diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile
index c66d9169fb29217331174ffadcc11913c3724fb2..b709c4166ee2a0176510e194aa898362a7f498ac 100644
--- a/crypto/asn1/Makefile
+++ b/crypto/asn1/Makefile
@@ -29,7 +29,8 @@ LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
 	f_int.c f_string.c n_pkey.c \
 	f_enum.c x_pkey.c a_bool.c x_exten.c bio_asn1.c bio_ndef.c asn_mime.c \
 	asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_bytes.c a_strnid.c \
-	evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
+	evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c \
+	asn_mstbl.c
 LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
 	a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
 	a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
@@ -42,7 +43,8 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
 	f_int.o f_string.o n_pkey.o \
 	f_enum.o x_pkey.o a_bool.o x_exten.o bio_asn1.o bio_ndef.o asn_mime.o \
 	asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_bytes.o a_strnid.o \
-	evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o
+	evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o \
+	asn_mstbl.o
 
 SRC= $(LIBSRC)
 
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index 33a41d79b12777d4bfdf3e3915d14e74f40d4c24..a082c96f844ff7fbb96bbbe3feb4afb9e9da8c24 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -263,6 +263,12 @@ typedef struct ASN1_ENCODING_st
 #define ASN1_LONG_UNDEF	0x7fffffffL
 
 #define STABLE_FLAGS_MALLOC	0x01
+/* A zero passed to ASN1_STRING_TABLE_new_add for the flags is 
+ * interpreted as "don't change" and STABLE_FLAGS_MALLOC is always
+ * set. By setting STABLE_FLAGS_MALLOC only we can clear the existing
+ * value. Use the alias STABLE_FLAGS_CLEAR to reflect this.
+ */
+#define STABLE_FLAGS_CLEAR	STABLE_FLAGS_MALLOC
 #define STABLE_NO_MASK		0x02
 #define DIRSTRING_TYPE	\
  (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)
@@ -1090,9 +1096,11 @@ int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
 int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
 
 void ASN1_add_oid_module(void);
+void ASN1_add_stable_module(void);
 
 ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
 ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
+int ASN1_str2mask(const char *str, unsigned long *pmask);
 
 /* ASN1 Print flags */
 
@@ -1260,6 +1268,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_D2I_X509					 156
 #define ASN1_F_D2I_X509_CINF				 157
 #define ASN1_F_D2I_X509_PKEY				 159
+#define ASN1_F_DO_TCREATE				 222
 #define ASN1_F_I2D_ASN1_BIO_STREAM			 211
 #define ASN1_F_I2D_ASN1_SET				 188
 #define ASN1_F_I2D_ASN1_TIME				 160
@@ -1278,6 +1287,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_PKCS5_PBKDF2_SET				 219
 #define ASN1_F_SMIME_READ_ASN1				 212
 #define ASN1_F_SMIME_TEXT				 213
+#define ASN1_F_STBL_MODULE_INIT				 223
 #define ASN1_F_X509_CINF_NEW				 168
 #define ASN1_F_X509_CRL_ADD0_REVOKED			 169
 #define ASN1_F_X509_INFO_NEW				 170
@@ -1345,9 +1355,11 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_INVALID_NUMBER				 187
 #define ASN1_R_INVALID_OBJECT_ENCODING			 216
 #define ASN1_R_INVALID_SEPARATOR			 131
+#define ASN1_R_INVALID_STRING_TABLE_VALUE		 218
 #define ASN1_R_INVALID_TIME_FORMAT			 132
 #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH		 133
 #define ASN1_R_INVALID_UTF8STRING			 134
+#define ASN1_R_INVALID_VALUE				 219
 #define ASN1_R_IV_TOO_LARGE				 135
 #define ASN1_R_LENGTH_ERROR				 136
 #define ASN1_R_LIST_ERROR				 188
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index 4c042b13c695c5d1295cf5a092c8619170ebfcdc..da8559fbd9679e93882055b88d089e5f32462f1a 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
 /* crypto/asn1/asn1_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2012 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -166,6 +166,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_D2I_X509),	"D2I_X509"},
 {ERR_FUNC(ASN1_F_D2I_X509_CINF),	"D2I_X509_CINF"},
 {ERR_FUNC(ASN1_F_D2I_X509_PKEY),	"d2i_X509_PKEY"},
+{ERR_FUNC(ASN1_F_DO_TCREATE),	"DO_TCREATE"},
 {ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM),	"i2d_ASN1_bio_stream"},
 {ERR_FUNC(ASN1_F_I2D_ASN1_SET),	"i2d_ASN1_SET"},
 {ERR_FUNC(ASN1_F_I2D_ASN1_TIME),	"I2D_ASN1_TIME"},
@@ -184,6 +185,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_PKCS5_PBKDF2_SET),	"PKCS5_pbkdf2_set"},
 {ERR_FUNC(ASN1_F_SMIME_READ_ASN1),	"SMIME_read_ASN1"},
 {ERR_FUNC(ASN1_F_SMIME_TEXT),	"SMIME_text"},
+{ERR_FUNC(ASN1_F_STBL_MODULE_INIT),	"STBL_MODULE_INIT"},
 {ERR_FUNC(ASN1_F_X509_CINF_NEW),	"X509_CINF_NEW"},
 {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED),	"X509_CRL_add0_revoked"},
 {ERR_FUNC(ASN1_F_X509_INFO_NEW),	"X509_INFO_new"},
@@ -254,9 +256,11 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_INVALID_NUMBER)       ,"invalid number"},
 {ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING),"invalid object encoding"},
 {ERR_REASON(ASN1_R_INVALID_SEPARATOR)    ,"invalid separator"},
+{ERR_REASON(ASN1_R_INVALID_STRING_TABLE_VALUE),"invalid string table value"},
 {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT)  ,"invalid time format"},
 {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"},
 {ERR_REASON(ASN1_R_INVALID_UTF8STRING)   ,"invalid utf8string"},
+{ERR_REASON(ASN1_R_INVALID_VALUE)        ,"invalid value"},
 {ERR_REASON(ASN1_R_IV_TOO_LARGE)         ,"iv too large"},
 {ERR_REASON(ASN1_R_LENGTH_ERROR)         ,"length error"},
 {ERR_REASON(ASN1_R_LIST_ERROR)           ,"list error"},
diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c
index 4fc241908f6923b4f99e5e4e8d2ed0c1ba4a17bf..7c2c337a1a6670807521c8ddc35a113e4f3b0726 100644
--- a/crypto/asn1/asn1_gen.c
+++ b/crypto/asn1/asn1_gen.c
@@ -852,3 +852,27 @@ static int bitstr_cb(const char *elem, int len, void *bitstr)
 	return 1;
 	}
 
+static int mask_cb(const char *elem, int len, void *arg)
+	{
+	unsigned long *pmask = arg, tmpmask;
+	int tag;
+	if (len == 3 && !strncmp(elem, "DIR", 3))
+		{
+		*pmask |= B_ASN1_DIRECTORYSTRING;
+		return 1;
+		}
+	tag = asn1_str2tag(elem, len);
+	if (!tag || (tag & ASN1_GEN_FLAG))
+		return 0;
+	tmpmask = ASN1_tag2bit(tag);
+	if (!tmpmask)
+		return 0;
+	*pmask |= tmpmask;
+	return 1;
+	}
+
+int ASN1_str2mask(const char *str, unsigned long *pmask)
+	{
+	*pmask = 0;
+	return CONF_parse_list(str, '|', 1, mask_cb, pmask);
+	}
diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c
index 213890e0c28fd59042ad94679ba22324da284784..ee05d85de63680969aa3f5a7e55cdc6ff693902d 100644
--- a/crypto/conf/conf_mall.c
+++ b/crypto/conf/conf_mall.c
@@ -73,6 +73,7 @@ void OPENSSL_load_builtin_modules(void)
 	{
 	/* Add builtin modules here */
 	ASN1_add_oid_module();
+	ASN1_add_stable_module();
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE_add_conf_module();
 #endif