								 long length);
-
-ASN1_STRING *	DISPLAYTEXT_new(void);
-void		DISPLAYTEXT_free(ASN1_STRING *a);
-int	i2d_DISPLAYTEXT(ASN1_STRING *a,unsigned char **pp);
-ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **a, unsigned char **pp, long length);
-
-ASN1_T61STRING *	ASN1_T61STRING_new(void);
-void		ASN1_T61STRING_free(ASN1_IA5STRING *a);
-ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a,
-	unsigned char **pp, long l);
-
-ASN1_IA5STRING *	ASN1_IA5STRING_new(void);
-void		ASN1_IA5STRING_free(ASN1_IA5STRING *a);
-int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a,unsigned char **pp);
-ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a,
-	unsigned char **pp, long l);
-
-ASN1_UTCTIME *	ASN1_UTCTIME_new(void);
-void		ASN1_UTCTIME_free(ASN1_UTCTIME *a);
-int		i2d_ASN1_UTCTIME(ASN1_UTCTIME *a,unsigned char **pp);
-ASN1_UTCTIME *	d2i_ASN1_UTCTIME(ASN1_UTCTIME **a,unsigned char **pp,
-			long length);
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
 
-ASN1_GENERALIZEDTIME *	ASN1_GENERALIZEDTIME_new(void);
-void		ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *a);
-int		i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a,unsigned char **pp);
-ASN1_GENERALIZEDTIME *	d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,unsigned char **pp,
-			long length);
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
 
-ASN1_TIME *	ASN1_TIME_new(void);
-void		ASN1_TIME_free(ASN1_TIME *a);
-int		i2d_ASN1_TIME(ASN1_TIME *a,unsigned char **pp);
-ASN1_TIME *	d2i_ASN1_TIME(ASN1_TIME **a,unsigned char **pp, long length);
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
+int ASN1_TIME_check(ASN1_TIME *t);
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
 
 int		i2d_ASN1_SET(STACK *a, unsigned char **pp,
 			int (*func)(), int ex_tag, int ex_class, int is_set);
@@ -755,7 +802,7 @@ STACK *		d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
 			char *(*func)(), void (*free_func)(void *),
 			int ex_tag, int ex_class);
 
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
 int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
 int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
@@ -768,7 +815,7 @@ int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a);
 
 int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num);
 ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,
-	char *sn, char *ln);
+	const char *sn, const char *ln);
 
 int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
 long ASN1_INTEGER_get(ASN1_INTEGER *a);
@@ -787,6 +834,7 @@ int ASN1_PRINTABLE_type(unsigned char *s, int max);
 int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);
 ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp,
 	long length, int Ptag, int Pclass);
+unsigned long ASN1_tag2bit(int tag);
 /* type is one or more of the B_ASN1_ values. */
 ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,unsigned char **pp,
 		long length,int type);
@@ -805,17 +853,23 @@ int ASN1_object_size(int constructed, int length, int tag);
 /* Used to implement other functions */
 char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x);
 
-#ifndef NO_FP_API
+void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
+
+#ifndef OPENSSL_NO_FP_API
 char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x);
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
 int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
 int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
 #endif
 
 int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
 
-#ifndef NO_BIO
+#ifndef OPENSSL_NO_BIO
 char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x);
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
 int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x);
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
 int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
 int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
 int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
@@ -854,7 +908,9 @@ STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
 unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
 			     int *len );
 void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)());
+void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
 ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct);
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
 
 void ASN1_STRING_set_default_mask(unsigned long mask);
 int ASN1_STRING_set_default_mask_asc(char *p);
@@ -871,6 +927,16 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
 int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long);
 void ASN1_STRING_TABLE_cleanup(void);
 
+/* ASN1 template functions */
+
+/* Old API compatible functions */
+ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
+void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
+ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it);
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
+
+void ASN1_add_oid_module(void);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -881,267 +947,155 @@ void ERR_load_ASN1_strings(void);
 
 /* Function codes. */
 #define ASN1_F_A2D_ASN1_OBJECT				 100
-#define ASN1_F_A2I_ASN1_ENUMERATED			 236
-#define ASN1_F_A2I_ASN1_INTEGER				 101
-#define ASN1_F_A2I_ASN1_STRING				 102
-#define ASN1_F_ACCESS_DESCRIPTION_NEW			 291
-#define ASN1_F_ASN1_COLLATE_PRIMITIVE			 103
-#define ASN1_F_ASN1_D2I_BIO				 104
-#define ASN1_F_ASN1_D2I_FP				 105
-#define ASN1_F_ASN1_DUP					 106
-#define ASN1_F_ASN1_ENUMERATED_SET			 232
-#define ASN1_F_ASN1_ENUMERATED_TO_BN			 233
-#define ASN1_F_ASN1_GENERALIZEDTIME_NEW			 222
-#define ASN1_F_ASN1_GET_OBJECT				 107
-#define ASN1_F_ASN1_HEADER_NEW				 108
-#define ASN1_F_ASN1_I2D_BIO				 109
-#define ASN1_F_ASN1_I2D_FP				 110
-#define ASN1_F_ASN1_INTEGER_SET				 111
-#define ASN1_F_ASN1_INTEGER_TO_BN			 112
-#define ASN1_F_ASN1_MBSTRING_COPY			 282
-#define ASN1_F_ASN1_OBJECT_NEW				 113
-#define ASN1_F_ASN1_PACK_STRING				 245
-#define ASN1_F_ASN1_PBE_SET				 253
-#define ASN1_F_ASN1_SEQ_PACK				 246
-#define ASN1_F_ASN1_SEQ_UNPACK				 247
-#define ASN1_F_ASN1_SIGN				 114
-#define ASN1_F_ASN1_STRING_NEW				 115
-#define ASN1_F_ASN1_STRING_TABLE_ADD			 283
-#define ASN1_F_ASN1_STRING_TYPE_NEW			 116
-#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 117
-#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 118
-#define ASN1_F_ASN1_TYPE_NEW				 119
-#define ASN1_F_ASN1_UNPACK_STRING			 248
-#define ASN1_F_ASN1_UTCTIME_NEW				 120
-#define ASN1_F_ASN1_VERIFY				 121
-#define ASN1_F_AUTHORITY_KEYID_NEW			 237
-#define ASN1_F_BASIC_CONSTRAINTS_NEW			 226
-#define ASN1_F_BN_TO_ASN1_ENUMERATED			 234
-#define ASN1_F_BN_TO_ASN1_INTEGER			 122
-#define ASN1_F_D2I_ACCESS_DESCRIPTION			 284
-#define ASN1_F_D2I_ASN1_BIT_STRING			 123
-#define ASN1_F_D2I_ASN1_BMPSTRING			 124
-#define ASN1_F_D2I_ASN1_BOOLEAN				 125
-#define ASN1_F_D2I_ASN1_BYTES				 126
-#define ASN1_F_D2I_ASN1_ENUMERATED			 235
-#define ASN1_F_D2I_ASN1_GENERALIZEDTIME			 223
-#define ASN1_F_D2I_ASN1_HEADER				 127
-#define ASN1_F_D2I_ASN1_INTEGER				 128
-#define ASN1_F_D2I_ASN1_NULL				 292
-#define ASN1_F_D2I_ASN1_OBJECT				 129
-#define ASN1_F_D2I_ASN1_OCTET_STRING			 130
-#define ASN1_F_D2I_ASN1_PRINT_TYPE			 131
-#define ASN1_F_D2I_ASN1_SET				 132
-#define ASN1_F_D2I_ASN1_TIME				 224
-#define ASN1_F_D2I_ASN1_TYPE				 133
-#define ASN1_F_D2I_ASN1_TYPE_BYTES			 134
-#define ASN1_F_D2I_ASN1_UINTEGER			 280
-#define ASN1_F_D2I_ASN1_UTCTIME				 135
-#define ASN1_F_D2I_ASN1_UTF8STRING			 266
-#define ASN1_F_D2I_ASN1_VISIBLESTRING			 267
-#define ASN1_F_D2I_AUTHORITY_KEYID			 238
-#define ASN1_F_D2I_BASIC_CONSTRAINTS			 227
-#define ASN1_F_D2I_DHPARAMS				 136
-#define ASN1_F_D2I_DIST_POINT				 276
-#define ASN1_F_D2I_DIST_POINT_NAME			 277
-#define ASN1_F_D2I_DSAPARAMS				 137
-#define ASN1_F_D2I_DSAPRIVATEKEY			 138
-#define ASN1_F_D2I_DSAPUBLICKEY				 139
-#define ASN1_F_D2I_GENERAL_NAME				 230
-#define ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE		 228
-#define ASN1_F_D2I_NETSCAPE_PKEY			 140
-#define ASN1_F_D2I_NETSCAPE_RSA				 141
-#define ASN1_F_D2I_NETSCAPE_RSA_2			 142
-#define ASN1_F_D2I_NETSCAPE_SPKAC			 143
-#define ASN1_F_D2I_NETSCAPE_SPKI			 144
-#define ASN1_F_D2I_NOTICEREF				 268
-#define ASN1_F_D2I_OTHERNAME				 287
-#define ASN1_F_D2I_PBE2PARAM				 262
-#define ASN1_F_D2I_PBEPARAM				 249
-#define ASN1_F_D2I_PBKDF2PARAM				 263
-#define ASN1_F_D2I_PKCS12				 254
-#define ASN1_F_D2I_PKCS12_BAGS				 255
-#define ASN1_F_D2I_PKCS12_MAC_DATA			 256
-#define ASN1_F_D2I_PKCS12_SAFEBAG			 257
-#define ASN1_F_D2I_PKCS7				 145
-#define ASN1_F_D2I_PKCS7_DIGEST				 146
-#define ASN1_F_D2I_PKCS7_ENCRYPT			 147
-#define ASN1_F_D2I_PKCS7_ENC_CONTENT			 148
-#define ASN1_F_D2I_PKCS7_ENVELOPE			 149
-#define ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL		 150
-#define ASN1_F_D2I_PKCS7_RECIP_INFO			 151
-#define ASN1_F_D2I_PKCS7_SIGNED				 152
-#define ASN1_F_D2I_PKCS7_SIGNER_INFO			 153
-#define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE			 154
-#define ASN1_F_D2I_PKCS8_PRIV_KEY_INFO			 250
-#define ASN1_F_D2I_PKEY_USAGE_PERIOD			 239
-#define ASN1_F_D2I_POLICYINFO				 269
-#define ASN1_F_D2I_POLICYQUALINFO			 270
-#define ASN1_F_D2I_PRIVATEKEY				 155
-#define ASN1_F_D2I_PUBLICKEY				 156
-#define ASN1_F_D2I_RSAPRIVATEKEY			 157
-#define ASN1_F_D2I_RSAPUBLICKEY				 158
-#define ASN1_F_D2I_SXNET				 241
-#define ASN1_F_D2I_SXNETID				 243
-#define ASN1_F_D2I_USERNOTICE				 271
-#define ASN1_F_D2I_X509					 159
-#define ASN1_F_D2I_X509_ALGOR				 160
-#define ASN1_F_D2I_X509_ATTRIBUTE			 161
-#define ASN1_F_D2I_X509_CERT_AUX			 285
-#define ASN1_F_D2I_X509_CINF				 162
-#define ASN1_F_D2I_X509_CRL				 163
-#define ASN1_F_D2I_X509_CRL_INFO			 164
-#define ASN1_F_D2I_X509_EXTENSION			 165
-#define ASN1_F_D2I_X509_KEY				 166
-#define ASN1_F_D2I_X509_NAME				 167
-#define ASN1_F_D2I_X509_NAME_ENTRY			 168
-#define ASN1_F_D2I_X509_PKEY				 169
-#define ASN1_F_D2I_X509_PUBKEY				 170
-#define ASN1_F_D2I_X509_REQ				 171
-#define ASN1_F_D2I_X509_REQ_INFO			 172
-#define ASN1_F_D2I_X509_REVOKED				 173
-#define ASN1_F_D2I_X509_SIG				 174
-#define ASN1_F_D2I_X509_VAL				 175
-#define ASN1_F_DIST_POINT_NAME_NEW			 278
-#define ASN1_F_DIST_POINT_NEW				 279
-#define ASN1_F_GENERAL_NAME_NEW				 231
-#define ASN1_F_I2D_ASN1_HEADER				 176
-#define ASN1_F_I2D_ASN1_TIME				 225
-#define ASN1_F_I2D_DHPARAMS				 177
-#define ASN1_F_I2D_DSAPARAMS				 178
-#define ASN1_F_I2D_DSAPRIVATEKEY			 179
-#define ASN1_F_I2D_DSAPUBLICKEY				 180
-#define ASN1_F_I2D_DSA_PUBKEY				 290
-#define ASN1_F_I2D_NETSCAPE_RSA				 181
-#define ASN1_F_I2D_PKCS7				 182
-#define ASN1_F_I2D_PRIVATEKEY				 183
-#define ASN1_F_I2D_PUBLICKEY				 184
-#define ASN1_F_I2D_RSAPRIVATEKEY			 185
-#define ASN1_F_I2D_RSAPUBLICKEY				 186
-#define ASN1_F_I2D_RSA_PUBKEY				 289
-#define ASN1_F_I2D_X509_ATTRIBUTE			 187
-#define ASN1_F_I2T_ASN1_OBJECT				 188
-#define ASN1_F_NETSCAPE_CERT_SEQUENCE_NEW		 229
-#define ASN1_F_NETSCAPE_PKEY_NEW			 189
-#define ASN1_F_NETSCAPE_SPKAC_NEW			 190
-#define ASN1_F_NETSCAPE_SPKI_NEW			 191
-#define ASN1_F_NOTICEREF_NEW				 272
-#define ASN1_F_OTHERNAME_NEW				 288
-#define ASN1_F_PBE2PARAM_NEW				 264
-#define ASN1_F_PBEPARAM_NEW				 251
-#define ASN1_F_PBKDF2PARAM_NEW				 265
-#define ASN1_F_PKCS12_BAGS_NEW				 258
-#define ASN1_F_PKCS12_MAC_DATA_NEW			 259
-#define ASN1_F_PKCS12_NEW				 260
-#define ASN1_F_PKCS12_SAFEBAG_NEW			 261
-#define ASN1_F_PKCS5_PBE2_SET				 281
-#define ASN1_F_PKCS7_DIGEST_NEW				 192
-#define ASN1_F_PKCS7_ENCRYPT_NEW			 193
-#define ASN1_F_PKCS7_ENC_CONTENT_NEW			 194
-#define ASN1_F_PKCS7_ENVELOPE_NEW			 195
-#define ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW		 196
-#define ASN1_F_PKCS7_NEW				 197
-#define ASN1_F_PKCS7_RECIP_INFO_NEW			 198
-#define ASN1_F_PKCS7_SIGNED_NEW				 199
-#define ASN1_F_PKCS7_SIGNER_INFO_NEW			 200
-#define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW			 201
-#define ASN1_F_PKCS8_PRIV_KEY_INFO_NEW			 252
-#define ASN1_F_PKEY_USAGE_PERIOD_NEW			 240
-#define ASN1_F_POLICYINFO_NEW				 273
-#define ASN1_F_POLICYQUALINFO_NEW			 274
-#define ASN1_F_SXNETID_NEW				 244
-#define ASN1_F_SXNET_NEW				 242
-#define ASN1_F_USERNOTICE_NEW				 275
-#define ASN1_F_X509_ALGOR_NEW				 202
-#define ASN1_F_X509_ATTRIBUTE_NEW			 203
-#define ASN1_F_X509_CERT_AUX_NEW			 286
-#define ASN1_F_X509_CINF_NEW				 204
-#define ASN1_F_X509_CRL_INFO_NEW			 205
-#define ASN1_F_X509_CRL_NEW				 206
-#define ASN1_F_X509_DHPARAMS_NEW			 207
-#define ASN1_F_X509_EXTENSION_NEW			 208
-#define ASN1_F_X509_INFO_NEW				 209
-#define ASN1_F_X509_KEY_NEW				 210
-#define ASN1_F_X509_NAME_ENTRY_NEW			 211
-#define ASN1_F_X509_NAME_NEW				 212
-#define ASN1_F_X509_NEW					 213
-#define ASN1_F_X509_PKEY_NEW				 214
-#define ASN1_F_X509_PUBKEY_NEW				 215
-#define ASN1_F_X509_REQ_INFO_NEW			 216
-#define ASN1_F_X509_REQ_NEW				 217
-#define ASN1_F_X509_REVOKED_NEW				 218
-#define ASN1_F_X509_SIG_NEW				 219
-#define ASN1_F_X509_VAL_FREE				 220
-#define ASN1_F_X509_VAL_NEW				 221
+#define ASN1_F_A2I_ASN1_ENUMERATED			 101
+#define ASN1_F_A2I_ASN1_INTEGER				 102
+#define ASN1_F_A2I_ASN1_STRING				 103
+#define ASN1_F_ASN1_CHECK_TLEN				 104
+#define ASN1_F_ASN1_COLLATE_PRIMITIVE			 105
+#define ASN1_F_ASN1_COLLECT				 106
+#define ASN1_F_ASN1_D2I_BIO				 107
+#define ASN1_F_ASN1_D2I_EX_PRIMITIVE			 108
+#define ASN1_F_ASN1_D2I_FP				 109
+#define ASN1_F_ASN1_DO_ADB				 110
+#define ASN1_F_ASN1_DUP					 111
+#define ASN1_F_ASN1_ENUMERATED_SET			 112
+#define ASN1_F_ASN1_ENUMERATED_TO_BN			 113
+#define ASN1_F_ASN1_GET_OBJECT				 114
+#define ASN1_F_ASN1_HEADER_NEW				 115
+#define ASN1_F_ASN1_I2D_BIO				 116
+#define ASN1_F_ASN1_I2D_FP				 117
+#define ASN1_F_ASN1_INTEGER_SET				 118
+#define ASN1_F_ASN1_INTEGER_TO_BN			 119
+#define ASN1_F_ASN1_ITEM_EX_D2I				 120
+#define ASN1_F_ASN1_ITEM_NEW				 121
+#define ASN1_F_ASN1_MBSTRING_COPY			 122
+#define ASN1_F_ASN1_OBJECT_NEW				 123
+#define ASN1_F_ASN1_PACK_STRING				 124
+#define ASN1_F_ASN1_PBE_SET				 125
+#define ASN1_F_ASN1_SEQ_PACK				 126
+#define ASN1_F_ASN1_SEQ_UNPACK				 127
+#define ASN1_F_ASN1_SIGN				 128
+#define ASN1_F_ASN1_STRING_TABLE_ADD			 129
+#define ASN1_F_ASN1_STRING_TYPE_NEW			 130
+#define ASN1_F_ASN1_TEMPLATE_D2I			 131
+#define ASN1_F_ASN1_TEMPLATE_EX_D2I			 132
+#define ASN1_F_ASN1_TEMPLATE_NEW			 133
+#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 134
+#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 135
+#define ASN1_F_ASN1_UNPACK_STRING			 136
+#define ASN1_F_ASN1_VERIFY				 137
+#define ASN1_F_BN_TO_ASN1_ENUMERATED			 138
+#define ASN1_F_BN_TO_ASN1_INTEGER			 139
+#define ASN1_F_COLLECT_DATA				 140
+#define ASN1_F_D2I_ASN1_BIT_STRING			 141
+#define ASN1_F_D2I_ASN1_BOOLEAN				 142
+#define ASN1_F_D2I_ASN1_BYTES				 143
+#define ASN1_F_D2I_ASN1_GENERALIZEDTIME			 144
+#define ASN1_F_D2I_ASN1_HEADER				 145
+#define ASN1_F_D2I_ASN1_INTEGER				 146
+#define ASN1_F_D2I_ASN1_OBJECT				 147
+#define ASN1_F_D2I_ASN1_SET				 148
+#define ASN1_F_D2I_ASN1_TYPE_BYTES			 149
+#define ASN1_F_D2I_ASN1_UINTEGER			 150
+#define ASN1_F_D2I_ASN1_UTCTIME				 151
+#define ASN1_F_D2I_NETSCAPE_RSA				 152
+#define ASN1_F_D2I_NETSCAPE_RSA_2			 153
+#define ASN1_F_D2I_PRIVATEKEY				 154
+#define ASN1_F_D2I_PUBLICKEY				 155
+#define ASN1_F_D2I_X509					 156
+#define ASN1_F_D2I_X509_CINF				 157
+#define ASN1_F_D2I_X509_NAME				 158
+#define ASN1_F_D2I_X509_PKEY				 159
+#define ASN1_F_I2D_ASN1_TIME				 160
+#define ASN1_F_I2D_DSA_PUBKEY				 161
+#define ASN1_F_I2D_NETSCAPE_RSA				 162
+#define ASN1_F_I2D_PRIVATEKEY				 163
+#define ASN1_F_I2D_PUBLICKEY				 164
+#define ASN1_F_I2D_RSA_PUBKEY				 165
+#define ASN1_F_LONG_C2I					 166
+#define ASN1_F_OID_MODULE_INIT				 174
+#define ASN1_F_PKCS5_PBE2_SET				 167
+#define ASN1_F_X509_CINF_NEW				 168
+#define ASN1_F_X509_CRL_ADD0_REVOKED			 169
+#define ASN1_F_X509_INFO_NEW				 170
+#define ASN1_F_X509_NAME_NEW				 171
+#define ASN1_F_X509_NEW					 172
+#define ASN1_F_X509_PKEY_NEW				 173
 
 /* Reason codes. */
-#define ASN1_R_BAD_CLASS				 100
-#define ASN1_R_BAD_OBJECT_HEADER			 101
-#define ASN1_R_BAD_PASSWORD_READ			 102
-#define ASN1_R_BAD_PKCS7_CONTENT			 103
-#define ASN1_R_BAD_PKCS7_TYPE				 104
-#define ASN1_R_BAD_TAG					 105
-#define ASN1_R_BAD_TYPE					 106
-#define ASN1_R_BN_LIB					 107
-#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 108
-#define ASN1_R_BUFFER_TOO_SMALL				 109
-#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER		 166
-#define ASN1_R_DATA_IS_WRONG				 110
-#define ASN1_R_DECODE_ERROR				 155
+#define ASN1_R_ADDING_OBJECT				 171
+#define ASN1_R_AUX_ERROR				 100
+#define ASN1_R_BAD_CLASS				 101
+#define ASN1_R_BAD_OBJECT_HEADER			 102
+#define ASN1_R_BAD_PASSWORD_READ			 103
+#define ASN1_R_BAD_TAG					 104
+#define ASN1_R_BN_LIB					 105
+#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 106
+#define ASN1_R_BUFFER_TOO_SMALL				 107
+#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER		 108
+#define ASN1_R_DATA_IS_WRONG				 109
+#define ASN1_R_DECODE_ERROR				 110
 #define ASN1_R_DECODING_ERROR				 111
-#define ASN1_R_ENCODE_ERROR				 156
-#define ASN1_R_ERROR_PARSING_SET_ELEMENT		 112
-#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS		 157
-#define ASN1_R_EXPECTING_AN_ENUMERATED			 154
-#define ASN1_R_EXPECTING_AN_INTEGER			 113
-#define ASN1_R_EXPECTING_AN_OBJECT			 114
-#define ASN1_R_EXPECTING_AN_OCTET_STRING		 115
-#define ASN1_R_EXPECTING_A_BIT_STRING			 116
+#define ASN1_R_ENCODE_ERROR				 112
+#define ASN1_R_ERROR_LOADING_SECTION			 172
+#define ASN1_R_ERROR_PARSING_SET_ELEMENT		 113
+#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS		 114
+#define ASN1_R_EXPECTING_AN_INTEGER			 115
+#define ASN1_R_EXPECTING_AN_OBJECT			 116
 #define ASN1_R_EXPECTING_A_BOOLEAN			 117
-#define ASN1_R_EXPECTING_A_GENERALIZEDTIME		 151
-#define ASN1_R_EXPECTING_A_NULL				 164
-#define ASN1_R_EXPECTING_A_TIME				 152
-#define ASN1_R_EXPECTING_A_UTCTIME			 118
-#define ASN1_R_FIRST_NUM_TOO_LARGE			 119
-#define ASN1_R_GENERALIZEDTIME_TOO_LONG			 153
-#define ASN1_R_HEADER_TOO_LONG				 120
-#define ASN1_R_ILLEGAL_CHARACTERS			 158
-#define ASN1_R_INVALID_BMPSTRING_LENGTH			 159
-#define ASN1_R_INVALID_DIGIT				 121
-#define ASN1_R_INVALID_SEPARATOR			 122
-#define ASN1_R_INVALID_TIME_FORMAT			 123
-#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH		 160
-#define ASN1_R_INVALID_UTF8STRING			 161
-#define ASN1_R_IV_TOO_LARGE				 124
-#define ASN1_R_LENGTH_ERROR				 125
-#define ASN1_R_MISSING_SECOND_NUMBER			 126
-#define ASN1_R_NON_HEX_CHARACTERS			 127
-#define ASN1_R_NOT_ENOUGH_DATA				 128
-#define ASN1_R_NULL_IS_WRONG_LENGTH			 165
-#define ASN1_R_ODD_NUMBER_OF_CHARS			 129
-#define ASN1_R_PARSING					 130
-#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 131
-#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 132
-#define ASN1_R_SHORT_LINE				 133
-#define ASN1_R_STRING_TOO_LONG				 163
-#define ASN1_R_STRING_TOO_SHORT				 134
-#define ASN1_R_TAG_VALUE_TOO_HIGH			 135
-#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 136
-#define ASN1_R_TOO_LONG					 137
-#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 138
-#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 139
-#define ASN1_R_UNKNOWN_ATTRIBUTE_TYPE			 140
-#define ASN1_R_UNKNOWN_FORMAT				 162
-#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 141
-#define ASN1_R_UNKNOWN_OBJECT_TYPE			 142
-#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 143
-#define ASN1_R_UNSUPPORTED_CIPHER			 144
-#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 145
-#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 146
-#define ASN1_R_UTCTIME_TOO_LONG				 147
-#define ASN1_R_WRONG_PRINTABLE_TYPE			 148
-#define ASN1_R_WRONG_TAG				 149
-#define ASN1_R_WRONG_TYPE				 150
+#define ASN1_R_EXPECTING_A_TIME				 118
+#define ASN1_R_EXPLICIT_LENGTH_MISMATCH			 119
+#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED		 120
+#define ASN1_R_FIELD_MISSING				 121
+#define ASN1_R_FIRST_NUM_TOO_LARGE			 122
+#define ASN1_R_HEADER_TOO_LONG				 123
+#define ASN1_R_ILLEGAL_CHARACTERS			 124
+#define ASN1_R_ILLEGAL_NULL				 125
+#define ASN1_R_ILLEGAL_OPTIONAL_ANY			 126
+#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE		 170
+#define ASN1_R_ILLEGAL_TAGGED_ANY			 127
+#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG		 128
+#define ASN1_R_INVALID_BMPSTRING_LENGTH			 129
+#define ASN1_R_INVALID_DIGIT				 130
+#define ASN1_R_INVALID_SEPARATOR			 131
+#define ASN1_R_INVALID_TIME_FORMAT			 132
+#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH		 133
+#define ASN1_R_INVALID_UTF8STRING			 134
+#define ASN1_R_IV_TOO_LARGE				 135
+#define ASN1_R_LENGTH_ERROR				 136
+#define ASN1_R_MISSING_EOC				 137
+#define ASN1_R_MISSING_SECOND_NUMBER			 138
+#define ASN1_R_MSTRING_NOT_UNIVERSAL			 139
+#define ASN1_R_MSTRING_WRONG_TAG			 140
+#define ASN1_R_NON_HEX_CHARACTERS			 141
+#define ASN1_R_NOT_ENOUGH_DATA				 142
+#define ASN1_R_NO_MATCHING_CHOICE_TYPE			 143
+#define ASN1_R_NULL_IS_WRONG_LENGTH			 144
+#define ASN1_R_ODD_NUMBER_OF_CHARS			 145
+#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 146
+#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 147
+#define ASN1_R_SEQUENCE_LENGTH_MISMATCH			 148
+#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED			 149
+#define ASN1_R_SHORT_LINE				 150
+#define ASN1_R_STRING_TOO_LONG				 151
+#define ASN1_R_STRING_TOO_SHORT				 152
+#define ASN1_R_TAG_VALUE_TOO_HIGH			 153
+#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
+#define ASN1_R_TOO_LONG					 155
+#define ASN1_R_TYPE_NOT_CONSTRUCTED			 156
+#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 157
+#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 158
+#define ASN1_R_UNEXPECTED_EOC				 159
+#define ASN1_R_UNKNOWN_FORMAT				 160
+#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 161
+#define ASN1_R_UNKNOWN_OBJECT_TYPE			 162
+#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 163
+#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE		 164
+#define ASN1_R_UNSUPPORTED_CIPHER			 165
+#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 166
+#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 167
+#define ASN1_R_WRONG_TAG				 168
+#define ASN1_R_WRONG_TYPE				 169
 
 #ifdef  __cplusplus
 }
diff --git a/crypto/openssl/crypto/asn1/asn1_err.c b/crypto/openssl/crypto/asn1/asn1_err.c
index cecd555c882f..c4c3d2a91df1 100644
--- a/crypto/openssl/crypto/asn1/asn1_err.c
+++ b/crypto/openssl/crypto/asn1/asn1_err.c
@@ -63,27 +63,31 @@
 #include <openssl/asn1.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA ASN1_str_functs[]=
 	{
 {ERR_PACK(0,ASN1_F_A2D_ASN1_OBJECT,0),	"a2d_ASN1_OBJECT"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0),	"a2i_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0),	"a2i_ASN1_INTEGER"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0),	"a2i_ASN1_STRING"},
-{ERR_PACK(0,ASN1_F_ACCESS_DESCRIPTION_NEW,0),	"ACCESS_DESCRIPTION_new"},
+{ERR_PACK(0,ASN1_F_ASN1_CHECK_TLEN,0),	"ASN1_CHECK_TLEN"},
 {ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0),	"ASN1_COLLATE_PRIMITIVE"},
+{ERR_PACK(0,ASN1_F_ASN1_COLLECT,0),	"ASN1_COLLECT"},
 {ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0),	"ASN1_d2i_bio"},
+{ERR_PACK(0,ASN1_F_ASN1_D2I_EX_PRIMITIVE,0),	"ASN1_D2I_EX_PRIMITIVE"},
 {ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0),	"ASN1_d2i_fp"},
+{ERR_PACK(0,ASN1_F_ASN1_DO_ADB,0),	"ASN1_DO_ADB"},
 {ERR_PACK(0,ASN1_F_ASN1_DUP,0),	"ASN1_dup"},
 {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0),	"ASN1_ENUMERATED_set"},
 {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0),	"ASN1_ENUMERATED_to_BN"},
-{ERR_PACK(0,ASN1_F_ASN1_GENERALIZEDTIME_NEW,0),	"ASN1_GENERALIZEDTIME_new"},
 {ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0),	"ASN1_get_object"},
 {ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0),	"ASN1_HEADER_new"},
 {ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0),	"ASN1_i2d_bio"},
 {ERR_PACK(0,ASN1_F_ASN1_I2D_FP,0),	"ASN1_i2d_fp"},
 {ERR_PACK(0,ASN1_F_ASN1_INTEGER_SET,0),	"ASN1_INTEGER_set"},
 {ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0),	"ASN1_INTEGER_to_BN"},
+{ERR_PACK(0,ASN1_F_ASN1_ITEM_EX_D2I,0),	"ASN1_ITEM_EX_D2I"},
+{ERR_PACK(0,ASN1_F_ASN1_ITEM_NEW,0),	"ASN1_item_new"},
 {ERR_PACK(0,ASN1_F_ASN1_MBSTRING_COPY,0),	"ASN1_mbstring_copy"},
 {ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0),	"ASN1_OBJECT_new"},
 {ERR_PACK(0,ASN1_F_ASN1_PACK_STRING,0),	"ASN1_pack_string"},
@@ -91,186 +95,63 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0),	"ASN1_seq_pack"},
 {ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0),	"ASN1_seq_unpack"},
 {ERR_PACK(0,ASN1_F_ASN1_SIGN,0),	"ASN1_sign"},
-{ERR_PACK(0,ASN1_F_ASN1_STRING_NEW,0),	"ASN1_STRING_new"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0),	"ASN1_STRING_TABLE_add"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0),	"ASN1_STRING_type_new"},
+{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0),	"ASN1_TEMPLATE_D2I"},
+{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0),	"ASN1_TEMPLATE_EX_D2I"},
+{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0),	"ASN1_TEMPLATE_NEW"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0),	"ASN1_TYPE_get_int_octetstring"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0),	"ASN1_TYPE_get_octetstring"},
-{ERR_PACK(0,ASN1_F_ASN1_TYPE_NEW,0),	"ASN1_TYPE_new"},
 {ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0),	"ASN1_unpack_string"},
-{ERR_PACK(0,ASN1_F_ASN1_UTCTIME_NEW,0),	"ASN1_UTCTIME_new"},
 {ERR_PACK(0,ASN1_F_ASN1_VERIFY,0),	"ASN1_verify"},
-{ERR_PACK(0,ASN1_F_AUTHORITY_KEYID_NEW,0),	"AUTHORITY_KEYID_new"},
-{ERR_PACK(0,ASN1_F_BASIC_CONSTRAINTS_NEW,0),	"BASIC_CONSTRAINTS_new"},
 {ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0),	"BN_to_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0),	"BN_to_ASN1_INTEGER"},
-{ERR_PACK(0,ASN1_F_D2I_ACCESS_DESCRIPTION,0),	"d2i_ACCESS_DESCRIPTION"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0),	"d2i_ASN1_BIT_STRING"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_BMPSTRING,0),	"d2i_ASN1_BMPSTRING"},
+{ERR_PACK(0,ASN1_F_COLLECT_DATA,0),	"COLLECT_DATA"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0),	"D2I_ASN1_BIT_STRING"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0),	"d2i_ASN1_BOOLEAN"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BYTES,0),	"d2i_ASN1_bytes"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_ENUMERATED,0),	"d2i_ASN1_ENUMERATED"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_GENERALIZEDTIME,0),	"d2i_ASN1_GENERALIZEDTIME"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_GENERALIZEDTIME,0),	"D2I_ASN1_GENERALIZEDTIME"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_HEADER,0),	"d2i_ASN1_HEADER"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0),	"d2i_ASN1_INTEGER"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_NULL,0),	"d2i_ASN1_NULL"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0),	"D2I_ASN1_INTEGER"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_OBJECT,0),	"d2i_ASN1_OBJECT"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_OCTET_STRING,0),	"d2i_ASN1_OCTET_STRING"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_PRINT_TYPE,0),	"D2I_ASN1_PRINT_TYPE"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_SET,0),	"d2i_ASN1_SET"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_TIME,0),	"d2i_ASN1_TIME"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE,0),	"d2i_ASN1_TYPE"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE_BYTES,0),	"d2i_ASN1_type_bytes"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_UINTEGER,0),	"d2i_ASN1_UINTEGER"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0),	"d2i_ASN1_UTCTIME"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_UTF8STRING,0),	"d2i_ASN1_UTF8STRING"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_VISIBLESTRING,0),	"d2i_ASN1_VISIBLESTRING"},
-{ERR_PACK(0,ASN1_F_D2I_AUTHORITY_KEYID,0),	"d2i_AUTHORITY_KEYID"},
-{ERR_PACK(0,ASN1_F_D2I_BASIC_CONSTRAINTS,0),	"d2i_BASIC_CONSTRAINTS"},
-{ERR_PACK(0,ASN1_F_D2I_DHPARAMS,0),	"d2i_DHparams"},
-{ERR_PACK(0,ASN1_F_D2I_DIST_POINT,0),	"d2i_DIST_POINT"},
-{ERR_PACK(0,ASN1_F_D2I_DIST_POINT_NAME,0),	"d2i_DIST_POINT_NAME"},
-{ERR_PACK(0,ASN1_F_D2I_DSAPARAMS,0),	"d2i_DSAparams"},
-{ERR_PACK(0,ASN1_F_D2I_DSAPRIVATEKEY,0),	"d2i_DSAPrivateKey"},
-{ERR_PACK(0,ASN1_F_D2I_DSAPUBLICKEY,0),	"d2i_DSAPublicKey"},
-{ERR_PACK(0,ASN1_F_D2I_GENERAL_NAME,0),	"d2i_GENERAL_NAME"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE,0),	"d2i_NETSCAPE_CERT_SEQUENCE"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_PKEY,0),	"D2I_NETSCAPE_PKEY"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0),	"D2I_ASN1_UTCTIME"},
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA,0),	"d2i_Netscape_RSA"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0),	"d2i_Netscape_RSA_2"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0),	"d2i_NETSCAPE_SPKAC"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0),	"d2i_NETSCAPE_SPKI"},
-{ERR_PACK(0,ASN1_F_D2I_NOTICEREF,0),	"d2i_NOTICEREF"},
-{ERR_PACK(0,ASN1_F_D2I_OTHERNAME,0),	"d2i_OTHERNAME"},
-{ERR_PACK(0,ASN1_F_D2I_PBE2PARAM,0),	"d2i_PBE2PARAM"},
-{ERR_PACK(0,ASN1_F_D2I_PBEPARAM,0),	"d2i_PBEPARAM"},
-{ERR_PACK(0,ASN1_F_D2I_PBKDF2PARAM,0),	"d2i_PBKDF2PARAM"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS12,0),	"d2i_PKCS12"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS12_BAGS,0),	"d2i_PKCS12_BAGS"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS12_MAC_DATA,0),	"d2i_PKCS12_MAC_DATA"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS12_SAFEBAG,0),	"d2i_PKCS12_SAFEBAG"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7,0),	"d2i_PKCS7"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_DIGEST,0),	"d2i_PKCS7_DIGEST"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENCRYPT,0),	"d2i_PKCS7_ENCRYPT"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENC_CONTENT,0),	"d2i_PKCS7_ENC_CONTENT"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENVELOPE,0),	"d2i_PKCS7_ENVELOPE"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL,0),	"d2i_PKCS7_ISSUER_AND_SERIAL"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_RECIP_INFO,0),	"d2i_PKCS7_RECIP_INFO"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNED,0),	"d2i_PKCS7_SIGNED"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNER_INFO,0),	"d2i_PKCS7_SIGNER_INFO"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGN_ENVELOPE,0),	"d2i_PKCS7_SIGN_ENVELOPE"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS8_PRIV_KEY_INFO,0),	"d2i_PKCS8_PRIV_KEY_INFO"},
-{ERR_PACK(0,ASN1_F_D2I_PKEY_USAGE_PERIOD,0),	"d2i_PKEY_USAGE_PERIOD"},
-{ERR_PACK(0,ASN1_F_D2I_POLICYINFO,0),	"d2i_POLICYINFO"},
-{ERR_PACK(0,ASN1_F_D2I_POLICYQUALINFO,0),	"d2i_POLICYQUALINFO"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0),	"D2I_NETSCAPE_RSA_2"},
 {ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0),	"d2i_PrivateKey"},
 {ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0),	"d2i_PublicKey"},
-{ERR_PACK(0,ASN1_F_D2I_RSAPRIVATEKEY,0),	"d2i_RSAPrivateKey"},
-{ERR_PACK(0,ASN1_F_D2I_RSAPUBLICKEY,0),	"d2i_RSAPublicKey"},
-{ERR_PACK(0,ASN1_F_D2I_SXNET,0),	"d2i_SXNET"},
-{ERR_PACK(0,ASN1_F_D2I_SXNETID,0),	"d2i_SXNETID"},
-{ERR_PACK(0,ASN1_F_D2I_USERNOTICE,0),	"d2i_USERNOTICE"},
-{ERR_PACK(0,ASN1_F_D2I_X509,0),	"d2i_X509"},
-{ERR_PACK(0,ASN1_F_D2I_X509_ALGOR,0),	"d2i_X509_ALGOR"},
-{ERR_PACK(0,ASN1_F_D2I_X509_ATTRIBUTE,0),	"d2i_X509_ATTRIBUTE"},
-{ERR_PACK(0,ASN1_F_D2I_X509_CERT_AUX,0),	"d2i_X509_CERT_AUX"},
-{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0),	"d2i_X509_CINF"},
-{ERR_PACK(0,ASN1_F_D2I_X509_CRL,0),	"d2i_X509_CRL"},
-{ERR_PACK(0,ASN1_F_D2I_X509_CRL_INFO,0),	"d2i_X509_CRL_INFO"},
-{ERR_PACK(0,ASN1_F_D2I_X509_EXTENSION,0),	"d2i_X509_EXTENSION"},
-{ERR_PACK(0,ASN1_F_D2I_X509_KEY,0),	"D2I_X509_KEY"},
-{ERR_PACK(0,ASN1_F_D2I_X509_NAME,0),	"d2i_X509_NAME"},
-{ERR_PACK(0,ASN1_F_D2I_X509_NAME_ENTRY,0),	"d2i_X509_NAME_ENTRY"},
+{ERR_PACK(0,ASN1_F_D2I_X509,0),	"D2I_X509"},
+{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0),	"D2I_X509_CINF"},
+{ERR_PACK(0,ASN1_F_D2I_X509_NAME,0),	"D2I_X509_NAME"},
 {ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0),	"d2i_X509_PKEY"},
-{ERR_PACK(0,ASN1_F_D2I_X509_PUBKEY,0),	"d2i_X509_PUBKEY"},
-{ERR_PACK(0,ASN1_F_D2I_X509_REQ,0),	"d2i_X509_REQ"},
-{ERR_PACK(0,ASN1_F_D2I_X509_REQ_INFO,0),	"d2i_X509_REQ_INFO"},
-{ERR_PACK(0,ASN1_F_D2I_X509_REVOKED,0),	"d2i_X509_REVOKED"},
-{ERR_PACK(0,ASN1_F_D2I_X509_SIG,0),	"d2i_X509_SIG"},
-{ERR_PACK(0,ASN1_F_D2I_X509_VAL,0),	"d2i_X509_VAL"},
-{ERR_PACK(0,ASN1_F_DIST_POINT_NAME_NEW,0),	"DIST_POINT_NAME_new"},
-{ERR_PACK(0,ASN1_F_DIST_POINT_NEW,0),	"DIST_POINT_new"},
-{ERR_PACK(0,ASN1_F_GENERAL_NAME_NEW,0),	"GENERAL_NAME_new"},
-{ERR_PACK(0,ASN1_F_I2D_ASN1_HEADER,0),	"i2d_ASN1_HEADER"},
-{ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0),	"i2d_ASN1_TIME"},
-{ERR_PACK(0,ASN1_F_I2D_DHPARAMS,0),	"i2d_DHparams"},
-{ERR_PACK(0,ASN1_F_I2D_DSAPARAMS,0),	"i2d_DSAparams"},
-{ERR_PACK(0,ASN1_F_I2D_DSAPRIVATEKEY,0),	"i2d_DSAPrivateKey"},
-{ERR_PACK(0,ASN1_F_I2D_DSAPUBLICKEY,0),	"i2d_DSAPublicKey"},
+{ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0),	"I2D_ASN1_TIME"},
 {ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0),	"i2d_DSA_PUBKEY"},
 {ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0),	"i2d_Netscape_RSA"},
-{ERR_PACK(0,ASN1_F_I2D_PKCS7,0),	"i2d_PKCS7"},
 {ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0),	"i2d_PrivateKey"},
 {ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0),	"i2d_PublicKey"},
-{ERR_PACK(0,ASN1_F_I2D_RSAPRIVATEKEY,0),	"i2d_RSAPrivateKey"},
-{ERR_PACK(0,ASN1_F_I2D_RSAPUBLICKEY,0),	"i2d_RSAPublicKey"},
 {ERR_PACK(0,ASN1_F_I2D_RSA_PUBKEY,0),	"i2d_RSA_PUBKEY"},
-{ERR_PACK(0,ASN1_F_I2D_X509_ATTRIBUTE,0),	"i2d_X509_ATTRIBUTE"},
-{ERR_PACK(0,ASN1_F_I2T_ASN1_OBJECT,0),	"i2t_ASN1_OBJECT"},
-{ERR_PACK(0,ASN1_F_NETSCAPE_CERT_SEQUENCE_NEW,0),	"NETSCAPE_CERT_SEQUENCE_new"},
-{ERR_PACK(0,ASN1_F_NETSCAPE_PKEY_NEW,0),	"NETSCAPE_PKEY_NEW"},
-{ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0),	"NETSCAPE_SPKAC_new"},
-{ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0),	"NETSCAPE_SPKI_new"},
-{ERR_PACK(0,ASN1_F_NOTICEREF_NEW,0),	"NOTICEREF_new"},
-{ERR_PACK(0,ASN1_F_OTHERNAME_NEW,0),	"OTHERNAME_new"},
-{ERR_PACK(0,ASN1_F_PBE2PARAM_NEW,0),	"PBE2PARAM_new"},
-{ERR_PACK(0,ASN1_F_PBEPARAM_NEW,0),	"PBEPARAM_new"},
-{ERR_PACK(0,ASN1_F_PBKDF2PARAM_NEW,0),	"PBKDF2PARAM_new"},
-{ERR_PACK(0,ASN1_F_PKCS12_BAGS_NEW,0),	"PKCS12_BAGS_new"},
-{ERR_PACK(0,ASN1_F_PKCS12_MAC_DATA_NEW,0),	"PKCS12_MAC_DATA_new"},
-{ERR_PACK(0,ASN1_F_PKCS12_NEW,0),	"PKCS12_new"},
-{ERR_PACK(0,ASN1_F_PKCS12_SAFEBAG_NEW,0),	"PKCS12_SAFEBAG_new"},
+{ERR_PACK(0,ASN1_F_LONG_C2I,0),	"LONG_C2I"},
+{ERR_PACK(0,ASN1_F_OID_MODULE_INIT,0),	"OID_MODULE_INIT"},
 {ERR_PACK(0,ASN1_F_PKCS5_PBE2_SET,0),	"PKCS5_pbe2_set"},
-{ERR_PACK(0,ASN1_F_PKCS7_DIGEST_NEW,0),	"PKCS7_DIGEST_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_ENCRYPT_NEW,0),	"PKCS7_ENCRYPT_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_ENC_CONTENT_NEW,0),	"PKCS7_ENC_CONTENT_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_ENVELOPE_NEW,0),	"PKCS7_ENVELOPE_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW,0),	"PKCS7_ISSUER_AND_SERIAL_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_NEW,0),	"PKCS7_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_RECIP_INFO_NEW,0),	"PKCS7_RECIP_INFO_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_SIGNED_NEW,0),	"PKCS7_SIGNED_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_SIGNER_INFO_NEW,0),	"PKCS7_SIGNER_INFO_new"},
-{ERR_PACK(0,ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,0),	"PKCS7_SIGN_ENVELOPE_new"},
-{ERR_PACK(0,ASN1_F_PKCS8_PRIV_KEY_INFO_NEW,0),	"PKCS8_PRIV_KEY_INFO_new"},
-{ERR_PACK(0,ASN1_F_PKEY_USAGE_PERIOD_NEW,0),	"PKEY_USAGE_PERIOD_new"},
-{ERR_PACK(0,ASN1_F_POLICYINFO_NEW,0),	"POLICYINFO_new"},
-{ERR_PACK(0,ASN1_F_POLICYQUALINFO_NEW,0),	"POLICYQUALINFO_new"},
-{ERR_PACK(0,ASN1_F_SXNETID_NEW,0),	"SXNETID_new"},
-{ERR_PACK(0,ASN1_F_SXNET_NEW,0),	"SXNET_new"},
-{ERR_PACK(0,ASN1_F_USERNOTICE_NEW,0),	"USERNOTICE_new"},
-{ERR_PACK(0,ASN1_F_X509_ALGOR_NEW,0),	"X509_ALGOR_new"},
-{ERR_PACK(0,ASN1_F_X509_ATTRIBUTE_NEW,0),	"X509_ATTRIBUTE_new"},
-{ERR_PACK(0,ASN1_F_X509_CERT_AUX_NEW,0),	"X509_CERT_AUX_new"},
-{ERR_PACK(0,ASN1_F_X509_CINF_NEW,0),	"X509_CINF_new"},
-{ERR_PACK(0,ASN1_F_X509_CRL_INFO_NEW,0),	"X509_CRL_INFO_new"},
-{ERR_PACK(0,ASN1_F_X509_CRL_NEW,0),	"X509_CRL_new"},
-{ERR_PACK(0,ASN1_F_X509_DHPARAMS_NEW,0),	"X509_DHPARAMS_NEW"},
-{ERR_PACK(0,ASN1_F_X509_EXTENSION_NEW,0),	"X509_EXTENSION_new"},
+{ERR_PACK(0,ASN1_F_X509_CINF_NEW,0),	"X509_CINF_NEW"},
+{ERR_PACK(0,ASN1_F_X509_CRL_ADD0_REVOKED,0),	"X509_CRL_add0_revoked"},
 {ERR_PACK(0,ASN1_F_X509_INFO_NEW,0),	"X509_INFO_new"},
-{ERR_PACK(0,ASN1_F_X509_KEY_NEW,0),	"X509_KEY_NEW"},
-{ERR_PACK(0,ASN1_F_X509_NAME_ENTRY_NEW,0),	"X509_NAME_ENTRY_new"},
-{ERR_PACK(0,ASN1_F_X509_NAME_NEW,0),	"X509_NAME_new"},
-{ERR_PACK(0,ASN1_F_X509_NEW,0),	"X509_new"},
+{ERR_PACK(0,ASN1_F_X509_NAME_NEW,0),	"X509_NAME_NEW"},
+{ERR_PACK(0,ASN1_F_X509_NEW,0),	"X509_NEW"},
 {ERR_PACK(0,ASN1_F_X509_PKEY_NEW,0),	"X509_PKEY_new"},
-{ERR_PACK(0,ASN1_F_X509_PUBKEY_NEW,0),	"X509_PUBKEY_new"},
-{ERR_PACK(0,ASN1_F_X509_REQ_INFO_NEW,0),	"X509_REQ_INFO_new"},
-{ERR_PACK(0,ASN1_F_X509_REQ_NEW,0),	"X509_REQ_new"},
-{ERR_PACK(0,ASN1_F_X509_REVOKED_NEW,0),	"X509_REVOKED_new"},
-{ERR_PACK(0,ASN1_F_X509_SIG_NEW,0),	"X509_SIG_new"},
-{ERR_PACK(0,ASN1_F_X509_VAL_FREE,0),	"X509_VAL_free"},
-{ERR_PACK(0,ASN1_F_X509_VAL_NEW,0),	"X509_VAL_new"},
 {0,NULL}
 	};
 
 static ERR_STRING_DATA ASN1_str_reasons[]=
 	{
+{ASN1_R_ADDING_OBJECT                    ,"adding object"},
+{ASN1_R_AUX_ERROR                        ,"aux error"},
 {ASN1_R_BAD_CLASS                        ,"bad class"},
 {ASN1_R_BAD_OBJECT_HEADER                ,"bad object header"},
 {ASN1_R_BAD_PASSWORD_READ                ,"bad password read"},
-{ASN1_R_BAD_PKCS7_CONTENT                ,"bad pkcs7 content"},
-{ASN1_R_BAD_PKCS7_TYPE                   ,"bad pkcs7 type"},
 {ASN1_R_BAD_TAG                          ,"bad tag"},
-{ASN1_R_BAD_TYPE                         ,"bad type"},
 {ASN1_R_BN_LIB                           ,"bn lib"},
 {ASN1_R_BOOLEAN_IS_WRONG_LENGTH          ,"boolean is wrong length"},
 {ASN1_R_BUFFER_TOO_SMALL                 ,"buffer too small"},
@@ -279,22 +160,24 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ASN1_R_DECODE_ERROR                     ,"decode error"},
 {ASN1_R_DECODING_ERROR                   ,"decoding error"},
 {ASN1_R_ENCODE_ERROR                     ,"encode error"},
+{ASN1_R_ERROR_LOADING_SECTION            ,"error loading section"},
 {ASN1_R_ERROR_PARSING_SET_ELEMENT        ,"error parsing set element"},
 {ASN1_R_ERROR_SETTING_CIPHER_PARAMS      ,"error setting cipher params"},
-{ASN1_R_EXPECTING_AN_ENUMERATED          ,"expecting an enumerated"},
 {ASN1_R_EXPECTING_AN_INTEGER             ,"expecting an integer"},
 {ASN1_R_EXPECTING_AN_OBJECT              ,"expecting an object"},
-{ASN1_R_EXPECTING_AN_OCTET_STRING        ,"expecting an octet string"},
-{ASN1_R_EXPECTING_A_BIT_STRING           ,"expecting a bit string"},
 {ASN1_R_EXPECTING_A_BOOLEAN              ,"expecting a boolean"},
-{ASN1_R_EXPECTING_A_GENERALIZEDTIME      ,"expecting a generalizedtime"},
-{ASN1_R_EXPECTING_A_NULL                 ,"expecting a null"},
 {ASN1_R_EXPECTING_A_TIME                 ,"expecting a time"},
-{ASN1_R_EXPECTING_A_UTCTIME              ,"expecting a utctime"},
+{ASN1_R_EXPLICIT_LENGTH_MISMATCH         ,"explicit length mismatch"},
+{ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED     ,"explicit tag not constructed"},
+{ASN1_R_FIELD_MISSING                    ,"field missing"},
 {ASN1_R_FIRST_NUM_TOO_LARGE              ,"first num too large"},
-{ASN1_R_GENERALIZEDTIME_TOO_LONG         ,"generalizedtime too long"},
 {ASN1_R_HEADER_TOO_LONG                  ,"header too long"},
 {ASN1_R_ILLEGAL_CHARACTERS               ,"illegal characters"},
+{ASN1_R_ILLEGAL_NULL                     ,"illegal null"},
+{ASN1_R_ILLEGAL_OPTIONAL_ANY             ,"illegal optional any"},
+{ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE ,"illegal options on item template"},
+{ASN1_R_ILLEGAL_TAGGED_ANY               ,"illegal tagged any"},
+{ASN1_R_INTEGER_TOO_LARGE_FOR_LONG       ,"integer too large for long"},
 {ASN1_R_INVALID_BMPSTRING_LENGTH         ,"invalid bmpstring length"},
 {ASN1_R_INVALID_DIGIT                    ,"invalid digit"},
 {ASN1_R_INVALID_SEPARATOR                ,"invalid separator"},
@@ -303,32 +186,37 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ASN1_R_INVALID_UTF8STRING               ,"invalid utf8string"},
 {ASN1_R_IV_TOO_LARGE                     ,"iv too large"},
 {ASN1_R_LENGTH_ERROR                     ,"length error"},
+{ASN1_R_MISSING_EOC                      ,"missing eoc"},
 {ASN1_R_MISSING_SECOND_NUMBER            ,"missing second number"},
+{ASN1_R_MSTRING_NOT_UNIVERSAL            ,"mstring not universal"},
+{ASN1_R_MSTRING_WRONG_TAG                ,"mstring wrong tag"},
 {ASN1_R_NON_HEX_CHARACTERS               ,"non hex characters"},
 {ASN1_R_NOT_ENOUGH_DATA                  ,"not enough data"},
+{ASN1_R_NO_MATCHING_CHOICE_TYPE          ,"no matching choice type"},
 {ASN1_R_NULL_IS_WRONG_LENGTH             ,"null is wrong length"},
 {ASN1_R_ODD_NUMBER_OF_CHARS              ,"odd number of chars"},
-{ASN1_R_PARSING                          ,"parsing"},
 {ASN1_R_PRIVATE_KEY_HEADER_MISSING       ,"private key header missing"},
 {ASN1_R_SECOND_NUMBER_TOO_LARGE          ,"second number too large"},
+{ASN1_R_SEQUENCE_LENGTH_MISMATCH         ,"sequence length mismatch"},
+{ASN1_R_SEQUENCE_NOT_CONSTRUCTED         ,"sequence not constructed"},
 {ASN1_R_SHORT_LINE                       ,"short line"},
 {ASN1_R_STRING_TOO_LONG                  ,"string too long"},
 {ASN1_R_STRING_TOO_SHORT                 ,"string too short"},
 {ASN1_R_TAG_VALUE_TOO_HIGH               ,"tag value too high"},
 {ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
 {ASN1_R_TOO_LONG                         ,"too long"},
+{ASN1_R_TYPE_NOT_CONSTRUCTED             ,"type not constructed"},
 {ASN1_R_UNABLE_TO_DECODE_RSA_KEY         ,"unable to decode rsa key"},
 {ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY ,"unable to decode rsa private key"},
-{ASN1_R_UNKNOWN_ATTRIBUTE_TYPE           ,"unknown attribute type"},
+{ASN1_R_UNEXPECTED_EOC                   ,"unexpected eoc"},
 {ASN1_R_UNKNOWN_FORMAT                   ,"unknown format"},
 {ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"},
 {ASN1_R_UNKNOWN_OBJECT_TYPE              ,"unknown object type"},
 {ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE          ,"unknown public key type"},
+{ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE  ,"unsupported any defined by type"},
 {ASN1_R_UNSUPPORTED_CIPHER               ,"unsupported cipher"},
 {ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM ,"unsupported encryption algorithm"},
 {ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE      ,"unsupported public key type"},
-{ASN1_R_UTCTIME_TOO_LONG                 ,"utctime too long"},
-{ASN1_R_WRONG_PRINTABLE_TYPE             ,"wrong printable type"},
 {ASN1_R_WRONG_TAG                        ,"wrong tag"},
 {ASN1_R_WRONG_TYPE                       ,"wrong type"},
 {0,NULL}
@@ -343,7 +231,7 @@ void ERR_load_ASN1_strings(void)
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_ASN1,ASN1_str_functs);
 		ERR_load_strings(ERR_LIB_ASN1,ASN1_str_reasons);
 #endif
diff --git a/crypto/openssl/crypto/asn1/asn1_lib.c b/crypto/openssl/crypto/asn1/asn1_lib.c
index e4a56a926af7..0638870ab78f 100644
--- a/crypto/openssl/crypto/asn1/asn1_lib.c
+++ b/crypto/openssl/crypto/asn1/asn1_lib.c
@@ -304,7 +304,7 @@ int asn1_GetSequence(ASN1_CTX *c, long *length)
 		return(0);
 		}
 	if (c->inf == (1|V_ASN1_CONSTRUCTED))
-		c->slen= *length;
+		c->slen= *length+ *(c->pp)-c->p;
 	c->eos=0;
 	return(1);
 	}
diff --git a/crypto/openssl/crypto/asn1/asn1_mac.h b/crypto/openssl/crypto/asn1/asn1_mac.h
index af0e664b2de0..a48649ceeb32 100644
--- a/crypto/openssl/crypto/asn1/asn1_mac.h
+++ b/crypto/openssl/crypto/asn1/asn1_mac.h
@@ -70,14 +70,14 @@ extern "C" {
 #endif 
 
 #define ASN1_MAC_H_err(f,r,line) \
-	ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),ERR_file_name,(line))
+	ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
 
 #define M_ASN1_D2I_vars(a,type,func) \
 	ASN1_CTX c; \
 	type ret=NULL; \
 	\
-	c.pp=pp; \
-	c.q= *pp; \
+	c.pp=(unsigned char **)pp; \
+	c.q= *(unsigned char **)pp; \
 	c.error=ERR_R_NESTED_ASN1_ERROR; \
 	if ((a == NULL) || ((*a) == NULL)) \
 		{ if ((ret=(type)func()) == NULL) \
@@ -85,13 +85,13 @@ extern "C" {
 	else	ret=(*a);
 
 #define M_ASN1_D2I_Init() \
-	c.p= *pp; \
+	c.p= *(unsigned char **)pp; \
 	c.max=(length == 0)?0:(c.p+length);
 
 #define M_ASN1_D2I_Finish_2(a) \
 	if (!asn1_Finish(&c)) \
 		{ c.line=__LINE__; goto err; } \
-	*pp=c.p; \
+	*(unsigned char **)pp=c.p; \
 	if (a != NULL) (*a)=ret; \
 	return(ret);
 
@@ -99,7 +99,7 @@ extern "C" {
 	M_ASN1_D2I_Finish_2(a); \
 err:\
 	ASN1_MAC_H_err((e),c.error,c.line); \
-	asn1_add_error(*pp,(int)(c.q- *pp)); \
+	asn1_add_error(*(unsigned char **)pp,(int)(c.q- *pp)); \
 	if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
 	return(NULL)
 
@@ -196,9 +196,6 @@ err:\
 	if ((a != NULL) && (sk_##type##_num(a) != 0)) \
 		M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
 
-#define M_ASN1_I2D_put_SEQUENCE_opt_ex_type(type,a,f) \
-	if (a) M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
-
 #define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
 	if ((c.slen != 0) && \
 		(M_ASN1_next == \
@@ -392,9 +389,6 @@ err:\
 		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
 			M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
 
-#define M_ASN1_I2D_len_SEQUENCE_opt_ex_type(type,a,f) \
-		if (a) M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
-
 #define M_ASN1_I2D_len_IMP_SET(a,f,x) \
 		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
 
@@ -458,15 +452,6 @@ err:\
 			ret+=ASN1_object_size(1,v,mtag); \
 			}
 
-#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
-		if (a)\
-			{ \
-			v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
-						 V_ASN1_UNIVERSAL, \
-						 IS_SEQUENCE); \
-			ret+=ASN1_object_size(1,v,mtag); \
-			}
-
 /* Put Macros */
 #define M_ASN1_I2D_put(a,f)	f(a,&p)
 
@@ -551,14 +536,6 @@ err:\
 					       IS_SEQUENCE); \
 			}
 
-#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
-		if (a) \
-			{ \
-			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
-			i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
-					       IS_SEQUENCE); \
-			}
-
 #define M_ASN1_I2D_seq_total() \
 		r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
 		if (pp == NULL) return(r); \
diff --git a/crypto/openssl/crypto/asn1/asn1_par.c b/crypto/openssl/crypto/asn1/asn1_par.c
index facfdd27fca0..e48532a24dc7 100644
--- a/crypto/openssl/crypto/asn1/asn1_par.c
+++ b/crypto/openssl/crypto/asn1/asn1_par.c
@@ -79,12 +79,7 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
 	else
 		p="prim: ";
 	if (BIO_write(bp,p,6) < 6) goto err;
-	if (indent)
-		{
-		if (indent > 128) indent=128;
-		memset(str,' ',indent);
-		if (BIO_write(bp,str,indent) < indent) goto err;
-		}
+	BIO_indent(bp,indent,128);
 
 	p=str;
 	if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
diff --git a/crypto/openssl/crypto/asn1/asn1t.h b/crypto/openssl/crypto/asn1/asn1t.h
new file mode 100644
index 000000000000..ed372f855413
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/asn1t.h
@@ -0,0 +1,846 @@
+/* asn1t.h */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_ASN1T_H
+#define HEADER_ASN1T_H
+
+#include <stddef.h>
+#include <openssl/e_os2.h>
+#include <openssl/asn1.h>
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
+/* ASN1 template defines, structures and functions */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
+
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+#define ASN1_ITEM_start(itname) \
+	OPENSSL_GLOBAL const ASN1_ITEM itname##_it = {
+
+#define ASN1_ITEM_end(itname) \
+		};
+
+#else
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr()))
+
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+#define ASN1_ITEM_start(itname) \
+	const ASN1_ITEM * itname##_it(void) \
+	{ \
+		static const ASN1_ITEM local_it = { \
+
+#define ASN1_ITEM_end(itname) \
+		}; \
+	return &local_it; \
+	}
+
+#endif
+
+
+/* Macros to aid ASN1 template writing */
+
+#define ASN1_ITEM_TEMPLATE(tname) \
+	const static ASN1_TEMPLATE tname##_item_tt 
+
+#define ASN1_ITEM_TEMPLATE_END(tname) \
+	;\
+	ASN1_ITEM_start(tname) \
+		ASN1_ITYPE_PRIMITIVE,\
+		-1,\
+		&tname##_item_tt,\
+		0,\
+		NULL,\
+		0,\
+		#tname \
+	ASN1_ITEM_end(tname)
+
+
+/* This is a ASN1 type which just embeds a template */
+ 
+/* This pair helps declare a SEQUENCE. We can do:
+ *
+ * 	ASN1_SEQUENCE(stname) = {
+ * 		... SEQUENCE components ...
+ * 	} ASN1_SEQUENCE_END(stname)
+ *
+ * 	This will produce an ASN1_ITEM called stname_it
+ *	for a structure called stname.
+ *
+ * 	If you want the same structure but a different
+ *	name then use:
+ *
+ * 	ASN1_SEQUENCE(itname) = {
+ * 		... SEQUENCE components ...
+ * 	} ASN1_SEQUENCE_END_name(stname, itname)
+ *
+ *	This will create an item called itname_it using
+ *	a structure called stname.
+ */
+
+#define ASN1_SEQUENCE(tname) \
+	const static ASN1_TEMPLATE tname##_seq_tt[] 
+
+#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
+
+#define ASN1_SEQUENCE_END_name(stname, tname) \
+	;\
+	ASN1_ITEM_start(tname) \
+		ASN1_ITYPE_SEQUENCE,\
+		V_ASN1_SEQUENCE,\
+		tname##_seq_tt,\
+		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+		NULL,\
+		sizeof(stname),\
+		#stname \
+	ASN1_ITEM_end(tname)
+
+#define ASN1_SEQUENCE_cb(tname, cb) \
+	const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+	ASN1_SEQUENCE(tname)
+
+#define ASN1_BROKEN_SEQUENCE(tname) \
+	const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
+	ASN1_SEQUENCE(tname)
+
+#define ASN1_SEQUENCE_ref(tname, cb, lck) \
+	const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \
+	ASN1_SEQUENCE(tname)
+
+#define ASN1_SEQUENCE_enc(tname, enc, cb) \
+	const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
+	ASN1_SEQUENCE(tname)
+
+#define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
+
+#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+
+#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+
+#define ASN1_SEQUENCE_END_ref(stname, tname) \
+	;\
+	ASN1_ITEM_start(tname) \
+		ASN1_ITYPE_SEQUENCE,\
+		V_ASN1_SEQUENCE,\
+		tname##_seq_tt,\
+		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+		&tname##_aux,\
+		sizeof(stname),\
+		#stname \
+	ASN1_ITEM_end(tname)
+
+
+/* This pair helps declare a CHOICE type. We can do:
+ *
+ * 	ASN1_CHOICE(chname) = {
+ * 		... CHOICE options ...
+ * 	ASN1_CHOICE_END(chname)
+ *
+ * 	This will produce an ASN1_ITEM called chname_it
+ *	for a structure called chname. The structure
+ *	definition must look like this:
+ *	typedef struct {
+ *		int type;
+ *		union {
+ *			ASN1_SOMETHING *opt1;
+ *			ASN1_SOMEOTHER *opt2;
+ *		} value;
+ *	} chname;
+ *	
+ *	the name of the selector must be 'type'.
+ * 	to use an alternative selector name use the
+ *      ASN1_CHOICE_END_selector() version.
+ */
+
+#define ASN1_CHOICE(tname) \
+	const static ASN1_TEMPLATE tname##_ch_tt[] 
+
+#define ASN1_CHOICE_cb(tname, cb) \
+	const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+	ASN1_CHOICE(tname)
+
+#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
+
+#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)
+
+#define ASN1_CHOICE_END_selector(stname, tname, selname) \
+	;\
+	ASN1_ITEM_start(tname) \
+		ASN1_ITYPE_CHOICE,\
+		offsetof(stname,selname) ,\
+		tname##_ch_tt,\
+		sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+		NULL,\
+		sizeof(stname),\
+		#stname \
+	ASN1_ITEM_end(tname)
+
+#define ASN1_CHOICE_END_cb(stname, tname, selname) \
+	;\
+	ASN1_ITEM_start(tname) \
+		ASN1_ITYPE_CHOICE,\
+		offsetof(stname,selname) ,\
+		tname##_ch_tt,\
+		sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+		&tname##_aux,\
+		sizeof(stname),\
+		#stname \
+	ASN1_ITEM_end(tname)
+
+/* This helps with the template wrapper form of ASN1_ITEM */
+
+#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \
+	(flags), (tag), 0,\
+	#name, ASN1_ITEM_ref(type) }
+
+/* These help with SEQUENCE or CHOICE components */
+
+/* used to declare other types */
+
+#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \
+	(flags), (tag), offsetof(stname, field),\
+	#field, ASN1_ITEM_ref(type) }
+
+/* used when the structure is combined with the parent */
+
+#define ASN1_EX_COMBINE(flags, tag, type) { \
+	(flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) }
+
+/* implicit and explicit helper macros */
+
+#define ASN1_IMP_EX(stname, field, type, tag, ex) \
+		ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type)
+
+#define ASN1_EXP_EX(stname, field, type, tag, ex) \
+		ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type)
+
+/* Any defined by macros: the field used is in the table itself */
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+#else
+#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb }
+#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb }
+#endif
+/* Plain simple type */
+#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
+
+/* OPTIONAL simple type */
+#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* IMPLICIT tagged simple type */
+#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)
+
+/* IMPLICIT tagged OPTIONAL simple type */
+#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+
+/* Same as above but EXPLICIT */
+
+#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)
+#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+
+/* SEQUENCE OF type */
+#define ASN1_SEQUENCE_OF(stname, field, type) \
+		ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)
+
+/* OPTIONAL SEQUENCE OF */
+#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \
+		ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* Same as above but for SET OF */
+
+#define ASN1_SET_OF(stname, field, type) \
+		ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)
+
+#define ASN1_SET_OF_OPT(stname, field, type) \
+		ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */
+
+#define ASN1_IMP_SET_OF(stname, field, type, tag) \
+			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+
+#define ASN1_EXP_SET_OF(stname, field, type, tag) \
+			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+
+#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \
+			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+
+#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \
+			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+
+#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \
+			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+
+#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \
+			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+
+#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \
+			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+
+#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
+			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+
+/* Macros for the ASN1_ADB structure */
+
+#define ASN1_ADB(name) \
+	const static ASN1_ADB_TABLE name##_adbtbl[] 
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
+	;\
+	const static ASN1_ADB name##_adb = {\
+		flags,\
+		offsetof(name, field),\
+		app_table,\
+		name##_adbtbl,\
+		sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+		def,\
+		none\
+	}
+
+#else
+
+#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
+	;\
+	const static ASN1_ITEM *name##_adb(void) \
+	{ \
+	const static ASN1_ADB internal_adb = \
+		{\
+		flags,\
+		offsetof(name, field),\
+		app_table,\
+		name##_adbtbl,\
+		sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+		def,\
+		none\
+		}; \
+		return (const ASN1_ITEM *) &internal_adb; \
+	} \
+	void dummy_function(void)
+
+#endif
+
+#define ADB_ENTRY(val, template) {val, template}
+
+#define ASN1_ADB_TEMPLATE(name) \
+	const static ASN1_TEMPLATE name##_tt 
+
+/* This is the ASN1 template structure that defines
+ * a wrapper round the actual type. It determines the
+ * actual position of the field in the value structure,
+ * various flags such as OPTIONAL and the field name.
+ */
+
+struct ASN1_TEMPLATE_st {
+unsigned long flags;		/* Various flags */
+long tag;			/* tag, not used if no tagging */
+unsigned long offset;		/* Offset of this field in structure */
+#ifndef NO_ASN1_FIELD_NAMES
+char *field_name;		/* Field name */
+#endif
+ASN1_ITEM_EXP *item;		/* Relevant ASN1_ITEM or ASN1_ADB */
+};
+
+/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */
+
+#define ASN1_TEMPLATE_item(t) (t->item_ptr)
+#define ASN1_TEMPLATE_adb(t) (t->item_ptr)
+
+typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE;
+typedef struct ASN1_ADB_st ASN1_ADB;
+
+struct ASN1_ADB_st {
+	unsigned long flags;	/* Various flags */
+	unsigned long offset;	/* Offset of selector field */
+	STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */
+	const ASN1_ADB_TABLE *tbl;	/* Table of possible types */
+	long tblcount;		/* Number of entries in tbl */
+	const ASN1_TEMPLATE *default_tt;  /* Type to use if no match */
+	const ASN1_TEMPLATE *null_tt;  /* Type to use if selector is NULL */
+};
+
+struct ASN1_ADB_TABLE_st {
+	long value;		/* NID for an object or value for an int */
+	const ASN1_TEMPLATE tt;		/* item for this value */
+};
+
+/* template flags */
+
+/* Field is optional */
+#define ASN1_TFLG_OPTIONAL	(0x1)
+
+/* Field is a SET OF */
+#define ASN1_TFLG_SET_OF	(0x1 << 1)
+
+/* Field is a SEQUENCE OF */
+#define ASN1_TFLG_SEQUENCE_OF	(0x2 << 1)
+
+/* Special case: this refers to a SET OF that
+ * will be sorted into DER order when encoded *and*
+ * the corresponding STACK will be modified to match
+ * the new order.
+ */
+#define ASN1_TFLG_SET_ORDER	(0x3 << 1)
+
+/* Mask for SET OF or SEQUENCE OF */
+#define ASN1_TFLG_SK_MASK	(0x3 << 1)
+
+/* These flags mean the tag should be taken from the
+ * tag field. If EXPLICIT then the underlying type
+ * is used for the inner tag.
+ */
+
+/* IMPLICIT tagging */
+#define ASN1_TFLG_IMPTAG	(0x1 << 3)
+
+
+/* EXPLICIT tagging, inner tag from underlying type */
+#define ASN1_TFLG_EXPTAG	(0x2 << 3)
+
+#define ASN1_TFLG_TAG_MASK	(0x3 << 3)
+
+/* context specific IMPLICIT */
+#define ASN1_TFLG_IMPLICIT	ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT
+
+/* context specific EXPLICIT */
+#define ASN1_TFLG_EXPLICIT	ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT
+
+/* If tagging is in force these determine the
+ * type of tag to use. Otherwise the tag is
+ * determined by the underlying type. These 
+ * values reflect the actual octet format.
+ */
+
+/* Universal tag */ 
+#define ASN1_TFLG_UNIVERSAL	(0x0<<6)
+/* Application tag */ 
+#define ASN1_TFLG_APPLICATION	(0x1<<6)
+/* Context specific tag */ 
+#define ASN1_TFLG_CONTEXT	(0x2<<6)
+/* Private tag */ 
+#define ASN1_TFLG_PRIVATE	(0x3<<6)
+
+#define ASN1_TFLG_TAG_CLASS	(0x3<<6)
+
+/* These are for ANY DEFINED BY type. In this case
+ * the 'item' field points to an ASN1_ADB structure
+ * which contains a table of values to decode the
+ * relevant type
+ */
+
+#define ASN1_TFLG_ADB_MASK	(0x3<<8)
+
+#define ASN1_TFLG_ADB_OID	(0x1<<8)
+
+#define ASN1_TFLG_ADB_INT	(0x1<<9)
+
+/* This flag means a parent structure is passed
+ * instead of the field: this is useful is a
+ * SEQUENCE is being combined with a CHOICE for
+ * example. Since this means the structure and
+ * item name will differ we need to use the
+ * ASN1_CHOICE_END_name() macro for example.
+ */
+
+#define ASN1_TFLG_COMBINE	(0x1<<10)
+
+/* This is the actual ASN1 item itself */
+
+struct ASN1_ITEM_st {
+char itype;			/* The item type, primitive, SEQUENCE, CHOICE or extern */
+long utype;			/* underlying type */
+const ASN1_TEMPLATE *templates;	/* If SEQUENCE or CHOICE this contains the contents */
+long tcount;			/* Number of templates if SEQUENCE or CHOICE */
+const void *funcs;		/* functions that handle this type */
+long size;			/* Structure size (usually)*/
+#ifndef NO_ASN1_FIELD_NAMES
+const char *sname;		/* Structure name */
+#endif
+};
+
+/* These are values for the itype field and
+ * determine how the type is interpreted.
+ *
+ * For PRIMITIVE types the underlying type
+ * determines the behaviour if items is NULL.
+ *
+ * Otherwise templates must contain a single 
+ * template and the type is treated in the
+ * same way as the type specified in the template.
+ *
+ * For SEQUENCE types the templates field points
+ * to the members, the size field is the
+ * structure size.
+ *
+ * For CHOICE types the templates field points
+ * to each possible member (typically a union)
+ * and the 'size' field is the offset of the
+ * selector.
+ *
+ * The 'funcs' field is used for application
+ * specific functions. 
+ *
+ * For COMPAT types the funcs field gives a
+ * set of functions that handle this type, this
+ * supports the old d2i, i2d convention.
+ *
+ * The EXTERN type uses a new style d2i/i2d.
+ * The new style should be used where possible
+ * because it avoids things like the d2i IMPLICIT
+ * hack.
+ *
+ * MSTRING is a multiple string type, it is used
+ * for a CHOICE of character strings where the
+ * actual strings all occupy an ASN1_STRING
+ * structure. In this case the 'utype' field
+ * has a special meaning, it is used as a mask
+ * of acceptable types using the B_ASN1 constants.
+ *
+ */
+
+#define ASN1_ITYPE_PRIMITIVE	0x0
+
+#define ASN1_ITYPE_SEQUENCE	0x1
+
+#define ASN1_ITYPE_CHOICE	0x2
+
+#define ASN1_ITYPE_COMPAT	0x3
+
+#define ASN1_ITYPE_EXTERN	0x4
+
+#define ASN1_ITYPE_MSTRING	0x5
+
+/* Cache for ASN1 tag and length, so we
+ * don't keep re-reading it for things
+ * like CHOICE
+ */
+
+struct ASN1_TLC_st{
+	char valid;	/* Values below are valid */
+	int ret;	/* return value */
+	long plen;	/* length */
+	int ptag;	/* class value */
+	int pclass;	/* class value */
+	int hdrlen;	/* header length */
+};
+
+/* Typedefs for ASN1 function pointers */
+
+typedef ASN1_VALUE * ASN1_new_func(void);
+typedef void ASN1_free_func(ASN1_VALUE *a);
+typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, unsigned char ** in, long length);
+typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in);
+
+typedef int ASN1_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
+					int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+typedef struct ASN1_COMPAT_FUNCS_st {
+	ASN1_new_func *asn1_new;
+	ASN1_free_func *asn1_free;
+	ASN1_d2i_func *asn1_d2i;
+	ASN1_i2d_func *asn1_i2d;
+} ASN1_COMPAT_FUNCS;
+
+typedef struct ASN1_EXTERN_FUNCS_st {
+	void *app_data;
+	ASN1_ex_new_func *asn1_ex_new;
+	ASN1_ex_free_func *asn1_ex_free;
+	ASN1_ex_free_func *asn1_ex_clear;
+	ASN1_ex_d2i *asn1_ex_d2i;
+	ASN1_ex_i2d *asn1_ex_i2d;
+} ASN1_EXTERN_FUNCS;
+
+typedef struct ASN1_PRIMITIVE_FUNCS_st {
+	void *app_data;
+	unsigned long flags;
+	ASN1_ex_new_func *prim_new;
+	ASN1_ex_free_func *prim_free;
+	ASN1_ex_free_func *prim_clear;
+	ASN1_primitive_c2i *prim_c2i;
+	ASN1_primitive_i2c *prim_i2c;
+} ASN1_PRIMITIVE_FUNCS;
+
+/* This is the ASN1_AUX structure: it handles various
+ * miscellaneous requirements. For example the use of
+ * reference counts and an informational callback.
+ *
+ * The "informational callback" is called at various
+ * points during the ASN1 encoding and decoding. It can
+ * be used to provide minor customisation of the structures
+ * used. This is most useful where the supplied routines
+ * *almost* do the right thing but need some extra help
+ * at a few points. If the callback returns zero then
+ * it is assumed a fatal error has occurred and the 
+ * main operation should be abandoned.
+ *
+ * If major changes in the default behaviour are required
+ * then an external type is more appropriate.
+ */
+
+typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it);
+
+typedef struct ASN1_AUX_st {
+	void *app_data;
+	int flags;
+	int ref_offset;		/* Offset of reference value */
+	int ref_lock;		/* Lock type to use */
+	ASN1_aux_cb *asn1_cb;
+	int enc_offset;		/* Offset of ASN1_ENCODING structure */
+} ASN1_AUX;
+
+/* Flags in ASN1_AUX */
+
+/* Use a reference count */
+#define ASN1_AFLG_REFCOUNT	1
+/* Save the encoding of structure (useful for signatures) */
+#define ASN1_AFLG_ENCODING	2
+/* The Sequence length is invalid */
+#define ASN1_AFLG_BROKEN	4
+
+/* operation values for asn1_cb */
+
+#define ASN1_OP_NEW_PRE		0
+#define ASN1_OP_NEW_POST	1
+#define ASN1_OP_FREE_PRE	2
+#define ASN1_OP_FREE_POST	3
+#define ASN1_OP_D2I_PRE		4
+#define ASN1_OP_D2I_POST	5
+#define ASN1_OP_I2D_PRE		6
+#define ASN1_OP_I2D_POST	7
+
+/* Macro to implement a primitive type */
+#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
+#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \
+				ASN1_ITEM_start(itname) \
+					ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \
+				ASN1_ITEM_end(itname)
+
+/* Macro to implement a multi string type */
+#define IMPLEMENT_ASN1_MSTRING(itname, mask) \
+				ASN1_ITEM_start(itname) \
+					ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
+				ASN1_ITEM_end(itname)
+
+/* Macro to implement an ASN1_ITEM in terms of old style funcs */
+
+#define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE)
+
+#define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \
+	static const ASN1_COMPAT_FUNCS sname##_ff = { \
+		(ASN1_new_func *)sname##_new, \
+		(ASN1_free_func *)sname##_free, \
+		(ASN1_d2i_func *)d2i_##sname, \
+		(ASN1_i2d_func *)i2d_##sname, \
+	}; \
+	ASN1_ITEM_start(sname) \
+		ASN1_ITYPE_COMPAT, \
+		tag, \
+		NULL, \
+		0, \
+		&sname##_ff, \
+		0, \
+		#sname \
+	ASN1_ITEM_end(sname)
+
+#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
+	ASN1_ITEM_start(sname) \
+		ASN1_ITYPE_EXTERN, \
+		tag, \
+		NULL, \
+		0, \
+		&fptrs, \
+		0, \
+		#sname \
+	ASN1_ITEM_end(sname)
+
+/* Macro to implement standard functions in terms of ASN1_ITEM structures */
+
+#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
+
+#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)
+
+#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
+			IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
+
+#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
+	stname *fname##_new(void) \
+	{ \
+		return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
+	} \
+	void fname##_free(stname *a) \
+	{ \
+		ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
+	}
+
+#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \
+	IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+	IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+
+#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+	stname *d2i_##fname(stname **a, unsigned char **in, long len) \
+	{ \
+		return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
+	} \
+	int i2d_##fname(stname *a, unsigned char **out) \
+	{ \
+		return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+	} 
+
+/* This includes evil casts to remove const: they will go away when full
+ * ASN1 constification is done.
+ */
+#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+	stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
+	{ \
+		return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, (unsigned char **)in, len, ASN1_ITEM_rptr(itname));\
+	} \
+	int i2d_##fname(const stname *a, unsigned char **out) \
+	{ \
+		return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+	} 
+
+#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \
+	stname * stname##_dup(stname *x) \
+        { \
+        return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
+        }
+
+#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
+		IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
+
+#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \
+	IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+	IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+
+/* external definitions for primitive types */
+
+DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_ANY)
+DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
+DECLARE_ASN1_ITEM(CBIGNUM)
+DECLARE_ASN1_ITEM(BIGNUM)
+DECLARE_ASN1_ITEM(LONG)
+DECLARE_ASN1_ITEM(ZLONG)
+
+DECLARE_STACK_OF(ASN1_VALUE)
+
+/* Functions used internally by the ASN1 code */
+
+int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+int ASN1_template_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt);
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
+				int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt);
+void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it);
+
+ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr);
+
+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
+
+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_enc_save(ASN1_VALUE **pval, unsigned char *in, int inlen, const ASN1_ITEM *it);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/openssl/crypto/asn1/asn_moid.c b/crypto/openssl/crypto/asn1/asn_moid.c
new file mode 100644
index 000000000000..be20db4bad7f
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/asn_moid.c
@@ -0,0 +1,95 @@
+/* asn_moid.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+
+/* Simple ASN1 OID module: add all objects in a given section */
+
+static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
+	{
+	int i;
+	const char *oid_section;
+	STACK_OF(CONF_VALUE) *sktmp;
+	CONF_VALUE *oval;
+	oid_section = CONF_imodule_get_value(md);
+	if(!(sktmp = NCONF_get_section(cnf, oid_section)))
+		{
+		ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
+		return 0;
+		}
+	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++)
+		{
+		oval = sk_CONF_VALUE_value(sktmp, i);
+		if(OBJ_create(oval->value, oval->name, oval->name) == NID_undef)
+			{
+			ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT);
+			return 0;
+			}
+		}
+	return 1;
+}
+
+void ASN1_add_oid_module(void)
+	{
+	CONF_module_add("oid_section", oid_module_init, 0);
+	}
diff --git a/crypto/openssl/crypto/asn1/asn_pack.c b/crypto/openssl/crypto/asn1/asn_pack.c
index bdf5f130b3a3..e6051db2dc98 100644
--- a/crypto/openssl/crypto/asn1/asn_pack.c
+++ b/crypto/openssl/crypto/asn1/asn_pack.c
@@ -60,6 +60,8 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 
+#ifndef NO_ASN1_OLD
+
 /* ASN1 packing and unpacking functions */
 
 /* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
@@ -117,7 +119,7 @@ void *ASN1_unpack_string (ASN1_STRING *oct, char *(*d2i)())
 
 /* Pack an ASN1 object into an ASN1_STRING */
 
-ASN1_STRING *ASN1_pack_string (void *obj, int (*i2d)(), ASN1_STRING **oct)
+ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_STRING **oct)
 {
 	unsigned char *p;
 	ASN1_STRING *octmp;
@@ -143,3 +145,47 @@ ASN1_STRING *ASN1_pack_string (void *obj, int (*i2d)(), ASN1_STRING **oct)
 	return octmp;
 }
 
+#endif
+
+/* ASN1_ITEM versions of the above */
+
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
+{
+	ASN1_STRING *octmp;
+
+	if (!oct || !*oct) {
+		if (!(octmp = ASN1_STRING_new ())) {
+			ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+			return NULL;
+		}
+		if (oct) *oct = octmp;
+	} else octmp = *oct;
+
+	if(octmp->data) {
+		OPENSSL_free(octmp->data);
+		octmp->data = NULL;
+	}
+		
+	if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) {
+		ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
+		return NULL;
+	}
+	if (!octmp->data) {
+		ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	return octmp;
+}
+
+/* Extract an ASN1 object from an ASN1_STRING */
+
+void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it)
+{
+	unsigned char *p;
+	void *ret;
+
+	p = oct->data;
+	if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))
+		ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR);
+	return ret;
+}
diff --git a/crypto/openssl/crypto/asn1/d2i_pr.c b/crypto/openssl/crypto/asn1/d2i_pr.c
index c92b8325d8f3..2e7d96af904a 100644
--- a/crypto/openssl/crypto/asn1/d2i_pr.c
+++ b/crypto/openssl/crypto/asn1/d2i_pr.c
@@ -62,6 +62,12 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/asn1.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
 
 EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp,
 	     long length)
@@ -82,18 +88,20 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp,
 	ret->type=EVP_PKEY_type(type);
 	switch (ret->type)
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	case EVP_PKEY_RSA:
-		if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,pp,length)) == NULL)
+		if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,
+			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
 			{
 			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
 			goto err;
 			}
 		break;
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	case EVP_PKEY_DSA:
-		if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,pp,length)) == NULL)
+		if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,
+			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
 			{
 			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
 			goto err;
diff --git a/crypto/openssl/crypto/asn1/d2i_pu.c b/crypto/openssl/crypto/asn1/d2i_pu.c
index e0d203cef735..71f2eb361bd4 100644
--- a/crypto/openssl/crypto/asn1/d2i_pu.c
+++ b/crypto/openssl/crypto/asn1/d2i_pu.c
@@ -62,6 +62,12 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/asn1.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
 
 EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp,
 	     long length)
@@ -82,18 +88,20 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp,
 	ret->type=EVP_PKEY_type(type);
 	switch (ret->type)
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	case EVP_PKEY_RSA:
-		if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,pp,length)) == NULL)
+		if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,
+			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
 			{
 			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
 			goto err;
 			}
 		break;
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	case EVP_PKEY_DSA:
-		if ((ret->pkey.dsa=d2i_DSAPublicKey(NULL,pp,length)) == NULL)
+		if ((ret->pkey.dsa=d2i_DSAPublicKey(NULL,
+			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
 			{
 			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
 			goto err;
diff --git a/crypto/openssl/crypto/asn1/f_int.c b/crypto/openssl/crypto/asn1/f_int.c
index 6b090f6740c2..9494e597abc3 100644
--- a/crypto/openssl/crypto/asn1/f_int.c
+++ b/crypto/openssl/crypto/asn1/f_int.c
@@ -69,10 +69,16 @@ int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
 
 	if (a == NULL) return(0);
 
+	if (a->type & V_ASN1_NEG)
+		{
+		if (BIO_write(bp, "-", 1) != 1) goto err;
+		n = 1;
+		}
+
 	if (a->length == 0)
 		{
 		if (BIO_write(bp,"00",2) != 2) goto err;
-		n=2;
+		n += 2;
 		}
 	else
 		{
@@ -163,8 +169,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
 				sp=(unsigned char *)OPENSSL_malloc(
 					(unsigned int)num+i*2);
 			else
-				sp=(unsigned char *)OPENSSL_realloc(s,
-					(unsigned int)num+i*2);
+				sp=OPENSSL_realloc_clean(s,slen,num+i*2);
 			if (sp == NULL)
 				{
 				ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
diff --git a/crypto/openssl/crypto/asn1/i2d_pr.c b/crypto/openssl/crypto/asn1/i2d_pr.c
index 71d6910204a1..1e951ae01d3b 100644
--- a/crypto/openssl/crypto/asn1/i2d_pr.c
+++ b/crypto/openssl/crypto/asn1/i2d_pr.c
@@ -61,17 +61,23 @@
 #include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
 
 int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
 	{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (a->type == EVP_PKEY_RSA)
 		{
 		return(i2d_RSAPrivateKey(a->pkey.rsa,pp));
 		}
 	else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	if (a->type == EVP_PKEY_DSA)
 		{
 		return(i2d_DSAPrivateKey(a->pkey.dsa,pp));
diff --git a/crypto/openssl/crypto/asn1/i2d_pu.c b/crypto/openssl/crypto/asn1/i2d_pu.c
index 8f73d37d033b..013d19bbf418 100644
--- a/crypto/openssl/crypto/asn1/i2d_pu.c
+++ b/crypto/openssl/crypto/asn1/i2d_pu.c
@@ -61,16 +61,22 @@
 #include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
 
 int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
 	{
 	switch (a->type)
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	case EVP_PKEY_RSA:
 		return(i2d_RSAPublicKey(a->pkey.rsa,pp));
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	case EVP_PKEY_DSA:
 		return(i2d_DSAPublicKey(a->pkey.dsa,pp));
 #endif
diff --git a/crypto/openssl/crypto/asn1/n_pkey.c b/crypto/openssl/crypto/asn1/n_pkey.c
index 984019353899..766b51c53830 100644
--- a/crypto/openssl/crypto/asn1/n_pkey.c
+++ b/crypto/openssl/crypto/asn1/n_pkey.c
@@ -56,110 +56,138 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
+#include <openssl/asn1t.h>
 #include <openssl/asn1_mac.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 
 
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 
 typedef struct netscape_pkey_st
 	{
-	ASN1_INTEGER *version;
+	long version;
 	X509_ALGOR *algor;
 	ASN1_OCTET_STRING *private_key;
 	} NETSCAPE_PKEY;
 
-static int i2d_NETSCAPE_PKEY(NETSCAPE_PKEY *a, unsigned char **pp);
-static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a,unsigned char **pp, long length);
-static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void);
-static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *);
+typedef struct netscape_encrypted_pkey_st
+	{
+	ASN1_OCTET_STRING *os;
+	/* This is the same structure as DigestInfo so use it:
+	 * although this isn't really anything to do with
+	 * digests.
+	 */
+	X509_SIG *enckey;
+	} NETSCAPE_ENCRYPTED_PKEY;
+
+
+ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
+	ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
+	ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
+} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
 
-int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
+ASN1_SEQUENCE(NETSCAPE_PKEY) = {
+	ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
+	ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
+	ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_PKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+
+static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
+	     int (*cb)(), int sgckey);
+
+int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)())
 {
 	return i2d_RSA_NET(a, pp, cb, 0);
 }
 
-int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
+int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
 	{
-	int i,j,l[6];
-	NETSCAPE_PKEY *pkey;
+	int i, j, ret = 0;
+	int rsalen, pkeylen, olen;
+	NETSCAPE_PKEY *pkey = NULL;
+	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
 	unsigned char buf[256],*zz;
 	unsigned char key[EVP_MAX_KEY_LENGTH];
 	EVP_CIPHER_CTX ctx;
-	X509_ALGOR *alg=NULL;
-	ASN1_OCTET_STRING os,os2;
-	M_ASN1_I2D_vars(a);
 
 	if (a == NULL) return(0);
 
-#ifdef WIN32
-	r=r; /* shut the damn compiler up :-) */
-#endif
-
-	os.data=os2.data=NULL;
 	if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;
-	if (!ASN1_INTEGER_set(pkey->version,0)) goto err;
+	if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err;
+	pkey->version = 0;
 
-	if (pkey->algor->algorithm != NULL)
-		ASN1_OBJECT_free(pkey->algor->algorithm);
 	pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
 	if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
 	pkey->algor->parameter->type=V_ASN1_NULL;
 
-	l[0]=i2d_RSAPrivateKey(a,NULL);
-	pkey->private_key->length=l[0];
+	rsalen = i2d_RSAPrivateKey(a, NULL);
 
-	os2.length=i2d_NETSCAPE_PKEY(pkey,NULL);
-	l[1]=i2d_ASN1_OCTET_STRING(&os2,NULL);
+	/* Fake some octet strings just for the initial length
+	 * calculation.
+ 	 */
 
-	if ((alg=X509_ALGOR_new()) == NULL) goto err;
-	if (alg->algorithm != NULL)
-		ASN1_OBJECT_free(alg->algorithm);
-	alg->algorithm=OBJ_nid2obj(NID_rc4);
-	if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err;
-	alg->parameter->type=V_ASN1_NULL;
+	pkey->private_key->length=rsalen;
 
-	l[2]=i2d_X509_ALGOR(alg,NULL);
-	l[3]=ASN1_object_size(1,l[2]+l[1],V_ASN1_SEQUENCE);
+	pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);
 
-#ifndef CONST_STRICT
-	os.data=(unsigned char *)"private-key";
-#endif
-	os.length=11;
-	l[4]=i2d_ASN1_OCTET_STRING(&os,NULL);
+	enckey->enckey->digest->length = pkeylen;
 
-	l[5]=ASN1_object_size(1,l[4]+l[3],V_ASN1_SEQUENCE);
+	enckey->os->length = 11;	/* "private-key" */
+
+	enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4);
+	if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
+	enckey->enckey->algor->parameter->type=V_ASN1_NULL;
 
 	if (pp == NULL)
 		{
-		if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
-		if (alg != NULL) X509_ALGOR_free(alg);
-		return(l[5]);
+		olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
+		NETSCAPE_PKEY_free(pkey);
+		NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+		return olen;
 		}
 
-	if (pkey->private_key->data != NULL)
-		OPENSSL_free(pkey->private_key->data);
-	if ((pkey->private_key->data=(unsigned char *)OPENSSL_malloc(l[0])) == NULL)
+
+	/* Since its RC4 encrypted length is actual length */
+	if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL)
 		{
 		ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
-	zz=pkey->private_key->data;
+
+	pkey->private_key->data = zz;
+	/* Write out private key encoding */
 	i2d_RSAPrivateKey(a,&zz);
 
-	if ((os2.data=(unsigned char *)OPENSSL_malloc(os2.length)) == NULL)
+	if ((zz=OPENSSL_malloc(pkeylen)) == NULL)
 		{
 		ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
-	zz=os2.data;
+
+	if (!ASN1_STRING_set(enckey->os, "private-key", -1)) 
+		{
+		ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	enckey->enckey->digest->data = zz;
 	i2d_NETSCAPE_PKEY(pkey,&zz);
+
+	/* Wipe the private key encoding */
+	OPENSSL_cleanse(pkey->private_key->data, rsalen);
 		
 	if (cb == NULL)
 		cb=EVP_read_pw_string;
@@ -171,109 +199,86 @@ int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
 		}
 	i = strlen((char *)buf);
 	/* If the key is used for SGC the algorithm is modified a little. */
-	if(sgckey){
-		EVP_MD_CTX mctx;
-		EVP_DigestInit(&mctx, EVP_md5());
-		EVP_DigestUpdate(&mctx, buf, i);
-		EVP_DigestFinal(&mctx, buf, NULL);
+	if(sgckey) {
+		EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
 		memcpy(buf + 16, "SGCKEYSALT", 10);
 		i = 26;
 	}
-		
+
 	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
-	memset(buf,0,256);
+	OPENSSL_cleanse(buf,256);
 
+	/* Encrypt private key in place */
+	zz = enckey->enckey->digest->data;
 	EVP_CIPHER_CTX_init(&ctx);
-	EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
-	EVP_EncryptUpdate(&ctx,os2.data,&i,os2.data,os2.length);
-	EVP_EncryptFinal(&ctx,&(os2.data[i]),&j);
+	EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL);
+	EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen);
+	EVP_EncryptFinal_ex(&ctx,zz + i,&j);
 	EVP_CIPHER_CTX_cleanup(&ctx);
 
-	p= *pp;
-	ASN1_put_object(&p,1,l[4]+l[3],V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-	i2d_ASN1_OCTET_STRING(&os,&p);
-	ASN1_put_object(&p,1,l[2]+l[1],V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-	i2d_X509_ALGOR(alg,&p);
-	i2d_ASN1_OCTET_STRING(&os2,&p);
-	ret=l[5];
+	ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
 err:
-	if (os2.data != NULL) OPENSSL_free(os2.data);
-	if (alg != NULL) X509_ALGOR_free(alg);
-	if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
-	r=r;
+	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+	NETSCAPE_PKEY_free(pkey);
 	return(ret);
 	}
 
 
-RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)())
+RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)())
 {
 	return d2i_RSA_NET(a, pp, length, cb, 0);
 }
 
-RSA *d2i_RSA_NET(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey)
+RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey)
 	{
 	RSA *ret=NULL;
-	ASN1_OCTET_STRING *os=NULL;
-	ASN1_CTX c;
+	const unsigned char *p, *kp;
+	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
+
+	p = *pp;
 
-	c.pp=pp;
-	c.error=ASN1_R_DECODING_ERROR;
+	enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
+	if(!enckey) {
+		ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_DECODING_ERROR);
+		return NULL;
+	}
 
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(os,d2i_ASN1_OCTET_STRING);
-	if ((os->length != 11) || (strncmp("private-key",
-		(char *)os->data,os->length) != 0))
+	if ((enckey->os->length != 11) || (strncmp("private-key",
+		(char *)enckey->os->data,11) != 0))
 		{
 		ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
-		M_ASN1_BIT_STRING_free(os);
-		goto err;
+		NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+		return NULL;
 		}
-	M_ASN1_BIT_STRING_free(os);
-	c.q=c.p;
-	if ((ret=d2i_RSA_NET_2(a,&c.p,c.slen,cb, sgckey)) == NULL) goto err;
-	/* Note: some versions of IIS key files use length values that are
-	 * too small for the surrounding SEQUENCEs. This following line
-	 * effectively disable length checking.
-	 */
-	c.slen = 0;
-
-	M_ASN1_D2I_Finish(a,RSA_free,ASN1_F_D2I_NETSCAPE_RSA);
+	if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4)
+		{
+		ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
+		goto err;
 	}
+	kp = enckey->enckey->digest->data;
+	if (cb == NULL)
+		cb=EVP_read_pw_string;
+	if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;
 
-RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length,
-	     int (*cb)())
-{
-	return d2i_RSA_NET_2(a, pp, length, cb, 0);
-}
+	*pp = p;
 
-RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
+	err:
+	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+	return ret;
+
+	}
+
+static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
 	     int (*cb)(), int sgckey)
 	{
 	NETSCAPE_PKEY *pkey=NULL;
 	RSA *ret=NULL;
 	int i,j;
-	unsigned char buf[256],*zz;
+	unsigned char buf[256];
+	const unsigned char *zz;
 	unsigned char key[EVP_MAX_KEY_LENGTH];
 	EVP_CIPHER_CTX ctx;
-	X509_ALGOR *alg=NULL;
-	ASN1_OCTET_STRING *os=NULL;
-	ASN1_CTX c;
 
-	c.error=ERR_R_NESTED_ASN1_ERROR;
-	c.pp=pp;
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(alg,d2i_X509_ALGOR);
-	if (OBJ_obj2nid(alg->algorithm) != NID_rc4)
-		{
-		ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
-		goto err;
-		}
-	M_ASN1_D2I_get(os,d2i_ASN1_OCTET_STRING);
-	if (cb == NULL)
-		cb=EVP_read_pw_string;
 	i=cb(buf,256,"Enter Private Key password:",0);
 	if (i != 0)
 		{
@@ -283,21 +288,18 @@ RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
 
 	i = strlen((char *)buf);
 	if(sgckey){
-		EVP_MD_CTX mctx;
-		EVP_DigestInit(&mctx, EVP_md5());
-		EVP_DigestUpdate(&mctx, buf, i);
-		EVP_DigestFinal(&mctx, buf, NULL);
+		EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
 		memcpy(buf + 16, "SGCKEYSALT", 10);
 		i = 26;
 	}
 		
 	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
-	memset(buf,0,256);
+	OPENSSL_cleanse(buf,256);
 
 	EVP_CIPHER_CTX_init(&ctx);
-	EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
+	EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
 	EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
-	EVP_DecryptFinal(&ctx,&(os->data[i]),&j);
+	EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j);
 	EVP_CIPHER_CTX_cleanup(&ctx);
 	os->length=i+j;
 
@@ -315,71 +317,14 @@ RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
 		ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
 		goto err;
 		}
-	if (!asn1_Finish(&c)) goto err;
-	*pp=c.p;
 err:
-	if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
-	if (os != NULL) M_ASN1_BIT_STRING_free(os);
-	if (alg != NULL) X509_ALGOR_free(alg);
+	NETSCAPE_PKEY_free(pkey);
 	return(ret);
 	}
 
-static int i2d_NETSCAPE_PKEY(NETSCAPE_PKEY *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
-
-
-	M_ASN1_I2D_len(a->version,	i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len(a->algor,	i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->private_key,	i2d_ASN1_OCTET_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->version,	i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put(a->algor,	i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->private_key,	i2d_ASN1_OCTET_STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a, unsigned char **pp,
-	     long length)
-	{
-	M_ASN1_D2I_vars(a,NETSCAPE_PKEY *,NETSCAPE_PKEY_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->private_key,d2i_ASN1_OCTET_STRING);
-	M_ASN1_D2I_Finish(a,NETSCAPE_PKEY_free,ASN1_F_D2I_NETSCAPE_PKEY);
-	}
-
-static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void)
-	{
-	NETSCAPE_PKEY *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,NETSCAPE_PKEY);
-	M_ASN1_New(ret->version,M_ASN1_INTEGER_new);
-	M_ASN1_New(ret->algor,X509_ALGOR_new);
-	M_ASN1_New(ret->private_key,M_ASN1_OCTET_STRING_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_NETSCAPE_PKEY_NEW);
-	}
-
-static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *a)
-	{
-	if (a == NULL) return;
-	M_ASN1_INTEGER_free(a->version);
-	X509_ALGOR_free(a->algor);
-	M_ASN1_OCTET_STRING_free(a->private_key);
-	OPENSSL_free(a);
-	}
-
-#endif /* NO_RC4 */
+#endif /* OPENSSL_NO_RC4 */
 
-#else /* !NO_RSA */
+#else /* !OPENSSL_NO_RSA */
 
 # if PEDANTIC
 static void *dummy=&dummy;
diff --git a/crypto/openssl/crypto/asn1/nsseq.c b/crypto/openssl/crypto/asn1/nsseq.c
index 6e7f09ba236e..50e2d4d07a13 100644
--- a/crypto/openssl/crypto/asn1/nsseq.c
+++ b/crypto/openssl/crypto/asn1/nsseq.c
@@ -58,61 +58,25 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include <openssl/asn1_mac.h>
-#include <openssl/err.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/objects.h>
 
-/* Netscape certificate sequence structure */
-
-int i2d_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE *a, unsigned char **pp)
+static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	int v = 0;
-	M_ASN1_I2D_vars(a);
-	M_ASN1_I2D_len (a->type, i2d_ASN1_OBJECT);
-	M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509,a->certs,i2d_X509,0,
-					     V_ASN1_SEQUENCE,v);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put (a->type, i2d_ASN1_OBJECT);
-	M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509,a->certs,i2d_X509,0,
-					     V_ASN1_SEQUENCE,v);
-
-	M_ASN1_I2D_finish();
+	if(operation == ASN1_OP_NEW_POST) {
+		NETSCAPE_CERT_SEQUENCE *nsseq;
+		nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval;
+		nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence);
+	}
+	return 1;
 }
 
-NETSCAPE_CERT_SEQUENCE *NETSCAPE_CERT_SEQUENCE_new(void)
-{
-	NETSCAPE_CERT_SEQUENCE *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, NETSCAPE_CERT_SEQUENCE);
-	/* Note hardcoded object type */
-	ret->type = OBJ_nid2obj(NID_netscape_cert_sequence);
-	ret->certs = NULL;
-	return (ret);
-	M_ASN1_New_Error(ASN1_F_NETSCAPE_CERT_SEQUENCE_NEW);
-}
+/* Netscape certificate sequence structure */
 
-NETSCAPE_CERT_SEQUENCE *d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE **a,
-	     unsigned char **pp, long length)
-{
-	M_ASN1_D2I_vars(a,NETSCAPE_CERT_SEQUENCE *,
-					NETSCAPE_CERT_SEQUENCE_new);
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get (ret->type, d2i_ASN1_OBJECT);
-	M_ASN1_D2I_get_EXP_set_opt_type(X509,ret->certs,d2i_X509,X509_free,0,
-					V_ASN1_SEQUENCE);
-	M_ASN1_D2I_Finish(a, NETSCAPE_CERT_SEQUENCE_free,
-			  ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE);
-}
+ASN1_SEQUENCE_cb(NETSCAPE_CERT_SEQUENCE, nsseq_cb) = {
+	ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT),
+	ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0)
+} ASN1_SEQUENCE_END_cb(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
 
-void NETSCAPE_CERT_SEQUENCE_free (NETSCAPE_CERT_SEQUENCE *a)
-{
-	if (a == NULL) return;
-	ASN1_OBJECT_free(a->type);
-	if(a->certs)
-	    sk_X509_pop_free(a->certs, X509_free);
-	OPENSSL_free (a);
-}
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
diff --git a/crypto/openssl/crypto/asn1/p5_pbe.c b/crypto/openssl/crypto/asn1/p5_pbe.c
index b7ed538eb2c8..891150638e99 100644
--- a/crypto/openssl/crypto/asn1/p5_pbe.c
+++ b/crypto/openssl/crypto/asn1/p5_pbe.c
@@ -58,53 +58,18 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/rand.h>
 
 /* PKCS#5 password based encryption structure */
 
-int i2d_PBEPARAM(PBEPARAM *a, unsigned char **pp)
-{
-	M_ASN1_I2D_vars(a);
-	M_ASN1_I2D_len (a->salt, i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_len (a->iter, i2d_ASN1_INTEGER);
-
-	M_ASN1_I2D_seq_total ();
-
-	M_ASN1_I2D_put (a->salt, i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_put (a->iter, i2d_ASN1_INTEGER);
-	M_ASN1_I2D_finish();
-}
-
-PBEPARAM *PBEPARAM_new(void)
-{
-	PBEPARAM *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, PBEPARAM);
-	M_ASN1_New(ret->iter,M_ASN1_INTEGER_new);
-	M_ASN1_New(ret->salt,M_ASN1_OCTET_STRING_new);
-	return (ret);
-	M_ASN1_New_Error(ASN1_F_PBEPARAM_NEW);
-}
-
-PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, unsigned char **pp, long length)
-{
-	M_ASN1_D2I_vars(a,PBEPARAM *,PBEPARAM_new);
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get (ret->salt, d2i_ASN1_OCTET_STRING);
-	M_ASN1_D2I_get (ret->iter, d2i_ASN1_INTEGER);
-	M_ASN1_D2I_Finish(a, PBEPARAM_free, ASN1_F_D2I_PBEPARAM);
-}
+ASN1_SEQUENCE(PBEPARAM) = {
+	ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING),
+	ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PBEPARAM)
 
-void PBEPARAM_free (PBEPARAM *a)
-{
-	if(a==NULL) return;
-	M_ASN1_OCTET_STRING_free(a->salt);
-	M_ASN1_INTEGER_free (a->iter);
-	OPENSSL_free (a);
-}
+IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
 
 /* Return an algorithm identifier for a PKCS#5 PBE algorithm */
 
diff --git a/crypto/openssl/crypto/asn1/p5_pbev2.c b/crypto/openssl/crypto/asn1/p5_pbev2.c
index 6a7b578c0e22..91e1c8987d35 100644
--- a/crypto/openssl/crypto/asn1/p5_pbev2.c
+++ b/crypto/openssl/crypto/asn1/p5_pbev2.c
@@ -58,108 +58,27 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/rand.h>
 
 /* PKCS#5 v2.0 password based encryption structures */
 
-int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **pp)
-{
-	M_ASN1_I2D_vars(a);
-	M_ASN1_I2D_len (a->keyfunc, i2d_X509_ALGOR);
-	M_ASN1_I2D_len (a->encryption, i2d_X509_ALGOR);
-
-	M_ASN1_I2D_seq_total ();
-
-	M_ASN1_I2D_put (a->keyfunc, i2d_X509_ALGOR);
-	M_ASN1_I2D_put (a->encryption, i2d_X509_ALGOR);
-
-	M_ASN1_I2D_finish();
-}
-
-PBE2PARAM *PBE2PARAM_new(void)
-{
-	PBE2PARAM *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, PBE2PARAM);
-	M_ASN1_New(ret->keyfunc,X509_ALGOR_new);
-	M_ASN1_New(ret->encryption,X509_ALGOR_new);
-	return (ret);
-	M_ASN1_New_Error(ASN1_F_PBE2PARAM_NEW);
-}
+ASN1_SEQUENCE(PBE2PARAM) = {
+	ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR),
+	ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBE2PARAM)
 
-PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, unsigned char **pp, long length)
-{
-	M_ASN1_D2I_vars(a,PBE2PARAM *,PBE2PARAM_new);
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get (ret->keyfunc, d2i_X509_ALGOR);
-	M_ASN1_D2I_get (ret->encryption, d2i_X509_ALGOR);
-	M_ASN1_D2I_Finish(a, PBE2PARAM_free, ASN1_F_D2I_PBE2PARAM);
-}
+IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM)
 
-void PBE2PARAM_free (PBE2PARAM *a)
-{
-	if(a==NULL) return;
-	X509_ALGOR_free(a->keyfunc);
-	X509_ALGOR_free(a->encryption);
-	OPENSSL_free (a);
-}
-
-int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **pp)
-{
-	M_ASN1_I2D_vars(a);
-	M_ASN1_I2D_len (a->salt, i2d_ASN1_TYPE);
-	M_ASN1_I2D_len (a->iter, i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len (a->keylength, i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len (a->prf, i2d_X509_ALGOR);
+ASN1_SEQUENCE(PBKDF2PARAM) = {
+	ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY),
+	ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER),
+	ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER),
+	ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBKDF2PARAM)
 
-	M_ASN1_I2D_seq_total ();
-
-	M_ASN1_I2D_put (a->salt, i2d_ASN1_TYPE);
-	M_ASN1_I2D_put (a->iter, i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put (a->keylength, i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put (a->prf, i2d_X509_ALGOR);
-
-	M_ASN1_I2D_finish();
-}
-
-PBKDF2PARAM *PBKDF2PARAM_new(void)
-{
-	PBKDF2PARAM *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, PBKDF2PARAM);
-	M_ASN1_New(ret->salt, ASN1_TYPE_new);
-	M_ASN1_New(ret->iter, M_ASN1_INTEGER_new);
-	ret->keylength = NULL;
-	ret->prf = NULL;
-	return (ret);
-	M_ASN1_New_Error(ASN1_F_PBKDF2PARAM_NEW);
-}
-
-PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, unsigned char **pp,
-	     long length)
-{
-	M_ASN1_D2I_vars(a,PBKDF2PARAM *,PBKDF2PARAM_new);
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get (ret->salt, d2i_ASN1_TYPE);
-	M_ASN1_D2I_get (ret->iter, d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get_opt (ret->keylength, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
-	M_ASN1_D2I_get_opt (ret->prf, d2i_X509_ALGOR, V_ASN1_SEQUENCE);
-	M_ASN1_D2I_Finish(a, PBKDF2PARAM_free, ASN1_F_D2I_PBKDF2PARAM);
-}
-
-void PBKDF2PARAM_free (PBKDF2PARAM *a)
-{
-	if(a==NULL) return;
-	ASN1_TYPE_free(a->salt);
-	M_ASN1_INTEGER_free(a->iter);
-	M_ASN1_INTEGER_free(a->keylength);
-	X509_ALGOR_free(a->prf);
-	OPENSSL_free (a);
-}
+IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
 
 /* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
  * yes I know this is horrible!
@@ -197,8 +116,10 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
 	if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
 		goto err;
 
+	EVP_CIPHER_CTX_init(&ctx);
+
 	/* Dummy cipherinit to just setup the IV */
-	EVP_CipherInit(&ctx, cipher, NULL, iv, 0);
+	EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
 	if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
 		ASN1err(ASN1_F_PKCS5_PBE2_SET,
 					ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
diff --git a/crypto/openssl/crypto/asn1/p8_pkey.c b/crypto/openssl/crypto/asn1/p8_pkey.c
index fa6cbfb6f885..24b409132f53 100644
--- a/crypto/openssl/crypto/asn1/p8_pkey.c
+++ b/crypto/openssl/crypto/asn1/p8_pkey.c
@@ -58,70 +58,27 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-int i2d_PKCS8_PRIV_KEY_INFO (PKCS8_PRIV_KEY_INFO *a, unsigned char **pp)
+/* Minor tweak to operation: zero private key data */
+static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len (a->version, i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len (a->pkeyalg, i2d_X509_ALGOR);
-	M_ASN1_I2D_len (a->pkey, i2d_ASN1_TYPE);
-	M_ASN1_I2D_len_IMP_SET_opt_type (X509_ATTRIBUTE, a->attributes,
-					 i2d_X509_ATTRIBUTE, 0);
-	
-	M_ASN1_I2D_seq_total ();
-
-	M_ASN1_I2D_put (a->version, i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put (a->pkeyalg, i2d_X509_ALGOR);
-	M_ASN1_I2D_put (a->pkey, i2d_ASN1_TYPE);
-	M_ASN1_I2D_put_IMP_SET_opt_type (X509_ATTRIBUTE, a->attributes,
-					 i2d_X509_ATTRIBUTE, 0);
-
-	M_ASN1_I2D_finish();
+	/* Since the structure must still be valid use ASN1_OP_FREE_PRE */
+	if(operation == ASN1_OP_FREE_PRE) {
+		PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
+		if (key->pkey->value.octet_string)
+		OPENSSL_cleanse(key->pkey->value.octet_string->data,
+			key->pkey->value.octet_string->length);
+	}
+	return 1;
 }
 
-PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void)
-{
-	PKCS8_PRIV_KEY_INFO *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, PKCS8_PRIV_KEY_INFO);
-	M_ASN1_New (ret->version, M_ASN1_INTEGER_new);
-	M_ASN1_New (ret->pkeyalg, X509_ALGOR_new);
-	M_ASN1_New (ret->pkey, ASN1_TYPE_new);
-	ret->attributes = NULL;
-	ret->broken = PKCS8_OK;
-	return (ret);
-	M_ASN1_New_Error(ASN1_F_PKCS8_PRIV_KEY_INFO_NEW);
-}
+ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
+	ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER),
+	ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR),
+	ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY),
+	ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0)
+} ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
 
-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a,
-	     unsigned char **pp, long length)
-{
-	M_ASN1_D2I_vars(a,PKCS8_PRIV_KEY_INFO *,PKCS8_PRIV_KEY_INFO_new);
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get (ret->version, d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get (ret->pkeyalg, d2i_X509_ALGOR);
-	M_ASN1_D2I_get (ret->pkey, d2i_ASN1_TYPE);
-	M_ASN1_D2I_get_IMP_set_opt_type(X509_ATTRIBUTE, ret->attributes,
-					d2i_X509_ATTRIBUTE,
-					X509_ATTRIBUTE_free, 0);
-	M_ASN1_D2I_Finish(a, PKCS8_PRIV_KEY_INFO_free, ASN1_F_D2I_PKCS8_PRIV_KEY_INFO);
-}
-
-void PKCS8_PRIV_KEY_INFO_free (PKCS8_PRIV_KEY_INFO *a)
-{
-	if (a == NULL) return;
-	M_ASN1_INTEGER_free (a->version);
-	X509_ALGOR_free(a->pkeyalg);
-	/* Clear sensitive data */
-	if (a->pkey->value.octet_string)
-		memset (a->pkey->value.octet_string->data,
-				 0, a->pkey->value.octet_string->length);
-	ASN1_TYPE_free (a->pkey);
-	sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free);
-	OPENSSL_free (a);
-}
+IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
diff --git a/crypto/openssl/crypto/asn1/t_crl.c b/crypto/openssl/crypto/asn1/t_crl.c
index d78e4a8f8878..757c148df81d 100644
--- a/crypto/openssl/crypto/asn1/t_crl.c
+++ b/crypto/openssl/crypto/asn1/t_crl.c
@@ -64,8 +64,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-static void ext_print(BIO *out, X509_EXTENSION *ex);
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
         {
         BIO *b;
@@ -85,12 +84,11 @@ int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
 
 int X509_CRL_print(BIO *out, X509_CRL *x)
 {
-	char buf[256];
-	unsigned char *s;
 	STACK_OF(X509_REVOKED) *rev;
 	X509_REVOKED *r;
 	long l;
-	int i, j, n;
+	int i, n;
+	char *p;
 
 	BIO_printf(out, "Certificate Revocation List (CRL):\n");
 	l = X509_CRL_get_version(x);
@@ -98,8 +96,9 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
 	i = OBJ_obj2nid(x->sig_alg->algorithm);
 	BIO_printf(out, "%8sSignature Algorithm: %s\n", "",
 				 (i == NID_undef) ? "NONE" : OBJ_nid2ln(i));
-	X509_NAME_oneline(X509_CRL_get_issuer(x),buf,256);
-	BIO_printf(out,"%8sIssuer: %s\n","",buf);
+	p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0);
+	BIO_printf(out,"%8sIssuer: %s\n","",p);
+	OPENSSL_free(p);
 	BIO_printf(out,"%8sLast Update: ","");
 	ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x));
 	BIO_printf(out,"\n%8sNext Update: ","");
@@ -109,15 +108,12 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
 	BIO_printf(out,"\n");
 
 	n=X509_CRL_get_ext_count(x);
-	if (n > 0) {
-		BIO_printf(out,"%8sCRL extensions:\n","");
-		for (i=0; i<n; i++) ext_print(out, X509_CRL_get_ext(x, i));
-	}
-
+	X509V3_extensions_print(out, "CRL extensions",
+						x->crl->extensions, 0, 8);
 
 	rev = X509_CRL_get_REVOKED(x);
 
-	if(sk_X509_REVOKED_num(rev))
+	if(sk_X509_REVOKED_num(rev) > 0)
 	    BIO_printf(out, "Revoked Certificates:\n");
 	else BIO_printf(out, "No Revoked Certificates.\n");
 
@@ -128,39 +124,11 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
 		BIO_printf(out,"\n        Revocation Date: ","");
 		ASN1_TIME_print(out,r->revocationDate);
 		BIO_printf(out,"\n");
-		for(j = 0; j < X509_REVOKED_get_ext_count(r); j++)
-				ext_print(out, X509_REVOKED_get_ext(r, j));
-	}
-
-	i=OBJ_obj2nid(x->sig_alg->algorithm);
-	BIO_printf(out,"    Signature Algorithm: %s",
-				(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
-
-	s = x->signature->data;
-	n = x->signature->length;
-	for (i=0; i<n; i++, s++)
-	{
-		if ((i%18) == 0) BIO_write(out,"\n        ",9);
-		BIO_printf(out,"%02x%s",*s, ((i+1) == n)?"":":");
+		X509V3_extensions_print(out, "CRL entry extensions",
+						r->extensions, 0, 8);
 	}
-	BIO_write(out,"\n",1);
+	X509_signature_print(out, x->sig_alg, x->signature);
 
 	return 1;
 
 }
-
-static void ext_print(BIO *out, X509_EXTENSION *ex)
-{
-	ASN1_OBJECT *obj;
-	int j;
-	BIO_printf(out,"%12s","");
-	obj=X509_EXTENSION_get_object(ex);
-	i2a_ASN1_OBJECT(out,obj);
-	j=X509_EXTENSION_get_critical(ex);
-	BIO_printf(out, ": %s\n", j ? "critical":"","");
-	if(!X509V3_EXT_print(out, ex, 0, 16)) {
-		BIO_printf(out, "%16s", "");
-		M_ASN1_OCTET_STRING_print(out,ex->value);
-	}
-	BIO_write(out,"\n",1);
-}
diff --git a/crypto/openssl/crypto/asn1/t_pkey.c b/crypto/openssl/crypto/asn1/t_pkey.c
index a97341dd8d43..4e09c9e44e23 100644
--- a/crypto/openssl/crypto/asn1/t_pkey.c
+++ b/crypto/openssl/crypto/asn1/t_pkey.c
@@ -60,21 +60,21 @@
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/bn.h>
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
 
 static int print(BIO *fp,const char *str,BIGNUM *num,
 		unsigned char *buf,int off);
-#ifndef NO_RSA
-#ifndef NO_FP_API
-int RSA_print_fp(FILE *fp, RSA *x, int off)
+#ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_FP_API
+int RSA_print_fp(FILE *fp, const RSA *x, int off)
         {
         BIO *b;
         int ret;
@@ -91,7 +91,7 @@ int RSA_print_fp(FILE *fp, RSA *x, int off)
         }
 #endif
 
-int RSA_print(BIO *bp, RSA *x, int off)
+int RSA_print(BIO *bp, const RSA *x, int off)
 	{
 	char str[128];
 	const char *s;
@@ -130,14 +130,10 @@ int RSA_print(BIO *bp, RSA *x, int off)
 		goto err;
 		}
 
-	if (off)
-		{
-		if (off > 128) off=128;
-		memset(str,' ',off);
-		}
 	if (x->d != NULL)
 		{
-		if (off && (BIO_write(bp,str,off) <= 0)) goto err;
+		if(!BIO_indent(bp,off,128))
+		   goto err;
 		if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->n))
 			<= 0) goto err;
 		}
@@ -160,11 +156,11 @@ err:
 	if (m != NULL) OPENSSL_free(m);
 	return(ret);
 	}
-#endif /* NO_RSA */
+#endif /* OPENSSL_NO_RSA */
 
-#ifndef NO_DSA
-#ifndef NO_FP_API
-int DSA_print_fp(FILE *fp, DSA *x, int off)
+#ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_FP_API
+int DSA_print_fp(FILE *fp, const DSA *x, int off)
 	{
 	BIO *b;
 	int ret;
@@ -181,9 +177,8 @@ int DSA_print_fp(FILE *fp, DSA *x, int off)
 	}
 #endif
 
-int DSA_print(BIO *bp, DSA *x, int off)
+int DSA_print(BIO *bp, const DSA *x, int off)
 	{
-	char str[128];
 	unsigned char *m=NULL;
 	int ret=0;
 	size_t buf_len=0,i;
@@ -210,14 +205,10 @@ int DSA_print(BIO *bp, DSA *x, int off)
 		goto err;
 		}
 
-	if (off)
-		{
-		if (off > 128) off=128;
-		memset(str,' ',off);
-		}
 	if (x->priv_key != NULL)
 		{
-		if (off && (BIO_write(bp,str,off) <= 0)) goto err;
+		if(!BIO_indent(bp,off,128))
+		   goto err;
 		if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p))
 			<= 0) goto err;
 		}
@@ -234,23 +225,18 @@ err:
 	if (m != NULL) OPENSSL_free(m);
 	return(ret);
 	}
-#endif /* !NO_DSA */
+#endif /* !OPENSSL_NO_DSA */
 
 static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
 	     int off)
 	{
 	int n,i;
-	char str[128];
 	const char *neg;
 
 	if (num == NULL) return(1);
 	neg=(num->neg)?"-":"";
-	if (off)
-		{
-		if (off > 128) off=128;
-		memset(str,' ',off);
-		if (BIO_write(bp,str,off) <= 0) return(0);
-		}
+	if(!BIO_indent(bp,off,128))
+		return 0;
 
 	if (BN_num_bytes(num) <= BN_BYTES)
 		{
@@ -274,9 +260,9 @@ static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
 			{
 			if ((i%15) == 0)
 				{
-				str[0]='\n';
-				memset(&(str[1]),' ',off+4);
-				if (BIO_write(bp,str,off+1+4) <= 0) return(0);
+				if(BIO_puts(bp,"\n") <= 0
+				   || !BIO_indent(bp,off+4,128))
+				    return 0;
 				}
 			if (BIO_printf(bp,"%02x%s",buf[i],((i+1) == n)?"":":")
 				<= 0) return(0);
@@ -286,9 +272,9 @@ static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
 	return(1);
 	}
 
-#ifndef NO_DH
-#ifndef NO_FP_API
-int DHparams_print_fp(FILE *fp, DH *x)
+#ifndef OPENSSL_NO_DH
+#ifndef OPENSSL_NO_FP_API
+int DHparams_print_fp(FILE *fp, const DH *x)
         {
         BIO *b;
         int ret;
@@ -305,7 +291,7 @@ int DHparams_print_fp(FILE *fp, DH *x)
         }
 #endif
 
-int DHparams_print(BIO *bp, DH *x)
+int DHparams_print(BIO *bp, const DH *x)
 	{
 	unsigned char *m=NULL;
 	int reason=ERR_R_BUF_LIB,ret=0;
@@ -344,9 +330,9 @@ err:
 	}
 #endif
 
-#ifndef NO_DSA
-#ifndef NO_FP_API
-int DSAparams_print_fp(FILE *fp, DSA *x)
+#ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_FP_API
+int DSAparams_print_fp(FILE *fp, const DSA *x)
         {
         BIO *b;
         int ret;
@@ -363,11 +349,11 @@ int DSAparams_print_fp(FILE *fp, DSA *x)
         }
 #endif
 
-int DSAparams_print(BIO *bp, DSA *x)
+int DSAparams_print(BIO *bp, const DSA *x)
 	{
 	unsigned char *m=NULL;
 	int reason=ERR_R_BUF_LIB,ret=0;
-	size_t buf_len=0, i;
+	size_t buf_len=0,i;
 
 	if (x->p)
 		buf_len = (size_t)BN_num_bytes(x->p);
@@ -397,5 +383,5 @@ err:
 	return(ret);
 	}
 
-#endif /* !NO_DSA */
+#endif /* !OPENSSL_NO_DSA */
 
diff --git a/crypto/openssl/crypto/asn1/t_req.c b/crypto/openssl/crypto/asn1/t_req.c
index ea1af092db3f..740cee80c0fd 100644
--- a/crypto/openssl/crypto/asn1/t_req.c
+++ b/crypto/openssl/crypto/asn1/t_req.c
@@ -64,7 +64,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
         {
         BIO *b;
@@ -82,173 +82,195 @@ int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
         }
 #endif
 
-int X509_REQ_print(BIO *bp, X509_REQ *x)
+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long cflag)
 	{
 	unsigned long l;
-	int i,n;
-	char *s;
+	int i;
 	const char *neg;
 	X509_REQ_INFO *ri;
 	EVP_PKEY *pkey;
 	STACK_OF(X509_ATTRIBUTE) *sk;
 	STACK_OF(X509_EXTENSION) *exts;
-	char str[128];
+	char mlch = ' ';
+	int nmindent = 0;
+
+	if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+		mlch = '\n';
+		nmindent = 12;
+	}
+
+	if(nmflags == X509_FLAG_COMPAT)
+		nmindent = 16;
+
 
 	ri=x->req_info;
-	sprintf(str,"Certificate Request:\n");
-	if (BIO_puts(bp,str) <= 0) goto err;
-	sprintf(str,"%4sData:\n","");
-	if (BIO_puts(bp,str) <= 0) goto err;
-
-	neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
-	l=0;
-	for (i=0; i<ri->version->length; i++)
-		{ l<<=8; l+=ri->version->data[i]; }
-	sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l);
-	if (BIO_puts(bp,str) <= 0) goto err;
-	sprintf(str,"%8sSubject: ","");
-	if (BIO_puts(bp,str) <= 0) goto err;
-
-	X509_NAME_print(bp,ri->subject,16);
-	sprintf(str,"\n%8sSubject Public Key Info:\n","");
-	if (BIO_puts(bp,str) <= 0) goto err;
-	i=OBJ_obj2nid(ri->pubkey->algor->algorithm);
-	sprintf(str,"%12sPublic Key Algorithm: %s\n","",
-		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
-	if (BIO_puts(bp,str) <= 0) goto err;
-
-	pkey=X509_REQ_get_pubkey(x);
-#ifndef NO_RSA
-	if (pkey != NULL && pkey->type == EVP_PKEY_RSA)
+	if(!(cflag & X509_FLAG_NO_HEADER))
 		{
-		BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
-			BN_num_bits(pkey->pkey.rsa->n));
-		RSA_print(bp,pkey->pkey.rsa,16);
+		if (BIO_write(bp,"Certificate Request:\n",21) <= 0) goto err;
+		if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
 		}
-	else 
-#endif
-#ifndef NO_DSA
-		if (pkey != NULL && pkey->type == EVP_PKEY_DSA)
+	if(!(cflag & X509_FLAG_NO_VERSION))
 		{
-		BIO_printf(bp,"%12sDSA Public Key:\n","");
-		DSA_print(bp,pkey->pkey.dsa,16);
+		neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
+		l=0;
+		for (i=0; i<ri->version->length; i++)
+			{ l<<=8; l+=ri->version->data[i]; }
+		if(BIO_printf(bp,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,
+			      l) <= 0)
+		    goto err;
 		}
-	else
-#endif
-		BIO_printf(bp,"%12sUnknown Public Key:\n","");
-
-	if (pkey != NULL)
-	    EVP_PKEY_free(pkey);
-
-	/* may not be */
-	sprintf(str,"%8sAttributes:\n","");
-	if (BIO_puts(bp,str) <= 0) goto err;
-
-	sk=x->req_info->attributes;
-	if ((sk == NULL) || (sk_X509_ATTRIBUTE_num(sk) == 0))
+        if(!(cflag & X509_FLAG_NO_SUBJECT))
+                {
+                if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;
+                if (X509_NAME_print_ex(bp,ri->subject,nmindent, nmflags) < 0) goto err;
+                if (BIO_write(bp,"\n",1) <= 0) goto err;
+                }
+	if(!(cflag & X509_FLAG_NO_PUBKEY))
 		{
-		if (!x->req_info->req_kludge)
+		if (BIO_write(bp,"        Subject Public Key Info:\n",33) <= 0)
+			goto err;
+		if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
+			goto err;
+		if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0)
+			goto err;
+		if (BIO_puts(bp, "\n") <= 0)
+			goto err;
+
+		pkey=X509_REQ_get_pubkey(x);
+		if (pkey == NULL)
+			{
+			BIO_printf(bp,"%12sUnable to load Public Key\n","");
+			ERR_print_errors(bp);
+			}
+		else
+#ifndef OPENSSL_NO_RSA
+		if (pkey->type == EVP_PKEY_RSA)
 			{
-			sprintf(str,"%12sa0:00\n","");
-			if (BIO_puts(bp,str) <= 0) goto err;
+			BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+			BN_num_bits(pkey->pkey.rsa->n));
+			RSA_print(bp,pkey->pkey.rsa,16);
 			}
+		else
+#endif
+#ifndef OPENSSL_NO_DSA
+		if (pkey->type == EVP_PKEY_DSA)
+			{
+			BIO_printf(bp,"%12sDSA Public Key:\n","");
+			DSA_print(bp,pkey->pkey.dsa,16);
+			}
+		else
+#endif
+			BIO_printf(bp,"%12sUnknown Public Key:\n","");
+
+		EVP_PKEY_free(pkey);
 		}
-	else
+
+	if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
 		{
-		for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
+		/* may not be */
+		if(BIO_printf(bp,"%8sAttributes:\n","") <= 0)
+		    goto err;
+
+		sk=x->req_info->attributes;
+		if (sk_X509_ATTRIBUTE_num(sk) == 0)
 			{
-			ASN1_TYPE *at;
-			X509_ATTRIBUTE *a;
-			ASN1_BIT_STRING *bs=NULL;
-			ASN1_TYPE *t;
-			int j,type=0,count=1,ii=0;
-
-			a=sk_X509_ATTRIBUTE_value(sk,i);
-			if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
-								continue;
-			sprintf(str,"%12s","");
-			if (BIO_puts(bp,str) <= 0) goto err;
-			if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
+			if(BIO_printf(bp,"%12sa0:00\n","") <= 0)
+			    goto err;
+			}
+		else
 			{
-			if (a->set)
+			for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
+				{
+				ASN1_TYPE *at;
+				X509_ATTRIBUTE *a;
+				ASN1_BIT_STRING *bs=NULL;
+				ASN1_TYPE *t;
+				int j,type=0,count=1,ii=0;
+
+				a=sk_X509_ATTRIBUTE_value(sk,i);
+				if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
+									continue;
+				if(BIO_printf(bp,"%12s","") <= 0)
+				    goto err;
+				if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
 				{
-				ii=0;
-				count=sk_ASN1_TYPE_num(a->value.set);
+				if (a->single)
+					{
+					t=a->value.single;
+					type=t->type;
+					bs=t->value.bit_string;
+					}
+				else
+					{
+					ii=0;
+					count=sk_ASN1_TYPE_num(a->value.set);
 get_next:
-				at=sk_ASN1_TYPE_value(a->value.set,ii);
-				type=at->type;
-				bs=at->value.asn1_string;
+					at=sk_ASN1_TYPE_value(a->value.set,ii);
+					type=at->type;
+					bs=at->value.asn1_string;
+					}
 				}
-			else
-				{
-				t=a->value.single;
-				type=t->type;
-				bs=t->value.bit_string;
+				for (j=25-j; j>0; j--)
+					if (BIO_write(bp," ",1) != 1) goto err;
+				if (BIO_puts(bp,":") <= 0) goto err;
+				if (	(type == V_ASN1_PRINTABLESTRING) ||
+					(type == V_ASN1_T61STRING) ||
+					(type == V_ASN1_IA5STRING))
+					{
+					if (BIO_write(bp,(char *)bs->data,bs->length)
+						!= bs->length)
+						goto err;
+					BIO_puts(bp,"\n");
+					}
+				else
+					{
+					BIO_puts(bp,"unable to print attribute\n");
+					}
+				if (++ii < count) goto get_next;
 				}
 			}
-			for (j=25-j; j>0; j--)
-				if (BIO_write(bp," ",1) != 1) goto err;
-			if (BIO_puts(bp,":") <= 0) goto err;
-			if (	(type == V_ASN1_PRINTABLESTRING) ||
-				(type == V_ASN1_T61STRING) ||
-				(type == V_ASN1_IA5STRING))
+		}
+	if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
+		{
+		exts = X509_REQ_get_extensions(x);
+		if(exts)
+			{
+			BIO_printf(bp,"%8sRequested Extensions:\n","");
+			for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
 				{
-				if (BIO_write(bp,(char *)bs->data,bs->length)
-					!= bs->length)
+				ASN1_OBJECT *obj;
+				X509_EXTENSION *ex;
+				int j;
+				ex=sk_X509_EXTENSION_value(exts, i);
+				if (BIO_printf(bp,"%12s","") <= 0) goto err;
+				obj=X509_EXTENSION_get_object(ex);
+				i2a_ASN1_OBJECT(bp,obj);
+				j=X509_EXTENSION_get_critical(ex);
+				if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
 					goto err;
-				BIO_puts(bp,"\n");
-				}
-			else
-				{
-				BIO_puts(bp,"unable to print attribute\n");
+				if(!X509V3_EXT_print(bp, ex, 0, 16))
+					{
+					BIO_printf(bp, "%16s", "");
+					M_ASN1_OCTET_STRING_print(bp,ex->value);
+					}
+				if (BIO_write(bp,"\n",1) <= 0) goto err;
 				}
-			if (++ii < count) goto get_next;
+			sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
 			}
 		}
 
-	exts = X509_REQ_get_extensions(x);
-	if(exts) {
-		BIO_printf(bp,"%8sRequested Extensions:\n","");
-		for (i=0; i<sk_X509_EXTENSION_num(exts); i++) {
-			ASN1_OBJECT *obj;
-			X509_EXTENSION *ex;
-			int j;
-			ex=sk_X509_EXTENSION_value(exts, i);
-			if (BIO_printf(bp,"%12s","") <= 0) goto err;
-			obj=X509_EXTENSION_get_object(ex);
-			i2a_ASN1_OBJECT(bp,obj);
-			j=X509_EXTENSION_get_critical(ex);
-			if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
-				goto err;
-			if(!X509V3_EXT_print(bp, ex, 0, 16)) {
-				BIO_printf(bp, "%16s", "");
-				M_ASN1_OCTET_STRING_print(bp,ex->value);
-			}
-			if (BIO_write(bp,"\n",1) <= 0) goto err;
-		}
-		sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
-	}
-
-	i=OBJ_obj2nid(x->sig_alg->algorithm);
-	sprintf(str,"%4sSignature Algorithm: %s","",
-		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
-	if (BIO_puts(bp,str) <= 0) goto err;
-
-	n=x->signature->length;
-	s=(char *)x->signature->data;
-	for (i=0; i<n; i++)
+	if(!(cflag & X509_FLAG_NO_SIGDUMP))
 		{
-		if ((i%18) == 0)
-			{
-			sprintf(str,"\n%8s","");
-			if (BIO_puts(bp,str) <= 0) goto err;
-			}
-		sprintf(str,"%02x%s",(unsigned char)s[i],((i+1) == n)?"":":");
-		if (BIO_puts(bp,str) <= 0) goto err;
+		if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
 		}
-	if (BIO_puts(bp,"\n") <= 0) goto err;
+
 	return(1);
 err:
 	X509err(X509_F_X509_REQ_PRINT,ERR_R_BUF_LIB);
 	return(0);
 	}
+
+int X509_REQ_print(BIO *bp, X509_REQ *x)
+	{
+	return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+	}
diff --git a/crypto/openssl/crypto/asn1/t_spki.c b/crypto/openssl/crypto/asn1/t_spki.c
index d708434fcabb..5abfbc815ea9 100644
--- a/crypto/openssl/crypto/asn1/t_spki.c
+++ b/crypto/openssl/crypto/asn1/t_spki.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/x509.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1.h>
 
 /* Print out an SPKI */
 
@@ -76,7 +76,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
 	pkey = X509_PUBKEY_get(spki->spkac->pubkey);
 	if(!pkey) BIO_printf(out, "  Unable to load public key\n");
 	else {
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		if (pkey->type == EVP_PKEY_RSA)
 			{
 			BIO_printf(out,"  RSA Public Key: (%d bit)\n",
@@ -85,7 +85,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
 			}
 		else 
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 		{
 		BIO_printf(out,"  DSA Public Key:\n");
diff --git a/crypto/openssl/crypto/asn1/t_x509.c b/crypto/openssl/crypto/asn1/t_x509.c
index 89ae73a6dec0..d1034c47f83f 100644
--- a/crypto/openssl/crypto/asn1/t_x509.c
+++ b/crypto/openssl/crypto/asn1/t_x509.c
@@ -60,18 +60,23 @@
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/bn.h>
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int X509_print_fp(FILE *fp, X509 *x)
+	{
+	return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+	}
+
+int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag)
         {
         BIO *b;
         int ret;
@@ -82,144 +87,165 @@ int X509_print_fp(FILE *fp, X509 *x)
                 return(0);
 		}
         BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=X509_print(b, x);
+        ret=X509_print_ex(b, x, nmflag, cflag);
         BIO_free(b);
         return(ret);
         }
 #endif
 
 int X509_print(BIO *bp, X509 *x)
+{
+	return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
+
+int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 	{
 	long l;
-	int ret=0,i,j,n;
-	char *m=NULL,*s;
+	int ret=0,i;
+	char *m=NULL,mlch = ' ';
+	int nmindent = 0;
 	X509_CINF *ci;
 	ASN1_INTEGER *bs;
 	EVP_PKEY *pkey=NULL;
 	const char *neg;
-	X509_EXTENSION *ex;
 	ASN1_STRING *str=NULL;
 
+	if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+			mlch = '\n';
+			nmindent = 12;
+	}
+
+	if(nmflags == X509_FLAG_COMPAT)
+		nmindent = 16;
+
 	ci=x->cert_info;
-	if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
-	if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
-	l=X509_get_version(x);
-	if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
-	if (BIO_write(bp,"        Serial Number:",22) <= 0) goto err;
-
-	bs=X509_get_serialNumber(x);
-	if (bs->length <= 4)
+	if(!(cflag & X509_FLAG_NO_HEADER))
 		{
-		l=ASN1_INTEGER_get(bs);
-		if (l < 0)
-			{
-			l= -l;
-			neg="-";
-			}
-		else
-			neg="";
-		if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
-			goto err;
+		if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
+		if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
 		}
-	else
+	if(!(cflag & X509_FLAG_NO_VERSION))
+		{
+		l=X509_get_version(x);
+		if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
+		}
+	if(!(cflag & X509_FLAG_NO_SERIAL))
 		{
-		neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
-		if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
 
-		for (i=0; i<bs->length; i++)
+		if (BIO_write(bp,"        Serial Number:",22) <= 0) goto err;
+
+		bs=X509_get_serialNumber(x);
+		if (bs->length <= 4)
 			{
-			if (BIO_printf(bp,"%02x%c",bs->data[i],
-				((i+1 == bs->length)?'\n':':')) <= 0)
+			l=ASN1_INTEGER_get(bs);
+			if (l < 0)
+				{
+				l= -l;
+				neg="-";
+				}
+			else
+				neg="";
+			if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
 				goto err;
 			}
-		}
+		else
+			{
+			neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
+			if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
 
-	i=OBJ_obj2nid(ci->signature->algorithm);
-	if (BIO_printf(bp,"%8sSignature Algorithm: %s\n","",
-		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0)
-		goto err;
+			for (i=0; i<bs->length; i++)
+				{
+				if (BIO_printf(bp,"%02x%c",bs->data[i],
+					((i+1 == bs->length)?'\n':':')) <= 0)
+					goto err;
+				}
+			}
 
-	if (BIO_write(bp,"        Issuer: ",16) <= 0) goto err;
-	if (!X509_NAME_print(bp,X509_get_issuer_name(x),16)) goto err;
-	if (BIO_write(bp,"\n        Validity\n",18) <= 0) goto err;
-	if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
-	if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
-	if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
-	if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
-	if (BIO_write(bp,"\n        Subject: ",18) <= 0) goto err;
-	if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err;
-	if (BIO_write(bp,"\n        Subject Public Key Info:\n",34) <= 0)
-		goto err;
-	i=OBJ_obj2nid(ci->key->algor->algorithm);
-	if (BIO_printf(bp,"%12sPublic Key Algorithm: %s\n","",
-		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
+		}
 
-	pkey=X509_get_pubkey(x);
-	if (pkey == NULL)
+	if(!(cflag & X509_FLAG_NO_SIGNAME))
 		{
-		BIO_printf(bp,"%12sUnable to load Public Key\n","");
-		ERR_print_errors(bp);
+		if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0) 
+			goto err;
+		if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0)
+			goto err;
+		if (BIO_puts(bp, "\n") <= 0)
+			goto err;
 		}
-	else
-#ifndef NO_RSA
-	if (pkey->type == EVP_PKEY_RSA)
+
+	if(!(cflag & X509_FLAG_NO_ISSUER))
 		{
-		BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
-		BN_num_bits(pkey->pkey.rsa->n));
-		RSA_print(bp,pkey->pkey.rsa,16);
+		if (BIO_printf(bp,"        Issuer:%c",mlch) <= 0) goto err;
+		if (X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags) < 0) goto err;
+		if (BIO_write(bp,"\n",1) <= 0) goto err;
 		}
-	else
-#endif
-#ifndef NO_DSA
-	if (pkey->type == EVP_PKEY_DSA)
+	if(!(cflag & X509_FLAG_NO_VALIDITY))
 		{
-		BIO_printf(bp,"%12sDSA Public Key:\n","");
-		DSA_print(bp,pkey->pkey.dsa,16);
+		if (BIO_write(bp,"        Validity\n",17) <= 0) goto err;
+		if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
+		if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
+		if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
+		if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
+		if (BIO_write(bp,"\n",1) <= 0) goto err;
 		}
-	else
-#endif
-		BIO_printf(bp,"%12sUnknown Public Key:\n","");
-
-	EVP_PKEY_free(pkey);
-
-	n=X509_get_ext_count(x);
-	if (n > 0)
+	if(!(cflag & X509_FLAG_NO_SUBJECT))
+		{
+		if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;
+		if (X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags) < 0) goto err;
+		if (BIO_write(bp,"\n",1) <= 0) goto err;
+		}
+	if(!(cflag & X509_FLAG_NO_PUBKEY))
 		{
-		BIO_printf(bp,"%8sX509v3 extensions:\n","");
-		for (i=0; i<n; i++)
+		if (BIO_write(bp,"        Subject Public Key Info:\n",33) <= 0)
+			goto err;
+		if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
+			goto err;
+		if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
+			goto err;
+		if (BIO_puts(bp, "\n") <= 0)
+			goto err;
+
+		pkey=X509_get_pubkey(x);
+		if (pkey == NULL)
 			{
-			ASN1_OBJECT *obj;
-			ex=X509_get_ext(x,i);
-			if (BIO_printf(bp,"%12s","") <= 0) goto err;
-			obj=X509_EXTENSION_get_object(ex);
-			i2a_ASN1_OBJECT(bp,obj);
-			j=X509_EXTENSION_get_critical(ex);
-			if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
-				goto err;
-			if(!X509V3_EXT_print(bp, ex, 0, 16))
-				{
-				BIO_printf(bp, "%16s", "");
-				M_ASN1_OCTET_STRING_print(bp,ex->value);
-				}
-			if (BIO_write(bp,"\n",1) <= 0) goto err;
+			BIO_printf(bp,"%12sUnable to load Public Key\n","");
+			ERR_print_errors(bp);
+			}
+		else
+#ifndef OPENSSL_NO_RSA
+		if (pkey->type == EVP_PKEY_RSA)
+			{
+			BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+			BN_num_bits(pkey->pkey.rsa->n));
+			RSA_print(bp,pkey->pkey.rsa,16);
 			}
+		else
+#endif
+#ifndef OPENSSL_NO_DSA
+		if (pkey->type == EVP_PKEY_DSA)
+			{
+			BIO_printf(bp,"%12sDSA Public Key:\n","");
+			DSA_print(bp,pkey->pkey.dsa,16);
+			}
+		else
+#endif
+			BIO_printf(bp,"%12sUnknown Public Key:\n","");
+
+		EVP_PKEY_free(pkey);
 		}
 
-	i=OBJ_obj2nid(x->sig_alg->algorithm);
-	if (BIO_printf(bp,"%4sSignature Algorithm: %s","",
-		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
+	if (!(cflag & X509_FLAG_NO_EXTENSIONS))
+		X509V3_extensions_print(bp, "X509v3 extensions",
+					ci->extensions, cflag, 8);
 
-	n=x->signature->length;
-	s=(char *)x->signature->data;
-	for (i=0; i<n; i++)
+	if(!(cflag & X509_FLAG_NO_SIGDUMP))
 		{
-		if ((i%18) == 0)
-			if (BIO_write(bp,"\n        ",9) <= 0) goto err;
-		if (BIO_printf(bp,"%02x%s",(unsigned char)s[i],
-			((i+1) == n)?"":":") <= 0) goto err;
+		if(X509_signature_print(bp, x->sig_alg, x->signature) <= 0) goto err;
+		}
+	if(!(cflag & X509_FLAG_NO_AUX))
+		{
+		if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err;
 		}
-	if (BIO_write(bp,"\n",1) != 1) goto err;
-	if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err;
 	ret=1;
 err:
 	if (str != NULL) ASN1_STRING_free(str);
@@ -227,6 +253,71 @@ err:
 	return(ret);
 	}
 
+int X509_ocspid_print (BIO *bp, X509 *x)
+	{
+	unsigned char *der=NULL ;
+	unsigned char *dertmp;
+	int derlen;
+	int i;
+	unsigned char SHA1md[SHA_DIGEST_LENGTH];
+
+	/* display the hash of the subject as it would appear
+	   in OCSP requests */
+	if (BIO_printf(bp,"        Subject OCSP hash: ") <= 0)
+		goto err;
+	derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
+	if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL)
+		goto err;
+	i2d_X509_NAME(x->cert_info->subject, &dertmp);
+
+	EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL);
+	for (i=0; i < SHA_DIGEST_LENGTH; i++)
+		{
+		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
+		}
+	OPENSSL_free (der);
+	der=NULL;
+
+	/* display the hash of the public key as it would appear
+	   in OCSP requests */
+	if (BIO_printf(bp,"\n        Public key OCSP hash: ") <= 0)
+		goto err;
+
+	EVP_Digest(x->cert_info->key->public_key->data,
+		x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1(), NULL);
+	for (i=0; i < SHA_DIGEST_LENGTH; i++)
+		{
+		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)
+			goto err;
+		}
+	BIO_printf(bp,"\n");
+
+	return (1);
+err:
+	if (der != NULL) OPENSSL_free(der);
+	return(0);
+	}
+
+int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
+{
+	unsigned char *s;
+	int i, n;
+	if (BIO_puts(bp,"    Signature Algorithm: ") <= 0) return 0;
+	if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0;
+
+	n=sig->length;
+	s=sig->data;
+	for (i=0; i<n; i++)
+		{
+		if ((i%18) == 0)
+			if (BIO_write(bp,"\n        ",9) <= 0) return 0;
+			if (BIO_printf(bp,"%02x%s",s[i],
+				((i+1) == n)?"":":") <= 0) return 0;
+		}
+	if (BIO_write(bp,"\n",1) != 1) return 0;
+	return 1;
+}
+
 int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
 	{
 	int i,n;
@@ -342,15 +433,17 @@ err:
 
 int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
 	{
-	char *s,*c;
+	char *s,*c,*b;
 	int ret=0,l,ll,i,first=1;
-	char buf[256];
 
 	ll=80-2-obase;
 
-	s=X509_NAME_oneline(name,buf,256);
+	b=s=X509_NAME_oneline(name,NULL,0);
 	if (!*s)
+		{
+		OPENSSL_free(b);
 		return 1;
+		}
 	s++; /* skip the first slash */
 
 	l=ll;
@@ -406,6 +499,7 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
 err:
 		X509err(X509_F_X509_NAME_PRINT,ERR_R_BUF_LIB);
 		}
+	OPENSSL_free(b);
 	return(ret);
 	}
 
diff --git a/crypto/openssl/crypto/asn1/t_x509a.c b/crypto/openssl/crypto/asn1/t_x509a.c
index f06af5b576bf..ffbbfb51f43e 100644
--- a/crypto/openssl/crypto/asn1/t_x509a.c
+++ b/crypto/openssl/crypto/asn1/t_x509a.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1.h>
 #include <openssl/x509.h>
 
 /* X509_CERT_AUX and string set routines
@@ -77,7 +77,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
 		for(i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) {
 			if(!first) BIO_puts(out, ", ");
 			else first = 0;
-			OBJ_obj2txt(oidstr, 80,
+			OBJ_obj2txt(oidstr, sizeof oidstr,
 				sk_ASN1_OBJECT_value(aux->trust, i), 0);
 			BIO_puts(out, oidstr);
 		}
@@ -90,7 +90,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
 		for(i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) {
 			if(!first) BIO_puts(out, ", ");
 			else first = 0;
-			OBJ_obj2txt(oidstr, 80,
+			OBJ_obj2txt(oidstr, sizeof oidstr,
 				sk_ASN1_OBJECT_value(aux->reject, i), 0);
 			BIO_puts(out, oidstr);
 		}
diff --git a/crypto/openssl/crypto/asn1/tasn_dec.c b/crypto/openssl/crypto/asn1/tasn_dec.c
new file mode 100644
index 000000000000..76fc023230a8
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/tasn_dec.c
@@ -0,0 +1,958 @@
+/* tasn_dec.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+static int asn1_check_eoc(unsigned char **in, long len);
+static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass);
+static int collect_data(BUF_MEM *buf, unsigned char **p, long plen);
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst,
+			unsigned char **in, long len, int exptag, int expclass, char opt, ASN1_TLC *ctx);
+static int asn1_template_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx);
+static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx);
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long len,
+					const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+/* Table to convert tags to bit values, used for MSTRING type */
+static unsigned long tag2bit[32]={
+0,	0,	0,	B_ASN1_BIT_STRING,	/* tags  0 -  3 */
+B_ASN1_OCTET_STRING,	0,	0,		B_ASN1_UNKNOWN,/* tags  4- 7 */
+B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,/* tags  8-11 */
+B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
+0,	0,	B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,   /* tags 16-19 */
+B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,       /* tags 20-22 */
+B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME,			       /* tags 23-24 */	
+B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,  /* tags 25-27 */
+B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */
+	};
+
+unsigned long ASN1_tag2bit(int tag)
+{
+	if((tag < 0) || (tag > 30)) return 0;
+	return tag2bit[tag];
+}
+
+/* Macro to initialize and invalidate the cache */
+
+#define asn1_tlc_clear(c)	if(c) (c)->valid = 0
+
+/* Decode an ASN1 item, this currently behaves just 
+ * like a standard 'd2i' function. 'in' points to 
+ * a buffer to read the data from, in future we will
+ * have more advanced versions that can input data
+ * a piece at a time and this will simply be a special
+ * case.
+ */
+
+ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it)
+{
+	ASN1_TLC c;
+	ASN1_VALUE *ptmpval = NULL;
+	if(!pval) pval = &ptmpval;
+	asn1_tlc_clear(&c);
+	if(ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
+		return *pval;
+	return NULL;
+}
+
+int ASN1_template_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt)
+{
+	ASN1_TLC c;
+	asn1_tlc_clear(&c);
+	return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
+}
+
+
+/* Decode an item, taking care of IMPLICIT tagging, if any.
+ * If 'opt' set and tag mismatch return -1 to handle OPTIONAL
+ */
+
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
+				int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+	const ASN1_TEMPLATE *tt, *errtt = NULL;
+	const ASN1_COMPAT_FUNCS *cf;
+	const ASN1_EXTERN_FUNCS *ef;
+	const ASN1_AUX *aux = it->funcs;
+	ASN1_aux_cb *asn1_cb;
+	unsigned char *p, *q, imphack = 0, oclass;
+	char seq_eoc, seq_nolen, cst, isopt;
+	long tmplen;
+	int i;
+	int otag;
+	int ret = 0;
+	ASN1_VALUE *pchval, **pchptr, *ptmpval;
+	if(!pval) return 0;
+	if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
+	else asn1_cb = 0;
+
+	switch(it->itype) {
+
+		case ASN1_ITYPE_PRIMITIVE:
+		if(it->templates) {
+			/* tagging or OPTIONAL is currently illegal on an item template
+			 * because the flags can't get passed down. In practice this isn't
+			 * a problem: we include the relevant flags from the item template
+			 * in the template itself.
+			 */
+			if ((tag != -1) || opt) {
+				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
+				goto err;
+			}
+			return asn1_template_ex_d2i(pval, in, len, it->templates, opt, ctx);
+		}
+		return asn1_d2i_ex_primitive(pval, in, len, it, tag, aclass, opt, ctx);
+		break;
+
+		case ASN1_ITYPE_MSTRING:
+		p = *in;
+		/* Just read in tag and class */
+		ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, &p, len, -1, 0, 1, ctx);
+		if(!ret) {
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+			goto err;
+		} 
+		/* Must be UNIVERSAL class */
+		if(oclass != V_ASN1_UNIVERSAL) {
+			/* If OPTIONAL, assume this is OK */
+			if(opt) return -1;
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL);
+			goto err;
+		} 
+		/* Check tag matches bit map */
+		if(!(ASN1_tag2bit(otag) & it->utype)) {
+			/* If OPTIONAL, assume this is OK */
+			if(opt) return -1;
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_WRONG_TAG);
+			goto err;
+		} 
+		return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx);
+
+		case ASN1_ITYPE_EXTERN:
+		/* Use new style d2i */
+		ef = it->funcs;
+		return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx);
+
+		case ASN1_ITYPE_COMPAT:
+		/* we must resort to old style evil hackery */
+		cf = it->funcs;
+
+		/* If OPTIONAL see if it is there */
+		if(opt) {
+			int exptag;
+			p = *in;
+			if(tag == -1) exptag = it->utype;
+			else exptag = tag;
+			/* Don't care about anything other than presence of expected tag */
+			ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL, &p, len, exptag, aclass, 1, ctx);
+			if(!ret) {
+				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+				goto err;
+			}
+			if(ret == -1) return -1;
+		}
+		/* This is the old style evil hack IMPLICIT handling:
+		 * since the underlying code is expecting a tag and
+		 * class other than the one present we change the
+		 * buffer temporarily then change it back afterwards.
+		 * This doesn't and never did work for tags > 30.
+		 *
+		 * Yes this is *horrible* but it is only needed for
+		 * old style d2i which will hopefully not be around
+		 * for much longer.
+		 * FIXME: should copy the buffer then modify it so
+		 * the input buffer can be const: we should *always*
+		 * copy because the old style d2i might modify the
+		 * buffer.
+		 */
+
+		if(tag != -1) {
+			p = *in;
+			imphack = *p;
+			*p = (unsigned char)((*p & V_ASN1_CONSTRUCTED) | it->utype);
+		}
+
+		ptmpval = cf->asn1_d2i(pval, in, len);
+
+		if(tag != -1) *p = imphack;
+
+		if(ptmpval) return 1;
+		ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+		goto err;
+
+
+		case ASN1_ITYPE_CHOICE:
+		if(asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+				goto auxerr;
+
+		/* Allocate structure */
+		if(!*pval) {
+			if(!ASN1_item_ex_new(pval, it)) {
+				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+				goto err;
+			}
+		}
+		/* CHOICE type, try each possibility in turn */
+		pchval = NULL;
+		p = *in;
+		for(i = 0, tt=it->templates; i < it->tcount; i++, tt++) {
+			pchptr = asn1_get_field_ptr(pval, tt);
+			/* We mark field as OPTIONAL so its absence
+			 * can be recognised.
+			 */
+			ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
+			/* If field not present, try the next one */
+			if(ret == -1) continue;
+			/* If positive return, read OK, break loop */
+			if(ret > 0) break;
+			/* Otherwise must be an ASN1 parsing error */
+			errtt = tt;
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+			goto err;
+		}
+		/* Did we fall off the end without reading anything? */
+		if(i == it->tcount) {
+			/* If OPTIONAL, this is OK */
+			if(opt) {
+				/* Free and zero it */
+				ASN1_item_ex_free(pval, it);
+				return -1;
+			}
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE);
+			goto err;
+		}
+		asn1_set_choice_selector(pval, i, it);
+		*in = p;
+		if(asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+				goto auxerr;
+		return 1;
+
+		case ASN1_ITYPE_SEQUENCE:
+		p = *in;
+		tmplen = len;
+
+		/* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+		if(tag == -1) {
+			tag = V_ASN1_SEQUENCE;
+			aclass = V_ASN1_UNIVERSAL;
+		}
+		/* Get SEQUENCE length and update len, p */
+		ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst, &p, len, tag, aclass, opt, ctx);
+		if(!ret) {
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+			goto err;
+		} else if(ret == -1) return -1;
+		if(aux && (aux->flags & ASN1_AFLG_BROKEN)) {
+			len = tmplen - (p - *in);
+			seq_nolen = 1;
+		} else seq_nolen = seq_eoc;	/* If indefinite we don't do a length check */
+		if(!cst) {
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
+			goto err;
+		}
+
+		if(!*pval) {
+			if(!ASN1_item_ex_new(pval, it)) {
+				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+				goto err;
+			}
+		}
+		if(asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+				goto auxerr;
+
+		/* Get each field entry */
+		for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+			const ASN1_TEMPLATE *seqtt;
+			ASN1_VALUE **pseqval;
+			seqtt = asn1_do_adb(pval, tt, 1);
+			if(!seqtt) goto err;
+			pseqval = asn1_get_field_ptr(pval, seqtt);
+			/* Have we ran out of data? */
+			if(!len) break;
+			q = p;
+			if(asn1_check_eoc(&p, len)) {
+				if(!seq_eoc) {
+					ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_UNEXPECTED_EOC);
+					goto err;
+				}
+				len -= p - q;
+				seq_eoc = 0;
+				q = p;
+				break;
+			}
+			/* This determines the OPTIONAL flag value. The field cannot
+			 * be omitted if it is the last of a SEQUENCE and there is
+			 * still data to be read. This isn't strictly necessary but
+			 * it increases efficiency in some cases.
+			 */
+			if(i == (it->tcount - 1)) isopt = 0;
+			else isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);
+			/* attempt to read in field, allowing each to be OPTIONAL */
+			ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx);
+			if(!ret) {
+				errtt = seqtt;
+				goto err;
+			} else if(ret == -1) {
+				/* OPTIONAL component absent. Free and zero the field
+				 */
+				ASN1_template_free(pseqval, seqtt);
+				continue;
+			}
+			/* Update length */
+			len -= p - q;
+		}
+		/* Check for EOC if expecting one */
+		if(seq_eoc && !asn1_check_eoc(&p, len)) {
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC);
+			goto err;
+		}
+		/* Check all data read */
+		if(!seq_nolen && len) {
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH);
+			goto err;
+		}
+
+		/* If we get here we've got no more data in the SEQUENCE,
+		 * however we may not have read all fields so check all
+		 * remaining are OPTIONAL and clear any that are.
+		 */
+		for(; i < it->tcount; tt++, i++) {
+			const ASN1_TEMPLATE *seqtt;
+			seqtt = asn1_do_adb(pval, tt, 1);
+			if(!seqtt) goto err;
+			if(seqtt->flags & ASN1_TFLG_OPTIONAL) {
+				ASN1_VALUE **pseqval;
+				pseqval = asn1_get_field_ptr(pval, seqtt);
+				ASN1_template_free(pseqval, seqtt);
+			} else {
+				errtt = seqtt;
+				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_FIELD_MISSING);
+				goto err;
+			}
+		}
+		/* Save encoding */
+		if(!asn1_enc_save(pval, *in, p - *in, it)) goto auxerr;
+		*in = p;
+		if(asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+				goto auxerr;
+		return 1;
+
+		default:
+		return 0;
+	}
+	auxerr:
+	ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
+	err:
+	ASN1_item_ex_free(pval, it);
+	if(errtt) ERR_add_error_data(4, "Field=", errtt->field_name, ", Type=", it->sname);
+	else ERR_add_error_data(2, "Type=", it->sname);
+	return 0;
+}
+
+/* Templates are handled with two separate functions. One handles any EXPLICIT tag and the other handles the
+ * rest.
+ */
+
+static int asn1_template_ex_d2i(ASN1_VALUE **val, unsigned char **in, long inlen, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx)
+{
+	int flags, aclass;
+	int ret;
+	long len;
+	unsigned char *p, *q;
+	char exp_eoc;
+	if(!val) return 0;
+	flags = tt->flags;
+	aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+	p = *in;
+
+	/* Check if EXPLICIT tag expected */
+	if(flags & ASN1_TFLG_EXPTAG) {
+		char cst;
+		/* Need to work out amount of data available to the inner content and where it
+		 * starts: so read in EXPLICIT header to get the info.
+		 */
+		ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst, &p, inlen, tt->tag, aclass, opt, ctx);
+		q = p;
+		if(!ret) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+			return 0;
+		} else if(ret == -1) return -1;
+		if(!cst) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
+			return 0;
+		}
+		/* We've found the field so it can't be OPTIONAL now */
+		ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
+		if(!ret) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+			return 0;
+		}
+		/* We read the field in OK so update length */
+		len -= p - q;
+		if(exp_eoc) {
+			/* If NDEF we must have an EOC here */
+			if(!asn1_check_eoc(&p, len)) {
+				ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_MISSING_EOC);
+				goto err;
+			}
+		} else {
+			/* Otherwise we must hit the EXPLICIT tag end or its an error */
+			if(len) {
+				ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_EXPLICIT_LENGTH_MISMATCH);
+				goto err;
+			}
+		}
+	} else 
+		return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx);
+
+	*in = p;
+	return 1;
+
+	err:
+	ASN1_template_free(val, tt);
+	*val = NULL;
+	return 0;
+}
+
+static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx)
+{
+	int flags, aclass;
+	int ret;
+	unsigned char *p, *q;
+	if(!val) return 0;
+	flags = tt->flags;
+	aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+	p = *in;
+	q = p;
+
+	if(flags & ASN1_TFLG_SK_MASK) {
+		/* SET OF, SEQUENCE OF */
+		int sktag, skaclass;
+		char sk_eoc;
+		/* First work out expected inner tag value */
+		if(flags & ASN1_TFLG_IMPTAG) {
+			sktag = tt->tag;
+			skaclass = aclass;
+		} else {
+			skaclass = V_ASN1_UNIVERSAL;
+			if(flags & ASN1_TFLG_SET_OF) sktag = V_ASN1_SET;
+			else sktag = V_ASN1_SEQUENCE;
+		}
+		/* Get the tag */
+		ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL, &p, len, sktag, skaclass, opt, ctx);
+		if(!ret) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+			return 0;
+		} else if(ret == -1) return -1;
+		if(!*val) *val = (ASN1_VALUE *)sk_new_null();
+		else {
+			/* We've got a valid STACK: free up any items present */
+			STACK *sktmp = (STACK *)*val;
+			ASN1_VALUE *vtmp;
+			while(sk_num(sktmp) > 0) {
+				vtmp = (ASN1_VALUE *)sk_pop(sktmp);
+				ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item));
+			}
+		}
+				
+		if(!*val) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+		/* Read as many items as we can */
+		while(len > 0) {
+			ASN1_VALUE *skfield;
+			q = p;
+			/* See if EOC found */
+			if(asn1_check_eoc(&p, len)) {
+				if(!sk_eoc) {
+					ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_UNEXPECTED_EOC);
+					goto err;
+				}
+				len -= p - q;
+				sk_eoc = 0;
+				break;
+			}
+			skfield = NULL;
+			if(!ASN1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) {
+				ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
+				goto err;
+			}
+			len -= p - q;
+			if(!sk_push((STACK *)*val, (char *)skfield)) {
+				ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_MALLOC_FAILURE);
+				goto err;
+			}
+		}
+		if(sk_eoc) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_MISSING_EOC);
+			goto err;
+		}
+	} else if(flags & ASN1_TFLG_IMPTAG) {
+		/* IMPLICIT tagging */
+		ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx);
+		if(!ret) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
+			goto err;
+		} else if(ret == -1) return -1;
+	} else {
+		/* Nothing special */
+		ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, opt, ctx);
+		if(!ret) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
+			goto err;
+		} else if(ret == -1) return -1;
+	}
+
+	*in = p;
+	return 1;
+
+	err:
+	ASN1_template_free(val, tt);
+	*val = NULL;
+	return 0;
+}
+
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inlen, 
+						const ASN1_ITEM *it,
+						int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+	int ret = 0, utype;
+	long plen;
+	char cst, inf, free_cont = 0;
+	unsigned char *p;
+	BUF_MEM buf;
+	unsigned char *cont = NULL;
+	long len; 
+	if(!pval) {
+		ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);
+		return 0; /* Should never happen */
+	}
+
+	if(it->itype == ASN1_ITYPE_MSTRING) {
+		utype = tag;
+		tag = -1;
+	} else utype = it->utype;
+
+	if(utype == V_ASN1_ANY) {
+		/* If type is ANY need to figure out type from tag */
+		unsigned char oclass;
+		if(tag >= 0) {
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_TAGGED_ANY);
+			return 0;
+		}
+		if(opt) {
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_OPTIONAL_ANY);
+			return 0;
+		}
+		p = *in;
+		ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL, &p, inlen, -1, 0, 0, ctx);
+		if(!ret) {
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+			return 0;
+		}
+		if(oclass != V_ASN1_UNIVERSAL) utype = V_ASN1_OTHER;
+	}
+	if(tag == -1) {
+		tag = utype;
+		aclass = V_ASN1_UNIVERSAL;
+	}
+	p = *in;
+	/* Check header */
+	ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst, &p, inlen, tag, aclass, opt, ctx);
+	if(!ret) {
+		ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+		return 0;
+	} else if(ret == -1) return -1;
+	/* SEQUENCE, SET and "OTHER" are left in encoded form */
+	if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) {
+		/* Clear context cache for type OTHER because the auto clear when
+		 * we have a exact match wont work
+		 */
+		if(utype == V_ASN1_OTHER) {
+			asn1_tlc_clear(ctx);
+		/* SEQUENCE and SET must be constructed */
+		} else if(!cst) {
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_CONSTRUCTED);
+			return 0;
+		}
+
+		cont = *in;
+		/* If indefinite length constructed find the real end */
+		if(inf) {
+			if(!asn1_collect(NULL, &p, plen, inf, -1, -1)) goto err;
+			len = p - cont;
+		} else {
+			len = p - cont + plen;
+			p += plen;
+			buf.data = NULL;
+		}
+	} else if(cst) {
+		buf.length = 0;
+		buf.max = 0;
+		buf.data = NULL;
+		/* Should really check the internal tags are correct but
+		 * some things may get this wrong. The relevant specs
+		 * say that constructed string types should be OCTET STRINGs
+		 * internally irrespective of the type. So instead just check
+		 * for UNIVERSAL class and ignore the tag.
+		 */
+		if(!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) goto err;
+		len = buf.length;
+		/* Append a final null to string */
+		if(!BUF_MEM_grow_clean(&buf, len + 1)) {
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
+			return 0;
+		}
+		buf.data[len] = 0;
+		cont = (unsigned char *)buf.data;
+		free_cont = 1;
+	} else {
+		cont = p;
+		len = plen;
+		p += plen;
+	}
+
+	/* We now have content length and type: translate into a structure */
+	if(!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) goto err;
+
+	*in = p;
+	ret = 1;
+	err:
+	if(free_cont && buf.data) OPENSSL_free(buf.data);
+	return ret;
+}
+
+/* Translate ASN1 content octets into a structure */
+
+int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
+{
+	ASN1_STRING *stmp;
+	ASN1_TYPE *typ = NULL;
+	int ret = 0;
+	const ASN1_PRIMITIVE_FUNCS *pf;
+	ASN1_INTEGER **tint;
+	pf = it->funcs;
+	if(pf && pf->prim_c2i) return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
+	/* If ANY type clear type and set pointer to internal value */
+	if(it->utype == V_ASN1_ANY) {
+		if(!*pval) {
+			typ = ASN1_TYPE_new();
+			*pval = (ASN1_VALUE *)typ;
+		} else typ = (ASN1_TYPE *)*pval;
+		if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
+		pval = (ASN1_VALUE **)&typ->value.ptr;
+	}
+	switch(utype) {
+		case V_ASN1_OBJECT:
+		if(!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) goto err;
+		break;
+
+		case V_ASN1_NULL:
+		if(len) {
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_NULL_IS_WRONG_LENGTH);
+			goto err;
+		}
+		*pval = (ASN1_VALUE *)1;
+		break;
+
+		case V_ASN1_BOOLEAN:
+		if(len != 1) {
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
+			goto err;
+		} else {
+			ASN1_BOOLEAN *tbool;
+			tbool = (ASN1_BOOLEAN *)pval;
+			*tbool = *cont;
+		}
+		break;
+
+		case V_ASN1_BIT_STRING:
+		if(!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) goto err;
+		break;
+
+		case V_ASN1_INTEGER:
+		case V_ASN1_NEG_INTEGER:
+		case V_ASN1_ENUMERATED:
+		case V_ASN1_NEG_ENUMERATED:
+		tint = (ASN1_INTEGER **)pval;
+		if(!c2i_ASN1_INTEGER(tint, &cont, len)) goto err;
+		/* Fixup type to match the expected form */
+		(*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
+		break;
+
+		case V_ASN1_OCTET_STRING:
+		case V_ASN1_NUMERICSTRING:
+		case V_ASN1_PRINTABLESTRING:
+		case V_ASN1_T61STRING:
+		case V_ASN1_VIDEOTEXSTRING:
+		case V_ASN1_IA5STRING:
+		case V_ASN1_UTCTIME:
+		case V_ASN1_GENERALIZEDTIME:
+		case V_ASN1_GRAPHICSTRING:
+		case V_ASN1_VISIBLESTRING:
+		case V_ASN1_GENERALSTRING:
+		case V_ASN1_UNIVERSALSTRING:
+		case V_ASN1_BMPSTRING:
+		case V_ASN1_UTF8STRING:
+		case V_ASN1_OTHER:
+		case V_ASN1_SET:
+		case V_ASN1_SEQUENCE:
+		default:
+		/* All based on ASN1_STRING and handled the same */
+		if(!*pval) {
+			stmp = ASN1_STRING_type_new(utype);
+			if(!stmp) {
+				ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
+				goto err;
+			}
+			*pval = (ASN1_VALUE *)stmp;
+		} else {
+			stmp = (ASN1_STRING *)*pval;
+			stmp->type = utype;
+		}
+		/* If we've already allocated a buffer use it */
+		if(*free_cont) {
+			if(stmp->data) OPENSSL_free(stmp->data);
+			stmp->data = cont;
+			stmp->length = len;
+			*free_cont = 0;
+		} else {
+			if(!ASN1_STRING_set(stmp, cont, len)) {
+				ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
+				ASN1_STRING_free(stmp);	
+				*pval = NULL;
+				goto err;
+			}
+		}
+		break;
+	}
+	/* If ASN1_ANY and NULL type fix up value */
+	if(typ && utype==V_ASN1_NULL) typ->value.ptr = NULL;
+
+	ret = 1;
+	err:
+	if(!ret) ASN1_TYPE_free(typ);
+	return ret;
+}
+
+/* This function collects the asn1 data from a constructred string
+ * type into a buffer. The values of 'in' and 'len' should refer
+ * to the contents of the constructed type and 'inf' should be set
+ * if it is indefinite length. If 'buf' is NULL then we just want
+ * to find the end of the current structure: useful for indefinite
+ * length constructed stuff.
+ */
+
+static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass)
+{
+	unsigned char *p, *q;
+	long plen;
+	char cst, ininf;
+	p = *in;
+	inf &= 1;
+	/* If no buffer and not indefinite length constructed just pass over the encoded data */
+	if(!buf && !inf) {
+		*in += len;
+		return 1;
+	}
+	while(len > 0) {
+		q = p;
+		/* Check for EOC */
+		if(asn1_check_eoc(&p, len)) {
+			/* EOC is illegal outside indefinite length constructed form */
+			if(!inf) {
+				ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_UNEXPECTED_EOC);
+				return 0;
+			}
+			inf = 0;
+			break;
+		}
+		if(!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p, len, tag, aclass, 0, NULL)) {
+			ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR);
+			return 0;
+		}
+		/* If indefinite length constructed update max length */
+		if(cst) {
+			if(!asn1_collect(buf, &p, plen, ininf, tag, aclass)) return 0;
+		} else {
+			if(!collect_data(buf, &p, plen)) return 0;
+		}
+		len -= p - q;
+	}
+	if(inf) {
+		ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC);
+		return 0;
+	}
+	*in = p;
+	return 1;
+}
+
+static int collect_data(BUF_MEM *buf, unsigned char **p, long plen)
+{
+		int len;
+		if(buf) {
+			len = buf->length;
+			if(!BUF_MEM_grow_clean(buf, len + plen)) {
+				ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
+				return 0;
+			}
+			memcpy(buf->data + len, *p, plen);
+		}
+		*p += plen;
+		return 1;
+}
+
+/* Check for ASN1 EOC and swallow it if found */
+
+static int asn1_check_eoc(unsigned char **in, long len)
+{
+	unsigned char *p;
+	if(len < 2) return 0;
+	p = *in;
+	if(!p[0] && !p[1]) {
+		*in += 2;
+		return 1;
+	}
+	return 0;
+}
+
+/* Check an ASN1 tag and length: a bit like ASN1_get_object
+ * but it sets the length for indefinite length constructed
+ * form, we don't know the exact length but we can set an
+ * upper bound to the amount of data available minus the
+ * header length just read.
+ */
+
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst,
+		unsigned char **in, long len, int exptag, int expclass, char opt, ASN1_TLC *ctx)
+{
+	int i;
+	int ptag, pclass;
+	long plen;
+	unsigned char *p, *q;
+	p = *in;
+	q = p;
+
+	if(ctx && ctx->valid) {
+		i = ctx->ret;
+		plen = ctx->plen;
+		pclass = ctx->pclass;
+		ptag = ctx->ptag;
+		p += ctx->hdrlen;
+	} else {
+		i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
+		if(ctx) {
+			ctx->ret = i;
+			ctx->plen = plen;
+			ctx->pclass = pclass;
+			ctx->ptag = ptag;
+			ctx->hdrlen = p - q;
+			ctx->valid = 1;
+			/* If definite length, and no error, length +
+			 * header can't exceed total amount of data available. 
+			 */
+			if(!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {
+				ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG);
+				asn1_tlc_clear(ctx);
+				return 0;
+			}
+		}
+	}
+
+	if(i & 0x80) {
+		ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);
+		asn1_tlc_clear(ctx);
+		return 0;
+	}
+	if(exptag >= 0) {
+		if((exptag != ptag) || (expclass != pclass)) {
+			/* If type is OPTIONAL, not an error, but indicate missing
+			 * type.
+			 */
+			if(opt) return -1;
+			asn1_tlc_clear(ctx);
+			ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);
+			return 0;
+		}
+		/* We have a tag and class match, so assume we are going to do something with it */
+		asn1_tlc_clear(ctx);
+	}
+
+	if(i & 1) plen = len - (p - q);
+
+	if(inf) *inf = i & 1;
+
+	if(cst) *cst = i & V_ASN1_CONSTRUCTED;
+
+	if(olen) *olen = plen;
+	if(oclass) *oclass = pclass;
+	if(otag) *otag = ptag;
+
+	*in = p;
+	return 1;
+}
diff --git a/crypto/openssl/crypto/asn1/tasn_enc.c b/crypto/openssl/crypto/asn1/tasn_enc.c
new file mode 100644
index 000000000000..f6c8ddef0aad
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/tasn_enc.c
@@ -0,0 +1,497 @@
+/* tasn_enc.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *seq, unsigned char **out, int skcontlen, const ASN1_ITEM *item, int isset);
+
+/* Encode an ASN1 item, this is compatible with the
+ * standard 'i2d' function. 'out' points to 
+ * a buffer to output the data to, in future we will
+ * have more advanced versions that can output data
+ * a piece at a time and this will simply be a special
+ * case.
+ *
+ * The new i2d has one additional feature. If the output
+ * buffer is NULL (i.e. *out == NULL) then a buffer is
+ * allocated and populated with the encoding.
+ */
+
+
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
+{
+	if(out && !*out) {
+		unsigned char *p, *buf;
+		int len;
+		len = ASN1_item_ex_i2d(&val, NULL, it, -1, 0);
+		if(len <= 0) return len;
+		buf = OPENSSL_malloc(len);
+		if(!buf) return -1;
+		p = buf;
+		ASN1_item_ex_i2d(&val, &p, it, -1, 0);
+		*out = buf;
+		return len;
+	}
+		
+	return ASN1_item_ex_i2d(&val, out, it, -1, 0);
+}
+
+/* Encode an item, taking care of IMPLICIT tagging (if any).
+ * This function performs the normal item handling: it can be
+ * used in external types.
+ */
+
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
+{
+	const ASN1_TEMPLATE *tt = NULL;
+	unsigned char *p = NULL;
+	int i, seqcontlen, seqlen;
+	ASN1_STRING *strtmp;
+	const ASN1_COMPAT_FUNCS *cf;
+	const ASN1_EXTERN_FUNCS *ef;
+	const ASN1_AUX *aux = it->funcs;
+	ASN1_aux_cb *asn1_cb;
+	if((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) return 0;
+	if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
+	else asn1_cb = 0;
+
+	switch(it->itype) {
+
+		case ASN1_ITYPE_PRIMITIVE:
+		if(it->templates)
+			return ASN1_template_i2d(pval, out, it->templates);
+		return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
+		break;
+
+		case ASN1_ITYPE_MSTRING:
+		strtmp = (ASN1_STRING *)*pval;
+		return asn1_i2d_ex_primitive(pval, out, it, -1, 0);
+
+		case ASN1_ITYPE_CHOICE:
+		if(asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+				return 0;
+		i = asn1_get_choice_selector(pval, it);
+		if((i >= 0) && (i < it->tcount)) {
+			ASN1_VALUE **pchval;
+			const ASN1_TEMPLATE *chtt;
+			chtt = it->templates + i;
+			pchval = asn1_get_field_ptr(pval, chtt);
+			return ASN1_template_i2d(pchval, out, chtt);
+		} 
+		/* Fixme: error condition if selector out of range */
+		if(asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+				return 0;
+		break;
+
+		case ASN1_ITYPE_EXTERN:
+		/* If new style i2d it does all the work */
+		ef = it->funcs;
+		return ef->asn1_ex_i2d(pval, out, it, tag, aclass);
+
+		case ASN1_ITYPE_COMPAT:
+		/* old style hackery... */
+		cf = it->funcs;
+		if(out) p = *out;
+		i = cf->asn1_i2d(*pval, out);
+		/* Fixup for IMPLICIT tag: note this messes up for tags > 30,
+		 * but so did the old code. Tags > 30 are very rare anyway.
+		 */
+		if(out && (tag != -1))
+			*p = aclass | tag | (*p & V_ASN1_CONSTRUCTED);
+		return i;
+		
+		case ASN1_ITYPE_SEQUENCE:
+		i = asn1_enc_restore(&seqcontlen, out, pval, it);
+		/* An error occurred */
+		if(i < 0) return 0;
+		/* We have a valid cached encoding... */
+		if(i > 0) return seqcontlen;
+		/* Otherwise carry on */
+		seqcontlen = 0;
+		/* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+		if(tag == -1) {
+			tag = V_ASN1_SEQUENCE;
+			aclass = V_ASN1_UNIVERSAL;
+		}
+		if(asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+				return 0;
+		/* First work out sequence content length */
+		for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+			const ASN1_TEMPLATE *seqtt;
+			ASN1_VALUE **pseqval;
+			seqtt = asn1_do_adb(pval, tt, 1);
+			if(!seqtt) return 0;
+			pseqval = asn1_get_field_ptr(pval, seqtt);
+			/* FIXME: check for errors in enhanced version */
+			/* FIXME: special handling of indefinite length encoding */
+			seqcontlen += ASN1_template_i2d(pseqval, NULL, seqtt);
+		}
+		seqlen = ASN1_object_size(1, seqcontlen, tag);
+		if(!out) return seqlen;
+		/* Output SEQUENCE header */
+		ASN1_put_object(out, 1, seqcontlen, tag, aclass);
+		for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+			const ASN1_TEMPLATE *seqtt;
+			ASN1_VALUE **pseqval;
+			seqtt = asn1_do_adb(pval, tt, 1);
+			if(!seqtt) return 0;
+			pseqval = asn1_get_field_ptr(pval, seqtt);
+			/* FIXME: check for errors in enhanced version */
+			ASN1_template_i2d(pseqval, out, seqtt);
+		}
+		if(asn1_cb  && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+				return 0;
+		return seqlen;
+
+		default:
+		return 0;
+	}
+	return 0;
+}
+
+int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt)
+{
+	int i, ret, flags, aclass;
+	flags = tt->flags;
+	aclass = flags & ASN1_TFLG_TAG_CLASS;
+	if(flags & ASN1_TFLG_SK_MASK) {
+		/* SET OF, SEQUENCE OF */
+		STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+		int isset, sktag, skaclass;
+		int skcontlen, sklen;
+		ASN1_VALUE *skitem;
+		if(!*pval) return 0;
+		if(flags & ASN1_TFLG_SET_OF) {
+			isset = 1;
+			/* 2 means we reorder */
+			if(flags & ASN1_TFLG_SEQUENCE_OF) isset = 2;
+		} else isset = 0;
+		/* First work out inner tag value */
+		if(flags & ASN1_TFLG_IMPTAG) {
+			sktag = tt->tag;
+			skaclass = aclass;
+		} else {
+			skaclass = V_ASN1_UNIVERSAL;
+			if(isset) sktag = V_ASN1_SET;
+			else sktag = V_ASN1_SEQUENCE;
+		}
+		/* Now work out length of items */
+		skcontlen = 0;
+		for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+			skitem = sk_ASN1_VALUE_value(sk, i);
+			skcontlen += ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item), -1, 0);
+		}
+		sklen = ASN1_object_size(1, skcontlen, sktag);
+		/* If EXPLICIT need length of surrounding tag */
+		if(flags & ASN1_TFLG_EXPTAG)
+			ret = ASN1_object_size(1, sklen, tt->tag);
+		else ret = sklen;
+
+		if(!out) return ret;
+
+		/* Now encode this lot... */
+		/* EXPLICIT tag */
+		if(flags & ASN1_TFLG_EXPTAG)
+			ASN1_put_object(out, 1, sklen, tt->tag, aclass);
+		/* SET or SEQUENCE and IMPLICIT tag */
+		ASN1_put_object(out, 1, skcontlen, sktag, skaclass);
+		/* And finally the stuff itself */
+		asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item), isset);
+
+		return ret;
+	}
+			
+	if(flags & ASN1_TFLG_EXPTAG) {
+		/* EXPLICIT tagging */
+		/* Find length of tagged item */
+		i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, 0);
+		if(!i) return 0;
+		/* Find length of EXPLICIT tag */
+		ret = ASN1_object_size(1, i, tt->tag);
+		if(out) {
+			/* Output tag and item */
+			ASN1_put_object(out, 1, i, tt->tag, aclass);
+			ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, 0);
+		}
+		return ret;
+	}
+	if(flags & ASN1_TFLG_IMPTAG) {
+		/* IMPLICIT tagging */
+		return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), tt->tag, aclass);
+	}
+	/* Nothing special: treat as normal */
+	return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, 0);
+}
+
+/* Temporary structure used to hold DER encoding of items for SET OF */
+
+typedef	struct {
+	unsigned char *data;
+	int length;
+	ASN1_VALUE *field;
+} DER_ENC;
+
+static int der_cmp(const void *a, const void *b)
+{
+	const DER_ENC *d1 = a, *d2 = b;
+	int cmplen, i;
+	cmplen = (d1->length < d2->length) ? d1->length : d2->length;
+	i = memcmp(d1->data, d2->data, cmplen);
+	if(i) return i;
+	return d1->length - d2->length;
+}
+
+/* Output the content octets of SET OF or SEQUENCE OF */
+
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, int skcontlen, const ASN1_ITEM *item, int do_sort)
+{
+	int i;
+	ASN1_VALUE *skitem;
+	unsigned char *tmpdat = NULL, *p = NULL;
+	DER_ENC *derlst = NULL, *tder;
+	if(do_sort) {
+		/* Don't need to sort less than 2 items */
+		if(sk_ASN1_VALUE_num(sk) < 2) do_sort = 0;
+		else {
+			derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) * sizeof(*derlst));
+			tmpdat = OPENSSL_malloc(skcontlen);
+			if(!derlst || !tmpdat) return 0;
+		}
+	}
+	/* If not sorting just output each item */
+	if(!do_sort) {
+		for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+			skitem = sk_ASN1_VALUE_value(sk, i);
+			ASN1_item_i2d(skitem, out, item);
+		}
+		return 1;
+	}
+	p = tmpdat;
+	/* Doing sort: build up a list of each member's DER encoding */
+	for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
+		skitem = sk_ASN1_VALUE_value(sk, i);
+		tder->data = p;
+		tder->length = ASN1_item_i2d(skitem, &p, item);
+		tder->field = skitem;
+	}
+	/* Now sort them */
+	qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp);
+	/* Output sorted DER encoding */	
+	p = *out;
+	for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
+		memcpy(p, tder->data, tder->length);
+		p += tder->length;
+	}
+	*out = p;
+	/* If do_sort is 2 then reorder the STACK */
+	if(do_sort == 2) {
+		for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
+			sk_ASN1_VALUE_set(sk, i, tder->field);
+	}
+	OPENSSL_free(derlst);
+	OPENSSL_free(tmpdat);
+	return 1;
+}
+
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
+{
+	int len;
+	int utype;
+	int usetag;
+
+	utype = it->utype;
+
+	/* Get length of content octets and maybe find
+	 * out the underlying type.
+	 */
+
+	len = asn1_ex_i2c(pval, NULL, &utype, it);
+
+	/* If SEQUENCE, SET or OTHER then header is
+	 * included in pseudo content octets so don't
+	 * include tag+length. We need to check here
+	 * because the call to asn1_ex_i2c() could change
+	 * utype.
+	 */
+	if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
+	   (utype == V_ASN1_OTHER))
+		usetag = 0;
+	else usetag = 1;
+
+	/* -1 means omit type */
+
+	if(len == -1) return 0;
+
+	/* If not implicitly tagged get tag from underlying type */
+	if(tag == -1) tag = utype;
+
+	/* Output tag+length followed by content octets */
+	if(out) {
+		if(usetag) ASN1_put_object(out, 0, len, tag, aclass);
+		asn1_ex_i2c(pval, *out, &utype, it);
+		*out += len;
+	}
+
+	if(usetag) return ASN1_object_size(0, len, tag);
+	return len;
+}
+
+/* Produce content octets from a structure */
+
+int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_ITEM *it)
+{
+	ASN1_BOOLEAN *tbool = NULL;
+	ASN1_STRING *strtmp;
+	ASN1_OBJECT *otmp;
+	int utype;
+	unsigned char *cont, c;
+	int len;
+	const ASN1_PRIMITIVE_FUNCS *pf;
+	pf = it->funcs;
+	if(pf && pf->prim_i2c) return pf->prim_i2c(pval, cout, putype, it);
+
+	/* Should type be omitted? */
+	if((it->itype != ASN1_ITYPE_PRIMITIVE) || (it->utype != V_ASN1_BOOLEAN)) {
+		if(!*pval) return -1;
+	}
+
+	if(it->itype == ASN1_ITYPE_MSTRING) {
+		/* If MSTRING type set the underlying type */
+		strtmp = (ASN1_STRING *)*pval;
+		utype = strtmp->type;
+		*putype = utype;
+	} else if(it->utype == V_ASN1_ANY) {
+		/* If ANY set type and pointer to value */
+		ASN1_TYPE *typ;
+		typ = (ASN1_TYPE *)*pval;
+		utype = typ->type;
+		*putype = utype;
+		pval = (ASN1_VALUE **)&typ->value.ptr;
+	} else utype = *putype;
+
+	switch(utype) {
+		case V_ASN1_OBJECT:
+		otmp = (ASN1_OBJECT *)*pval;
+		cont = otmp->data;
+		len = otmp->length;
+		break;
+
+		case V_ASN1_NULL:
+		cont = NULL;
+		len = 0;
+		break;
+
+		case V_ASN1_BOOLEAN:
+		tbool = (ASN1_BOOLEAN *)pval;
+		if(*tbool == -1) return -1;
+		/* Default handling if value == size field then omit */
+		if(*tbool && (it->size > 0)) return -1;
+		if(!*tbool && !it->size) return -1;
+		c = (unsigned char)*tbool;
+		cont = &c;
+		len = 1;
+		break;
+
+		case V_ASN1_BIT_STRING:
+		return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, cout ? &cout : NULL);
+		break;
+
+		case V_ASN1_INTEGER:
+		case V_ASN1_NEG_INTEGER:
+		case V_ASN1_ENUMERATED:
+		case V_ASN1_NEG_ENUMERATED:
+		/* These are all have the same content format
+		 * as ASN1_INTEGER
+		 */
+		return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL);
+		break;
+
+		case V_ASN1_OCTET_STRING:
+		case V_ASN1_NUMERICSTRING:
+		case V_ASN1_PRINTABLESTRING:
+		case V_ASN1_T61STRING:
+		case V_ASN1_VIDEOTEXSTRING:
+		case V_ASN1_IA5STRING:
+		case V_ASN1_UTCTIME:
+		case V_ASN1_GENERALIZEDTIME:
+		case V_ASN1_GRAPHICSTRING:
+		case V_ASN1_VISIBLESTRING:
+		case V_ASN1_GENERALSTRING:
+		case V_ASN1_UNIVERSALSTRING:
+		case V_ASN1_BMPSTRING:
+		case V_ASN1_UTF8STRING:
+		case V_ASN1_SEQUENCE:
+		case V_ASN1_SET:
+		default:
+		/* All based on ASN1_STRING and handled the same */
+		strtmp = (ASN1_STRING *)*pval;
+		cont = strtmp->data;
+		len = strtmp->length;
+
+		break;
+
+	}
+	if(cout && len) memcpy(cout, cont, len);
+	return len;
+}
diff --git a/crypto/openssl/crypto/asn1/tasn_fre.c b/crypto/openssl/crypto/asn1/tasn_fre.c
new file mode 100644
index 000000000000..2dd844159ebe
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/tasn_fre.c
@@ -0,0 +1,229 @@
+/* tasn_fre.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+
+static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine);
+
+/* Free up an ASN1 structure */
+
+void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
+{
+	asn1_item_combine_free(&val, it, 0);
+}
+
+void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	asn1_item_combine_free(pval, it, 0);
+}
+
+static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
+{
+	const ASN1_TEMPLATE *tt = NULL, *seqtt;
+	const ASN1_EXTERN_FUNCS *ef;
+	const ASN1_COMPAT_FUNCS *cf;
+	const ASN1_AUX *aux = it->funcs;
+	ASN1_aux_cb *asn1_cb;
+	int i;
+	if(!pval) return;
+	if((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) return;
+	if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
+	else asn1_cb = 0;
+
+	switch(it->itype) {
+
+		case ASN1_ITYPE_PRIMITIVE:
+		if(it->templates) ASN1_template_free(pval, it->templates);
+		else ASN1_primitive_free(pval, it);
+		break;
+
+		case ASN1_ITYPE_MSTRING:
+		ASN1_primitive_free(pval, it);
+		break;
+
+		case ASN1_ITYPE_CHOICE:
+		if(asn1_cb) {
+			i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+			if(i == 2) return;
+		}
+		i = asn1_get_choice_selector(pval, it);
+		if(asn1_cb) asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+		if((i >= 0) && (i < it->tcount)) {
+			ASN1_VALUE **pchval;
+			tt = it->templates + i;
+			pchval = asn1_get_field_ptr(pval, tt);
+			ASN1_template_free(pchval, tt);
+		}
+		if(asn1_cb) asn1_cb(ASN1_OP_FREE_POST, pval, it);
+		if(!combine) {
+			OPENSSL_free(*pval);
+			*pval = NULL;
+		}
+		break;
+
+		case ASN1_ITYPE_COMPAT:
+		cf = it->funcs;
+		if(cf && cf->asn1_free) cf->asn1_free(*pval);
+		break;
+
+		case ASN1_ITYPE_EXTERN:
+		ef = it->funcs;
+		if(ef && ef->asn1_ex_free) ef->asn1_ex_free(pval, it);
+		break;
+
+		case ASN1_ITYPE_SEQUENCE:
+		if(asn1_do_lock(pval, -1, it) > 0) return;
+		if(asn1_cb) {
+			i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+			if(i == 2) return;
+		}		
+		asn1_enc_free(pval, it);
+		/* If we free up as normal we will invalidate any
+		 * ANY DEFINED BY field and we wont be able to 
+		 * determine the type of the field it defines. So
+		 * free up in reverse order.
+		 */
+		tt = it->templates + it->tcount - 1;
+		for(i = 0; i < it->tcount; tt--, i++) {
+			ASN1_VALUE **pseqval;
+			seqtt = asn1_do_adb(pval, tt, 0);
+			if(!seqtt) continue;
+			pseqval = asn1_get_field_ptr(pval, seqtt);
+			ASN1_template_free(pseqval, seqtt);
+		}
+		if(asn1_cb) asn1_cb(ASN1_OP_FREE_POST, pval, it);
+		if(!combine) {
+			OPENSSL_free(*pval);
+			*pval = NULL;
+		}
+		break;
+	}
+}
+
+void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+	int i;
+	if(tt->flags & ASN1_TFLG_SK_MASK) {
+		STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+		for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+			ASN1_VALUE *vtmp;
+			vtmp = sk_ASN1_VALUE_value(sk, i);
+			asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), 0);
+		}
+		sk_ASN1_VALUE_free(sk);
+		*pval = NULL;
+	} else asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item),
+						tt->flags & ASN1_TFLG_COMBINE);
+}
+
+void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	int utype;
+	if(it) {
+		const ASN1_PRIMITIVE_FUNCS *pf;
+		pf = it->funcs;
+		if(pf && pf->prim_free) {
+			pf->prim_free(pval, it);
+			return;
+		}
+	}
+	/* Special case: if 'it' is NULL free contents of ASN1_TYPE */
+	if(!it) {
+		ASN1_TYPE *typ = (ASN1_TYPE *)*pval;
+		utype = typ->type;
+		pval = (ASN1_VALUE **)&typ->value.ptr;
+		if(!*pval) return;
+	} else if(it->itype == ASN1_ITYPE_MSTRING) {
+		utype = -1;
+		if(!*pval) return;
+	} else {
+		utype = it->utype;
+		if((utype != V_ASN1_BOOLEAN) && !*pval) return;
+	}
+
+	switch(utype) {
+		case V_ASN1_OBJECT:
+		ASN1_OBJECT_free((ASN1_OBJECT *)*pval);
+		break;
+
+		case V_ASN1_BOOLEAN:
+		if (it)
+			*(ASN1_BOOLEAN *)pval = it->size;
+		else
+			*(ASN1_BOOLEAN *)pval = -1;
+		return;
+
+		case V_ASN1_NULL:
+		break;
+
+		case V_ASN1_ANY:
+		ASN1_primitive_free(pval, NULL);
+		OPENSSL_free(*pval);
+		break;
+
+		default:
+		ASN1_STRING_free((ASN1_STRING *)*pval);
+		*pval = NULL;
+		break;
+	}
+	*pval = NULL;
+}
diff --git a/crypto/openssl/crypto/asn1/tasn_new.c b/crypto/openssl/crypto/asn1/tasn_new.c
new file mode 100644
index 000000000000..a0e3db574f2d
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/tasn_new.c
@@ -0,0 +1,351 @@
+/* tasn_new.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+#include <string.h>
+
+static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine);
+static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it)
+{
+	ASN1_VALUE *ret = NULL;
+	if(ASN1_item_ex_new(&ret, it) > 0) return ret;
+	return NULL;
+}
+
+/* Allocate an ASN1 structure */
+
+int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	return asn1_item_ex_combine_new(pval, it, 0);
+}
+
+static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
+{
+	const ASN1_TEMPLATE *tt = NULL;
+	const ASN1_COMPAT_FUNCS *cf;
+	const ASN1_EXTERN_FUNCS *ef;
+	const ASN1_AUX *aux = it->funcs;
+	ASN1_aux_cb *asn1_cb;
+	ASN1_VALUE **pseqval;
+	int i;
+	if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
+	else asn1_cb = 0;
+
+	if(!combine) *pval = NULL;
+
+#ifdef CRYPTO_MDEBUG
+	if(it->sname) CRYPTO_push_info(it->sname);
+#endif
+
+	switch(it->itype) {
+
+		case ASN1_ITYPE_EXTERN:
+		ef = it->funcs;
+		if(ef && ef->asn1_ex_new) {
+			if(!ef->asn1_ex_new(pval, it))
+				goto memerr;
+		}
+		break;
+
+		case ASN1_ITYPE_COMPAT:
+		cf = it->funcs;
+		if(cf && cf->asn1_new) {
+			*pval = cf->asn1_new();
+			if(!*pval) goto memerr;
+		}
+		break;
+
+		case ASN1_ITYPE_PRIMITIVE:
+		if(it->templates) {
+			if(!ASN1_template_new(pval, it->templates))
+				goto memerr;
+		} else {
+			if(!ASN1_primitive_new(pval, it))
+				goto memerr;
+		}
+		break;
+
+		case ASN1_ITYPE_MSTRING:
+		if(!ASN1_primitive_new(pval, it))
+				goto memerr;
+		break;
+
+		case ASN1_ITYPE_CHOICE:
+		if(asn1_cb) {
+			i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
+			if(!i) goto auxerr;
+			if(i==2) {
+#ifdef CRYPTO_MDEBUG
+				if(it->sname) CRYPTO_pop_info();
+#endif
+				return 1;
+			}
+		}
+		if(!combine) {
+			*pval = OPENSSL_malloc(it->size);
+			if(!*pval) goto memerr;
+			memset(*pval, 0, it->size);
+		}
+		asn1_set_choice_selector(pval, -1, it);
+		if(asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+				goto auxerr;
+		break;
+
+		case ASN1_ITYPE_SEQUENCE:
+		if(asn1_cb) {
+			i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
+			if(!i) goto auxerr;
+			if(i==2) {
+#ifdef CRYPTO_MDEBUG
+				if(it->sname) CRYPTO_pop_info();
+#endif
+				return 1;
+			}
+		}
+		if(!combine) {
+			*pval = OPENSSL_malloc(it->size);
+			if(!*pval) goto memerr;
+			memset(*pval, 0, it->size);
+			asn1_do_lock(pval, 0, it);
+			asn1_enc_init(pval, it);
+		}
+		for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+			pseqval = asn1_get_field_ptr(pval, tt);
+			if(!ASN1_template_new(pseqval, tt)) goto memerr;
+		}
+		if(asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+				goto auxerr;
+		break;
+	}
+#ifdef CRYPTO_MDEBUG
+	if(it->sname) CRYPTO_pop_info();
+#endif
+	return 1;
+
+	memerr:
+	ASN1err(ASN1_F_ASN1_ITEM_NEW, ERR_R_MALLOC_FAILURE);
+#ifdef CRYPTO_MDEBUG
+	if(it->sname) CRYPTO_pop_info();
+#endif
+	return 0;
+
+	auxerr:
+	ASN1err(ASN1_F_ASN1_ITEM_NEW, ASN1_R_AUX_ERROR);
+	ASN1_item_ex_free(pval, it);
+#ifdef CRYPTO_MDEBUG
+	if(it->sname) CRYPTO_pop_info();
+#endif
+	return 0;
+
+}
+
+static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	const ASN1_EXTERN_FUNCS *ef;
+
+	switch(it->itype) {
+
+		case ASN1_ITYPE_EXTERN:
+		ef = it->funcs;
+		if(ef && ef->asn1_ex_clear) 
+			ef->asn1_ex_clear(pval, it);
+		else *pval = NULL;
+		break;
+
+
+		case ASN1_ITYPE_PRIMITIVE:
+		if(it->templates) 
+			asn1_template_clear(pval, it->templates);
+		else
+			asn1_primitive_clear(pval, it);
+		break;
+
+		case ASN1_ITYPE_MSTRING:
+		asn1_primitive_clear(pval, it);
+		break;
+
+		case ASN1_ITYPE_COMPAT:
+		case ASN1_ITYPE_CHOICE:
+		case ASN1_ITYPE_SEQUENCE:
+		*pval = NULL;
+		break;
+	}
+}
+
+
+int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+	const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item);
+	int ret;
+	if(tt->flags & ASN1_TFLG_OPTIONAL) {
+		asn1_template_clear(pval, tt);
+		return 1;
+	}
+	/* If ANY DEFINED BY nothing to do */
+
+	if(tt->flags & ASN1_TFLG_ADB_MASK) {
+		*pval = NULL;
+		return 1;
+	}
+#ifdef CRYPTO_MDEBUG
+	if(tt->field_name) CRYPTO_push_info(tt->field_name);
+#endif
+	/* If SET OF or SEQUENCE OF, its a STACK */
+	if(tt->flags & ASN1_TFLG_SK_MASK) {
+		STACK_OF(ASN1_VALUE) *skval;
+		skval = sk_ASN1_VALUE_new_null();
+		if(!skval) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE);
+			ret = 0;
+			goto done;
+		}
+		*pval = (ASN1_VALUE *)skval;
+		ret = 1;
+		goto done;
+	}
+	/* Otherwise pass it back to the item routine */
+	ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);
+	done:
+#ifdef CRYPTO_MDEBUG
+	if(it->sname) CRYPTO_pop_info();
+#endif
+	return ret;
+}
+
+static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+	/* If ADB or STACK just NULL the field */
+	if(tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK)) 
+		*pval = NULL;
+	else
+		asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item));
+}
+
+
+/* NB: could probably combine most of the real XXX_new() behaviour and junk all the old
+ * functions.
+ */
+
+int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	ASN1_TYPE *typ;
+	int utype;
+	const ASN1_PRIMITIVE_FUNCS *pf;
+	pf = it->funcs;
+	if(pf && pf->prim_new) return pf->prim_new(pval, it);
+	if(!it || (it->itype == ASN1_ITYPE_MSTRING)) utype = -1;
+	else utype = it->utype;
+	switch(utype) {
+		case V_ASN1_OBJECT:
+		*pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef);
+		return 1;
+
+		case V_ASN1_BOOLEAN:
+		if (it)
+			*(ASN1_BOOLEAN *)pval = it->size;
+		else
+			*(ASN1_BOOLEAN *)pval = -1;
+		return 1;
+
+		case V_ASN1_NULL:
+		*pval = (ASN1_VALUE *)1;
+		return 1;
+
+		case V_ASN1_ANY:
+		typ = OPENSSL_malloc(sizeof(ASN1_TYPE));
+		if(!typ) return 0;
+		typ->value.ptr = NULL;
+		typ->type = -1;
+		*pval = (ASN1_VALUE *)typ;
+		break;
+
+		default:
+		*pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype);
+		break;
+	}
+	if(*pval) return 1;
+	return 0;
+}
+
+void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	int utype;
+	const ASN1_PRIMITIVE_FUNCS *pf;
+	pf = it->funcs;
+	if(pf) {
+		if(pf->prim_clear)
+			pf->prim_clear(pval, it);
+		else 
+			*pval = NULL;
+		return;
+	}
+	if(!it || (it->itype == ASN1_ITYPE_MSTRING)) utype = -1;
+	else utype = it->utype;
+	if(utype == V_ASN1_BOOLEAN)
+		*(ASN1_BOOLEAN *)pval = it->size;
+	else *pval = NULL;
+}
diff --git a/crypto/openssl/crypto/asn1/tasn_prn.c b/crypto/openssl/crypto/asn1/tasn_prn.c
new file mode 100644
index 000000000000..719639b511fc
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/tasn_prn.c
@@ -0,0 +1,198 @@
+/* tasn_prn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include <openssl/nasn.h>
+
+/* Print routines. Print out a whole structure from a template.
+ */
+
+static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name);
+
+int ASN1_item_print(BIO *out, void *fld, int indent, const ASN1_ITEM *it)
+{
+	return asn1_item_print_nm(out, fld, indent, it, it->sname);
+}
+
+static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name)
+{
+	ASN1_STRING *str;
+	const ASN1_TEMPLATE *tt;
+	void *tmpfld;
+	int i;
+	if(!fld) {
+		BIO_printf(out, "%*s%s ABSENT\n", indent, "", name);
+		return 1;
+	}
+	switch(it->itype) {
+
+		case ASN1_ITYPE_PRIMITIVE:
+		if(it->templates)
+			return ASN1_template_print(out, fld, indent, it->templates);
+		return asn1_primitive_print(out, fld, it->utype, indent, name);
+		break;
+
+		case ASN1_ITYPE_MSTRING:
+		str = fld;
+		return asn1_primitive_print(out, fld, str->type, indent, name);
+
+		case ASN1_ITYPE_EXTERN:
+		BIO_printf(out, "%*s%s:EXTERNAL TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");
+		return 1;
+		case ASN1_ITYPE_COMPAT:
+		BIO_printf(out, "%*s%s:COMPATIBLE TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");
+		return 1;
+
+
+		case ASN1_ITYPE_CHOICE:
+		/* CHOICE type, get selector */
+		i = asn1_get_choice_selector(fld, it);
+		/* This should never happen... */
+		if((i < 0) || (i >= it->tcount)) {
+			BIO_printf(out, "%s selector [%d] out of range\n", it->sname, i);
+			return 1;
+		}
+		tt = it->templates + i;
+		tmpfld = asn1_get_field(fld, tt);
+		return ASN1_template_print(out, tmpfld, indent, tt);
+
+		case ASN1_ITYPE_SEQUENCE:
+		BIO_printf(out, "%*s%s {\n", indent, "", name);
+		/* Get each field entry */
+		for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+			tmpfld = asn1_get_field(fld, tt);
+			ASN1_template_print(out, tmpfld, indent + 2, tt);
+		}
+		BIO_printf(out, "%*s}\n", indent, "");
+		return 1;
+
+		default:
+		return 0;
+	}
+}
+
+int ASN1_template_print(BIO *out, void *fld, int indent, const ASN1_TEMPLATE *tt)
+{
+	int i, flags;
+#if 0
+	if(!fld) return 0; 
+#endif
+	flags = tt->flags;
+	if(flags & ASN1_TFLG_SK_MASK) {
+		char *tname;
+		void *skitem;
+		/* SET OF, SEQUENCE OF */
+		if(flags & ASN1_TFLG_SET_OF) tname = "SET";
+		else tname = "SEQUENCE";
+		if(fld) {
+			BIO_printf(out, "%*s%s OF %s {\n", indent, "", tname, tt->field_name);
+			for(i = 0; i < sk_num(fld); i++) {
+				skitem = sk_value(fld, i);
+				asn1_item_print_nm(out, skitem, indent + 2, tt->item, "");
+			}
+			BIO_printf(out, "%*s}\n", indent, "");
+		} else 
+			BIO_printf(out, "%*s%s OF %s ABSENT\n", indent, "", tname, tt->field_name);
+		return 1;
+	}
+	return asn1_item_print_nm(out, fld, indent, tt->item, tt->field_name);
+}
+
+static int asn1_primitive_print(BIO *out, void *fld, long utype, int indent, const char *name)
+{
+	ASN1_STRING *str = fld;
+	if(fld) {
+		if(utype == V_ASN1_BOOLEAN) {
+			int *bool = fld;
+if(*bool == -1) printf("BOOL MISSING\n");
+			BIO_printf(out, "%*s%s:%s", indent, "", "BOOLEAN", *bool ? "TRUE" : "FALSE");
+		} else if((utype == V_ASN1_INTEGER) 
+			  || (utype == V_ASN1_ENUMERATED)) {
+			char *s, *nm;
+			s = i2s_ASN1_INTEGER(NULL, fld);
+			if(utype == V_ASN1_INTEGER) nm = "INTEGER";
+			else nm = "ENUMERATED";
+			BIO_printf(out, "%*s%s:%s", indent, "", nm, s);
+			OPENSSL_free(s);
+		} else if(utype == V_ASN1_NULL) {
+			BIO_printf(out, "%*s%s", indent, "", "NULL");
+		} else if(utype == V_ASN1_UTCTIME) {
+			BIO_printf(out, "%*s%s:%s:", indent, "", name, "UTCTIME");
+			ASN1_UTCTIME_print(out, str);
+		} else if(utype == V_ASN1_GENERALIZEDTIME) {
+			BIO_printf(out, "%*s%s:%s:", indent, "", name, "GENERALIZEDTIME");
+			ASN1_GENERALIZEDTIME_print(out, str);
+		} else if(utype == V_ASN1_OBJECT) {
+			char objbuf[80], *ln;
+			ln = OBJ_nid2ln(OBJ_obj2nid(fld));
+			if(!ln) ln = "";
+			OBJ_obj2txt(objbuf, sizeof objbuf, fld, 1);
+			BIO_printf(out, "%*s%s:%s (%s)", indent, "", "OBJECT", ln, objbuf);
+		} else {
+			BIO_printf(out, "%*s%s:", indent, "", name);
+			ASN1_STRING_print_ex(out, str, ASN1_STRFLGS_DUMP_UNKNOWN|ASN1_STRFLGS_SHOW_TYPE);
+		}
+		BIO_printf(out, "\n");
+	} else BIO_printf(out, "%*s%s [ABSENT]\n", indent, "", name);
+	return 1;
+}
diff --git a/crypto/openssl/crypto/asn1/tasn_typ.c b/crypto/openssl/crypto/asn1/tasn_typ.c
new file mode 100644
index 000000000000..804d2eeba273
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/tasn_typ.c
@@ -0,0 +1,133 @@
+/* tasn_typ.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+/* Declarations for string types */
+
+
+IMPLEMENT_ASN1_TYPE(ASN1_INTEGER)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_INTEGER)
+
+IMPLEMENT_ASN1_TYPE(ASN1_ENUMERATED)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_ENUMERATED)
+
+IMPLEMENT_ASN1_TYPE(ASN1_BIT_STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_BIT_STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_OCTET_STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_NULL)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_NULL)
+
+IMPLEMENT_ASN1_TYPE(ASN1_OBJECT)
+
+IMPLEMENT_ASN1_TYPE(ASN1_UTF8STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTF8STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_PRINTABLESTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_T61STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_T61STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_IA5STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_IA5STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_GENERALSTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_UTCTIME)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTCTIME)
+
+IMPLEMENT_ASN1_TYPE(ASN1_GENERALIZEDTIME)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
+
+IMPLEMENT_ASN1_TYPE(ASN1_VISIBLESTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_UNIVERSALSTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_BMPSTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_BMPSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_ANY)
+
+/* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */
+IMPLEMENT_ASN1_TYPE(ASN1_SEQUENCE)
+
+IMPLEMENT_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
+/* Multistring types */
+
+IMPLEMENT_ASN1_MSTRING(ASN1_PRINTABLE, B_ASN1_PRINTABLE)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
+
+IMPLEMENT_ASN1_MSTRING(DISPLAYTEXT, B_ASN1_DISPLAYTEXT)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+
+IMPLEMENT_ASN1_MSTRING(DIRECTORYSTRING, B_ASN1_DIRECTORYSTRING)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+
+/* Three separate BOOLEAN type: normal, DEFAULT TRUE and DEFAULT FALSE */
+IMPLEMENT_ASN1_TYPE_ex(ASN1_BOOLEAN, ASN1_BOOLEAN, -1)
+IMPLEMENT_ASN1_TYPE_ex(ASN1_TBOOLEAN, ASN1_BOOLEAN, 1)
+IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0)
diff --git a/crypto/openssl/crypto/asn1/tasn_utl.c b/crypto/openssl/crypto/asn1/tasn_utl.c
new file mode 100644
index 000000000000..8996ce8c13d2
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/tasn_utl.c
@@ -0,0 +1,253 @@
+/* tasn_utl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/err.h>
+
+/* Utility functions for manipulating fields and offsets */
+
+/* Add 'offset' to 'addr' */
+#define offset2ptr(addr, offset) (void *)(((char *) addr) + offset)
+
+/* Given an ASN1_ITEM CHOICE type return
+ * the selector value
+ */
+
+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	int *sel = offset2ptr(*pval, it->utype);
+	return *sel;
+}
+
+/* Given an ASN1_ITEM CHOICE type set
+ * the selector value, return old value.
+ */
+
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it)
+{	
+	int *sel, ret;
+	sel = offset2ptr(*pval, it->utype);
+	ret = *sel;
+	*sel = value;
+	return ret;
+}
+
+/* Do reference counting. The value 'op' decides what to do. 
+ * if it is +1 then the count is incremented. If op is 0 count is
+ * set to 1. If op is -1 count is decremented and the return value
+ * is the current refrence count or 0 if no reference count exists.
+ */
+
+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
+{
+	const ASN1_AUX *aux;
+	int *lck, ret;
+	if(it->itype != ASN1_ITYPE_SEQUENCE) return 0;
+	aux = it->funcs;
+	if(!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) return 0;
+	lck = offset2ptr(*pval, aux->ref_offset);
+	if(op == 0) {
+		*lck = 1;
+		return 1;
+	}
+	ret = CRYPTO_add(lck, op, aux->ref_lock);
+#ifdef REF_PRINT
+	fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck);
+#endif
+#ifdef REF_CHECK
+	if(ret < 0) 
+		fprintf(stderr, "%s, bad reference count\n", it->sname);
+#endif
+	return ret;
+}
+
+static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	const ASN1_AUX *aux;
+	if(!pval || !*pval) return NULL;
+	aux = it->funcs;
+	if(!aux || !(aux->flags & ASN1_AFLG_ENCODING)) return NULL;
+	return offset2ptr(*pval, aux->enc_offset);
+}
+
+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	ASN1_ENCODING *enc;
+	enc = asn1_get_enc_ptr(pval, it);
+	if(enc) {
+		enc->enc = NULL;
+		enc->len = 0;
+		enc->modified = 1;
+	}
+}
+
+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	ASN1_ENCODING *enc;
+	enc = asn1_get_enc_ptr(pval, it);
+	if(enc) {
+		if(enc->enc) OPENSSL_free(enc->enc);
+		enc->enc = NULL;
+		enc->len = 0;
+		enc->modified = 1;
+	}
+}
+
+int asn1_enc_save(ASN1_VALUE **pval, unsigned char *in, int inlen, const ASN1_ITEM *it)
+{
+	ASN1_ENCODING *enc;
+	enc = asn1_get_enc_ptr(pval, it);
+	if(!enc) return 1;
+
+	if(enc->enc) OPENSSL_free(enc->enc);
+	enc->enc = OPENSSL_malloc(inlen);
+	if(!enc->enc) return 0;
+	memcpy(enc->enc, in, inlen);
+	enc->len = inlen;
+	enc->modified = 0;
+
+	return 1;
+}
+		
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	ASN1_ENCODING *enc;
+	enc = asn1_get_enc_ptr(pval, it);
+	if(!enc || enc->modified) return 0;
+	if(out) {
+		memcpy(*out, enc->enc, enc->len);
+		*out += enc->len;
+	}
+	if(len) *len = enc->len;
+	return 1;
+}
+
+/* Given an ASN1_TEMPLATE get a pointer to a field */
+ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+	ASN1_VALUE **pvaltmp;
+	if(tt->flags & ASN1_TFLG_COMBINE) return pval;
+	pvaltmp = offset2ptr(*pval, tt->offset);
+	/* NOTE for BOOLEAN types the field is just a plain
+ 	 * int so we can't return int **, so settle for
+	 * (int *).
+	 */
+	return pvaltmp;
+}
+
+/* Handle ANY DEFINED BY template, find the selector, look up
+ * the relevant ASN1_TEMPLATE in the table and return it.
+ */
+
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr)
+{
+	const ASN1_ADB *adb;
+	const ASN1_ADB_TABLE *atbl;
+	long selector;
+	ASN1_VALUE **sfld;
+	int i;
+	if(!(tt->flags & ASN1_TFLG_ADB_MASK)) return tt;
+
+	/* Else ANY DEFINED BY ... get the table */
+	adb = ASN1_ADB_ptr(tt->item);
+
+	/* Get the selector field */
+	sfld = offset2ptr(*pval, adb->offset);
+
+	/* Check if NULL */
+	if(!sfld) {
+		if(!adb->null_tt) goto err;
+		return adb->null_tt;
+	}
+
+	/* Convert type to a long:
+	 * NB: don't check for NID_undef here because it
+	 * might be a legitimate value in the table
+	 */
+	if(tt->flags & ASN1_TFLG_ADB_OID) 
+		selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld);
+	else 
+		selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld);
+
+	/* Try to find matching entry in table
+	 * Maybe should check application types first to
+	 * allow application override? Might also be useful
+	 * to have a flag which indicates table is sorted and
+	 * we can do a binary search. For now stick to a
+	 * linear search.
+	 */
+
+	for(atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++)
+		if(atbl->value == selector) return &atbl->tt;
+
+	/* FIXME: need to search application table too */
+
+	/* No match, return default type */
+	if(!adb->default_tt) goto err;		
+	return adb->default_tt;
+	
+	err:
+	/* FIXME: should log the value or OID of unsupported type */
+	if(nullerr) ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
+	return NULL;
+}
diff --git a/crypto/openssl/crypto/asn1/x_algor.c b/crypto/openssl/crypto/asn1/x_algor.c
index 853a8dfeef49..00b9ea54a15f 100644
--- a/crypto/openssl/crypto/asn1/x_algor.c
+++ b/crypto/openssl/crypto/asn1/x_algor.c
@@ -1,118 +1,73 @@
-/* crypto/asn1/x_algor.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* x_algor.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
 
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <stddef.h>
 #include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
 
-int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->algorithm,i2d_ASN1_OBJECT);
-	if (a->parameter != NULL)
-		{ M_ASN1_I2D_len(a->parameter,i2d_ASN1_TYPE); }
-
-	M_ASN1_I2D_seq_total();
-	M_ASN1_I2D_put(a->algorithm,i2d_ASN1_OBJECT);
-	if (a->parameter != NULL)
-		{ M_ASN1_I2D_put(a->parameter,i2d_ASN1_TYPE); }
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, unsigned char **pp, long length)
-	{
-	M_ASN1_D2I_vars(a,X509_ALGOR *,X509_ALGOR_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->algorithm,d2i_ASN1_OBJECT);
-	if (!M_ASN1_D2I_end_sequence())
-		{ M_ASN1_D2I_get(ret->parameter,d2i_ASN1_TYPE); }
-	else
-		{
-		ASN1_TYPE_free(ret->parameter);
-		ret->parameter=NULL;
-		}
-	M_ASN1_D2I_Finish(a,X509_ALGOR_free,ASN1_F_D2I_X509_ALGOR);
-	}
-
-X509_ALGOR *X509_ALGOR_new(void)
-	{
-	X509_ALGOR *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_ALGOR);
-	ret->algorithm=OBJ_nid2obj(NID_undef);
-	ret->parameter=NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_ALGOR_NEW);
-	}
+ASN1_SEQUENCE(X509_ALGOR) = {
+	ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT),
+	ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
+} ASN1_SEQUENCE_END(X509_ALGOR)
 
-void X509_ALGOR_free(X509_ALGOR *a)
-	{
-	if (a == NULL) return;
-	ASN1_OBJECT_free(a->algorithm);
-	ASN1_TYPE_free(a->parameter);
-	OPENSSL_free(a);
-	}
+IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
 
 IMPLEMENT_STACK_OF(X509_ALGOR)
 IMPLEMENT_ASN1_SET_OF(X509_ALGOR)
diff --git a/crypto/openssl/crypto/asn1/x_attrib.c b/crypto/openssl/crypto/asn1/x_attrib.c
index 14e5ea27aa76..1e3713f18f26 100644
--- a/crypto/openssl/crypto/asn1/x_attrib.c
+++ b/crypto/openssl/crypto/asn1/x_attrib.c
@@ -59,64 +59,42 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/objects.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-/* sequence */
-int i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a, unsigned char **pp)
-	{
-	int k=0;
-	int r=0,ret=0;
-	unsigned char **p=NULL;
-
-	if (a == NULL) return(0);
-
-	p=NULL;
-	for (;;)
-		{
-		if (k)
-			{
-			r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
-			if (pp == NULL) return(r);
-			p=pp;
-			ASN1_put_object(p,1,ret,V_ASN1_SEQUENCE,
-				V_ASN1_UNIVERSAL);
-			}
-
-		ret+=i2d_ASN1_OBJECT(a->object,p);
-		if (a->set)
-			ret+=i2d_ASN1_SET_OF_ASN1_TYPE(a->value.set,p,i2d_ASN1_TYPE,
-				V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
-		else
-			ret+=i2d_ASN1_TYPE(a->value.single,p);
-		if (k++) return(r);
-		}
-	}
-
-X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a, unsigned char **pp,
-	     long length)
-	{
-	M_ASN1_D2I_vars(a,X509_ATTRIBUTE *,X509_ATTRIBUTE_new);
+/* X509_ATTRIBUTE: this has the following form:
+ *
+ * typedef struct x509_attributes_st
+ *	{
+ *	ASN1_OBJECT *object;
+ *	int single;
+ *	union	{
+ *		char		*ptr;
+ * 		STACK_OF(ASN1_TYPE) *set;
+ * 		ASN1_TYPE	*single;
+ *		} value;
+ *	} X509_ATTRIBUTE;
+ *
+ * this needs some extra thought because the CHOICE type is
+ * merged with the main structure and because the value can
+ * be anything at all we *must* try the SET OF first because
+ * the ASN1_ANY type will swallow anything including the whole
+ * SET OF structure.
+ */
 
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT);
+ASN1_CHOICE(X509_ATTRIBUTE_SET) = {
+	ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY),
+	ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY)
+} ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single)
 
-	if ((c.slen != 0) &&
-		(M_ASN1_next == (V_ASN1_CONSTRUCTED|V_ASN1_UNIVERSAL|V_ASN1_SET)))
-		{
-		ret->set=1;
-		M_ASN1_D2I_get_set_type(ASN1_TYPE,ret->value.set,d2i_ASN1_TYPE,
-					ASN1_TYPE_free);
-		}
-	else
-		{
-		ret->set=0;
-		M_ASN1_D2I_get(ret->value.single,d2i_ASN1_TYPE);
-		}
+ASN1_SEQUENCE(X509_ATTRIBUTE) = {
+	ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
+	/* CHOICE type merged with parent */
+	ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET)
+} ASN1_SEQUENCE_END(X509_ATTRIBUTE)
 
-	M_ASN1_D2I_Finish(a,X509_ATTRIBUTE_free,ASN1_F_D2I_X509_ATTRIBUTE);
-	}
+IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
 
 X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
 	{
@@ -126,7 +104,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
 	if ((ret=X509_ATTRIBUTE_new()) == NULL)
 		return(NULL);
 	ret->object=OBJ_nid2obj(nid);
-	ret->set=1;
+	ret->single=0;
 	if ((ret->value.set=sk_ASN1_TYPE_new_null()) == NULL) goto err;
 	if ((val=ASN1_TYPE_new()) == NULL) goto err;
 	if (!sk_ASN1_TYPE_push(ret->value.set,val)) goto err;
@@ -138,28 +116,3 @@ err:
 	if (val != NULL) ASN1_TYPE_free(val);
 	return(NULL);
 	}
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_new(void)
-	{
-	X509_ATTRIBUTE *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_ATTRIBUTE);
-	ret->object=OBJ_nid2obj(NID_undef);
-	ret->set=0;
-	ret->value.ptr=NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_ATTRIBUTE_NEW);
-	}
-	
-void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a)
-	{
-	if (a == NULL) return;
-	ASN1_OBJECT_free(a->object);
-	if (a->set)
-		sk_ASN1_TYPE_pop_free(a->value.set,ASN1_TYPE_free);
-	else
-		ASN1_TYPE_free(a->value.single);
-	OPENSSL_free(a);
-	}
-
diff --git a/crypto/openssl/crypto/asn1/x_bignum.c b/crypto/openssl/crypto/asn1/x_bignum.c
new file mode 100644
index 000000000000..848c7a08779c
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/x_bignum.c
@@ -0,0 +1,137 @@
+/* x_bignum.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+
+/* Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a
+ * BIGNUM directly. Currently it ignores the sign which isn't a problem since all
+ * BIGNUMs used are non negative and anything that looks negative is normally due
+ * to an encoding error.
+ */
+
+#define BN_SENSITIVE	1
+
+static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+static int bn_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+static ASN1_PRIMITIVE_FUNCS bignum_pf = {
+	NULL, 0,
+	bn_new,
+	bn_free,
+	0,
+	bn_c2i,
+	bn_i2c
+};
+
+ASN1_ITEM_start(BIGNUM)
+	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
+ASN1_ITEM_end(BIGNUM)
+
+ASN1_ITEM_start(CBIGNUM)
+	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"
+ASN1_ITEM_end(CBIGNUM)
+
+static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	*pval = (ASN1_VALUE *)BN_new();
+	if(*pval) return 1;
+	else return 0;
+}
+
+static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	if(!*pval) return;
+	if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval);
+	else BN_free((BIGNUM *)*pval);
+	*pval = NULL;
+}
+
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+{
+	BIGNUM *bn;
+	int pad;
+	if(!*pval) return -1;
+	bn = (BIGNUM *)*pval;
+	/* If MSB set in an octet we need a padding byte */
+	if(BN_num_bits(bn) & 0x7) pad = 0;
+	else pad = 1;
+	if(cont) {
+		if(pad) *cont++ = 0;
+		BN_bn2bin(bn, cont);
+	}
+	return pad + BN_num_bytes(bn);
+}
+
+static int bn_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
+{
+	BIGNUM *bn;
+	if(!*pval) bn_new(pval, it);
+	bn  = (BIGNUM *)*pval;
+	if(!BN_bin2bn(cont, len, bn)) {
+		bn_free(pval, it);
+		return 0;
+	}
+	return 1;
+}
+
+
diff --git a/crypto/openssl/crypto/asn1/x_crl.c b/crypto/openssl/crypto/asn1/x_crl.c
index 51518cdf3502..11fce968257d 100644
--- a/crypto/openssl/crypto/asn1/x_crl.c
+++ b/crypto/openssl/crypto/asn1/x_crl.c
@@ -58,275 +58,76 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
 static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
 				const X509_REVOKED * const *b);
 static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a,
 				const X509_REVOKED * const *b);
-int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME);
-	M_ASN1_I2D_len_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
-					 i2d_X509_EXTENSION);
-
-	M_ASN1_I2D_seq_total();
 
-	M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME);
-	M_ASN1_I2D_put_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
-					 i2d_X509_EXTENSION);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_REVOKED *d2i_X509_REVOKED(X509_REVOKED **a, unsigned char **pp,
-	     long length)
-	{
-	M_ASN1_D2I_vars(a,X509_REVOKED *,X509_REVOKED_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get(ret->revocationDate,d2i_ASN1_TIME);
-	M_ASN1_D2I_get_seq_opt_type(X509_EXTENSION,ret->extensions,
-				    d2i_X509_EXTENSION,X509_EXTENSION_free);
-	M_ASN1_D2I_Finish(a,X509_REVOKED_free,ASN1_F_D2I_X509_REVOKED);
-	}
-
-int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
-	{
-	int v1=0;
-	long l=0;
+ASN1_SEQUENCE(X509_REVOKED) = {
+	ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
+	ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
+	ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
+} ASN1_SEQUENCE_END(X509_REVOKED)
+
+/* The X509_CRL_INFO structure needs a bit of customisation. This is actually
+ * mirroring the old behaviour: its purpose is to allow the use of
+ * sk_X509_REVOKED_find to lookup revoked certificates. Unfortunately
+ * this will zap the original order and the signature so we keep a copy
+ * of the original positions and reorder appropriately before encoding.
+ *
+ * Might want to see if there's a better way of doing this later...
+ */
+static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
+	int i;
 	int (*old_cmp)(const X509_REVOKED * const *,
 			const X509_REVOKED * const *);
-	M_ASN1_I2D_vars(a);
-	
-	old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp);
-	sk_X509_REVOKED_sort(a->revoked);
-	sk_X509_REVOKED_set_cmp_func(a->revoked,old_cmp);
-
-	if ((a->version != NULL) && ((l=ASN1_INTEGER_get(a->version)) != 0))
-		{
-		M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
-		}
-	M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->issuer,i2d_X509_NAME);
-	M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_TIME);
-	if (a->nextUpdate != NULL)
-		{ M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); }
-	M_ASN1_I2D_len_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
-					 i2d_X509_REVOKED);
-	M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
-					     i2d_X509_EXTENSION,0,
-					     V_ASN1_SEQUENCE,v1);
-
-	M_ASN1_I2D_seq_total();
-
-	if ((a->version != NULL) && (l != 0))
-		{
-		M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
-		}
-	M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->issuer,i2d_X509_NAME);
-	M_ASN1_I2D_put(a->lastUpdate,i2d_ASN1_TIME);
-	if (a->nextUpdate != NULL)
-		{ M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_TIME); }
-	M_ASN1_I2D_put_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
-					 i2d_X509_REVOKED);
-	M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
-					     i2d_X509_EXTENSION,0,
-					     V_ASN1_SEQUENCE,v1);
 
-	M_ASN1_I2D_finish();
-	}
-
-X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a, unsigned char **pp,
-	     long length)
-	{
-	int i,ver=0;
-	M_ASN1_D2I_vars(a,X509_CRL_INFO *,X509_CRL_INFO_new);
-
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get_opt(ret->version,d2i_ASN1_INTEGER,V_ASN1_INTEGER);
-	if (ret->version != NULL)
-		ver=ret->version->data[0];
-	
-	if ((ver == 0) && (ret->version != NULL))
-		{
-		M_ASN1_INTEGER_free(ret->version);
-		ret->version=NULL;
-		}
-	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
-	M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_TIME);
-	/* Manually handle the OPTIONAL ASN1_TIME stuff */
-	/* First try UTCTime */
-	M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_UTCTIME, V_ASN1_UTCTIME);
-	/* If that doesn't work try GeneralizedTime */
-	if(!ret->nextUpdate) 
-		M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_GENERALIZEDTIME,
-							V_ASN1_GENERALIZEDTIME);
-	if (ret->revoked != NULL)
-		{
-		while (sk_X509_REVOKED_num(ret->revoked))
-			X509_REVOKED_free(sk_X509_REVOKED_pop(ret->revoked));
-		}
-	M_ASN1_D2I_get_seq_opt_type(X509_REVOKED,ret->revoked,d2i_X509_REVOKED,
-				    X509_REVOKED_free);
-
-	if (ret->revoked != NULL)
-		{
-		for (i=0; i<sk_X509_REVOKED_num(ret->revoked); i++)
-			{
-			sk_X509_REVOKED_value(ret->revoked,i)->sequence=i;
-			}
-		}
-
-	if (ret->extensions != NULL)
-		{
-		while (sk_X509_EXTENSION_num(ret->extensions))
-			X509_EXTENSION_free(
-			sk_X509_EXTENSION_pop(ret->extensions));
-		}
-		
-	M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,ret->extensions,
-					d2i_X509_EXTENSION,
-					X509_EXTENSION_free,0,
-					V_ASN1_SEQUENCE);
-
-	M_ASN1_D2I_Finish(a,X509_CRL_INFO_free,ASN1_F_D2I_X509_CRL_INFO);
-	}
-
-int i2d_X509_CRL(X509_CRL *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->crl,i2d_X509_CRL_INFO);
-	M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->signature,i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->crl,i2d_X509_CRL_INFO);
-	M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->signature,i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_CRL *d2i_X509_CRL(X509_CRL **a, unsigned char **pp, long length)
-	{
-	M_ASN1_D2I_vars(a,X509_CRL *,X509_CRL_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->crl,d2i_X509_CRL_INFO);
-	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
-
-	M_ASN1_D2I_Finish(a,X509_CRL_free,ASN1_F_D2I_X509_CRL);
-	}
-
-
-X509_REVOKED *X509_REVOKED_new(void)
-	{
-	X509_REVOKED *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_REVOKED);
-	M_ASN1_New(ret->serialNumber,M_ASN1_INTEGER_new);
-	M_ASN1_New(ret->revocationDate,M_ASN1_UTCTIME_new);
-	ret->extensions=NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_REVOKED_NEW);
-	}
-
-X509_CRL_INFO *X509_CRL_INFO_new(void)
-	{
-	X509_CRL_INFO *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_CRL_INFO);
-	ret->version=NULL;
-	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
-	M_ASN1_New(ret->issuer,X509_NAME_new);
-	M_ASN1_New(ret->lastUpdate,M_ASN1_UTCTIME_new);
-	ret->nextUpdate=NULL;
-	M_ASN1_New(ret->revoked,sk_X509_REVOKED_new_null);
-	ret->extensions = NULL;
-	sk_X509_REVOKED_set_cmp_func(ret->revoked,X509_REVOKED_cmp);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW);
-	}
-
-X509_CRL *X509_CRL_new(void)
-	{
-	X509_CRL *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_CRL);
-	ret->references=1;
-	M_ASN1_New(ret->crl,X509_CRL_INFO_new);
-	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
-	M_ASN1_New(ret->signature,M_ASN1_BIT_STRING_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_CRL_NEW);
-	}
-
-void X509_REVOKED_free(X509_REVOKED *a)
-	{
-	if (a == NULL) return;
-	M_ASN1_INTEGER_free(a->serialNumber);
-	M_ASN1_UTCTIME_free(a->revocationDate);
-	sk_X509_EXTENSION_pop_free(a->extensions,X509_EXTENSION_free);
-	OPENSSL_free(a);
-	}
-
-void X509_CRL_INFO_free(X509_CRL_INFO *a)
-	{
-	if (a == NULL) return;
-	M_ASN1_INTEGER_free(a->version);
-	X509_ALGOR_free(a->sig_alg);
-	X509_NAME_free(a->issuer);
-	M_ASN1_UTCTIME_free(a->lastUpdate);
-	if (a->nextUpdate)
-		M_ASN1_UTCTIME_free(a->nextUpdate);
-	sk_X509_REVOKED_pop_free(a->revoked,X509_REVOKED_free);
-	sk_X509_EXTENSION_pop_free(a->extensions,X509_EXTENSION_free);
-	OPENSSL_free(a);
-	}
-
-void X509_CRL_free(X509_CRL *a)
-	{
-	int i;
-
-	if (a == NULL) return;
-
-	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509_CRL);
-#ifdef REF_PRINT
-	REF_PRINT("X509_CRL",a);
-#endif
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"X509_CRL_free, bad reference count\n");
-		abort();
-		}
-#endif
-
-	X509_CRL_INFO_free(a->crl);
-	X509_ALGOR_free(a->sig_alg);
-	M_ASN1_BIT_STRING_free(a->signature);
-	OPENSSL_free(a);
+	if(!a || !a->revoked) return 1;
+	switch(operation) {
+
+		/* Save original order */
+		case ASN1_OP_D2I_POST:
+		for (i=0; i<sk_X509_REVOKED_num(a->revoked); i++)
+			sk_X509_REVOKED_value(a->revoked,i)->sequence=i;
+		sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);
+		break;
+
+		/* Restore original order */
+		case ASN1_OP_I2D_PRE:
+		old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp);
+		sk_X509_REVOKED_sort(a->revoked);
+		sk_X509_REVOKED_set_cmp_func(a->revoked,old_cmp);
+		break;
 	}
+	return 1;
+}
+
+
+ASN1_SEQUENCE_cb(X509_CRL_INFO, crl_inf_cb) = {
+	ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
+	ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),
+	ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
+	ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),
+	ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
+	ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),
+	ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
+} ASN1_SEQUENCE_END_cb(X509_CRL_INFO, X509_CRL_INFO)
+
+ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = {
+	ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
+	ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
+	ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED)
+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
 
 static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
 			const X509_REVOKED * const *b)
@@ -342,6 +143,19 @@ static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a,
 	return((*a)->sequence-(*b)->sequence);
 	}
 
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
+{
+	X509_CRL_INFO *inf;
+	inf = crl->crl;
+	if(!inf->revoked)
+		inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
+	if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
+		ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	return 1;
+}
+
 IMPLEMENT_STACK_OF(X509_REVOKED)
 IMPLEMENT_ASN1_SET_OF(X509_REVOKED)
 IMPLEMENT_STACK_OF(X509_CRL)
diff --git a/crypto/openssl/crypto/asn1/x_exten.c b/crypto/openssl/crypto/asn1/x_exten.c
index fbfd963b4063..702421b6c851 100644
--- a/crypto/openssl/crypto/asn1/x_exten.c
+++ b/crypto/openssl/crypto/asn1/x_exten.c
@@ -1,139 +1,71 @@
-/* crypto/asn1/x_exten.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* x_exten.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
 
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/asn1_mac.h>
+#include <stddef.h>
 #include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
 
-int i2d_X509_EXTENSION(X509_EXTENSION *a, unsigned char **pp)
-	{
-	int k=0;
-	int r=0,ret=0;
-	unsigned char **p=NULL;
-
-	if (a == NULL) return(0);
-
-	p=NULL;
-	for (;;)
-		{
-		if (k)
-			{
-			r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
-			if (pp == NULL) return(r);
-			p=pp;
-			ASN1_put_object(p,1,ret,V_ASN1_SEQUENCE,
-				V_ASN1_UNIVERSAL);
-			}
-
-		ret+=i2d_ASN1_OBJECT(a->object,p);
-		if ((a->critical) || a->netscape_hack)
-			ret+=i2d_ASN1_BOOLEAN(a->critical,p);
-		ret+=i2d_ASN1_OCTET_STRING(a->value,p);
-		if (k++) return(r);
-		}
-	}
-
-X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **a, unsigned char **pp,
-	     long length)
-	{
-	int i;
-	M_ASN1_D2I_vars(a,X509_EXTENSION *,X509_EXTENSION_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT);
-
-	ret->netscape_hack=0;
-	if ((c.slen != 0) &&
-		(M_ASN1_next == (V_ASN1_UNIVERSAL|V_ASN1_BOOLEAN)))
-		{
-		c.q=c.p;
-		if (d2i_ASN1_BOOLEAN(&i,&c.p,c.slen) < 0) goto err;
-		ret->critical=i;
-		c.slen-=(c.p-c.q);
-		if (ret->critical == 0) ret->netscape_hack=1;
-		}
-	M_ASN1_D2I_get(ret->value,d2i_ASN1_OCTET_STRING);
-
-	M_ASN1_D2I_Finish(a,X509_EXTENSION_free,ASN1_F_D2I_X509_EXTENSION);
-	}
-
-X509_EXTENSION *X509_EXTENSION_new(void)
-	{
-	X509_EXTENSION *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_EXTENSION);
-	ret->object=OBJ_nid2obj(NID_undef);
-	M_ASN1_New(ret->value,M_ASN1_OCTET_STRING_new);
-	ret->critical=0;
-	ret->netscape_hack=0;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_EXTENSION_NEW);
-	}
-	
-void X509_EXTENSION_free(X509_EXTENSION *a)
-	{
-	if (a == NULL) return;
-	ASN1_OBJECT_free(a->object);
-	M_ASN1_OCTET_STRING_free(a->value);
-	OPENSSL_free(a);
-	}
+ASN1_SEQUENCE(X509_EXTENSION) = {
+	ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
+	ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
+	ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_EXTENSION)
 
+IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION)
diff --git a/crypto/openssl/crypto/asn1/x_info.c b/crypto/openssl/crypto/asn1/x_info.c
index 5e62fc2f6f1a..d44f6cdb0197 100644
--- a/crypto/openssl/crypto/asn1/x_info.c
+++ b/crypto/openssl/crypto/asn1/x_info.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1.h>
 #include <openssl/x509.h>
 
 X509_INFO *X509_INFO_new(void)
diff --git a/crypto/openssl/crypto/asn1/x_long.c b/crypto/openssl/crypto/asn1/x_long.c
new file mode 100644
index 000000000000..c04b192794f1
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/x_long.c
@@ -0,0 +1,163 @@
+/* x_long.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+
+/* Custom primitive type for long handling. This converts between an ASN1_INTEGER
+ * and a long directly.
+ */
+
+
+static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+static ASN1_PRIMITIVE_FUNCS long_pf = {
+	NULL, 0,
+	long_new,
+	long_free,
+	long_free,	/* Clear should set to initial value */
+	long_c2i,
+	long_i2c
+};
+
+ASN1_ITEM_start(LONG)
+	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
+ASN1_ITEM_end(LONG)
+
+ASN1_ITEM_start(ZLONG)
+	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
+ASN1_ITEM_end(ZLONG)
+
+static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	*(long *)pval = it->size;
+	return 1;
+}
+
+static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	*(long *)pval = it->size;
+}
+
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+{
+	long ltmp;
+	unsigned long utmp;
+	int clen, pad, i;
+	ltmp = *(long *)pval;
+	if(ltmp == it->size) return -1;
+	/* Convert the long to positive: we subtract one if negative so
+	 * we can cleanly handle the padding if only the MSB of the leading
+	 * octet is set. 
+	 */
+	if(ltmp < 0) utmp = -ltmp - 1;
+	else utmp = ltmp;
+	clen = BN_num_bits_word(utmp);
+	/* If MSB of leading octet set we need to pad */
+	if(!(clen & 0x7)) pad = 1;
+	else pad = 0;
+
+	/* Convert number of bits to number of octets */
+	clen = (clen + 7) >> 3;
+
+	if(cont) {
+		if(pad) *cont++ = (ltmp < 0) ? 0xff : 0;
+		for(i = clen - 1; i >= 0; i--) {
+			cont[i] = (unsigned char)(utmp & 0xff);
+			if(ltmp < 0) cont[i] ^= 0xff;
+			utmp >>= 8;
+		}
+	}
+	return clen + pad;
+}
+
+static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
+{
+	int neg, i;
+	long ltmp;
+	unsigned long utmp = 0;
+	if(len > sizeof(long)) {
+		ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+		return 0;
+	}
+	/* Is it negative? */
+	if(len && (cont[0] & 0x80)) neg = 1;
+	else neg = 0;
+	utmp = 0;
+	for(i = 0; i < len; i++) {
+		utmp <<= 8;
+		if(neg) utmp |= cont[i] ^ 0xff;
+		else utmp |= cont[i];
+	}
+	ltmp = (long)utmp;
+	if(neg) {
+		ltmp++;
+		ltmp = -ltmp;
+	}
+	if(ltmp == it->size) {
+		ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+		return 0;
+	}
+	*(long *)pval = ltmp;
+	return 1;
+}
diff --git a/crypto/openssl/crypto/asn1/x_name.c b/crypto/openssl/crypto/asn1/x_name.c
index 1885d699efd5..caece0f1585c 100644
--- a/crypto/openssl/crypto/asn1/x_name.c
+++ b/crypto/openssl/crypto/asn1/x_name.c
@@ -58,212 +58,203 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-static int i2d_X509_NAME_entries(X509_NAME *a);
-int i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
+static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it,
+					int tag, int aclass, char opt, ASN1_TLC *ctx);
 
-	M_ASN1_I2D_len(a->object,i2d_ASN1_OBJECT);
-	M_ASN1_I2D_len(a->value,i2d_ASN1_PRINTABLE);
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
+static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
 
-	M_ASN1_I2D_seq_total();
+static int x509_name_encode(X509_NAME *a);
 
-	M_ASN1_I2D_put(a->object,i2d_ASN1_OBJECT);
-	M_ASN1_I2D_put(a->value,i2d_ASN1_PRINTABLE);
+ASN1_SEQUENCE(X509_NAME_ENTRY) = {
+	ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
+	ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)
+} ASN1_SEQUENCE_END(X509_NAME_ENTRY)
 
-	M_ASN1_I2D_finish();
-	}
+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)
 
-X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a, unsigned char **pp,
-	     long length)
-	{
-	M_ASN1_D2I_vars(a,X509_NAME_ENTRY *,X509_NAME_ENTRY_new);
+/* For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY }
+ * so declare two template wrappers for this
+ */
 
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT);
-	M_ASN1_D2I_get(ret->value,d2i_ASN1_PRINTABLE);
-	ret->set=0;
-	M_ASN1_D2I_Finish(a,X509_NAME_ENTRY_free,ASN1_F_D2I_X509_NAME_ENTRY);
-	}
+ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
+ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)
 
-int i2d_X509_NAME(X509_NAME *a, unsigned char **pp)
-	{
-	int ret;
+ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
+ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
 
-	if (a == NULL) return(0);
-	if (a->modified)
-		{
-		ret=i2d_X509_NAME_entries(a);
-		if (ret < 0) return(ret);
-		}
-
-	ret=a->bytes->length;
-	if (pp != NULL)
-		{
-		memcpy(*pp,a->bytes->data,ret);
-		*pp+=ret;
-		}
-	return(ret);
-	}
-
-static int i2d_X509_NAME_entries(X509_NAME *a)
-	{
-	X509_NAME_ENTRY *ne,*fe=NULL;
-	STACK_OF(X509_NAME_ENTRY) *sk;
-	BUF_MEM *buf=NULL;
-	int set=0,r,ret=0;
-	int i;
-	unsigned char *p;
-	int size=0;
+/* Normally that's where it would end: we'd have two nested STACK structures
+ * representing the ASN1. Unfortunately X509_NAME uses a completely different
+ * form and caches encodings so we have to process the internal form and convert
+ * to the external form.
+ */
 
-	sk=a->entries;
-	for (i=0; i<sk_X509_NAME_ENTRY_num(sk); i++)
-		{
-		ne=sk_X509_NAME_ENTRY_value(sk,i);
-		if (fe == NULL)
-			{
-			fe=ne;
-			size=0;
-			}
+const ASN1_EXTERN_FUNCS x509_name_ff = {
+	NULL,
+	x509_name_ex_new,
+	x509_name_ex_free,
+	0,	/* Default clear behaviour is OK */
+	x509_name_ex_d2i,
+	x509_name_ex_i2d
+};
+
+IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) 
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)
+
+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
+{
+	X509_NAME *ret = NULL;
+	ret = OPENSSL_malloc(sizeof(X509_NAME));
+	if(!ret) goto memerr;
+	if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL)
+		goto memerr;
+	if((ret->bytes = BUF_MEM_new()) == NULL) goto memerr;
+	ret->modified=1;
+	*val = (ASN1_VALUE *)ret;
+	return 1;
 
-		if (ne->set != set)
-			{
-			ret+=ASN1_object_size(1,size,V_ASN1_SET);
-			fe->size=size;
-			fe=ne;
-			size=0;
-			set=ne->set;
-			}
-		size+=i2d_X509_NAME_ENTRY(ne,NULL);
-		}
-	if (fe != NULL)
+ memerr:
+	ASN1err(ASN1_F_X509_NAME_NEW, ERR_R_MALLOC_FAILURE);
+	if (ret)
 		{
-		/* SET OF needed only if entries is non empty */
-		ret+=ASN1_object_size(1,size,V_ASN1_SET);
-		fe->size=size;
+		if (ret->entries)
+			sk_X509_NAME_ENTRY_free(ret->entries);
+		OPENSSL_free(ret);
 		}
+	return 0;
+}
 
-	r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
-
-	buf=a->bytes;
-	if (!BUF_MEM_grow(buf,r)) goto err;
-	p=(unsigned char *)buf->data;
-
-	ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-
-	set= -1;
-	for (i=0; i<sk_X509_NAME_ENTRY_num(sk); i++)
-		{
-		ne=sk_X509_NAME_ENTRY_value(sk,i);
-		if (set != ne->set)
-			{
-			set=ne->set;
-			ASN1_put_object(&p,1,ne->size,
-				V_ASN1_SET,V_ASN1_UNIVERSAL);
-			}
-		i2d_X509_NAME_ENTRY(ne,&p);
-		}
-	a->modified=0;
-	return(r);
-err:
-	return(-1);
-	}
+static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	X509_NAME *a;
+	if(!pval || !*pval)
+	    return;
+	a = (X509_NAME *)*pval;
 
-X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length)
-	{
-	int set=0,i;
-	int idx=0;
-	unsigned char *orig;
-	M_ASN1_D2I_vars(a,X509_NAME *,X509_NAME_new);
+	BUF_MEM_free(a->bytes);
+	sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
+	OPENSSL_free(a);
+	*pval = NULL;
+}
 
-	orig= *pp;
-	if (sk_X509_NAME_ENTRY_num(ret->entries) > 0)
-		{
-		while (sk_X509_NAME_ENTRY_num(ret->entries) > 0)
-			X509_NAME_ENTRY_free(
-				       sk_X509_NAME_ENTRY_pop(ret->entries));
-		}
+/* Used with sk_pop_free() to free up the internal representation.
+ * NB: we only free the STACK and not its contents because it is
+ * already present in the X509_NAME structure.
+ */
 
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	for (;;)
-		{
-		if (M_ASN1_D2I_end_sequence()) break;
-		M_ASN1_D2I_get_set_type(X509_NAME_ENTRY,ret->entries,
-					d2i_X509_NAME_ENTRY,
-					X509_NAME_ENTRY_free);
-		for (; idx < sk_X509_NAME_ENTRY_num(ret->entries); idx++)
-			{
-			sk_X509_NAME_ENTRY_value(ret->entries,idx)->set=set;
-			}
-		set++;
+static void sk_internal_free(void *a)
+{
+	sk_free(a);
+}
+
+static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it,
+					int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+	unsigned char *p = *in, *q;
+	STACK *intname = NULL;
+	int i, j, ret;
+	X509_NAME *nm = NULL;
+	STACK_OF(X509_NAME_ENTRY) *entries;
+	X509_NAME_ENTRY *entry;
+	q = p;
+
+	/* Get internal representation of Name */
+	ret = ASN1_item_ex_d2i((ASN1_VALUE **)&intname, &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
+								tag, aclass, opt, ctx);
+	
+	if(ret <= 0) return ret;
+
+	if(*val) x509_name_ex_free(val, NULL);
+	if(!x509_name_ex_new((ASN1_VALUE **)&nm, NULL)) goto err;
+	/* We've decoded it: now cache encoding */
+	if(!BUF_MEM_grow(nm->bytes, p - q)) goto err;
+	memcpy(nm->bytes->data, q, p - q);
+
+	/* Convert internal representation to X509_NAME structure */
+	for(i = 0; i < sk_num(intname); i++) {
+		entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname, i);
+		for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
+			entry = sk_X509_NAME_ENTRY_value(entries, j);
+			entry->set = i;
+			if(!sk_X509_NAME_ENTRY_push(nm->entries, entry))
+				goto err;
 		}
-
-	i=(int)(c.p-orig);
-	if (!BUF_MEM_grow(ret->bytes,i)) goto err;
-	memcpy(ret->bytes->data,orig,i);
-	ret->bytes->length=i;
-	ret->modified=0;
-
-	M_ASN1_D2I_Finish(a,X509_NAME_free,ASN1_F_D2I_X509_NAME);
+		sk_X509_NAME_ENTRY_free(entries);
 	}
-
-X509_NAME *X509_NAME_new(void)
-	{
-	X509_NAME *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_NAME);
-	if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL)
-		{ c.line=__LINE__; goto err2; }
-	M_ASN1_New(ret->bytes,BUF_MEM_new);
-	ret->modified=1;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_NAME_NEW);
+	sk_free(intname);
+	nm->modified = 0;
+	*val = (ASN1_VALUE *)nm;
+	*in = p;
+	return ret;
+	err:
+	ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_NESTED_ASN1_ERROR);
+	return 0;
+}
+
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
+{
+	int ret;
+	X509_NAME *a = (X509_NAME *)*val;
+	if(a->modified) {
+		ret = x509_name_encode((X509_NAME *)a);
+		if(ret < 0) return ret;
 	}
-
-X509_NAME_ENTRY *X509_NAME_ENTRY_new(void)
-	{
-	X509_NAME_ENTRY *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_NAME_ENTRY);
-/*	M_ASN1_New(ret->object,ASN1_OBJECT_new);*/
-	ret->object=NULL;
-	ret->set=0;
-	M_ASN1_New(ret->value,ASN1_STRING_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_NAME_ENTRY_NEW);
+	ret = a->bytes->length;
+	if(out != NULL) {
+		memcpy(*out,a->bytes->data,ret);
+		*out+=ret;
 	}
+	return ret;
+}
 
-void X509_NAME_free(X509_NAME *a)
-	{
-	if(a == NULL)
-	    return;
-
-	BUF_MEM_free(a->bytes);
-	sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
-	OPENSSL_free(a);
+static int x509_name_encode(X509_NAME *a)
+{
+	STACK *intname = NULL;
+	int len;
+	unsigned char *p;
+	STACK_OF(X509_NAME_ENTRY) *entries = NULL;
+	X509_NAME_ENTRY *entry;
+	int i, set = -1;
+	intname = sk_new_null();
+	if(!intname) goto memerr;
+	for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+		entry = sk_X509_NAME_ENTRY_value(a->entries, i);
+		if(entry->set != set) {
+			entries = sk_X509_NAME_ENTRY_new_null();
+			if(!entries) goto memerr;
+			if(!sk_push(intname, (char *)entries)) goto memerr;
+			set = entry->set;
+		}
+		if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
 	}
+	len = ASN1_item_ex_i2d((ASN1_VALUE **)&intname, NULL, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+	if (!BUF_MEM_grow(a->bytes,len)) goto memerr;
+	p=(unsigned char *)a->bytes->data;
+	ASN1_item_ex_i2d((ASN1_VALUE **)&intname, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+	sk_pop_free(intname, sk_internal_free);
+	a->modified = 0;
+	return len;
+	memerr:
+	sk_pop_free(intname, sk_internal_free);
+	ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_MALLOC_FAILURE);
+	return -1;
+}
 
-void X509_NAME_ENTRY_free(X509_NAME_ENTRY *a)
-	{
-	if (a == NULL) return;
-	ASN1_OBJECT_free(a->object);
-	M_ASN1_BIT_STRING_free(a->value);
-	OPENSSL_free(a);
-	}
 
 int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
 	{
 	X509_NAME *in;
 
-	if (*xn == NULL) return(0);
+	if (!xn || !name) return(0);
 
 	if (*xn != name)
 		{
diff --git a/crypto/openssl/crypto/asn1/x_pubkey.c b/crypto/openssl/crypto/asn1/x_pubkey.c
index 914bcda68945..d9585401206d 100644
--- a/crypto/openssl/crypto/asn1/x_pubkey.c
+++ b/crypto/openssl/crypto/asn1/x_pubkey.c
@@ -58,62 +58,25 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-int i2d_X509_PUBKEY(X509_PUBKEY *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->algor,	i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->public_key,	i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->algor,	i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->public_key,	i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_PUBKEY *d2i_X509_PUBKEY(X509_PUBKEY **a, unsigned char **pp,
-	     long length)
-	{
-	M_ASN1_D2I_vars(a,X509_PUBKEY *,X509_PUBKEY_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->public_key,d2i_ASN1_BIT_STRING);
-	if (ret->pkey != NULL)
-		{
-		EVP_PKEY_free(ret->pkey);
-		ret->pkey=NULL;
-		}
-	M_ASN1_D2I_Finish(a,X509_PUBKEY_free,ASN1_F_D2I_X509_PUBKEY);
+/* Minor tweak to operation: free up EVP_PKEY */
+static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	if(operation == ASN1_OP_FREE_POST) {
+		X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
+		EVP_PKEY_free(pubkey->pkey);
 	}
+	return 1;
+}
 
-X509_PUBKEY *X509_PUBKEY_new(void)
-	{
-	X509_PUBKEY *ret=NULL;
-	ASN1_CTX c;
+ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
+	ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
+	ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY)
 
-	M_ASN1_New_Malloc(ret,X509_PUBKEY);
-	M_ASN1_New(ret->algor,X509_ALGOR_new);
-	M_ASN1_New(ret->public_key,M_ASN1_BIT_STRING_new);
-	ret->pkey=NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_PUBKEY_NEW);
-	}
-
-void X509_PUBKEY_free(X509_PUBKEY *a)
-	{
-	if (a == NULL) return;
-	X509_ALGOR_free(a->algor);
-	M_ASN1_BIT_STRING_free(a->public_key);
-	if (a->pkey != NULL) EVP_PKEY_free(a->pkey);
-	OPENSSL_free(a);
-	}
+IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
 
 int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 	{
@@ -121,7 +84,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 	X509_PUBKEY *pk;
 	X509_ALGOR *a;
 	ASN1_OBJECT *o;
-	unsigned char *s,*p;
+	unsigned char *s,*p = NULL;
 	int i;
 
 	if (x == NULL) return(0);
@@ -146,7 +109,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 			}
 		}
 	else
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 		{
 		unsigned char *pp;
@@ -173,7 +136,11 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 		}
 
 	if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
-	if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL) goto err;
+	if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL)
+		{
+		X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
 	p=s;
 	i2d_PublicKey(pkey,&p);
 	if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
@@ -206,7 +173,8 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
 	long j;
 	int type;
 	unsigned char *p;
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
+	const unsigned char *cp;
 	X509_ALGOR *a;
 #endif
 
@@ -230,16 +198,16 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
 		}
 	ret->save_parameters=0;
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	a=key->algor;
 	if (ret->type == EVP_PKEY_DSA)
 		{
 		if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
 			{
 			ret->pkey.dsa->write_params=0;
-			p=a->parameter->value.sequence->data;
+			cp=p=a->parameter->value.sequence->data;
 			j=a->parameter->value.sequence->length;
-			if (!d2i_DSAparams(&ret->pkey.dsa,&p,(long)j))
+			if (!d2i_DSAparams(&ret->pkey.dsa,&cp,(long)j))
 				goto err;
 			}
 		ret->save_parameters=1;
@@ -289,7 +257,7 @@ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
 /* The following are equivalents but which return RSA and DSA
  * keys
  */
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 RSA *d2i_RSA_PUBKEY(RSA **a, unsigned char **pp,
 	     long length)
 {
@@ -327,7 +295,7 @@ int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
 }
 #endif
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 DSA *d2i_DSA_PUBKEY(DSA **a, unsigned char **pp,
 	     long length)
 {
diff --git a/crypto/openssl/crypto/asn1/x_req.c b/crypto/openssl/crypto/asn1/x_req.c
index 6dddd4f653ed..b3f18ebc12fb 100644
--- a/crypto/openssl/crypto/asn1/x_req.c
+++ b/crypto/openssl/crypto/asn1/x_req.c
@@ -58,200 +58,55 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-int i2d_X509_REQ_INFO(X509_REQ_INFO *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
-
-	if(a->asn1) {
-		if(pp) {
-			memcpy(*pp, a->asn1, a->length);
-			*pp += a->length;
-		}
-		return a->length;
-	}
-
-	M_ASN1_I2D_len(a->version,		i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len(a->subject,		i2d_X509_NAME);
-	M_ASN1_I2D_len(a->pubkey,		i2d_X509_PUBKEY);
-
-	/* this is a *nasty* hack reported to be required to
-	 * allow some CA Software to accept the cert request.
-	 * It is not following the PKCS standards ...
-	 * PKCS#10 pg 5
-	 * attributes [0] IMPLICIT Attributes
-	 * NOTE: no OPTIONAL ... so it *must* be there
-	 */
-	if (a->req_kludge) 
-	        {
-	        M_ASN1_I2D_len_IMP_SET_opt_type(X509_ATTRIBUTE,a->attributes,i2d_X509_ATTRIBUTE,0);
-		}
-	else
-	        {
-	        M_ASN1_I2D_len_IMP_SET_type(X509_ATTRIBUTE,a->attributes,
-					    i2d_X509_ATTRIBUTE,0);
-		}
-	
-	M_ASN1_I2D_seq_total();
-	M_ASN1_I2D_put(a->version,		i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put(a->subject,		i2d_X509_NAME);
-	M_ASN1_I2D_put(a->pubkey,		i2d_X509_PUBKEY);
+/* X509_REQ_INFO is handled in an unusual way to get round
+ * invalid encodings. Some broken certificate requests don't
+ * encode the attributes field if it is empty. This is in
+ * violation of PKCS#10 but we need to tolerate it. We do
+ * this by making the attributes field OPTIONAL then using
+ * the callback to initialise it to an empty STACK. 
+ *
+ * This means that the field will be correctly encoded unless
+ * we NULL out the field.
+ *
+ * As a result we no longer need the req_kludge field because
+ * the information is now contained in the attributes field:
+ * 1. If it is NULL then it's the invalid omission.
+ * 2. If it is empty it is the correct encoding.
+ * 3. If it is not empty then some attributes are present.
+ *
+ */
 
-	/* this is a *nasty* hack reported to be required by some CA's.
-	 * It is not following the PKCS standards ...
-	 * PKCS#10 pg 5
-	 * attributes [0] IMPLICIT Attributes
-	 * NOTE: no OPTIONAL ... so it *must* be there
-	 */
-	if (a->req_kludge)
-		{
-	        M_ASN1_I2D_put_IMP_SET_opt_type(X509_ATTRIBUTE,a->attributes,
-						i2d_X509_ATTRIBUTE,0);
-		}
-	else
-		{
-	        M_ASN1_I2D_put_IMP_SET_type(X509_ATTRIBUTE,a->attributes,
-					    i2d_X509_ATTRIBUTE,0);
-		}
+static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
 
-	M_ASN1_I2D_finish();
+	if(operation == ASN1_OP_NEW_POST) {
+		rinf->attributes = sk_X509_ATTRIBUTE_new_null();
+		if(!rinf->attributes) return 0;
 	}
-
-X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a, unsigned char **pp,
-	     long length)
-	{
-	M_ASN1_D2I_vars(a,X509_REQ_INFO *,X509_REQ_INFO_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get(ret->subject,d2i_X509_NAME);
-	M_ASN1_D2I_get(ret->pubkey,d2i_X509_PUBKEY);
-
-	/* this is a *nasty* hack to allow for some CA's that
-	 * have been reported as requiring it.
-	 * It is not following the PKCS standards ...
-	 * PKCS#10 pg 5
-	 * attributes [0] IMPLICIT Attributes
-	 * NOTE: no OPTIONAL ... so it *must* be there
+	return 1;
+}
+
+ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = {
+	ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER),
+	ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME),
+	ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY),
+	/* This isn't really OPTIONAL but it gets round invalid
+	 * encodings
 	 */
-	if (asn1_Finish(&c))
-		ret->req_kludge=1;
-	else
-		{
-		M_ASN1_D2I_get_IMP_set_type(X509_ATTRIBUTE,ret->attributes,
-					    d2i_X509_ATTRIBUTE,
-					    X509_ATTRIBUTE_free,0);
-		}
-
-	M_ASN1_D2I_Finish(a,X509_REQ_INFO_free,ASN1_F_D2I_X509_REQ_INFO);
-	}
-
-X509_REQ_INFO *X509_REQ_INFO_new(void)
-	{
-	X509_REQ_INFO *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_REQ_INFO);
-	M_ASN1_New(ret->version,M_ASN1_INTEGER_new);
-	M_ASN1_New(ret->subject,X509_NAME_new);
-	M_ASN1_New(ret->pubkey,X509_PUBKEY_new);
-	M_ASN1_New(ret->attributes,sk_X509_ATTRIBUTE_new_null);
-	ret->req_kludge=0;
-	ret->asn1 = NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_REQ_INFO_NEW);
-	}
-	
-void X509_REQ_INFO_free(X509_REQ_INFO *a)
-	{
-	if (a == NULL) return;
-	if(a->asn1) OPENSSL_free(a->asn1);
-	M_ASN1_INTEGER_free(a->version);
-	X509_NAME_free(a->subject);
-	X509_PUBKEY_free(a->pubkey);
-	sk_X509_ATTRIBUTE_pop_free(a->attributes,X509_ATTRIBUTE_free);
-	OPENSSL_free(a);
-	}
+	ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0)
+} ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO)
 
-int i2d_X509_REQ(X509_REQ *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
-	M_ASN1_I2D_len(a->req_info,	i2d_X509_REQ_INFO);
-	M_ASN1_I2D_len(a->sig_alg,	i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->signature,	i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->req_info,	i2d_X509_REQ_INFO);
-	M_ASN1_I2D_put(a->sig_alg,	i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->signature,	i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_REQ *d2i_X509_REQ(X509_REQ **a, unsigned char **pp, long length)
-	{
-	M_ASN1_D2I_vars(a,X509_REQ *,X509_REQ_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->req_info,d2i_X509_REQ_INFO);
-
-	/* Keep a copy of the original encoding for signature checking */
-	ret->req_info->length = c.p - c.q;
-	if(!(ret->req_info->asn1 = OPENSSL_malloc(ret->req_info->length))) {
-		c.line=__LINE__;
-		c.error = ERR_R_MALLOC_FAILURE;
-		goto err;
-	}
-
-	memcpy(ret->req_info->asn1, c.q, ret->req_info->length);
-
-	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
-	M_ASN1_D2I_Finish(a,X509_REQ_free,ASN1_F_D2I_X509_REQ);
-	}
-
-X509_REQ *X509_REQ_new(void)
-	{
-	X509_REQ *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_REQ);
-	ret->references=1;
-	M_ASN1_New(ret->req_info,X509_REQ_INFO_new);
-	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
-	M_ASN1_New(ret->signature,M_ASN1_BIT_STRING_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_REQ_NEW);
-	}
-
-void X509_REQ_free(X509_REQ *a)
-	{
-	int i;
-
-	if (a == NULL) return;
-
-	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509_REQ);
-#ifdef REF_PRINT
-	REF_PRINT("X509_REQ",a);
-#endif
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"X509_REQ_free, bad reference count\n");
-		abort();
-		}
-#endif
-
-	X509_REQ_INFO_free(a->req_info);
-	X509_ALGOR_free(a->sig_alg);
-	M_ASN1_BIT_STRING_free(a->signature);
-	OPENSSL_free(a);
-	}
+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO)
 
+ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_INFO) = {
+	ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO),
+	ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR),
+	ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ)
 
+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ)
diff --git a/crypto/openssl/crypto/asn1/x_sig.c b/crypto/openssl/crypto/asn1/x_sig.c
index d79f147647cc..42efa86c1cd9 100644
--- a/crypto/openssl/crypto/asn1/x_sig.c
+++ b/crypto/openssl/crypto/asn1/x_sig.c
@@ -58,53 +58,12 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-int i2d_X509_SIG(X509_SIG *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->algor,	i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->digest,	i2d_ASN1_OCTET_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->algor,	i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->digest,	i2d_ASN1_OCTET_STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_SIG *d2i_X509_SIG(X509_SIG **a, unsigned char **pp, long length)
-	{
-	M_ASN1_D2I_vars(a,X509_SIG *,X509_SIG_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->digest,d2i_ASN1_OCTET_STRING);
-	M_ASN1_D2I_Finish(a,X509_SIG_free,ASN1_F_D2I_X509_SIG);
-	}
-
-X509_SIG *X509_SIG_new(void)
-	{
-	X509_SIG *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_SIG);
-	M_ASN1_New(ret->algor,X509_ALGOR_new);
-	M_ASN1_New(ret->digest,M_ASN1_OCTET_STRING_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_SIG_NEW);
-	}
-
-void X509_SIG_free(X509_SIG *a)
-	{
-	if (a == NULL) return;
-	X509_ALGOR_free(a->algor);
-	M_ASN1_OCTET_STRING_free(a->digest);
-	OPENSSL_free(a);
-	}
-
+ASN1_SEQUENCE(X509_SIG) = {
+	ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),
+	ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_SIG)
 
+IMPLEMENT_ASN1_FUNCTIONS(X509_SIG)
diff --git a/crypto/openssl/crypto/asn1/x_spki.c b/crypto/openssl/crypto/asn1/x_spki.c
index 4f01888f7d53..2aece077c53a 100644
--- a/crypto/openssl/crypto/asn1/x_spki.c
+++ b/crypto/openssl/crypto/asn1/x_spki.c
@@ -63,104 +63,19 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/x509.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 
-int i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
+ASN1_SEQUENCE(NETSCAPE_SPKAC) = {
+	ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY),
+	ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_SPKAC)
 
-	M_ASN1_I2D_len(a->pubkey,	i2d_X509_PUBKEY);
-	M_ASN1_I2D_len(a->challenge,	i2d_ASN1_IA5STRING);
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
 
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->pubkey,	i2d_X509_PUBKEY);
-	M_ASN1_I2D_put(a->challenge,	i2d_ASN1_IA5STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a, unsigned char **pp,
-	     long length)
-	{
-	M_ASN1_D2I_vars(a,NETSCAPE_SPKAC *,NETSCAPE_SPKAC_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->pubkey,d2i_X509_PUBKEY);
-	M_ASN1_D2I_get(ret->challenge,d2i_ASN1_IA5STRING);
-	M_ASN1_D2I_Finish(a,NETSCAPE_SPKAC_free,ASN1_F_D2I_NETSCAPE_SPKAC);
-	}
-
-NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void)
-	{
-	NETSCAPE_SPKAC *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,NETSCAPE_SPKAC);
-	M_ASN1_New(ret->pubkey,X509_PUBKEY_new);
-	M_ASN1_New(ret->challenge,M_ASN1_IA5STRING_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_NETSCAPE_SPKAC_NEW);
-	}
-
-void NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a)
-	{
-	if (a == NULL) return;
-	X509_PUBKEY_free(a->pubkey);
-	M_ASN1_IA5STRING_free(a->challenge);
-	OPENSSL_free(a);
-	}
-
-int i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->spkac,	i2d_NETSCAPE_SPKAC);
-	M_ASN1_I2D_len(a->sig_algor,	i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->signature,	i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->spkac,	i2d_NETSCAPE_SPKAC);
-	M_ASN1_I2D_put(a->sig_algor,	i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->signature,	i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-NETSCAPE_SPKI *d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a, unsigned char **pp,
-	     long length)
-	{
-	M_ASN1_D2I_vars(a,NETSCAPE_SPKI *,NETSCAPE_SPKI_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->spkac,d2i_NETSCAPE_SPKAC);
-	M_ASN1_D2I_get(ret->sig_algor,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
-	M_ASN1_D2I_Finish(a,NETSCAPE_SPKI_free,ASN1_F_D2I_NETSCAPE_SPKI);
-	}
-
-NETSCAPE_SPKI *NETSCAPE_SPKI_new(void)
-	{
-	NETSCAPE_SPKI *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,NETSCAPE_SPKI);
-	M_ASN1_New(ret->spkac,NETSCAPE_SPKAC_new);
-	M_ASN1_New(ret->sig_algor,X509_ALGOR_new);
-	M_ASN1_New(ret->signature,M_ASN1_BIT_STRING_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_NETSCAPE_SPKI_NEW);
-	}
-
-void NETSCAPE_SPKI_free(NETSCAPE_SPKI *a)
-	{
-	if (a == NULL) return;
-	NETSCAPE_SPKAC_free(a->spkac);
-	X509_ALGOR_free(a->sig_algor);
-	M_ASN1_BIT_STRING_free(a->signature);
-	OPENSSL_free(a);
-	}
+ASN1_SEQUENCE(NETSCAPE_SPKI) = {
+	ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC),
+	ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR),
+	ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_SPKI)
 
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKI)
diff --git a/crypto/openssl/crypto/asn1/x_val.c b/crypto/openssl/crypto/asn1/x_val.c
index 0f8f020b57d3..dc17c67758cb 100644
--- a/crypto/openssl/crypto/asn1/x_val.c
+++ b/crypto/openssl/crypto/asn1/x_val.c
@@ -58,52 +58,12 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-int i2d_X509_VAL(X509_VAL *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->notBefore,i2d_ASN1_TIME);
-	M_ASN1_I2D_len(a->notAfter,i2d_ASN1_TIME);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->notBefore,i2d_ASN1_TIME);
-	M_ASN1_I2D_put(a->notAfter,i2d_ASN1_TIME);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_VAL *d2i_X509_VAL(X509_VAL **a, unsigned char **pp, long length)
-	{
-	M_ASN1_D2I_vars(a,X509_VAL *,X509_VAL_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->notBefore,d2i_ASN1_TIME);
-	M_ASN1_D2I_get(ret->notAfter,d2i_ASN1_TIME);
-	M_ASN1_D2I_Finish(a,X509_VAL_free,ASN1_F_D2I_X509_VAL);
-	}
-
-X509_VAL *X509_VAL_new(void)
-	{
-	X509_VAL *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_VAL);
-	M_ASN1_New(ret->notBefore,M_ASN1_TIME_new);
-	M_ASN1_New(ret->notAfter,M_ASN1_TIME_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_VAL_NEW);
-	}
-
-void X509_VAL_free(X509_VAL *a)
-	{
-	if (a == NULL) return;
-	M_ASN1_TIME_free(a->notBefore);
-	M_ASN1_TIME_free(a->notAfter);
-	OPENSSL_free(a);
-	}
+ASN1_SEQUENCE(X509_VAL) = {
+	ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME),
+	ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME)
+} ASN1_SEQUENCE_END(X509_VAL)
 
+IMPLEMENT_ASN1_FUNCTIONS(X509_VAL)
diff --git a/crypto/openssl/crypto/asn1/x_x509.c b/crypto/openssl/crypto/asn1/x_x509.c
index 61ba856b17c7..b50167ce433b 100644
--- a/crypto/openssl/crypto/asn1/x_x509.c
+++ b/crypto/openssl/crypto/asn1/x_x509.c
@@ -59,12 +59,71 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-static int x509_meth_num = 0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_meth = NULL;
+ASN1_SEQUENCE(X509_CINF) = {
+	ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
+	ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
+	ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
+	ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
+	ASN1_SIMPLE(X509_CINF, validity, X509_VAL),
+	ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
+	ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),
+	ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
+	ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
+	ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
+} ASN1_SEQUENCE_END(X509_CINF)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
+/* X509 top level structure needs a bit of customisation */
+
+static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	X509 *ret = (X509 *)*pval;
+
+	switch(operation) {
+
+		case ASN1_OP_NEW_POST:
+		ret->valid=0;
+		ret->name = NULL;
+		ret->ex_flags = 0;
+		ret->ex_pathlen = -1;
+		ret->skid = NULL;
+		ret->akid = NULL;
+		ret->aux = NULL;
+		CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+		break;
+
+		case ASN1_OP_D2I_POST:
+		if (ret->name != NULL) OPENSSL_free(ret->name);
+		ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
+		break;
+
+		case ASN1_OP_FREE_POST:
+		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+		X509_CERT_AUX_free(ret->aux);
+		ASN1_OCTET_STRING_free(ret->skid);
+		AUTHORITY_KEYID_free(ret->akid);
+
+		if (ret->name != NULL) OPENSSL_free(ret->name);
+		break;
+
+	}
+
+	return 1;
+
+}
+
+ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
+	ASN1_SIMPLE(X509, cert_info, X509_CINF),
+	ASN1_SIMPLE(X509, sig_alg, X509_ALGOR),
+	ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509, X509)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509)
 
 static ASN1_METHOD meth={
 	(int (*)())  i2d_X509,
@@ -77,97 +136,11 @@ ASN1_METHOD *X509_asn1_meth(void)
 	return(&meth);
 	}
 
-int i2d_X509(X509 *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->cert_info,	i2d_X509_CINF);
-	M_ASN1_I2D_len(a->sig_alg,	i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->signature,	i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->cert_info,	i2d_X509_CINF);
-	M_ASN1_I2D_put(a->sig_alg,	i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->signature,	i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509 *d2i_X509(X509 **a, unsigned char **pp, long length)
-	{
-	M_ASN1_D2I_vars(a,X509 *,X509_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF);
-	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
-	if (ret->name != NULL) OPENSSL_free(ret->name);
-	ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
-
-	M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509);
-	}
-
-X509 *X509_new(void)
-	{
-	X509 *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509);
-	ret->valid=0;
-	ret->references=1;
-	ret->name = NULL;
-	ret->ex_flags = 0;
-	ret->ex_pathlen = -1;
-	ret->skid = NULL;
-	ret->akid = NULL;
-	ret->aux = NULL;
-	M_ASN1_New(ret->cert_info,X509_CINF_new);
-	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
-	M_ASN1_New(ret->signature,M_ASN1_BIT_STRING_new);
-	CRYPTO_new_ex_data(x509_meth, ret, &ret->ex_data);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_NEW);
-	}
-
-void X509_free(X509 *a)
-	{
-	int i;
-
-	if (a == NULL) return;
-
-	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509);
-#ifdef REF_PRINT
-	REF_PRINT("X509",a);
-#endif
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"X509_free, bad reference count\n");
-		abort();
-		}
-#endif
-
-	CRYPTO_free_ex_data(x509_meth,a,&a->ex_data);
-	X509_CINF_free(a->cert_info);
-	X509_ALGOR_free(a->sig_alg);
-	M_ASN1_BIT_STRING_free(a->signature);
-	X509_CERT_AUX_free(a->aux);
-	ASN1_OCTET_STRING_free(a->skid);
-	AUTHORITY_KEYID_free(a->akid);
-
-	if (a->name != NULL) OPENSSL_free(a->name);
-	OPENSSL_free(a);
-	}
-
 int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
         {
-	x509_meth_num++;
-	return(CRYPTO_get_ex_new_index(x509_meth_num-1,
-		&x509_meth,argl,argp,new_func,dup_func,free_func));
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
+				new_func, dup_func, free_func);
         }
 
 int X509_set_ex_data(X509 *r, int idx, void *arg)
diff --git a/crypto/openssl/crypto/asn1/x_x509a.c b/crypto/openssl/crypto/asn1/x_x509a.c
index ebcce87bf20a..f244768b7e1d 100644
--- a/crypto/openssl/crypto/asn1/x_x509a.c
+++ b/crypto/openssl/crypto/asn1/x_x509a.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
 /* X509_CERT_AUX routines. These are used to encode additional
@@ -71,72 +71,15 @@
 
 static X509_CERT_AUX *aux_get(X509 *x);
 
-X509_CERT_AUX *d2i_X509_CERT_AUX(X509_CERT_AUX **a, unsigned char **pp, long length)
-{
-	M_ASN1_D2I_vars(a, X509_CERT_AUX *, X509_CERT_AUX_new);
-	
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-
-	M_ASN1_D2I_get_seq_opt_type(ASN1_OBJECT, ret->trust,
-					d2i_ASN1_OBJECT, ASN1_OBJECT_free);
-	M_ASN1_D2I_get_IMP_set_opt_type(ASN1_OBJECT, ret->reject,
-					d2i_ASN1_OBJECT, ASN1_OBJECT_free, 0);
-	M_ASN1_D2I_get_opt(ret->alias, d2i_ASN1_UTF8STRING, V_ASN1_UTF8STRING);
-	M_ASN1_D2I_get_opt(ret->keyid, d2i_ASN1_OCTET_STRING, V_ASN1_OCTET_STRING);
-	M_ASN1_D2I_get_IMP_set_opt_type(X509_ALGOR, ret->other,
-					d2i_X509_ALGOR, X509_ALGOR_free, 1);
-
-	M_ASN1_D2I_Finish(a, X509_CERT_AUX_free, ASN1_F_D2I_X509_CERT_AUX);
-}
-
-X509_CERT_AUX *X509_CERT_AUX_new()
-{
-	X509_CERT_AUX *ret = NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret, X509_CERT_AUX);
-	ret->trust = NULL;
-	ret->reject = NULL;
-	ret->alias = NULL;
-	ret->keyid = NULL;
-	ret->other = NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_CERT_AUX_NEW);
-}
-
-void X509_CERT_AUX_free(X509_CERT_AUX *a)
-{
-	if(a == NULL) return;
-	sk_ASN1_OBJECT_pop_free(a->trust, ASN1_OBJECT_free);
-	sk_ASN1_OBJECT_pop_free(a->reject, ASN1_OBJECT_free);
-	ASN1_UTF8STRING_free(a->alias);
-	ASN1_OCTET_STRING_free(a->keyid);
-	sk_X509_ALGOR_pop_free(a->other, X509_ALGOR_free);
-	OPENSSL_free(a);
-}
-
-int i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **pp)
-{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len_SEQUENCE_opt_type(ASN1_OBJECT, a->trust, i2d_ASN1_OBJECT);
-	M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(ASN1_OBJECT, a->reject, i2d_ASN1_OBJECT, 0);
-
-	M_ASN1_I2D_len(a->alias, i2d_ASN1_UTF8STRING);
-	M_ASN1_I2D_len(a->keyid, i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(X509_ALGOR, a->other, i2d_X509_ALGOR, 1);
+ASN1_SEQUENCE(X509_CERT_AUX) = {
+	ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
+	ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),
+	ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),
+	ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),
+	ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)
+} ASN1_SEQUENCE_END(X509_CERT_AUX)
 
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put_SEQUENCE_opt_type(ASN1_OBJECT, a->trust, i2d_ASN1_OBJECT);
-	M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(ASN1_OBJECT, a->reject, i2d_ASN1_OBJECT, 0);
-
-	M_ASN1_I2D_put(a->alias, i2d_ASN1_UTF8STRING);
-	M_ASN1_I2D_put(a->keyid, i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(X509_ALGOR, a->other, i2d_X509_ALGOR, 1);
-
-	M_ASN1_I2D_finish();
-}
+IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
 
 static X509_CERT_AUX *aux_get(X509 *x)
 {