Expand most of the ASN1_SEQUENCE* and associated macros, making the data

structures visible and easier to review, without having to wade through
layers and layers of asn1t.h macros.

Change has been scripted and the generated assembly only differs by changes
to line numbers.

Discussed with beck@ miod@ tedu@

17 files changed, 950 insertions, 146 deletions

diff --git a/lib/libcrypto/asn1/n_pkey.c b/lib/libcrypto/asn1/n_pkey.c
index 198ca97c09f..8f65a4b9262 100644
--- a/lib/libcrypto/asn1/n_pkey.c
+++ b/lib/libcrypto/asn1/n_pkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: n_pkey.c,v 1.23 2015/02/10 04:01:26 jsing Exp $ */
+/* $OpenBSD: n_pkey.c,v 1.24 2015/02/11 03:39:51 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -87,10 +87,40 @@ typedef struct netscape_encrypted_pkey_st {
 } NETSCAPE_ENCRYPTED_PKEY;
 
 
-ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
-	ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
-	ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
-} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
+static const ASN1_AUX NETSCAPE_ENCRYPTED_PKEY_aux = {
+	.app_data = NULL,
+	.flags = ASN1_AFLG_BROKEN,
+	.ref_offset = 0,
+	.ref_lock = 0,
+	.asn1_cb = NULL,
+	.enc_offset = 0,
+};
+static const ASN1_TEMPLATE NETSCAPE_ENCRYPTED_PKEY_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(NETSCAPE_ENCRYPTED_PKEY, os),
+		.field_name = "os",
+		.item = &ASN1_OCTET_STRING_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(NETSCAPE_ENCRYPTED_PKEY, enckey),
+		.field_name = "enckey",
+		.item = &X509_SIG_it,
+	},
+};
+
+const ASN1_ITEM NETSCAPE_ENCRYPTED_PKEY_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = NETSCAPE_ENCRYPTED_PKEY_seq_tt,
+	.tcount = sizeof(NETSCAPE_ENCRYPTED_PKEY_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = &NETSCAPE_ENCRYPTED_PKEY_aux,
+	.size = sizeof(NETSCAPE_ENCRYPTED_PKEY),
+	.sname = "NETSCAPE_ENCRYPTED_PKEY",
+};
 
 DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
 DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY, NETSCAPE_ENCRYPTED_PKEY)
@@ -120,11 +150,39 @@ NETSCAPE_ENCRYPTED_PKEY_free(NETSCAPE_ENCRYPTED_PKEY *a)
 	ASN1_item_free((ASN1_VALUE *)a, &NETSCAPE_ENCRYPTED_PKEY_it);
 }
 
-ASN1_SEQUENCE(NETSCAPE_PKEY) = {
-	ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
-	ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
-	ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(NETSCAPE_PKEY)
+static const ASN1_TEMPLATE NETSCAPE_PKEY_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(NETSCAPE_PKEY, version),
+		.field_name = "version",
+		.item = &LONG_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(NETSCAPE_PKEY, algor),
+		.field_name = "algor",
+		.item = &X509_ALGOR_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(NETSCAPE_PKEY, private_key),
+		.field_name = "private_key",
+		.item = &ASN1_OCTET_STRING_it,
+	},
+};
+
+const ASN1_ITEM NETSCAPE_PKEY_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = NETSCAPE_PKEY_seq_tt,
+	.tcount = sizeof(NETSCAPE_PKEY_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = NULL,
+	.size = sizeof(NETSCAPE_PKEY),
+	.sname = "NETSCAPE_PKEY",
+};
 
 DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
 DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY, NETSCAPE_PKEY)
diff --git a/lib/libcrypto/asn1/nsseq.c b/lib/libcrypto/asn1/nsseq.c
index ceab3992fd6..dff9b189d94 100644
--- a/lib/libcrypto/asn1/nsseq.c
+++ b/lib/libcrypto/asn1/nsseq.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: nsseq.c,v 1.8 2015/02/09 15:05:59 jsing Exp $ */
+/* $OpenBSD: nsseq.c,v 1.9 2015/02/11 03:39:51 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -75,10 +75,40 @@ nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 
 /* Netscape certificate sequence structure */
 
-ASN1_SEQUENCE_cb(NETSCAPE_CERT_SEQUENCE, nsseq_cb) = {
-	ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT),
-	ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0)
-} ASN1_SEQUENCE_END_cb(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
+static const ASN1_AUX NETSCAPE_CERT_SEQUENCE_aux = {
+	.app_data = NULL,
+	.flags = 0,
+	.ref_offset = 0,
+	.ref_lock = 0,
+	.asn1_cb = nsseq_cb,
+	.enc_offset = 0,
+};
+static const ASN1_TEMPLATE NETSCAPE_CERT_SEQUENCE_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(NETSCAPE_CERT_SEQUENCE, type),
+		.field_name = "type",
+		.item = &ASN1_OBJECT_it,
+	},
+	{
+		.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
+		.tag = 0,
+		.offset = offsetof(NETSCAPE_CERT_SEQUENCE, certs),
+		.field_name = "certs",
+		.item = &X509_it,
+	},
+};
+
+const ASN1_ITEM NETSCAPE_CERT_SEQUENCE_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = NETSCAPE_CERT_SEQUENCE_seq_tt,
+	.tcount = sizeof(NETSCAPE_CERT_SEQUENCE_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = &NETSCAPE_CERT_SEQUENCE_aux,
+	.size = sizeof(NETSCAPE_CERT_SEQUENCE),
+	.sname = "NETSCAPE_CERT_SEQUENCE",
+};
 
 
 NETSCAPE_CERT_SEQUENCE *
diff --git a/lib/libcrypto/asn1/p5_pbe.c b/lib/libcrypto/asn1/p5_pbe.c
index 7491a5bdc7f..6d08cb28a14 100644
--- a/lib/libcrypto/asn1/p5_pbe.c
+++ b/lib/libcrypto/asn1/p5_pbe.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p5_pbe.c,v 1.18 2015/02/09 15:05:59 jsing Exp $ */
+/* $OpenBSD: p5_pbe.c,v 1.19 2015/02/11 03:39:51 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -66,10 +66,32 @@
 
 /* PKCS#5 password based encryption structure */
 
-ASN1_SEQUENCE(PBEPARAM) = {
-	ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING),
-	ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(PBEPARAM)
+static const ASN1_TEMPLATE PBEPARAM_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(PBEPARAM, salt),
+		.field_name = "salt",
+		.item = &ASN1_OCTET_STRING_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(PBEPARAM, iter),
+		.field_name = "iter",
+		.item = &ASN1_INTEGER_it,
+	},
+};
+
+const ASN1_ITEM PBEPARAM_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = PBEPARAM_seq_tt,
+	.tcount = sizeof(PBEPARAM_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = NULL,
+	.size = sizeof(PBEPARAM),
+	.sname = "PBEPARAM",
+};
 
 
 PBEPARAM *
diff --git a/lib/libcrypto/asn1/p5_pbev2.c b/lib/libcrypto/asn1/p5_pbev2.c
index 1189e7e26b0..f967f25d3dc 100644
--- a/lib/libcrypto/asn1/p5_pbev2.c
+++ b/lib/libcrypto/asn1/p5_pbev2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p5_pbev2.c,v 1.19 2015/02/09 15:05:59 jsing Exp $ */
+/* $OpenBSD: p5_pbev2.c,v 1.20 2015/02/11 03:39:51 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999-2004.
  */
@@ -66,10 +66,32 @@
 
 /* PKCS#5 v2.0 password based encryption structures */
 
-ASN1_SEQUENCE(PBE2PARAM) = {
-	ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR),
-	ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR)
-} ASN1_SEQUENCE_END(PBE2PARAM)
+static const ASN1_TEMPLATE PBE2PARAM_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(PBE2PARAM, keyfunc),
+		.field_name = "keyfunc",
+		.item = &X509_ALGOR_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(PBE2PARAM, encryption),
+		.field_name = "encryption",
+		.item = &X509_ALGOR_it,
+	},
+};
+
+const ASN1_ITEM PBE2PARAM_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = PBE2PARAM_seq_tt,
+	.tcount = sizeof(PBE2PARAM_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = NULL,
+	.size = sizeof(PBE2PARAM),
+	.sname = "PBE2PARAM",
+};
 
 
 PBE2PARAM *
@@ -97,12 +119,46 @@ PBE2PARAM_free(PBE2PARAM *a)
 	ASN1_item_free((ASN1_VALUE *)a, &PBE2PARAM_it);
 }
 
-ASN1_SEQUENCE(PBKDF2PARAM) = {
-	ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY),
-	ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER),
-	ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER),
-	ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR)
-} ASN1_SEQUENCE_END(PBKDF2PARAM)
+static const ASN1_TEMPLATE PBKDF2PARAM_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(PBKDF2PARAM, salt),
+		.field_name = "salt",
+		.item = &ASN1_ANY_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(PBKDF2PARAM, iter),
+		.field_name = "iter",
+		.item = &ASN1_INTEGER_it,
+	},
+	{
+		.flags = ASN1_TFLG_OPTIONAL,
+		.tag = 0,
+		.offset = offsetof(PBKDF2PARAM, keylength),
+		.field_name = "keylength",
+		.item = &ASN1_INTEGER_it,
+	},
+	{
+		.flags = ASN1_TFLG_OPTIONAL,
+		.tag = 0,
+		.offset = offsetof(PBKDF2PARAM, prf),
+		.field_name = "prf",
+		.item = &X509_ALGOR_it,
+	},
+};
+
+const ASN1_ITEM PBKDF2PARAM_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = PBKDF2PARAM_seq_tt,
+	.tcount = sizeof(PBKDF2PARAM_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = NULL,
+	.size = sizeof(PBKDF2PARAM),
+	.sname = "PBKDF2PARAM",
+};
 
 
 PBKDF2PARAM *
diff --git a/lib/libcrypto/asn1/p8_pkey.c b/lib/libcrypto/asn1/p8_pkey.c
index f8688ebc176..486aa8d42ca 100644
--- a/lib/libcrypto/asn1/p8_pkey.c
+++ b/lib/libcrypto/asn1/p8_pkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p8_pkey.c,v 1.13 2015/02/09 15:05:59 jsing Exp $ */
+/* $OpenBSD: p8_pkey.c,v 1.14 2015/02/11 03:39:51 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -75,12 +75,54 @@ pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 	return 1;
 }
 
-ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
-	ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER),
-	ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR),
-	ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY),
-	ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0)
-} ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
+static const ASN1_AUX PKCS8_PRIV_KEY_INFO_aux = {
+	.app_data = NULL,
+	.flags = 0,
+	.ref_offset = 0,
+	.ref_lock = 0,
+	.asn1_cb = pkey_cb,
+	.enc_offset = 0,
+};
+static const ASN1_TEMPLATE PKCS8_PRIV_KEY_INFO_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(PKCS8_PRIV_KEY_INFO, version),
+		.field_name = "version",
+		.item = &ASN1_INTEGER_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(PKCS8_PRIV_KEY_INFO, pkeyalg),
+		.field_name = "pkeyalg",
+		.item = &X509_ALGOR_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(PKCS8_PRIV_KEY_INFO, pkey),
+		.field_name = "pkey",
+		.item = &ASN1_ANY_it,
+	},
+	{
+		.flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
+		.tag = 0,
+		.offset = offsetof(PKCS8_PRIV_KEY_INFO, attributes),
+		.field_name = "attributes",
+		.item = &X509_ATTRIBUTE_it,
+	},
+};
+
+const ASN1_ITEM PKCS8_PRIV_KEY_INFO_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = PKCS8_PRIV_KEY_INFO_seq_tt,
+	.tcount = sizeof(PKCS8_PRIV_KEY_INFO_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = &PKCS8_PRIV_KEY_INFO_aux,
+	.size = sizeof(PKCS8_PRIV_KEY_INFO),
+	.sname = "PKCS8_PRIV_KEY_INFO",
+};
 
 
 PKCS8_PRIV_KEY_INFO *
diff --git a/lib/libcrypto/asn1/x_algor.c b/lib/libcrypto/asn1/x_algor.c
index f7cae9499ab..c10e114318f 100644
--- a/lib/libcrypto/asn1/x_algor.c
+++ b/lib/libcrypto/asn1/x_algor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_algor.c,v 1.18 2015/02/10 08:33:10 jsing Exp $ */
+/* $OpenBSD: x_algor.c,v 1.19 2015/02/11 03:39:51 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -61,10 +61,32 @@
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 
-ASN1_SEQUENCE(X509_ALGOR) = {
-	ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT),
-	ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
-} ASN1_SEQUENCE_END(X509_ALGOR)
+static const ASN1_TEMPLATE X509_ALGOR_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_ALGOR, algorithm),
+		.field_name = "algorithm",
+		.item = &ASN1_OBJECT_it,
+	},
+	{
+		.flags = ASN1_TFLG_OPTIONAL,
+		.tag = 0,
+		.offset = offsetof(X509_ALGOR, parameter),
+		.field_name = "parameter",
+		.item = &ASN1_ANY_it,
+	},
+};
+
+const ASN1_ITEM X509_ALGOR_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = X509_ALGOR_seq_tt,
+	.tcount = sizeof(X509_ALGOR_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = NULL,
+	.size = sizeof(X509_ALGOR),
+	.sname = "X509_ALGOR",
+};
 
 ASN1_ITEM_TEMPLATE(X509_ALGORS) =
     ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR)
diff --git a/lib/libcrypto/asn1/x_crl.c b/lib/libcrypto/asn1/x_crl.c
index 536aa74e00a..338a7841893 100644
--- a/lib/libcrypto/asn1/x_crl.c
+++ b/lib/libcrypto/asn1/x_crl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_crl.c,v 1.22 2015/02/10 08:33:10 jsing Exp $ */
+/* $OpenBSD: x_crl.c,v 1.23 2015/02/11 03:39:51 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -71,11 +71,39 @@ static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
     const X509_REVOKED * const *b);
 static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
 
-ASN1_SEQUENCE(X509_REVOKED) = {
-	ASN1_SIMPLE(X509_REVOKED, serialNumber, ASN1_INTEGER),
-	ASN1_SIMPLE(X509_REVOKED, revocationDate, ASN1_TIME),
-	ASN1_SEQUENCE_OF_OPT(X509_REVOKED, extensions, X509_EXTENSION)
-} ASN1_SEQUENCE_END(X509_REVOKED)
+static const ASN1_TEMPLATE X509_REVOKED_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_REVOKED, serialNumber),
+		.field_name = "serialNumber",
+		.item = &ASN1_INTEGER_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_REVOKED, revocationDate),
+		.field_name = "revocationDate",
+		.item = &ASN1_TIME_it,
+	},
+	{
+		.flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
+		.tag = 0,
+		.offset = offsetof(X509_REVOKED, extensions),
+		.field_name = "extensions",
+		.item = &X509_EXTENSION_it,
+	},
+};
+
+const ASN1_ITEM X509_REVOKED_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = X509_REVOKED_seq_tt,
+	.tcount = sizeof(X509_REVOKED_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = NULL,
+	.size = sizeof(X509_REVOKED),
+	.sname = "X509_REVOKED",
+};
 
 static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r);
 static int def_crl_lookup(X509_CRL *crl, X509_REVOKED **ret,
@@ -111,15 +139,75 @@ crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 }
 
 
-ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
-	ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
-	ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),
-	ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
-	ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),
-	ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
-	ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),
-	ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
-} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO)
+static const ASN1_AUX X509_CRL_INFO_aux = {
+	.app_data = NULL,
+	.flags = ASN1_AFLG_ENCODING,
+	.ref_offset = 0,
+	.ref_lock = 0,
+	.asn1_cb = crl_inf_cb,
+	.enc_offset = offsetof(X509_CRL_INFO, enc),
+};
+static const ASN1_TEMPLATE X509_CRL_INFO_seq_tt[] = {
+	{
+		.flags = ASN1_TFLG_OPTIONAL,
+		.tag = 0,
+		.offset = offsetof(X509_CRL_INFO, version),
+		.field_name = "version",
+		.item = &ASN1_INTEGER_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_CRL_INFO, sig_alg),
+		.field_name = "sig_alg",
+		.item = &X509_ALGOR_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_CRL_INFO, issuer),
+		.field_name = "issuer",
+		.item = &X509_NAME_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_CRL_INFO, lastUpdate),
+		.field_name = "lastUpdate",
+		.item = &ASN1_TIME_it,
+	},
+	{
+		.flags = ASN1_TFLG_OPTIONAL,
+		.tag = 0,
+		.offset = offsetof(X509_CRL_INFO, nextUpdate),
+		.field_name = "nextUpdate",
+		.item = &ASN1_TIME_it,
+	},
+	{
+		.flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
+		.tag = 0,
+		.offset = offsetof(X509_CRL_INFO, revoked),
+		.field_name = "revoked",
+		.item = &X509_REVOKED_it,
+	},
+	{
+		.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
+		.tag = 0,
+		.offset = offsetof(X509_CRL_INFO, extensions),
+		.field_name = "extensions",
+		.item = &X509_EXTENSION_it,
+	},
+};
+
+const ASN1_ITEM X509_CRL_INFO_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = X509_CRL_INFO_seq_tt,
+	.tcount = sizeof(X509_CRL_INFO_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = &X509_CRL_INFO_aux,
+	.size = sizeof(X509_CRL_INFO),
+	.sname = "X509_CRL_INFO",
+};
 
 /* Set CRL entry issuer according to CRL certificate issuer extension.
  * Check for unhandled critical CRL entry extensions.
@@ -331,11 +419,47 @@ setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
 	DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl));
 }
 
-ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = {
-	ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
-	ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
-	ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
+static const ASN1_AUX X509_CRL_aux = {
+	.app_data = NULL,
+	.flags = ASN1_AFLG_REFCOUNT,
+	.ref_offset = offsetof(X509_CRL, references),
+	.ref_lock = CRYPTO_LOCK_X509_CRL,
+	.asn1_cb = crl_cb,
+	.enc_offset = 0,
+};
+static const ASN1_TEMPLATE X509_CRL_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_CRL, crl),
+		.field_name = "crl",
+		.item = &X509_CRL_INFO_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_CRL, sig_alg),
+		.field_name = "sig_alg",
+		.item = &X509_ALGOR_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_CRL, signature),
+		.field_name = "signature",
+		.item = &ASN1_BIT_STRING_it,
+	},
+};
+
+const ASN1_ITEM X509_CRL_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = X509_CRL_seq_tt,
+	.tcount = sizeof(X509_CRL_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = &X509_CRL_aux,
+	.size = sizeof(X509_CRL),
+	.sname = "X509_CRL",
+};
 
 
 X509_REVOKED *
diff --git a/lib/libcrypto/asn1/x_exten.c b/lib/libcrypto/asn1/x_exten.c
index 755faebeba5..6f82a71d686 100644
--- a/lib/libcrypto/asn1/x_exten.c
+++ b/lib/libcrypto/asn1/x_exten.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_exten.c,v 1.13 2015/02/10 06:36:30 jsing Exp $ */
+/* $OpenBSD: x_exten.c,v 1.14 2015/02/11 03:39:51 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -61,11 +61,39 @@
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 
-ASN1_SEQUENCE(X509_EXTENSION) = {
-	ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
-	ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
-	ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(X509_EXTENSION)
+static const ASN1_TEMPLATE X509_EXTENSION_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_EXTENSION, object),
+		.field_name = "object",
+		.item = &ASN1_OBJECT_it,
+	},
+	{
+		.flags = ASN1_TFLG_OPTIONAL,
+		.tag = 0,
+		.offset = offsetof(X509_EXTENSION, critical),
+		.field_name = "critical",
+		.item = &ASN1_BOOLEAN_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_EXTENSION, value),
+		.field_name = "value",
+		.item = &ASN1_OCTET_STRING_it,
+	},
+};
+
+const ASN1_ITEM X509_EXTENSION_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = X509_EXTENSION_seq_tt,
+	.tcount = sizeof(X509_EXTENSION_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = NULL,
+	.size = sizeof(X509_EXTENSION),
+	.sname = "X509_EXTENSION",
+};
 
 ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) =
     ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
diff --git a/lib/libcrypto/asn1/x_name.c b/lib/libcrypto/asn1/x_name.c
index a985cf19cee..d6d5bea369c 100644
--- a/lib/libcrypto/asn1/x_name.c
+++ b/lib/libcrypto/asn1/x_name.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_name.c,v 1.24 2015/02/10 08:33:10 jsing Exp $ */
+/* $OpenBSD: x_name.c,v 1.25 2015/02/11 03:39:51 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -87,10 +87,32 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname,
 static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval, int indent,
     const char *fname, const ASN1_PCTX *pctx);
 
-ASN1_SEQUENCE(X509_NAME_ENTRY) = {
-	ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
-	ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)
-} ASN1_SEQUENCE_END(X509_NAME_ENTRY)
+static const ASN1_TEMPLATE X509_NAME_ENTRY_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_NAME_ENTRY, object),
+		.field_name = "object",
+		.item = &ASN1_OBJECT_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_NAME_ENTRY, value),
+		.field_name = "value",
+		.item = &ASN1_PRINTABLE_it,
+	},
+};
+
+const ASN1_ITEM X509_NAME_ENTRY_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = X509_NAME_ENTRY_seq_tt,
+	.tcount = sizeof(X509_NAME_ENTRY_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = NULL,
+	.size = sizeof(X509_NAME_ENTRY),
+	.sname = "X509_NAME_ENTRY",
+};
 
 
 X509_NAME_ENTRY *
diff --git a/lib/libcrypto/asn1/x_nx509.c b/lib/libcrypto/asn1/x_nx509.c
index 9738560c196..f36f1d9ecae 100644
--- a/lib/libcrypto/asn1/x_nx509.c
+++ b/lib/libcrypto/asn1/x_nx509.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_nx509.c,v 1.4 2015/02/09 15:05:59 jsing Exp $ */
+/* $OpenBSD: x_nx509.c,v 1.5 2015/02/11 03:39:51 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2005.
  */
@@ -63,10 +63,32 @@
 
 /* Old netscape certificate wrapper format */
 
-ASN1_SEQUENCE(NETSCAPE_X509) = {
-	ASN1_SIMPLE(NETSCAPE_X509, header, ASN1_OCTET_STRING),
-	ASN1_OPT(NETSCAPE_X509, cert, X509)
-} ASN1_SEQUENCE_END(NETSCAPE_X509)
+static const ASN1_TEMPLATE NETSCAPE_X509_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(NETSCAPE_X509, header),
+		.field_name = "header",
+		.item = &ASN1_OCTET_STRING_it,
+	},
+	{
+		.flags = ASN1_TFLG_OPTIONAL,
+		.tag = 0,
+		.offset = offsetof(NETSCAPE_X509, cert),
+		.field_name = "cert",
+		.item = &X509_it,
+	},
+};
+
+const ASN1_ITEM NETSCAPE_X509_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = NETSCAPE_X509_seq_tt,
+	.tcount = sizeof(NETSCAPE_X509_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = NULL,
+	.size = sizeof(NETSCAPE_X509),
+	.sname = "NETSCAPE_X509",
+};
 
 
 NETSCAPE_X509 *
diff --git a/lib/libcrypto/asn1/x_pubkey.c b/lib/libcrypto/asn1/x_pubkey.c
index 0c7d01e60dd..55084182cca 100644
--- a/lib/libcrypto/asn1/x_pubkey.c
+++ b/lib/libcrypto/asn1/x_pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_pubkey.c,v 1.23 2015/02/09 15:05:59 jsing Exp $ */
+/* $OpenBSD: x_pubkey.c,v 1.24 2015/02/11 03:39:51 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -84,10 +84,40 @@ pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 	return 1;
 }
 
-ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
-	ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
-	ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY)
+static const ASN1_AUX X509_PUBKEY_aux = {
+	.app_data = NULL,
+	.flags = 0,
+	.ref_offset = 0,
+	.ref_lock = 0,
+	.asn1_cb = pubkey_cb,
+	.enc_offset = 0,
+};
+static const ASN1_TEMPLATE X509_PUBKEY_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_PUBKEY, algor),
+		.field_name = "algor",
+		.item = &X509_ALGOR_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_PUBKEY, public_key),
+		.field_name = "public_key",
+		.item = &ASN1_BIT_STRING_it,
+	},
+};
+
+const ASN1_ITEM X509_PUBKEY_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = X509_PUBKEY_seq_tt,
+	.tcount = sizeof(X509_PUBKEY_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = &X509_PUBKEY_aux,
+	.size = sizeof(X509_PUBKEY),
+	.sname = "X509_PUBKEY",
+};
 
 
 X509_PUBKEY *
diff --git a/lib/libcrypto/asn1/x_req.c b/lib/libcrypto/asn1/x_req.c
index 6ffcb9d03c6..5e8aa21b0d1 100644
--- a/lib/libcrypto/asn1/x_req.c
+++ b/lib/libcrypto/asn1/x_req.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_req.c,v 1.13 2015/02/10 05:25:45 jsing Exp $ */
+/* $OpenBSD: x_req.c,v 1.14 2015/02/11 03:39:51 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -92,15 +92,57 @@ rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 	return 1;
 }
 
-ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = {
-	ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER),
-	ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME),
-	ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY),
+static const ASN1_AUX X509_REQ_INFO_aux = {
+	.app_data = NULL,
+	.flags = ASN1_AFLG_ENCODING,
+	.ref_offset = 0,
+	.ref_lock = 0,
+	.asn1_cb = rinf_cb,
+	.enc_offset = offsetof(X509_REQ_INFO, enc),
+};
+static const ASN1_TEMPLATE X509_REQ_INFO_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_REQ_INFO, version),
+		.field_name = "version",
+		.item = &ASN1_INTEGER_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_REQ_INFO, subject),
+		.field_name = "subject",
+		.item = &X509_NAME_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_REQ_INFO, pubkey),
+		.field_name = "pubkey",
+		.item = &X509_PUBKEY_it,
+	},
 	/* This isn't really OPTIONAL but it gets round invalid
 	 * encodings
 	 */
-	ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0)
-} ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO)
+	{
+		.flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
+		.tag = 0,
+		.offset = offsetof(X509_REQ_INFO, attributes),
+		.field_name = "attributes",
+		.item = &X509_ATTRIBUTE_it,
+	},
+};
+
+const ASN1_ITEM X509_REQ_INFO_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = X509_REQ_INFO_seq_tt,
+	.tcount = sizeof(X509_REQ_INFO_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = &X509_REQ_INFO_aux,
+	.size = sizeof(X509_REQ_INFO),
+	.sname = "X509_REQ_INFO",
+};
 
 
 X509_REQ_INFO *
@@ -128,11 +170,47 @@ X509_REQ_INFO_free(X509_REQ_INFO *a)
 	ASN1_item_free((ASN1_VALUE *)a, &X509_REQ_INFO_it);
 }
 
-ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_REQ) = {
-	ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO),
-	ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR),
-	ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ)
+static const ASN1_AUX X509_REQ_aux = {
+	.app_data = NULL,
+	.flags = ASN1_AFLG_REFCOUNT,
+	.ref_offset = offsetof(X509_REQ, references),
+	.ref_lock = CRYPTO_LOCK_X509_REQ,
+	.asn1_cb = 0,
+	.enc_offset = 0,
+};
+static const ASN1_TEMPLATE X509_REQ_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_REQ, req_info),
+		.field_name = "req_info",
+		.item = &X509_REQ_INFO_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_REQ, sig_alg),
+		.field_name = "sig_alg",
+		.item = &X509_ALGOR_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_REQ, signature),
+		.field_name = "signature",
+		.item = &ASN1_BIT_STRING_it,
+	},
+};
+
+const ASN1_ITEM X509_REQ_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = X509_REQ_seq_tt,
+	.tcount = sizeof(X509_REQ_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = &X509_REQ_aux,
+	.size = sizeof(X509_REQ),
+	.sname = "X509_REQ",
+};
 
 
 X509_REQ *
diff --git a/lib/libcrypto/asn1/x_sig.c b/lib/libcrypto/asn1/x_sig.c
index 7c4c8c9c55d..090a454ffb4 100644
--- a/lib/libcrypto/asn1/x_sig.c
+++ b/lib/libcrypto/asn1/x_sig.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_sig.c,v 1.9 2015/02/09 15:05:59 jsing Exp $ */
+/* $OpenBSD: x_sig.c,v 1.10 2015/02/11 03:39:51 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -61,10 +61,32 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-ASN1_SEQUENCE(X509_SIG) = {
-	ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),
-	ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(X509_SIG)
+static const ASN1_TEMPLATE X509_SIG_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_SIG, algor),
+		.field_name = "algor",
+		.item = &X509_ALGOR_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_SIG, digest),
+		.field_name = "digest",
+		.item = &ASN1_OCTET_STRING_it,
+	},
+};
+
+const ASN1_ITEM X509_SIG_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = X509_SIG_seq_tt,
+	.tcount = sizeof(X509_SIG_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = NULL,
+	.size = sizeof(X509_SIG),
+	.sname = "X509_SIG",
+};
 
 
 X509_SIG *
diff --git a/lib/libcrypto/asn1/x_spki.c b/lib/libcrypto/asn1/x_spki.c
index fc056ff53b3..6250c1343b2 100644
--- a/lib/libcrypto/asn1/x_spki.c
+++ b/lib/libcrypto/asn1/x_spki.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_spki.c,v 1.9 2015/02/09 15:05:59 jsing Exp $ */
+/* $OpenBSD: x_spki.c,v 1.10 2015/02/11 03:39:51 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -65,10 +65,32 @@
 #include <openssl/x509.h>
 #include <openssl/asn1t.h>
 
-ASN1_SEQUENCE(NETSCAPE_SPKAC) = {
-	ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY),
-	ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING)
-} ASN1_SEQUENCE_END(NETSCAPE_SPKAC)
+static const ASN1_TEMPLATE NETSCAPE_SPKAC_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(NETSCAPE_SPKAC, pubkey),
+		.field_name = "pubkey",
+		.item = &X509_PUBKEY_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(NETSCAPE_SPKAC, challenge),
+		.field_name = "challenge",
+		.item = &ASN1_IA5STRING_it,
+	},
+};
+
+const ASN1_ITEM NETSCAPE_SPKAC_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = NETSCAPE_SPKAC_seq_tt,
+	.tcount = sizeof(NETSCAPE_SPKAC_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = NULL,
+	.size = sizeof(NETSCAPE_SPKAC),
+	.sname = "NETSCAPE_SPKAC",
+};
 
 
 NETSCAPE_SPKAC *
@@ -96,11 +118,39 @@ NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a)
 	ASN1_item_free((ASN1_VALUE *)a, &NETSCAPE_SPKAC_it);
 }
 
-ASN1_SEQUENCE(NETSCAPE_SPKI) = {
-	ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC),
-	ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR),
-	ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END(NETSCAPE_SPKI)
+static const ASN1_TEMPLATE NETSCAPE_SPKI_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(NETSCAPE_SPKI, spkac),
+		.field_name = "spkac",
+		.item = &NETSCAPE_SPKAC_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(NETSCAPE_SPKI, sig_algor),
+		.field_name = "sig_algor",
+		.item = &X509_ALGOR_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(NETSCAPE_SPKI, signature),
+		.field_name = "signature",
+		.item = &ASN1_BIT_STRING_it,
+	},
+};
+
+const ASN1_ITEM NETSCAPE_SPKI_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = NETSCAPE_SPKI_seq_tt,
+	.tcount = sizeof(NETSCAPE_SPKI_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = NULL,
+	.size = sizeof(NETSCAPE_SPKI),
+	.sname = "NETSCAPE_SPKI",
+};
 
 
 NETSCAPE_SPKI *
diff --git a/lib/libcrypto/asn1/x_val.c b/lib/libcrypto/asn1/x_val.c
index 27835e94dac..3f1d830d3e4 100644
--- a/lib/libcrypto/asn1/x_val.c
+++ b/lib/libcrypto/asn1/x_val.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_val.c,v 1.9 2015/02/09 15:05:59 jsing Exp $ */
+/* $OpenBSD: x_val.c,v 1.10 2015/02/11 03:39:51 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -61,10 +61,32 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-ASN1_SEQUENCE(X509_VAL) = {
-	ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME),
-	ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME)
-} ASN1_SEQUENCE_END(X509_VAL)
+static const ASN1_TEMPLATE X509_VAL_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_VAL, notBefore),
+		.field_name = "notBefore",
+		.item = &ASN1_TIME_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_VAL, notAfter),
+		.field_name = "notAfter",
+		.item = &ASN1_TIME_it,
+	},
+};
+
+const ASN1_ITEM X509_VAL_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = X509_VAL_seq_tt,
+	.tcount = sizeof(X509_VAL_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = NULL,
+	.size = sizeof(X509_VAL),
+	.sname = "X509_VAL",
+};
 
 
 X509_VAL *
diff --git a/lib/libcrypto/asn1/x_x509.c b/lib/libcrypto/asn1/x_x509.c
index 756848fe19c..1f29d5498a3 100644
--- a/lib/libcrypto/asn1/x_x509.c
+++ b/lib/libcrypto/asn1/x_x509.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_x509.c,v 1.21 2015/02/10 13:28:17 jsing Exp $ */
+/* $OpenBSD: x_x509.c,v 1.22 2015/02/11 03:39:51 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -65,18 +65,96 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
-	ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
-	ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
-	ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
-	ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
-	ASN1_SIMPLE(X509_CINF, validity, X509_VAL),
-	ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
-	ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),
-	ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
-	ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
-	ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
-} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF)
+static const ASN1_AUX X509_CINF_aux = {
+	.app_data = NULL,
+	.flags = ASN1_AFLG_ENCODING,
+	.ref_offset = 0,
+	.ref_lock = 0,
+	.asn1_cb = 0,
+	.enc_offset = offsetof(X509_CINF, enc),
+};
+static const ASN1_TEMPLATE X509_CINF_seq_tt[] = {
+	{
+		.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
+		.tag = 0,
+		.offset = offsetof(X509_CINF, version),
+		.field_name = "version",
+		.item = &ASN1_INTEGER_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_CINF, serialNumber),
+		.field_name = "serialNumber",
+		.item = &ASN1_INTEGER_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_CINF, signature),
+		.field_name = "signature",
+		.item = &X509_ALGOR_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_CINF, issuer),
+		.field_name = "issuer",
+		.item = &X509_NAME_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_CINF, validity),
+		.field_name = "validity",
+		.item = &X509_VAL_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_CINF, subject),
+		.field_name = "subject",
+		.item = &X509_NAME_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509_CINF, key),
+		.field_name = "key",
+		.item = &X509_PUBKEY_it,
+	},
+	{
+		.flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
+		.tag = 1,
+		.offset = offsetof(X509_CINF, issuerUID),
+		.field_name = "issuerUID",
+		.item = &ASN1_BIT_STRING_it,
+	},
+	{
+		.flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
+		.tag = 2,
+		.offset = offsetof(X509_CINF, subjectUID),
+		.field_name = "subjectUID",
+		.item = &ASN1_BIT_STRING_it,
+	},
+	{
+		.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
+		.tag = 3,
+		.offset = offsetof(X509_CINF, extensions),
+		.field_name = "extensions",
+		.item = &X509_EXTENSION_it,
+	},
+};
+
+const ASN1_ITEM X509_CINF_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = X509_CINF_seq_tt,
+	.tcount = sizeof(X509_CINF_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = &X509_CINF_aux,
+	.size = sizeof(X509_CINF),
+	.sname = "X509_CINF",
+};
 
 
 X509_CINF *
@@ -148,11 +226,47 @@ x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 	return 1;
 }
 
-ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
-	ASN1_SIMPLE(X509, cert_info, X509_CINF),
-	ASN1_SIMPLE(X509, sig_alg, X509_ALGOR),
-	ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END_ref(X509, X509)
+static const ASN1_AUX X509_aux = {
+	.app_data = NULL,
+	.flags = ASN1_AFLG_REFCOUNT,
+	.ref_offset = offsetof(X509, references),
+	.ref_lock = CRYPTO_LOCK_X509,
+	.asn1_cb = x509_cb,
+	.enc_offset = 0,
+};
+static const ASN1_TEMPLATE X509_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509, cert_info),
+		.field_name = "cert_info",
+		.item = &X509_CINF_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509, sig_alg),
+		.field_name = "sig_alg",
+		.item = &X509_ALGOR_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(X509, signature),
+		.field_name = "signature",
+		.item = &ASN1_BIT_STRING_it,
+	},
+};
+
+const ASN1_ITEM X509_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = X509_seq_tt,
+	.tcount = sizeof(X509_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = &X509_aux,
+	.size = sizeof(X509),
+	.sname = "X509",
+};
 
 
 X509 *
diff --git a/lib/libcrypto/asn1/x_x509a.c b/lib/libcrypto/asn1/x_x509a.c
index 8a3561e8825..be8ebbdcbbf 100644
--- a/lib/libcrypto/asn1/x_x509a.c
+++ b/lib/libcrypto/asn1/x_x509a.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_x509a.c,v 1.11 2015/02/09 15:05:59 jsing Exp $ */
+/* $OpenBSD: x_x509a.c,v 1.12 2015/02/11 03:39:51 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -71,13 +71,53 @@
 
 static X509_CERT_AUX *aux_get(X509 *x);
 
-ASN1_SEQUENCE(X509_CERT_AUX) = {
-	ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
-	ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),
-	ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),
-	ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),
-	ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)
-} ASN1_SEQUENCE_END(X509_CERT_AUX)
+static const ASN1_TEMPLATE X509_CERT_AUX_seq_tt[] = {
+	{
+		.flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
+		.tag = 0,
+		.offset = offsetof(X509_CERT_AUX, trust),
+		.field_name = "trust",
+		.item = &ASN1_OBJECT_it,
+	},
+	{
+		.flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
+		.tag = 0,
+		.offset = offsetof(X509_CERT_AUX, reject),
+		.field_name = "reject",
+		.item = &ASN1_OBJECT_it,
+	},
+	{
+		.flags = ASN1_TFLG_OPTIONAL,
+		.tag = 0,
+		.offset = offsetof(X509_CERT_AUX, alias),
+		.field_name = "alias",
+		.item = &ASN1_UTF8STRING_it,
+	},
+	{
+		.flags = ASN1_TFLG_OPTIONAL,
+		.tag = 0,
+		.offset = offsetof(X509_CERT_AUX, keyid),
+		.field_name = "keyid",
+		.item = &ASN1_OCTET_STRING_it,
+	},
+	{
+		.flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
+		.tag = 1,
+		.offset = offsetof(X509_CERT_AUX, other),
+		.field_name = "other",
+		.item = &X509_ALGOR_it,
+	},
+};
+
+const ASN1_ITEM X509_CERT_AUX_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = X509_CERT_AUX_seq_tt,
+	.tcount = sizeof(X509_CERT_AUX_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = NULL,
+	.size = sizeof(X509_CERT_AUX),
+	.sname = "X509_CERT_AUX",
+};
 
 
 X509_CERT_AUX *
@@ -217,10 +257,32 @@ X509_reject_clear(X509 *x)
 	}
 }
 
-ASN1_SEQUENCE(X509_CERT_PAIR) = {
-	ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0),
-	ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1)
-} ASN1_SEQUENCE_END(X509_CERT_PAIR)
+static const ASN1_TEMPLATE X509_CERT_PAIR_seq_tt[] = {
+	{
+		.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
+		.tag = 0,
+		.offset = offsetof(X509_CERT_PAIR, forward),
+		.field_name = "forward",
+		.item = &X509_it,
+	},
+	{
+		.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
+		.tag = 1,
+		.offset = offsetof(X509_CERT_PAIR, reverse),
+		.field_name = "reverse",
+		.item = &X509_it,
+	},
+};
+
+const ASN1_ITEM X509_CERT_PAIR_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = X509_CERT_PAIR_seq_tt,
+	.tcount = sizeof(X509_CERT_PAIR_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = NULL,
+	.size = sizeof(X509_CERT_PAIR),
+	.sname = "X509_CERT_PAIR",
+};
 
 
 X509_CERT_PAIR *