Initial support for ASN1_ITEM_FUNCTION option to

change the way ASN1 modules are exported.

Still needs a bit of work for example the hack which a
dummy function prototype to avoid compilers warning about
multiple ;s.

crypto/asn1/asn1.h

@@ -321,9 +321,79 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;
 	name *name##_new(void); \
 	void name##_free(name *a);
 
+
+/* The following macros and typedefs allow an ASN1_ITEM
+ * to be embedded in a structure and referenced. Since
+ * the ASN1_ITEM pointers need to be globally accessible
+ * (possibly from shared libraries) they may exist in
+ * different forms. On platforms that support it the
+ * ASN1_ITEM structure itself will be globally exported.
+ * Other platforms will export a function that returns
+ * an ASN1_ITEM pointer.
+ *
+ * To handle both cases transparently the macros below
+ * should be used instead of hard coding an ASN1_ITEM
+ * pointer in a structure.
+ *
+ * The structure will look like this:
+ *
+ * typedef struct SOMETHING_st {
+ *      ...
+ *      ASN1_ITEM_EXP *iptr;
+ *      ...
+ * } SOMETHING; 
+ *
+ * It would be initialised as e.g.:
+ *
+ * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};
+ *
+ * and the actual pointer extracted with:
+ *
+ * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);
+ *
+ * Finally an ASN1_ITEM pointer can be extracted from an
+ * appropriate reference with: ASN1_ITEM_rptr(X509). This
+ * would be used when a function takes an ASN1_ITEM * argument.
+ *
+ */
+
+#ifndef ASN1_ITEM_FUNCTIONS
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM ASN1_ITEM_EXP;
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+#define ASN1_ITEM_ptr(iptr) (iptr)
+
+/* Macro to include ASN1_ITEM pointer from base type */
+#define ASN1_ITEM_ref(iptr) (&(iptr##_it))
+
+#define ASN1_ITEM_rptr(ref) (&(ref##_it))
+
 #define DECLARE_ASN1_ITEM(name) \
 	OPENSSL_EXTERN const ASN1_ITEM name##_it;
 
+#else
+
+/* Platforms that can't easily handle shared global variables are declared
+ * as functions returning ASN1_ITEM pointers.
+ */
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM * ASN1_ITEM_EXP(void);
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+#define ASN1_ITEM_ptr(iptr) (iptr())
+
+/* Macro to include ASN1_ITEM pointer from base type */
+#define ASN1_ITEM_ref(iptr) (iptr##_it)
+
+#define ASN1_ITEM_rptr(ref) (ref##_it())
+
+#define DECLARE_ASN1_ITEM(name) \
+	const ASN1_ITEM * name##_it(void);
+
+#endif
 
 /* Parameters used by ASN1_STRING_print_ex() */
 

crypto/asn1/asn1t.h

@@ -73,6 +73,43 @@
 extern "C" {
 #endif
 
+
+#ifndef ASN1_ITEM_FUNCTIONS
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
+
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+#define ASN1_ITEM_start(itname) \
+	OPENSSL_GLOBAL const ASN1_ITEM itname##_it = {
+
+#define ASN1_ITEM_end(itname) \
+		}
+
+#else
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr()))
+
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+#define ASN1_ITEM_start(itname) \
+	const ASN1_ITEM * itname##_it(void) \
+	{ \
+		static const ASN1_ITEM local_it = { \
+
+#define ASN1_ITEM_end(itname) \
+		}; \
+	return &local_it; \
+	}\
+	void dummy_function(void)
+
+#endif
+
+
 /* Macros to aid ASN1 template writing */
 
 #define ASN1_ITEM_TEMPLATE(tname) \
@@ -80,7 +117,7 @@ extern "C" {
 
 #define ASN1_ITEM_TEMPLATE_END(tname) \
 	;\
-	OPENSSL_GLOBAL const ASN1_ITEM tname##_it = { \
+	ASN1_ITEM_start(tname) \
 		ASN1_ITYPE_PRIMITIVE,\
 		-1,\
 		&tname##_item_tt,\
@@ -88,7 +125,7 @@ extern "C" {
 		NULL,\
 		0,\
 		#tname \
-	}
+	ASN1_ITEM_end(tname)
 
 
 /* This is a ASN1 type which just embeds a template */
@@ -120,7 +157,7 @@ extern "C" {
 
 #define ASN1_SEQUENCE_END_name(stname, tname) \
 	;\
-	OPENSSL_GLOBAL const ASN1_ITEM tname##_it = { \
+	ASN1_ITEM_start(tname) \
 		ASN1_ITYPE_SEQUENCE,\
 		V_ASN1_SEQUENCE,\
 		tname##_seq_tt,\
@@ -128,7 +165,7 @@ extern "C" {
 		NULL,\
 		sizeof(stname),\
 		#stname \
-	}
+	ASN1_ITEM_end(tname)
 
 #define ASN1_SEQUENCE_cb(tname, cb) \
 	const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
@@ -154,7 +191,7 @@ extern "C" {
 
 #define ASN1_SEQUENCE_END_ref(stname, tname) \
 	;\
-	OPENSSL_GLOBAL const ASN1_ITEM tname##_it = { \
+	ASN1_ITEM_start(tname) \
 		ASN1_ITYPE_SEQUENCE,\
 		V_ASN1_SEQUENCE,\
 		tname##_seq_tt,\
@@ -162,7 +199,7 @@ extern "C" {
 		&tname##_aux,\
 		sizeof(stname),\
 		#stname \
-	}
+	ASN1_ITEM_end(tname)
 
 
 /* This pair helps declare a CHOICE type. We can do:
@@ -200,7 +237,7 @@ extern "C" {
 
 #define ASN1_CHOICE_END_selector(stname, tname, selname) \
 	;\
-	OPENSSL_GLOBAL const ASN1_ITEM tname##_it = { \
+	ASN1_ITEM_start(tname) \
 		ASN1_ITYPE_CHOICE,\
 		offsetof(stname,selname) ,\
 		tname##_ch_tt,\
@@ -208,11 +245,11 @@ extern "C" {
 		NULL,\
 		sizeof(stname),\
 		#stname \
-	}
+	ASN1_ITEM_end(tname)
 
 #define ASN1_CHOICE_END_cb(stname, tname, selname) \
 	;\
-	OPENSSL_GLOBAL const ASN1_ITEM tname##_it = { \
+	ASN1_ITEM_start(tname) \
 		ASN1_ITYPE_CHOICE,\
 		offsetof(stname,selname) ,\
 		tname##_ch_tt,\
@@ -220,13 +257,13 @@ extern "C" {
 		&tname##_aux,\
 		sizeof(stname),\
 		#stname \
-	}
+	ASN1_ITEM_end(tname)
 
 /* This helps with the template wrapper form of ASN1_ITEM */
 
 #define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \
 	(flags), (tag), 0,\
-	#name, &(type##_it) }
+	#name, ASN1_ITEM_ref(type) }
 
 /* These help with SEQUENCE or CHOICE components */
 
@@ -234,12 +271,12 @@ extern "C" {
 
 #define ASN1_EX_TYPE(flags, tag, stname, field, type) { \
 	(flags), (tag), offsetof(stname, field),\
-	#field, &(type##_it) }
+	#field, ASN1_ITEM_ref(type) }
 
 /* used when the structure is combined with the parent */
 
 #define ASN1_EX_COMBINE(flags, tag, type) { \
-	(flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, &(type##_it) }
+	(flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) }
 
 /* implicit and explicit helper macros */
 
@@ -251,9 +288,13 @@ extern "C" {
 
 /* Any defined by macros: the field used is in the table itself */
 
-#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, &(tblname##_adb) }
-#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, &(tblname##_adb) }
-
+#ifndef ASN1_ITEM_FUNCTIONS
+#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+#else
+#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb }
+#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb }
+#endif
 /* Plain simple type */
 #define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
 
@@ -318,6 +359,8 @@ extern "C" {
 #define ASN1_ADB(name) \
 	const static ASN1_ADB_TABLE name##_adbtbl[] 
 
+#ifndef ASN1_ITEM_FUNCTIONS
+
 #define ASN1_ADB_END(name, flags, field, app_table, def, none) \
 	;\
 	const static ASN1_ADB name##_adb = {\
@@ -330,6 +373,28 @@ extern "C" {
 		none\
 	}
 
+#else
+
+#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
+	;\
+	const static ASN1_ITEM *name##_adb(void) \
+	{ \
+	const static ASN1_ADB internal_adb = \
+		{\
+		flags,\
+		offsetof(name, field),\
+		app_table,\
+		name##_adbtbl,\
+		sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+		def,\
+		none\
+		}; \
+		return (const ASN1_ITEM *) &internal_adb; \
+	} \
+	void dummy_function(void)
+
+#endif
+
 #define ADB_ENTRY(val, template) {val, template}
 
 #define ASN1_ADB_TEMPLATE(name) \
@@ -348,9 +413,13 @@ unsigned long offset;		/* Offset of this field in structure */
 #ifndef NO_ASN1_FIELD_NAMES
 char *field_name;		/* Field name */
 #endif
-const void *item;		/* Relevant ASN1_ITEM or ASN1_ADB */
+ASN1_ITEM_EXP *item;		/* Relevant ASN1_ITEM or ASN1_ADB */
 };
 
+/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */
+
+#define ASN1_TEMPLATE_item(t) (t->item_ptr)
+#define ASN1_TEMPLATE_adb(t) (t->item_ptr)
 
 typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE;
 typedef struct ASN1_ADB_st ASN1_ADB;
@@ -623,12 +692,16 @@ typedef struct ASN1_AUX_st {
 
 /* Macro to implement a primitive type */
 #define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
-#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) const ASN1_ITEM itname##_it = \
-				{ ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname};
+#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \
+				ASN1_ITEM_start(itname) \
+					ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \
+				ASN1_ITEM_end(itname);
 
 /* Macro to implement a multi string type */
-#define IMPLEMENT_ASN1_MSTRING(itname, mask) const ASN1_ITEM itname##_it = \
-				{ ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname};
+#define IMPLEMENT_ASN1_MSTRING(itname, mask) \
+				ASN1_ITEM_start(itname) \
+					ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
+				ASN1_ITEM_end(itname);
 
 /* Macro to implement an ASN1_ITEM in terms of old style funcs */
 
@@ -641,7 +714,7 @@ typedef struct ASN1_AUX_st {
 		(ASN1_d2i_func *)d2i_##sname, \
 		(ASN1_i2d_func *)i2d_##sname, \
 	}; \
-	OPENSSL_GLOBAL ASN1_ITEM const sname##_it = { \
+	ASN1_ITEM_start(sname) \
 		ASN1_ITYPE_COMPAT, \
 		tag, \
 		NULL, \
@@ -649,10 +722,10 @@ typedef struct ASN1_AUX_st {
 		&sname##_ff, \
 		0, \
 		#sname \
-	}
+	ASN1_ITEM_end(sname);
 
 #define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
-	OPENSSL_GLOBAL const ASN1_ITEM sname##_it = { \
+	ASN1_ITEM_start(sname) \
 		ASN1_ITYPE_EXTERN, \
 		tag, \
 		NULL, \
@@ -660,7 +733,7 @@ typedef struct ASN1_AUX_st {
 		&fptrs, \
 		0, \
 		#sname \
-	};
+	ASN1_ITEM_end(sname);
 
 /* Macro to implement standard functions in terms of ASN1_ITEM structures */
 
@@ -674,11 +747,11 @@ typedef struct ASN1_AUX_st {
 #define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
 	stname *fname##_new(void) \
 	{ \
-		return (stname *)ASN1_item_new(&itname##_it); \
+		return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
 	} \
 	void fname##_free(stname *a) \
 	{ \
-		ASN1_item_free((ASN1_VALUE *)a, &itname##_it); \
+		ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
 	}
 
 #define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \
@@ -688,11 +761,11 @@ typedef struct ASN1_AUX_st {
 #define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
 	stname *d2i_##fname(stname **a, unsigned char **in, long len) \
 	{ \
-		return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, &itname##_it);\
+		return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
 	} \
 	int i2d_##fname(stname *a, unsigned char **out) \
 	{ \
-		return ASN1_item_i2d((ASN1_VALUE *)a, out, &itname##_it);\
+		return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
 	} 
 
 /* This includes evil casts to remove const: they will go away when full
@@ -701,11 +774,11 @@ typedef struct ASN1_AUX_st {
 #define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
 	stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
 	{ \
-		return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, (unsigned char **)in, len, &itname##_it);\
+		return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, (unsigned char **)in, len, ASN1_ITEM_rptr(itname));\
 	} \
 	int i2d_##fname(const stname *a, unsigned char **out) \
 	{ \
-		return ASN1_item_i2d((ASN1_VALUE *)a, out, &itname##_it);\
+		return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
 	} 
 
 #define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
@@ -717,15 +790,15 @@ typedef struct ASN1_AUX_st {
 
 /* external definitions for primitive types */
 
-OPENSSL_EXTERN const ASN1_ITEM ASN1_BOOLEAN_it;
-OPENSSL_EXTERN const ASN1_ITEM ASN1_TBOOLEAN_it;
-OPENSSL_EXTERN const ASN1_ITEM ASN1_FBOOLEAN_it;
-OPENSSL_EXTERN const ASN1_ITEM ASN1_ANY_it;
-OPENSSL_EXTERN const ASN1_ITEM ASN1_SEQUENCE_it;
-OPENSSL_EXTERN const ASN1_ITEM CBIGNUM_it;
-OPENSSL_EXTERN const ASN1_ITEM BIGNUM_it;
-OPENSSL_EXTERN const ASN1_ITEM LONG_it;
-OPENSSL_EXTERN const ASN1_ITEM ZLONG_it;
+DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_ANY)
+DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
+DECLARE_ASN1_ITEM(CBIGNUM)
+DECLARE_ASN1_ITEM(BIGNUM)
+DECLARE_ASN1_ITEM(LONG)
+DECLARE_ASN1_ITEM(ZLONG)
 
 DECLARE_STACK_OF(ASN1_VALUE)
 

crypto/asn1/tasn_dec.c

@@ -483,7 +483,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long le
 			ASN1_VALUE *vtmp;
 			while(sk_num(sktmp) > 0) {
 				vtmp = (ASN1_VALUE *)sk_pop(sktmp);
-				ASN1_item_ex_free(&vtmp, tt->item);
+				ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item));
 			}
 		}
 				
@@ -506,7 +506,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long le
 				break;
 			}
 			skfield = NULL;
-			if(!ASN1_item_ex_d2i(&skfield, &p, len, tt->item, -1, 0, 0, ctx)) {
+			if(!ASN1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) {
 				ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
 				goto err;
 			}
@@ -522,14 +522,14 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long le
 		}
 	} else if(flags & ASN1_TFLG_IMPTAG) {
 		/* IMPLICIT tagging */
-		ret = ASN1_item_ex_d2i(val, &p, len, tt->item, tt->tag, aclass, opt, ctx);
+		ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx);
 		if(!ret) {
 			ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
 			goto err;
 		} else if(ret == -1) return -1;
 	} else {
 		/* Nothing special */
-		ret = ASN1_item_ex_d2i(val, &p, len, tt->item, -1, 0, opt, ctx);
+		ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, opt, ctx);
 		if(!ret) {
 			ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
 			goto err;

crypto/asn1/tasn_enc.c

@@ -240,7 +240,7 @@ int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLAT
 		skcontlen = 0;
 		for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
 			skitem = sk_ASN1_VALUE_value(sk, i);
-			skcontlen += ASN1_item_ex_i2d(&skitem, NULL, tt->item, -1, 0);
+			skcontlen += ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item), -1, 0);
 		}
 		sklen = ASN1_object_size(1, skcontlen, sktag);
 		/* If EXPLICIT need length of surrounding tag */
@@ -257,7 +257,7 @@ int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLAT
 		/* SET or SEQUENCE and IMPLICIT tag */
 		ASN1_put_object(out, 1, skcontlen, sktag, skaclass);
 		/* And finally the stuff itself */
-		asn1_set_seq_out(sk, out, skcontlen, tt->item, isset);
+		asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item), isset);
 
 		return ret;
 	}
@@ -265,23 +265,23 @@ int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLAT
 	if(flags & ASN1_TFLG_EXPTAG) {
 		/* EXPLICIT tagging */
 		/* Find length of tagged item */
-		i = ASN1_item_ex_i2d(pval, NULL, tt->item, -1, 0);
+		i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, 0);
 		if(!i) return 0;
 		/* Find length of EXPLICIT tag */
 		ret = ASN1_object_size(1, i, tt->tag);
 		if(out) {
 			/* Output tag and item */
 			ASN1_put_object(out, 1, i, tt->tag, aclass);
-			ASN1_item_ex_i2d(pval, out, tt->item, -1, 0);
+			ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, 0);
 		}
 		return ret;
 	}
 	if(flags & ASN1_TFLG_IMPTAG) {
 		/* IMPLICIT tagging */
-		return ASN1_item_ex_i2d(pval, out, tt->item, tt->tag, aclass);
+		return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), tt->tag, aclass);
 	}
 	/* Nothing special: treat as normal */
-	return ASN1_item_ex_i2d(pval, out, tt->item, -1, 0);
+	return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, 0);
 }
 
 /* Temporary structure used to hold DER encoding of items for SET OF */

crypto/asn1/tasn_fre.c

@@ -167,11 +167,12 @@ void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
 		for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
 			ASN1_VALUE *vtmp;
 			vtmp = sk_ASN1_VALUE_value(sk, i);
-			asn1_item_combine_free(&vtmp, tt->item, 0);
+			asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), 0);
 		}
 		sk_ASN1_VALUE_free(sk);
 		*pval = NULL;
-	} else asn1_item_combine_free(pval, tt->item, tt->flags & ASN1_TFLG_COMBINE);
+	} else asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item),
+						tt->flags & ASN1_TFLG_COMBINE);
 }
 
 void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)

crypto/asn1/tasn_new.c

@@ -234,7 +234,7 @@ static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
 
 int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
 {
-	const ASN1_ITEM *it = tt->item;
+	const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item);
 	int ret;
 	if(tt->flags & ASN1_TFLG_OPTIONAL) {
 		asn1_template_clear(pval, tt);
@@ -277,7 +277,7 @@ void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
 	if(tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK)) 
 		*pval = NULL;
 	else
-		asn1_item_clear(pval, tt->item);
+		asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item));
 }
 
 

crypto/asn1/tasn_utl.c

@@ -209,7 +209,7 @@ const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int
 	if(!(tt->flags & ASN1_TFLG_ADB_MASK)) return tt;
 
 	/* Else ANY DEFINED BY ... get the table */
-	adb = tt->item;
+	adb = ASN1_ADB_ptr(tt->item);
 
 	/* Get the selector field */
 	sfld = offset2ptr(*pval, adb->offset);

crypto/asn1/x_bignum.c

@@ -83,8 +83,13 @@ static ASN1_PRIMITIVE_FUNCS bignum_pf = {
 	bn_i2c
 };
 
-const ASN1_ITEM BIGNUM_it = { ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"};
-const ASN1_ITEM CBIGNUM_it = { ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"};
+ASN1_ITEM_start(BIGNUM)
+	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
+ASN1_ITEM_end(BIGNUM);
+
+ASN1_ITEM_start(CBIGNUM)
+	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"
+ASN1_ITEM_end(CBIGNUM);
 
 static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {

crypto/asn1/x_long.c

@@ -80,8 +80,13 @@ static ASN1_PRIMITIVE_FUNCS long_pf = {
 	long_i2c
 };
 
-const ASN1_ITEM LONG_it = { ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"};
-const ASN1_ITEM ZLONG_it = { ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"};
+ASN1_ITEM_start(LONG)
+	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
+ASN1_ITEM_end(LONG);
+
+ASN1_ITEM_start(ZLONG)
+	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
+ASN1_ITEM_end(ZLONG);
 
 static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {

crypto/asn1/x_name.c

@@ -159,7 +159,7 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, cons
 	q = p;
 
 	/* Get internal representation of Name */
-	ret = ASN1_item_ex_d2i((ASN1_VALUE **)&intname, &p, len, &X509_NAME_INTERNAL_it,
+	ret = ASN1_item_ex_d2i((ASN1_VALUE **)&intname, &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
 								tag, aclass, opt, ctx);
 	
 	if(ret <= 0) return ret;
@@ -227,10 +227,10 @@ static int x509_name_encode(X509_NAME *a)
 		}
 		if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
 	}
-	len = ASN1_item_ex_i2d((ASN1_VALUE **)&intname, NULL, &X509_NAME_INTERNAL_it, -1, -1);
+	len = ASN1_item_ex_i2d((ASN1_VALUE **)&intname, NULL, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
 	if (!BUF_MEM_grow(a->bytes,len)) goto memerr;
 	p=(unsigned char *)a->bytes->data;
-	ASN1_item_ex_i2d((ASN1_VALUE **)&intname, &p, &X509_NAME_INTERNAL_it, -1, -1);
+	ASN1_item_ex_i2d((ASN1_VALUE **)&intname, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
 	sk_pop_free(intname, sk_internal_free);
 	a->modified = 0;
 	return len;

crypto/ocsp/ocsp.h

@@ -378,23 +378,23 @@ typedef struct ocsp_service_locator_st
 		(unsigned char *)o)
 
 #define OCSP_REQUEST_sign(o,pkey,md) \
-	ASN1_item_sign(&OCSP_REQINFO_it,\
+	ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
 		o->optionalSignature->signatureAlgorithm,NULL,\
 	        o->optionalSignature->signature,o->tbsRequest,pkey,md)
 
 #define OCSP_BASICRESP_sign(o,pkey,md,d) \
-	ASN1_item_sign(&OCSP_RESPDATA_it,o->signatureAlgorithm,NULL,\
+	ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\
 		o->signature,o->tbsResponseData,pkey,md)
 
-#define OCSP_REQUEST_verify(a,r) ASN1_item_verify(&OCSP_REQINFO_it,\
+#define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
         a->optionalSignature->signatureAlgorithm,\
 	a->optionalSignature->signature,a->tbsRequest,r)
 
-#define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(&OCSP_RESPDATA_it,\
+#define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
 	a->signatureAlgorithm,a->signature,a->tbsResponseData,r)
 
 #define ASN1_BIT_STRING_digest(data,type,md,len) \
-	ASN1_item_digest(&ASN1_BIT_STRING_it,type,data,md,len)
+	ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
 
 #define OCSP_CERTID_dup(cid) (OCSP_CERTID*)ASN1_dup((int(*)())i2d_OCSP_CERTID,\
 		(char *(*)())d2i_OCSP_CERTID,(char *)(cid))

crypto/ocsp/ocsp_cl.c

@@ -207,7 +207,7 @@ OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp)
 		return NULL;
 		}
 
-	return ASN1_item_unpack(rb->response, &OCSP_BASICRESP_it);
+	return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP));
 	}
 
 /* Return number of OCSP_SINGLERESP reponses present in

crypto/ocsp/ocsp_srv.c

@@ -106,7 +106,7 @@ OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs)
 	if (!bs) return rsp;
 	if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) goto err;
 	rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);
-	if (!ASN1_item_pack(bs, &OCSP_BASICRESP_it, &rsp->responseBytes->response))
+	if (!ASN1_item_pack(bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response))
 				goto err;
 	return rsp;
 err:

crypto/pkcs12/p12_add.c

@@ -138,7 +138,7 @@ PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
 		return NULL;
 	}
 	
-	if (!ASN1_item_pack(sk, &PKCS12_SAFEBAGS_it, &p7->d.data)) {
+	if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
 		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
 		return NULL;
 	}
@@ -149,7 +149,7 @@ PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
 STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
 {
 	if(!PKCS7_type_is_data(p7)) return NULL;
-	return ASN1_item_unpack(p7->d.data, &PKCS12_SAFEBAGS_it);
+	return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
 }
 
 /* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
@@ -177,7 +177,7 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
 	p7->d.encrypted->enc_data->algorithm = pbe;
 	M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
 	if (!(p7->d.encrypted->enc_data->enc_data =
-	PKCS12_item_i2d_encrypt(pbe, &PKCS12_SAFEBAGS_it, pass, passlen,
+	PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen,
 				 bags, 1))) {
 		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
 		return NULL;
@@ -190,7 +190,7 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, i
 {
 	if(!PKCS7_type_is_encrypted(p7)) return NULL;
 	return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
-			           &PKCS12_SAFEBAGS_it,
+			           ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
 				   pass, passlen,
 			           p7->d.encrypted->enc_data->enc_data, 1);
 }
@@ -217,7 +217,7 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
 	X509_ALGOR_free(p8->algor);
 	p8->algor = pbe;
 	M_ASN1_OCTET_STRING_free(p8->digest);
-	p8->digest = PKCS12_item_i2d_encrypt(pbe, &PKCS8_PRIV_KEY_INFO_it,
+	p8->digest = PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO),
 					pass, passlen, p8inf, 1);
 	if(!p8->digest) {
 		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
@@ -233,7 +233,7 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
 
 PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen)
 {
-	return PKCS12_item_decrypt_d2i(p8->algor, &PKCS8_PRIV_KEY_INFO_it, pass,
+	return PKCS12_item_decrypt_d2i(p8->algor, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass,
 					passlen, p8->digest, 1);
 }
 
@@ -245,7 +245,7 @@ PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
 
 int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) 
 {
-	if(ASN1_item_pack(safes, &PKCS12_AUTHSAFES_it,
+	if(ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
 		&p12->authsafes->d.data)) 
 			return 1;
 	return 0;
@@ -253,5 +253,5 @@ int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
 
 STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
 {
-	return ASN1_item_unpack(p12->authsafes->d.data, &PKCS12_AUTHSAFES_it);
+	return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
 }

crypto/pkcs12/p12_utl.c

@@ -97,36 +97,36 @@ char *uni2asc(unsigned char *uni, int unilen)
 
 int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
 {
-	return ASN1_item_i2d_bio(&PKCS12_it, bp, p12);
+	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
 }
 
 #ifndef OPENSSL_NO_FP_API
 int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
 {
-	return ASN1_item_i2d_fp(&PKCS12_it, fp, p12);
+	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
 }
 #endif
 
 PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
 {
-	return ASN1_item_d2i_bio(&PKCS12_it, bp, p12);
+	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
 }
 #ifndef OPENSSL_NO_FP_API
 PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
 {
-        return ASN1_item_d2i_fp(&PKCS12_it, fp, p12);
+        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
 }
 #endif
 
 PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509)
 {
-	return PKCS12_item_pack_safebag(x509, &X509_it,
+	return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
 			NID_x509Certificate, NID_certBag);
 }
 
 PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl)
 {
-	return PKCS12_item_pack_safebag(crl, &X509_CRL_it,
+	return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
 			NID_x509Crl, NID_crlBag);
 }
 
@@ -134,7 +134,7 @@ X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)
 {
 	if(M_PKCS12_bag_type(bag) != NID_certBag) return NULL;
 	if(M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) return NULL;
-	return ASN1_item_unpack(bag->value.bag->value.octet, &X509_it);
+	return ASN1_item_unpack(bag->value.bag->value.octet, ASN1_ITEM_rptr(X509));
 }
 
 X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
@@ -142,5 +142,5 @@ X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
 	if(M_PKCS12_bag_type(bag) != NID_crlBag) return NULL;
 	if(M_PKCS12_cert_bag_type(bag) != NID_x509Crl) return NULL;
 	return ASN1_item_unpack(bag->value.bag->value.octet,
-							&X509_CRL_it);
+							ASN1_ITEM_rptr(X509_CRL));
 }

crypto/pkcs7/pk7_doit.c

@@ -574,7 +574,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 				/* Now sign the attributes */
 				EVP_SignInit(&ctx_tmp,md_tmp);
 				alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf,
-							&PKCS7_ATTR_SIGN_it);
+							ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
 				if(!abuf) goto err;
 				EVP_SignUpdate(&ctx_tmp,abuf,alen);
 				OPENSSL_free(abuf);
@@ -756,7 +756,7 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
 		EVP_VerifyInit(&mdc_tmp,EVP_get_digestbynid(md_type));
 
 		alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
-						&PKCS7_ATTR_VERIFY_it);
+						ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
 		EVP_VerifyUpdate(&mdc_tmp, abuf, alen);
 
 		OPENSSL_free(abuf);

crypto/x509/x_all.c

@@ -67,195 +67,195 @@
 
 int X509_verify(X509 *a, EVP_PKEY *r)
 	{
-	return(ASN1_item_verify(&X509_CINF_it,a->sig_alg,
+	return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg,
 		a->signature,a->cert_info,r));
 	}
 
 int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
 	{
-	return( ASN1_item_verify(&X509_REQ_INFO_it,
+	return( ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
 		a->sig_alg,a->signature,a->req_info,r));
 	}
 
 int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r)
 	{
-	return(ASN1_item_verify(&X509_CRL_INFO_it,
+	return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
 		a->sig_alg, a->signature,a->crl,r));
 	}
 
 int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
 	{
-	return(ASN1_item_verify(&NETSCAPE_SPKAC_it,
+	return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
 		a->sig_algor,a->signature,a->spkac,r));
 	}
 
 int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
 	{
-	return(ASN1_item_sign(&X509_CINF_it, x->cert_info->signature,
+	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
 		x->sig_alg, x->signature, x->cert_info,pkey,md));
 	}
 
 int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
 	{
-	return(ASN1_item_sign(&X509_REQ_INFO_it,x->sig_alg, NULL,
+	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL,
 		x->signature, x->req_info,pkey,md));
 	}
 
 int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
 	{
-	return(ASN1_item_sign(&X509_CRL_INFO_it,x->crl->sig_alg,
+	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg,
 		x->sig_alg, x->signature, x->crl,pkey,md));
 	}
 
 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
 	{
-	return(ASN1_item_sign(&NETSCAPE_SPKAC_it, x->sig_algor,NULL,
+	return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL,
 		x->signature, x->spkac,pkey,md));
 	}
 
 X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa)
 	{
-	return ASN1_item_dup(&X509_ATTRIBUTE_it,xa);
+	return ASN1_item_dup(ASN1_ITEM_rptr(X509_ATTRIBUTE),xa);
 	}
 
 X509 *X509_dup(X509 *x509)
 	{
-	return ASN1_item_dup(&X509_it,x509);
+	return ASN1_item_dup(ASN1_ITEM_rptr(X509),x509);
 	}
 
 X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex)
 	{
-	return ASN1_item_dup(&X509_EXTENSION_it,ex);
+	return ASN1_item_dup(ASN1_ITEM_rptr(X509_EXTENSION),ex);
 	}
 
 #ifndef OPENSSL_NO_FP_API
 X509 *d2i_X509_fp(FILE *fp, X509 **x509)
 	{
-	return ASN1_item_d2i_fp(&X509_it, fp, x509);
+	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
 	}
 
 int i2d_X509_fp(FILE *fp, X509 *x509)
 	{
-	return ASN1_item_i2d_fp(&X509_it, fp, x509);
+	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
 	}
 #endif
 
 X509 *d2i_X509_bio(BIO *bp, X509 **x509)
 	{
-	return ASN1_item_d2i_bio(&X509_it, bp, x509);
+	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
 	}
 
 int i2d_X509_bio(BIO *bp, X509 *x509)
 	{
-	return ASN1_item_i2d_bio(&X509_it, bp, x509);
+	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
 	}
 
 X509_CRL *X509_CRL_dup(X509_CRL *crl)
 	{
-	return ASN1_item_dup(&X509_CRL_it, crl);
+	return ASN1_item_dup(ASN1_ITEM_rptr(X509_CRL), crl);
 	}
 
 #ifndef OPENSSL_NO_FP_API
 X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
 	{
-	return ASN1_item_d2i_fp(&X509_CRL_it, fp, crl);
+	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
 	}
 
 int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
 	{
-	return ASN1_item_i2d_fp(&X509_CRL_it, fp, crl);
+	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
 	}
 #endif
 
 X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
 	{
-	return ASN1_item_d2i_bio(&X509_CRL_it, bp, crl);
+	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
 	}
 
 int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
 	{
-	return ASN1_item_i2d_bio(&X509_CRL_it, bp, crl);
+	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
 	}
 
 PKCS7 *PKCS7_dup(PKCS7 *p7)
 	{
-	return ASN1_item_dup(&PKCS7_it, p7);
+	return ASN1_item_dup(ASN1_ITEM_rptr(PKCS7), p7);
 	}
 
 #ifndef OPENSSL_NO_FP_API
 PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
 	{
-	return ASN1_item_d2i_fp(&PKCS7_it, fp, p7);
+	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
 	}
 
 int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
 	{
-	return ASN1_item_i2d_fp(&PKCS7_it, fp, p7);
+	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
 	}
 #endif
 
 PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
 	{
-	return ASN1_item_d2i_bio(&PKCS7_it, bp, p7);
+	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
 	}
 
 int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
 	{
-	return ASN1_item_i2d_bio(&PKCS7_it, bp, p7);
+	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
 	}
 
 X509_REQ *X509_REQ_dup(X509_REQ *req)
 	{
-	return ASN1_item_dup(&X509_REQ_it, req);
+	return ASN1_item_dup(ASN1_ITEM_rptr(X509_REQ), req);
 	}
 
 #ifndef OPENSSL_NO_FP_API
 X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
 	{
-	return ASN1_item_d2i_fp(&X509_REQ_it, fp, req);
+	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
 	}
 
 int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
 	{
-	return ASN1_item_i2d_fp(&X509_REQ_it, fp, req);
+	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
 	}
 #endif
 
 X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
 	{
-	return ASN1_item_d2i_bio(&X509_REQ_it, bp, req);
+	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
 	}
 
 int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
 	{
-	return ASN1_item_i2d_bio(&X509_REQ_it, bp, req);
+	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
 	}
 
 #ifndef OPENSSL_NO_RSA
 RSA *RSAPublicKey_dup(RSA *rsa)
 	{
-	return ASN1_item_dup(&RSAPublicKey_it, rsa);
+	return ASN1_item_dup(ASN1_ITEM_rptr(RSAPublicKey), rsa);
 	}
 
 RSA *RSAPrivateKey_dup(RSA *rsa)
 	{
-	return ASN1_item_dup(&RSAPrivateKey_it, rsa);
+	return ASN1_item_dup(ASN1_ITEM_rptr(RSAPrivateKey), rsa);
 	}
 
 #ifndef OPENSSL_NO_FP_API
 RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
 	{
-	return ASN1_item_d2i_fp(&RSAPrivateKey_it, fp, rsa);
+	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
 	}
 
 int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
 	{
-	return ASN1_item_i2d_fp(&RSAPrivateKey_it, fp, rsa);
+	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
 	}
 
 RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
 	{
-	return ASN1_item_d2i_fp(&RSAPublicKey_it, fp, rsa);
+	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
 	}
 
 
@@ -268,7 +268,7 @@ RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
 
 int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
 	{
-	return ASN1_item_i2d_fp(&RSAPublicKey_it, fp, rsa);
+	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
 	}
 
 int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
@@ -279,17 +279,17 @@ int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
 
 RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
 	{
-	return ASN1_item_d2i_bio(&RSAPrivateKey_it, bp, rsa);
+	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
 	}
 
 int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
 	{
-	return ASN1_item_i2d_bio(&RSAPrivateKey_it, bp, rsa);
+	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
 	}
 
 RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
 	{
-	return ASN1_item_d2i_bio(&RSAPublicKey_it, bp, rsa);
+	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
 	}
 
 
@@ -302,7 +302,7 @@ RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
 
 int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
 	{
-	return ASN1_item_i2d_bio(&RSAPublicKey_it, bp, rsa);
+	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
 	}
 
 int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
@@ -366,17 +366,17 @@ int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
 
 X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn)
 	{
-	return ASN1_item_dup(&X509_ALGOR_it, xn);
+	return ASN1_item_dup(ASN1_ITEM_rptr(X509_ALGOR), xn);
 	}
 
 X509_NAME *X509_NAME_dup(X509_NAME *xn)
 	{
-	return ASN1_item_dup(&X509_NAME_it, xn);
+	return ASN1_item_dup(ASN1_ITEM_rptr(X509_NAME), xn);
 	}
 
 X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne)
 	{
-	return ASN1_item_dup(&X509_NAME_ENTRY_it, ne);
+	return ASN1_item_dup(ASN1_ITEM_rptr(X509_NAME_ENTRY), ne);
 	}
 
 int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
@@ -391,31 +391,31 @@ int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
 int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
 	     unsigned int *len)
 	{
-	return(ASN1_item_digest(&X509_it,type,(char *)data,md,len));
+	return(ASN1_item_digest(ASN1_ITEM_rptr(X509),type,(char *)data,md,len));
 	}
 
 int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
 	     unsigned int *len)
 	{
-	return(ASN1_item_digest(&X509_CRL_it,type,(char *)data,md,len));
+	return(ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL),type,(char *)data,md,len));
 	}
 
 int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md,
 	     unsigned int *len)
 	{
-	return(ASN1_item_digest(&X509_REQ_it,type,(char *)data,md,len));
+	return(ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ),type,(char *)data,md,len));
 	}
 
 int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md,
 	     unsigned int *len)
 	{
-	return(ASN1_item_digest(&X509_NAME_it,type,(char *)data,md,len));
+	return(ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME),type,(char *)data,md,len));
 	}
 
 int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type,
 	     unsigned char *md, unsigned int *len)
 	{
-	return(ASN1_item_digest(&PKCS7_ISSUER_AND_SERIAL_it,type,
+	return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL),type,
 		(char *)data,md,len));
 	}
 

crypto/x509v3/v3_akey.c

@@ -69,7 +69,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
 			X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
 
 X509V3_EXT_METHOD v3_akey_id = {
-NID_authority_key_identifier, X509V3_EXT_MULTILINE, &AUTHORITY_KEYID_it,
+NID_authority_key_identifier, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
 0,0,0,0,
 0,0,
 (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,

crypto/x509v3/v3_alt.c

@@ -66,14 +66,14 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
 static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens);
 static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
 X509V3_EXT_METHOD v3_alt[] = {
-{ NID_subject_alt_name, 0, &GENERAL_NAMES_it,
+{ NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
 0,0,0,0,
 0,0,
 (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
 (X509V3_EXT_V2I)v2i_subject_alt,
 NULL, NULL, NULL},
 
-{ NID_issuer_alt_name, 0, &GENERAL_NAMES_it,
+{ NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
 0,0,0,0,
 0,0,
 (X509V3_EXT_I2V)i2v_GENERAL_NAMES,

crypto/x509v3/v3_bcons.c

@@ -69,7 +69,7 @@ static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V
 
 X509V3_EXT_METHOD v3_bcons = {
 NID_basic_constraints, 0,
-&BASIC_CONSTRAINTS_it,
+ASN1_ITEM_ref(BASIC_CONSTRAINTS),
 0,0,0,0,
 0,0,
 (X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,

crypto/x509v3/v3_conf.c

@@ -153,7 +153,7 @@ static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
 	}
 
 	ext  = do_ext_i2d(method, ext_nid, crit, ext_struc);
-	if(method->it) ASN1_item_free(ext_struc, method->it);
+	if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
 	else method->ext_free(ext_struc);
 	return ext;
 
@@ -169,7 +169,7 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
 	/* Convert internal representation to DER */
 	if(method->it) {
 		ext_der = NULL;
-		ext_len = ASN1_item_i2d(ext_struc, &ext_der, method->it);
+		ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
 		if(ext_len < 0) goto merr;
 	} else {
 		unsigned char *p;

crypto/x509v3/v3_cpols.c

@@ -76,7 +76,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
 static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos);
 
 X509V3_EXT_METHOD v3_cpols = {
-NID_certificate_policies, 0,&CERTIFICATEPOLICIES_it,
+NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),
 0,0,0,0,
 0,0,
 0,0,

crypto/x509v3/v3_crld.c

@@ -69,7 +69,7 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
 				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 
 X509V3_EXT_METHOD v3_crld = {
-NID_crl_distribution_points, X509V3_EXT_MULTILINE, &CRL_DIST_POINTS_it,
+NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS),
 0,0,0,0,
 0,0,
 (X509V3_EXT_I2V)i2v_crld,

crypto/x509v3/v3_enum.c

@@ -73,7 +73,7 @@ static ENUMERATED_NAMES crl_reasons[] = {
 };
 
 X509V3_EXT_METHOD v3_crl_reason = { 
-NID_crl_reason, 0, &ASN1_ENUMERATED_it,
+NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
 0,0,0,0,
 (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
 0,

crypto/x509v3/v3_extku.c

@@ -70,7 +70,7 @@ static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
 
 X509V3_EXT_METHOD v3_ext_ku = {
 	NID_ext_key_usage, 0,
-	&EXTENDED_KEY_USAGE_it,
+	ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
 	0,0,0,0,
 	0,0,
 	i2v_EXTENDED_KEY_USAGE,
@@ -82,7 +82,7 @@ X509V3_EXT_METHOD v3_ext_ku = {
 /* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
 X509V3_EXT_METHOD v3_ocsp_accresp = {
 	NID_id_pkix_OCSP_acceptableResponses, 0,
-	&EXTENDED_KEY_USAGE_it,
+	ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
 	0,0,0,0,
 	0,0,
 	i2v_EXTENDED_KEY_USAGE,

crypto/x509v3/v3_info.c

@@ -70,7 +70,7 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *metho
 				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 
 X509V3_EXT_METHOD v3_info =
-{ NID_info_access, X509V3_EXT_MULTILINE, &AUTHORITY_INFO_ACCESS_it,
+{ NID_info_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
 0,0,0,0,
 0,0,
 (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,

crypto/x509v3/v3_int.c

@@ -61,7 +61,7 @@
 #include <openssl/x509v3.h>
 
 X509V3_EXT_METHOD v3_crl_num = { 
-NID_crl_number, 0, &ASN1_INTEGER_it,
+NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
 0,0,0,0,
 (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
 0,

crypto/x509v3/v3_lib.c

@@ -165,7 +165,7 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext)
 	unsigned char *p;
 	if(!(method = X509V3_EXT_get(ext))) return NULL;
 	p = ext->value->data;
-	if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, method->it);
+	if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
 	return method->d2i(NULL, &p, ext->value->length);
 }
 

crypto/x509v3/v3_ocsp.c

@@ -81,7 +81,7 @@ static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *
 static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind);
 
 X509V3_EXT_METHOD v3_ocsp_crlid = {
-	NID_id_pkix_OCSP_CrlID, 0, &OCSP_CRLID_it,
+	NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
 	0,0,0,0,
 	0,0,
 	0,0,
@@ -90,7 +90,7 @@ X509V3_EXT_METHOD v3_ocsp_crlid = {
 };
 
 X509V3_EXT_METHOD v3_ocsp_acutoff = {
-	NID_id_pkix_OCSP_archiveCutoff, 0, &ASN1_GENERALIZEDTIME_it,
+	NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
 	0,0,0,0,
 	0,0,
 	0,0,
@@ -99,7 +99,7 @@ X509V3_EXT_METHOD v3_ocsp_acutoff = {
 };
 
 X509V3_EXT_METHOD v3_crl_invdate = {
-	NID_invalidity_date, 0, &ASN1_GENERALIZEDTIME_it,
+	NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
 	0,0,0,0,
 	0,0,
 	0,0,
@@ -108,7 +108,7 @@ X509V3_EXT_METHOD v3_crl_invdate = {
 };
 
 X509V3_EXT_METHOD v3_crl_hold = {
-	NID_hold_instruction_code, 0, &ASN1_OBJECT_it,
+	NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
 	0,0,0,0,
 	0,0,
 	0,0,
@@ -129,7 +129,7 @@ X509V3_EXT_METHOD v3_ocsp_nonce = {
 };
 
 X509V3_EXT_METHOD v3_ocsp_nocheck = {
-	NID_id_pkix_OCSP_noCheck, 0, &ASN1_NULL_it,
+	NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
 	0,0,0,0,
 	0,s2i_ocsp_nocheck,
 	0,0,
@@ -138,7 +138,7 @@ X509V3_EXT_METHOD v3_ocsp_nocheck = {
 };
 
 X509V3_EXT_METHOD v3_ocsp_serviceloc = {
-	NID_id_pkix_OCSP_serviceLocator, 0, &OCSP_SERVICELOC_it,
+	NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
 	0,0,0,0,
 	0,0,
 	0,0,

crypto/x509v3/v3_pku.c

@@ -67,7 +67,7 @@ static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *u
 static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
 */
 X509V3_EXT_METHOD v3_pkey_usage_period = {
-NID_private_key_usage_period, 0, &PKEY_USAGE_PERIOD_it,
+NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
 0,0,0,0,
 0,0,0,0,
 (X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,

crypto/x509v3/v3_prn.c

@@ -116,7 +116,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int inde
 	if(!(method = X509V3_EXT_get(ext)))
 		return unknown_ext_print(out, ext, flag, indent, 0);
 	p = ext->value->data;
-	if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, method->it);
+	if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
 	else ext_str = method->d2i(NULL, &p, ext->value->length);
 
 	if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1);
@@ -156,7 +156,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int inde
 	err:
 		sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
 		if(value) OPENSSL_free(value);
-		if(method->it) ASN1_item_free(ext_str, method->it);
+		if(method->it) ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));
 		else method->ext_free(ext_str);
 		return ok;
 }

crypto/x509v3/v3_skey.c

@@ -63,7 +63,7 @@
 
 static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
 X509V3_EXT_METHOD v3_skey_id = { 
-NID_subject_key_identifier, 0, &ASN1_OCTET_STRING_it,
+NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
 0,0,0,0,
 (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
 (X509V3_EXT_S2I)s2i_skey_id,

crypto/x509v3/v3_sxnet.c

@@ -73,7 +73,7 @@ static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
 						STACK_OF(CONF_VALUE) *nval);
 #endif
 X509V3_EXT_METHOD v3_sxnet = {
-NID_sxnet, X509V3_EXT_MULTILINE, &SXNET_it,
+NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
 0,0,0,0,
 0,0,
 0, 

crypto/x509v3/x509v3.h

@@ -89,7 +89,7 @@ struct v3_ext_method {
 int ext_nid;
 int ext_flags;
 /* If this is set the following four fields are ignored */
-const ASN1_ITEM *it;
+ASN1_ITEM_EXP *it;
 /* Old style ASN1 calls */
 X509V3_EXT_NEW ext_new;
 X509V3_EXT_FREE ext_free;
@@ -294,7 +294,7 @@ DECLARE_ASN1_SET_OF(POLICYINFO)
 			X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
 #define X509V3_set_ctx_nodb(ctx) ctx->db = NULL;
 
-#define EXT_BITSTRING(nid, table) { nid, 0, &ASN1_BIT_STRING_it, \
+#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
 			0,0,0,0, \
 			0,0, \
 			(X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
@@ -302,7 +302,7 @@ DECLARE_ASN1_SET_OF(POLICYINFO)
 			NULL, NULL, \
 			table}
 
-#define EXT_IA5STRING(nid) { nid, 0, &ASN1_IA5STRING_it, \
+#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
 			0,0,0,0, \
 			(X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
 			(X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \