Replace the macros in asn1.h with function equivalents. Also make UTF8Strings

tolerated in certificates.

17 files changed, 77 insertions, 96 deletions

diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl
index bb22bee92f..a19e59615e 100644
--- a/crypto/x509v3/Makefile.ssl
+++ b/crypto/x509v3/Makefile.ssl
@@ -358,6 +358,24 @@ v3_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_purp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_purp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_purp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_purp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_purp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_purp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_purp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_purp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_purp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_purp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h
 v3_skey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
diff --git a/crypto/x509v3/README b/crypto/x509v3/README
deleted file mode 100644
index 3b2cc047be..0000000000
--- a/crypto/x509v3/README
+++ /dev/null
@@ -1,4 +0,0 @@
-WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
-
-This is ***VERY*** new experimental code and is likely to change
-considerably or vanish altogether.
diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c
index 4099e6019e..de2a577ac1 100644
--- a/crypto/x509v3/v3_akey.c
+++ b/crypto/x509v3/v3_akey.c
@@ -129,9 +129,9 @@ AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, unsigned char **pp,
 void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a)
 {
 	if (a == NULL) return;
-	ASN1_OCTET_STRING_free(a->keyid);
+	M_ASN1_OCTET_STRING_free(a->keyid);
 	sk_GENERAL_NAME_pop_free(a->issuer, GENERAL_NAME_free);
-	ASN1_INTEGER_free (a->serial);
+	M_ASN1_INTEGER_free (a->serial);
 	Free ((char *)a);
 }
 
@@ -214,7 +214,7 @@ if(keyid) {
 
 if((issuer && !ikeyid) || (issuer == 2)) {
 	isname = X509_NAME_dup(X509_get_issuer_name(cert));
-	serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert));
+	serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
 	if(!isname || !serial) {
 		X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
 		goto err;
@@ -241,8 +241,8 @@ return akeyid;
 
 err:
 X509_NAME_free(isname);
-ASN1_INTEGER_free(serial);
-ASN1_OCTET_STRING_free(ikeyid);
+M_ASN1_INTEGER_free(serial);
+M_ASN1_OCTET_STRING_free(ikeyid);
 return NULL;
 
 }
diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c
index b5e1f8af96..a530be2165 100644
--- a/crypto/x509v3/v3_alt.c
+++ b/crypto/x509v3/v3_alt.c
@@ -273,7 +273,7 @@ static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
 	while((i = X509_NAME_get_index_by_NID(nm,
 					 NID_pkcs9_emailAddress, i)) > 0) {
 		ne = X509_NAME_get_entry(nm, i);
-		email = ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
+		email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
 		if(!email || !(gen = GENERAL_NAME_new())) {
 			X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
 			goto err;
@@ -293,7 +293,7 @@ static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
 		
 	err:
 	GENERAL_NAME_free(gen);
-	ASN1_IA5STRING_free(email);
+	M_ASN1_IA5STRING_free(email);
 	return 0;
 	
 }
@@ -371,7 +371,7 @@ if(!name_cmp(name, "email")) {
 		goto err;
 	}
 	ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4;
-	if(!(gen->d.ip = ASN1_OCTET_STRING_new()) ||
+	if(!(gen->d.ip = M_ASN1_OCTET_STRING_new()) ||
 		!ASN1_STRING_set(gen->d.ip, ip, 4)) {
 			X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
 			goto err;
@@ -384,7 +384,7 @@ if(!name_cmp(name, "email")) {
 }
 
 if(is_string) {
-	if(!(gen->d.ia5 = ASN1_IA5STRING_new()) ||
+	if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
 		      !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
 				       strlen(value))) {
 		X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
diff --git a/crypto/x509v3/v3_bcons.c b/crypto/x509v3/v3_bcons.c
index de2f855c35..9aada0d880 100644
--- a/crypto/x509v3/v3_bcons.c
+++ b/crypto/x509v3/v3_bcons.c
@@ -122,7 +122,7 @@ BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a,
 void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a)
 {
 	if (a == NULL) return;
-	ASN1_INTEGER_free (a->pathlen);
+	M_ASN1_INTEGER_free (a->pathlen);
 	Free ((char *)a);
 }
 
diff --git a/crypto/x509v3/v3_bitst.c b/crypto/x509v3/v3_bitst.c
index 9828ba15b3..0e1167d05c 100644
--- a/crypto/x509v3/v3_bitst.c
+++ b/crypto/x509v3/v3_bitst.c
@@ -61,7 +61,6 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
-static ASN1_BIT_STRING *asn1_bit_string_new(void);
 static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
 				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
@@ -97,11 +96,6 @@ static BIT_STRING_BITNAME key_usage_type_table[] = {
 X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
 X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table);
 
-static ASN1_BIT_STRING *asn1_bit_string_new(void)
-{
-	return ASN1_BIT_STRING_new();
-}
-
 static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
 	     ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret)
 {
@@ -120,7 +114,7 @@ static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
 	ASN1_BIT_STRING *bs;
 	int i;
 	BIT_STRING_BITNAME *bnam;
-	if(!(bs = ASN1_BIT_STRING_new())) {
+	if(!(bs = M_ASN1_BIT_STRING_new())) {
 		X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
@@ -137,7 +131,7 @@ static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
 			X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
 					X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
 			X509V3_conf_err(val);
-			ASN1_BIT_STRING_free(bs);
+			M_ASN1_BIT_STRING_free(bs);
 			return NULL;
 		}
 	}
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
index d092fe99fe..b2f03010cc 100644
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -170,13 +170,13 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
 	if(!(ext_der = Malloc(ext_len))) goto merr;
 	p = ext_der;
 	method->i2d(ext_struc, &p);
-	if(!(ext_oct = ASN1_OCTET_STRING_new())) goto merr;
+	if(!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
 	ext_oct->data = ext_der;
 	ext_oct->length = ext_len;
 	
 	ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
 	if(!ext) goto merr;
-	ASN1_OCTET_STRING_free(ext_oct);
+	M_ASN1_OCTET_STRING_free(ext_oct);
 
 	return ext;
 
@@ -241,7 +241,7 @@ if(!(ext_der = string_to_hex(value, &ext_len))) {
 	goto err;
 }
 
-if(!(oct = ASN1_OCTET_STRING_new())) {
+if(!(oct = M_ASN1_OCTET_STRING_new())) {
 	X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
 	goto err;
 }
@@ -254,7 +254,7 @@ extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
 
 err:
 ASN1_OBJECT_free(obj);
-ASN1_OCTET_STRING_free(oct);
+M_ASN1_OCTET_STRING_free(oct);
 if(ext_der) Free(ext_der);
 return extension;
 }
diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c
index b4d4883545..466713b50d 100644
--- a/crypto/x509v3/v3_cpols.c
+++ b/crypto/x509v3/v3_cpols.c
@@ -169,7 +169,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
 			if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
 								 goto merr;
 			qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
-			qual->d.cpsuri = ASN1_IA5STRING_new();
+			qual->d.cpsuri = M_ASN1_IA5STRING_new();
 			if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
 						 strlen(cnf->value))) goto merr;
 		} else if(!name_cmp(cnf->name, "userNotice")) {
@@ -229,7 +229,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
 	for(i = 0; i < sk_CONF_VALUE_num(unot); i++) {
 		cnf = sk_CONF_VALUE_value(unot, i);
 		if(!strcmp(cnf->name, "explicitText")) {
-			not->exptext = ASN1_VISIBLESTRING_new();
+			not->exptext = M_ASN1_VISIBLESTRING_new();
 			if(!ASN1_STRING_set(not->exptext, cnf->value,
 						 strlen(cnf->value))) goto merr;
 		} else if(!strcmp(cnf->name, "organization")) {
@@ -238,8 +238,8 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
 				if(!(nref = NOTICEREF_new())) goto merr;
 				not->noticeref = nref;
 			} else nref = not->noticeref;
-			if(ia5org) nref->organization = ASN1_IA5STRING_new();
-			else nref->organization = ASN1_VISIBLESTRING_new();
+			if(ia5org) nref->organization = M_ASN1_IA5STRING_new();
+			else nref->organization = M_ASN1_VISIBLESTRING_new();
 			if(!ASN1_STRING_set(nref->organization, cnf->value,
 						 strlen(cnf->value))) goto merr;
 		} else if(!strcmp(cnf->name, "noticeNumbers")) {
@@ -538,7 +538,7 @@ void POLICYQUALINFO_free(POLICYQUALINFO *a)
 	if (a == NULL) return;
 	switch(OBJ_obj2nid(a->pqualid)) {
 		case NID_id_qt_cps:
-		ASN1_IA5STRING_free(a->d.cpsuri);
+		M_ASN1_IA5STRING_free(a->d.cpsuri);
 		break;
 
 		case NID_id_qt_unotice:
@@ -596,7 +596,7 @@ void USERNOTICE_free(USERNOTICE *a)
 {
 	if (a == NULL) return;
 	NOTICEREF_free(a->noticeref);
-	DISPLAYTEXT_free(a->exptext);
+	M_DISPLAYTEXT_free(a->exptext);
 	Free (a);
 }
 
@@ -646,7 +646,7 @@ NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp,long length)
 void NOTICEREF_free(NOTICEREF *a)
 {
 	if (a == NULL) return;
-	DISPLAYTEXT_free(a->organization);
+	M_DISPLAYTEXT_free(a->organization);
 	sk_pop_free(a->noticenos, ASN1_STRING_free);
 	Free (a);
 }
diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c
index 897ffb63e4..d0cbb949fa 100644
--- a/crypto/x509v3/v3_crld.c
+++ b/crypto/x509v3/v3_crld.c
@@ -211,7 +211,7 @@ void DIST_POINT_free(DIST_POINT *a)
 {
 	if (a == NULL) return;
 	DIST_POINT_NAME_free(a->distpoint);
-	ASN1_BIT_STRING_free(a->reasons);
+	M_ASN1_BIT_STRING_free(a->reasons);
 	sk_GENERAL_NAME_pop_free(a->CRLissuer, GENERAL_NAME_free);
 	Free ((char *)a);
 }
diff --git a/crypto/x509v3/v3_enum.c b/crypto/x509v3/v3_enum.c
index db423548ff..f927110e15 100644
--- a/crypto/x509v3/v3_enum.c
+++ b/crypto/x509v3/v3_enum.c
@@ -60,8 +60,6 @@
 #include "cryptlib.h"
 #include <openssl/x509v3.h>
 
-static ASN1_ENUMERATED *asn1_enumerated_new(void);
-
 static ENUMERATED_NAMES crl_reasons[] = {
 {0, "Unspecified", "unspecified"},
 {1, "Key Compromise", "keyCompromise"},
@@ -76,8 +74,8 @@ static ENUMERATED_NAMES crl_reasons[] = {
 
 X509V3_EXT_METHOD v3_crl_reason = { 
 NID_crl_reason, 0,
-(X509V3_EXT_NEW)asn1_enumerated_new,
-(X509V3_EXT_FREE)ASN1_STRING_free,
+(X509V3_EXT_NEW)ASN1_ENUMERATED_new,
+(X509V3_EXT_FREE)ASN1_ENUMERATED_free,
 (X509V3_EXT_D2I)d2i_ASN1_ENUMERATED,
 (X509V3_EXT_I2D)i2d_ASN1_ENUMERATED,
 (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
@@ -85,11 +83,6 @@ NID_crl_reason, 0,
 NULL, NULL, NULL, NULL, crl_reasons};
 
 
-static ASN1_ENUMERATED *asn1_enumerated_new(void)
-{
-	return ASN1_ENUMERATED_new();
-}
-
 char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
 	     ASN1_ENUMERATED *e)
 {
diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c
index af716232f8..5e580e5d5e 100644
--- a/crypto/x509v3/v3_genn.c
+++ b/crypto/x509v3/v3_genn.c
@@ -186,7 +186,7 @@ void GENERAL_NAME_free(GENERAL_NAME *a)
 		case GEN_DNS:
 		case GEN_URI:
 
-		ASN1_IA5STRING_free(a->d.ia5);
+		M_ASN1_IA5STRING_free(a->d.ia5);
 		break;
 
 		case GEN_DIRNAME:
@@ -194,7 +194,7 @@ void GENERAL_NAME_free(GENERAL_NAME *a)
 		break;
 
 		case GEN_IPADD:
-		ASN1_OCTET_STRING_free(a->d.ip);
+		M_ASN1_OCTET_STRING_free(a->d.ip);
 		break;
 	
 		case GEN_RID:
diff --git a/crypto/x509v3/v3_ia5.c b/crypto/x509v3/v3_ia5.c
index 3446c5cd6a..43dfd04f78 100644
--- a/crypto/x509v3/v3_ia5.c
+++ b/crypto/x509v3/v3_ia5.c
@@ -63,7 +63,6 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
-static ASN1_IA5STRING *ia5string_new(void);
 static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
 static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
 X509V3_EXT_METHOD v3_ns_ia5_list[] = { 
@@ -78,11 +77,6 @@ EXT_END
 };
 
 
-static ASN1_IA5STRING *ia5string_new(void)
-{
-	return ASN1_IA5STRING_new();
-}
-
 static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
 	     ASN1_IA5STRING *ia5)
 {
@@ -102,10 +96,10 @@ static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
 		X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT);
 		return NULL;
 	}
-	if(!(ia5 = ASN1_IA5STRING_new())) goto err;
+	if(!(ia5 = M_ASN1_IA5STRING_new())) goto err;
 	if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str,
 			    strlen(str))) {
-		ASN1_IA5STRING_free(ia5);
+		M_ASN1_IA5STRING_free(ia5);
 		goto err;
 	}
 	return ia5;
diff --git a/crypto/x509v3/v3_int.c b/crypto/x509v3/v3_int.c
index 637dd5e128..a2edfe5463 100644
--- a/crypto/x509v3/v3_int.c
+++ b/crypto/x509v3/v3_int.c
@@ -60,20 +60,13 @@
 #include "cryptlib.h"
 #include <openssl/x509v3.h>
 
-static ASN1_INTEGER *asn1_integer_new(void);
-
 X509V3_EXT_METHOD v3_crl_num = { 
 NID_crl_number, 0,
-(X509V3_EXT_NEW)asn1_integer_new,
-(X509V3_EXT_FREE)ASN1_STRING_free,
+(X509V3_EXT_NEW)ASN1_INTEGER_new,
+(X509V3_EXT_FREE)ASN1_INTEGER_free,
 (X509V3_EXT_D2I)d2i_ASN1_INTEGER,
 (X509V3_EXT_I2D)i2d_ASN1_INTEGER,
 (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
 (X509V3_EXT_S2I)NULL,
 NULL, NULL, NULL, NULL, NULL};
 
-
-static ASN1_INTEGER *asn1_integer_new(void)
-{
-	return ASN1_INTEGER_new();
-}
diff --git a/crypto/x509v3/v3_pku.c b/crypto/x509v3/v3_pku.c
index c13e7d8f45..6b61e61a14 100644
--- a/crypto/x509v3/v3_pku.c
+++ b/crypto/x509v3/v3_pku.c
@@ -119,8 +119,8 @@ PKEY_USAGE_PERIOD *d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a,
 void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a)
 {
 	if (a == NULL) return;
-	ASN1_GENERALIZEDTIME_free(a->notBefore);
-	ASN1_GENERALIZEDTIME_free(a->notAfter);
+	M_ASN1_GENERALIZEDTIME_free(a->notBefore);
+	M_ASN1_GENERALIZEDTIME_free(a->notAfter);
 	Free ((char *)a);
 }
 
diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c
index fb3e36014d..939845fa8f 100644
--- a/crypto/x509v3/v3_skey.c
+++ b/crypto/x509v3/v3_skey.c
@@ -61,24 +61,17 @@
 #include "cryptlib.h"
 #include <openssl/x509v3.h>
 
-static ASN1_OCTET_STRING *octet_string_new(void);
 static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
 X509V3_EXT_METHOD v3_skey_id = { 
 NID_subject_key_identifier, 0,
-(X509V3_EXT_NEW)octet_string_new,
-(X509V3_EXT_FREE)ASN1_STRING_free,
+(X509V3_EXT_NEW)ASN1_OCTET_STRING_new,
+(X509V3_EXT_FREE)ASN1_OCTET_STRING_free,
 (X509V3_EXT_D2I)d2i_ASN1_OCTET_STRING,
 (X509V3_EXT_I2D)i2d_ASN1_OCTET_STRING,
 (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
 (X509V3_EXT_S2I)s2i_skey_id,
 NULL, NULL, NULL, NULL, NULL};
 
-
-static ASN1_OCTET_STRING *octet_string_new(void)
-{
-	return ASN1_OCTET_STRING_new();
-}
-
 char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
 	     ASN1_OCTET_STRING *oct)
 {
@@ -91,13 +84,13 @@ ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
 	ASN1_OCTET_STRING *oct;
 	long length;
 
-	if(!(oct = ASN1_OCTET_STRING_new())) {
+	if(!(oct = M_ASN1_OCTET_STRING_new())) {
 		X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
 
 	if(!(oct->data = string_to_hex(str, &length))) {
-		ASN1_OCTET_STRING_free(oct);
+		M_ASN1_OCTET_STRING_free(oct);
 		return NULL;
 	}
 
@@ -118,7 +111,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
 
 	if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);
 
-	if(!(oct = ASN1_OCTET_STRING_new())) {
+	if(!(oct = M_ASN1_OCTET_STRING_new())) {
 		X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
@@ -143,7 +136,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
 	EVP_DigestUpdate(&md, pk->data, pk->length);
 	EVP_DigestFinal(&md, pkey_dig, &diglen);
 
-	if(!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
+	if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
 		X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
 		goto err;
 	}
@@ -151,6 +144,6 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
 	return oct;
 	
 	err:
-	ASN1_OCTET_STRING_free(oct);
+	M_ASN1_OCTET_STRING_free(oct);
 	return NULL;
 }
diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c
index 0687bb4e3d..20ba8ac8d6 100644
--- a/crypto/x509v3/v3_sxnet.c
+++ b/crypto/x509v3/v3_sxnet.c
@@ -111,7 +111,7 @@ SXNET *SXNET_new(void)
 	SXNET *ret=NULL;
 	ASN1_CTX c;
 	M_ASN1_New_Malloc(ret, SXNET);
-	M_ASN1_New(ret->version,ASN1_INTEGER_new);
+	M_ASN1_New(ret->version,M_ASN1_INTEGER_new);
 	M_ASN1_New(ret->ids,sk_SXNETID_new_null);
 	return (ret);
 	M_ASN1_New_Error(ASN1_F_SXNET_NEW);
@@ -130,7 +130,7 @@ SXNET *d2i_SXNET(SXNET **a, unsigned char **pp, long length)
 void SXNET_free(SXNET *a)
 {
 	if (a == NULL) return;
-	ASN1_INTEGER_free(a->version);
+	M_ASN1_INTEGER_free(a->version);
 	sk_SXNETID_pop_free(a->ids, SXNETID_free);
 	Free (a);
 }
@@ -156,7 +156,7 @@ SXNETID *SXNETID_new(void)
 	ASN1_CTX c;
 	M_ASN1_New_Malloc(ret, SXNETID);
 	ret->zone = NULL;
-	M_ASN1_New(ret->user,ASN1_OCTET_STRING_new);
+	M_ASN1_New(ret->user,M_ASN1_OCTET_STRING_new);
 	return (ret);
 	M_ASN1_New_Error(ASN1_F_SXNETID_NEW);
 }
@@ -174,8 +174,8 @@ SXNETID *d2i_SXNETID(SXNETID **a, unsigned char **pp, long length)
 void SXNETID_free(SXNETID *a)
 {
 	if (a == NULL) return;
-	ASN1_INTEGER_free(a->zone);
-	ASN1_OCTET_STRING_free(a->user);
+	M_ASN1_INTEGER_free(a->zone);
+	M_ASN1_OCTET_STRING_free(a->user);
 	Free (a);
 }
 
@@ -193,7 +193,7 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
 		tmp = i2s_ASN1_INTEGER(NULL, id->zone);
 		BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
 		Free(tmp);
-		ASN1_OCTET_STRING_print(out, id->user);
+		M_ASN1_OCTET_STRING_print(out, id->user);
 	}
 	return 1;
 }
@@ -244,9 +244,9 @@ int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
 	     int userlen)
 {
 	ASN1_INTEGER *izone = NULL;
-	if(!(izone = ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
+	if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
 		X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE);
-		ASN1_INTEGER_free(izone);
+		M_ASN1_INTEGER_free(izone);
 		return 0;
 	}
 	return SXNET_add_id_INTEGER(psx, izone, user, userlen);
@@ -285,7 +285,7 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
 	if(!(id = SXNETID_new())) goto err;
 	if(userlen == -1) userlen = strlen(user);
 		
-	if(!ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err;
+	if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err;
 	if(!sk_SXNETID_push(sx->ids, id)) goto err;
 	id->zone = zone;
 	return 1;
@@ -307,7 +307,7 @@ ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
 		return NULL;
 	}
 	oct = SXNET_get_id_INTEGER(sx, izone);
-	ASN1_INTEGER_free(izone);
+	M_ASN1_INTEGER_free(izone);
 	return oct;
 }
 
@@ -315,13 +315,13 @@ ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
 {
 	ASN1_INTEGER *izone = NULL;
 	ASN1_OCTET_STRING *oct;
-	if(!(izone = ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
+	if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
 		X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE);
-		ASN1_INTEGER_free(izone);
+		M_ASN1_INTEGER_free(izone);
 		return NULL;
 	}
 	oct = SXNET_get_id_INTEGER(sx, izone);
-	ASN1_INTEGER_free(izone);
+	M_ASN1_INTEGER_free(izone);
 	return oct;
 }
 
@@ -331,7 +331,7 @@ ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
 	int i;
 	for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
 		id = sk_SXNETID_value(sx->ids, i);
-		if(!ASN1_INTEGER_cmp(id->zone, zone)) return id->user;
+		if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user;
 	}
 	return NULL;
 }
diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index c44ea05965..7915307ce1 100644
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -255,8 +255,8 @@ DECLARE_ASN1_SET_OF(POLICYINFO)
 #define X509V3_set_ctx_nodb(ctx) ctx->db = NULL;
 
 #define EXT_BITSTRING(nid, table) { nid, 0, \
-			(X509V3_EXT_NEW)asn1_bit_string_new, \
-			(X509V3_EXT_FREE)ASN1_STRING_free, \
+			(X509V3_EXT_NEW)ASN1_BIT_STRING_new, \
+			(X509V3_EXT_FREE)ASN1_BIT_STRING_free, \
 			(X509V3_EXT_D2I)d2i_ASN1_BIT_STRING, \
 			(X509V3_EXT_I2D)i2d_ASN1_BIT_STRING, \
 			NULL, NULL, \
@@ -266,8 +266,8 @@ DECLARE_ASN1_SET_OF(POLICYINFO)
 			(char *)table}
 
 #define EXT_IA5STRING(nid) { nid, 0, \
-			(X509V3_EXT_NEW)ia5string_new, \
-			(X509V3_EXT_FREE)ASN1_STRING_free, \
+			(X509V3_EXT_NEW)ASN1_IA5STRING_new, \
+			(X509V3_EXT_FREE)ASN1_IA5STRING_free, \
 			(X509V3_EXT_D2I)d2i_ASN1_IA5STRING, \
 			(X509V3_EXT_I2D)i2d_ASN1_IA5STRING, \
 			(X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \