rxkad: Update ticket5 from heimdal 87/13287/6
authorAndrew Deason <adeason@sinenomine.net>
Mon, 20 Aug 2018 20:47:13 +0000 (15:47 -0500)
committerBenjamin Kaduk <kaduk@mit.edu>
Fri, 28 Jun 2019 14:31:47 +0000 (10:31 -0400)
This updates the rxkad code that we pull from heimdal to heimdal 7.7.0
(heimdal.git commit e1959605bd). This also updates the instructions in
README.v5 to accommodate changes in the heimdal tree, and converts
ticket5.c to use KRB5_ENCTYPE_* constants instead of ETYPE_*
constants (since heimdal has also similarly converted in krb5_asn1.h).

This removes a few -Werror=format-truncation warnings that were
present in the heimdal code before this commit.

README.v5 tweaked in collaboration with kaduk@mit.edu.

Change-Id: I5fdaab600b4a1b42658a60259fde3fc9f7dced04
Reviewed-on: https://gerrit.openafs.org/13287
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

src/rxkad/README.v5
src/rxkad/asn1_err.h
src/rxkad/der-protos.h
src/rxkad/ticket5.c
src/rxkad/v5der.c
src/rxkad/v5gen-rewrite.h
src/rxkad/v5gen.c
src/rxkad/v5gen.h

index c945fb3..f6f77aa 100644 (file)
@@ -33,7 +33,7 @@ htree=/home/lha/src/cvs/heimdal
 hotree=/sources/obj/heimdal
 otree=/sources/afs/openafs-rxkad5
 
-export htree otree
+export htree hotree otree
 
 (cd $htree/lib/asn1 ; \
  echo '#include "asn1_err.h"'; \
@@ -45,12 +45,12 @@ export htree otree
  der_free.c \
  der_length.c \
  der_copy.c \
-    )  \
+)  \
 | grep -v 'include "der_locl.h"' \
 | grep -v 'include <version.h>' \
 | sed 's!\(RCSID.*\)!/* \1 */!' \
 | sed 's!$Id: !Heimdal: !' \
-| cat > $otree/src/rxkad/v5der.c
+> $otree/src/rxkad/v5der.c
 
 grep -v 'struct units'  $hotree/lib/asn1/krb5_asn1.h \
  | sed s/uint16_t/afs_uint16/ \
@@ -58,49 +58,41 @@ grep -v 'struct units'  $hotree/lib/asn1/krb5_asn1.h \
    > $otree/src/rxkad/v5gen.h
 
 cp  $hotree/lib/asn1/der-protos.h \
-   > $otree/src/rxkad/der-protos.h
+    $otree/src/rxkad/der-protos.h
 
-cp  $hotree/lib/asn1/asn1_err.h \
-   > $otree/src/rxkad/asn1_err.h
+< $hotree/lib/asn1/asn1_err.h \
+ sed 's!#include <et/com_err[.]h>!struct et_list;!' \
+ > $otree/src/rxkad/asn1_err.h
 
 (cd $hotree/lib/asn1 ; \
- cat asn1_krb5int32.c \
-    asn1_Ticket.c \
-    asn1_AuthorizationDataElement.c \
-    asn1_EncryptedData.c \
-    asn1_PrincipalName.c \
-    asn1_HostAddresses.c \
-    asn1_HostAddress.c \
-    asn1_AuthorizationData.c \
-    asn1_EncTicketPart.c \
-    asn1_KerberosTime.c \
-    asn1_TransitedEncoding.c \
-    asn1_EncryptionKey.c \
-    asn1_TicketFlags.c \
-    asn1_Realm.c \
-    asn1_ENCTYPE.c \
-    asn1_NAME_TYPE.c \
-    ) \
+ echo '#define HEIMDAL_UNUSED_ATTRIBUTE AFS_UNUSED' ; \
+ cat krb5_asn1-priv.h ; \
+ cat asn1_krb5_asn1.x ) \
  | grep -v 'include <krb5-types.h>' \
- | grep -v 'include <krb5_asn1.h>' \
- | grep -v 'include <krb5_asn1-priv.h>' \
+ | grep -v 'include "krb5_asn1.h"' \
+ | grep -v 'include "krb5_asn1-priv.h"' \
  | grep -v 'include <der.h>' \
  | grep -v 'include <der-private.h>' \
  | grep -v 'include <parse_units.h>' \
  | grep -v 'include <asn1-template.h>' \
  | perl \
    -e '$f=0; while(<>){$f=1 if(/struct units/);print if($f eq 0);$f=0 if(/^}/);}' \
- | indent -npro -nbad -bap -nbc -br -ce -cd4 -brs -ncdb -di2 -ndj -nfc1 -i4 -lp -npcs -psl -sc -nsob \
- | cat > $otree/src/rxkad/v5gen.c
+ | sed -n '/^encode_Checksum[(]/q;p' \
+ | head -n -2 \
+ > $otree/src/rxkad/v5gen.c
 
 ( \
  perl -p -e 's/^(encode_|decode_|free_|copy_|length_)([^(]*)\([^)]*\)\n$/#define $1$2 _rxkad_v5_$1$2\n/' $otree/src/rxkad/v5gen.c ; \
-  perl -p -e 's/^(der_|copy_|encode_|decode_|len_|length_|free_|fix_dce|time2generalizedtime)([^(]*).*/#define $1$2 _rxkad_v5_$1$2/' /sources/afs/openafs-krb5/src/rxkad/v5der.c ; \
+  perl -p -e 's/^(der_|copy_|encode_|decode_|len_|length_|free_|fix_dce|time2generalizedtime)([^( ]*).*/#define $1$2 _rxkad_v5_$1$2/' $otree/src/rxkad/v5der.c ; \
   echo '#define TicketFlags2int _rxkad_v5_TicketFlags2int' ; \
   echo '#define int2TicketFlags _rxkad_v5_int2TicketFlags' ; \
   : ) | \
- (grep _rxkad_v5 ; \
-  echo '#ifndef HAVE_TIMEGM' ; \
-  echo '#define timegm _rxkad_timegm' ; \
-  echo '#endif' ; \
-  :) > $otree/src/rxkad/v5gen-rewrite.h
+  grep _rxkad_v5 \
+  > $otree/src/rxkad/v5gen-rewrite.h
+
+( \
+  < $otree/src/rxkad/v5gen.c \
+  indent -npro -nbad -bap -nbc -br -ce -cd4 -brs -ncdb -di2 -ndj -nfc1 -i4 -lp -npcs -psl -sc -nsob \
+  > $otree/src/rxkad/v5gen.c.indent ; \
+  mv $otree/src/rxkad/v5gen.c.indent $otree/src/rxkad/v5gen.c \
+)
index 63cfbfa..8e3be52 100644 (file)
@@ -1,40 +1,37 @@
-/* Generated from asn1_err.et */
-/* $Id$ */
-
-#ifndef __asn1_err_h__
-#define __asn1_err_h__
+/*
+ * asn1_err.h:
+ * This file is automatically generated; please do not edit it.
+ */
 
 struct et_list;
 
-void initialize_asn1_error_table_r(struct et_list **);
-
-void initialize_asn1_error_table(void);
+#define ASN1_BAD_TIMEFORMAT                      (1859794432L)
+#define ASN1_MISSING_FIELD                       (1859794433L)
+#define ASN1_MISPLACED_FIELD                     (1859794434L)
+#define ASN1_TYPE_MISMATCH                       (1859794435L)
+#define ASN1_OVERFLOW                            (1859794436L)
+#define ASN1_OVERRUN                             (1859794437L)
+#define ASN1_BAD_ID                              (1859794438L)
+#define ASN1_BAD_LENGTH                          (1859794439L)
+#define ASN1_BAD_FORMAT                          (1859794440L)
+#define ASN1_PARSE_ERROR                         (1859794441L)
+#define ASN1_EXTRA_DATA                          (1859794442L)
+#define ASN1_BAD_CHARACTER                       (1859794443L)
+#define ASN1_MIN_CONSTRAINT                      (1859794444L)
+#define ASN1_MAX_CONSTRAINT                      (1859794445L)
+#define ASN1_EXACT_CONSTRAINT                    (1859794446L)
+#define ASN1_INDEF_OVERRUN                       (1859794447L)
+#define ASN1_INDEF_UNDERRUN                      (1859794448L)
+#define ASN1_GOT_BER                             (1859794449L)
+#define ASN1_INDEF_EXTRA_DATA                    (1859794450L)
+extern const struct error_table et_asn1_error_table;
+extern void initialize_asn1_error_table(void);
+
+/* For compatibility with Heimdal */
+extern void initialize_asn1_error_table_r(struct et_list **list);
+
+#define ERROR_TABLE_BASE_asn1 (1859794432L)
+
+/* for compatibility with older versions... */
 #define init_asn1_err_tbl initialize_asn1_error_table
-
-typedef enum asn1_error_number{
-       ASN1_BAD_TIMEFORMAT = 1859794432,
-       ASN1_MISSING_FIELD = 1859794433,
-       ASN1_MISPLACED_FIELD = 1859794434,
-       ASN1_TYPE_MISMATCH = 1859794435,
-       ASN1_OVERFLOW = 1859794436,
-       ASN1_OVERRUN = 1859794437,
-       ASN1_BAD_ID = 1859794438,
-       ASN1_BAD_LENGTH = 1859794439,
-       ASN1_BAD_FORMAT = 1859794440,
-       ASN1_PARSE_ERROR = 1859794441,
-       ASN1_EXTRA_DATA = 1859794442,
-       ASN1_BAD_CHARACTER = 1859794443,
-       ASN1_MIN_CONSTRAINT = 1859794444,
-       ASN1_MAX_CONSTRAINT = 1859794445,
-       ASN1_EXACT_CONSTRAINT = 1859794446,
-       ASN1_INDEF_OVERRUN = 1859794447,
-       ASN1_INDEF_UNDERRUN = 1859794448,
-       ASN1_GOT_BER = 1859794449,
-       ASN1_INDEF_EXTRA_DATA = 1859794450
-} asn1_error_number;
-
-#define ERROR_TABLE_BASE_asn1 1859794432
-
-#define COM_ERR_BINDDOMAIN_asn1 "heim_com_err1859794432"
-
-#endif /* __asn1_err_h__ */
+#define asn1_err_base ERROR_TABLE_BASE_asn1
index 6ca5494..9f70941 100644 (file)
@@ -1,6 +1,7 @@
 /* This is a generated file */
 #ifndef __der_protos_h__
 #define __der_protos_h__
+#ifndef DOXY
 
 #include <stdarg.h>
 
@@ -9,575 +10,683 @@ extern "C" {
 #endif
 
 int
+asn1_fuzzer_done (void);
+
+int
+asn1_fuzzer_method (const char */*mode*/);
+
+void
+asn1_fuzzer_next (void);
+
+void
+asn1_fuzzer_reset (void);
+
+int
 copy_heim_any (
-       const heim_any * /*from*/,
-       heim_any * /*to*/);
+       const heim_any */*from*/,
+       heim_any */*to*/);
 
 int
 copy_heim_any_set (
-       const heim_any_set * /*from*/,
-       heim_any_set * /*to*/);
+       const heim_any_set */*from*/,
+       heim_any_set */*to*/);
 
 int
 decode_heim_any (
-       const unsigned char * /*p*/,
+       const unsigned char */*p*/,
        size_t /*len*/,
-       heim_any * /*data*/,
-       size_t * /*size*/);
+       heim_any */*data*/,
+       size_t */*size*/);
 
 int
 decode_heim_any_set (
-       const unsigned char * /*p*/,
+       const unsigned char */*p*/,
        size_t /*len*/,
-       heim_any_set * /*data*/,
-       size_t * /*size*/);
+       heim_any_set */*data*/,
+       size_t */*size*/);
 
 int
 der_copy_bit_string (
-       const heim_bit_string * /*from*/,
-       heim_bit_string * /*to*/);
+       const heim_bit_string */*from*/,
+       heim_bit_string */*to*/);
 
 int
 der_copy_bmp_string (
-       const heim_bmp_string * /*from*/,
-       heim_bmp_string * /*to*/);
+       const heim_bmp_string */*from*/,
+       heim_bmp_string */*to*/);
 
 int
 der_copy_general_string (
-       const heim_general_string * /*from*/,
-       heim_general_string * /*to*/);
+       const heim_general_string */*from*/,
+       heim_general_string */*to*/);
+
+int
+der_copy_generalized_time (
+       const time_t */*from*/,
+       time_t */*to*/);
 
 int
 der_copy_heim_integer (
-       const heim_integer * /*from*/,
-       heim_integer * /*to*/);
+       const heim_integer */*from*/,
+       heim_integer */*to*/);
 
 int
 der_copy_ia5_string (
-       const heim_printable_string * /*from*/,
-       heim_printable_string * /*to*/);
+       const heim_ia5_string */*from*/,
+       heim_ia5_string */*to*/);
+
+int
+der_copy_integer (
+       const int */*from*/,
+       int */*to*/);
+
+int
+der_copy_integer64 (
+       const int64_t */*from*/,
+       int64_t */*to*/);
 
 int
 der_copy_octet_string (
-       const heim_octet_string * /*from*/,
-       heim_octet_string * /*to*/);
+       const heim_octet_string */*from*/,
+       heim_octet_string */*to*/);
 
 int
 der_copy_oid (
-       const heim_oid * /*from*/,
-       heim_oid * /*to*/);
+       const heim_oid */*from*/,
+       heim_oid */*to*/);
 
 int
 der_copy_printable_string (
-       const heim_printable_string * /*from*/,
-       heim_printable_string * /*to*/);
+       const heim_printable_string */*from*/,
+       heim_printable_string */*to*/);
 
 int
 der_copy_universal_string (
-       const heim_universal_string * /*from*/,
-       heim_universal_string * /*to*/);
+       const heim_universal_string */*from*/,
+       heim_universal_string */*to*/);
+
+int
+der_copy_unsigned (
+       const unsigned */*from*/,
+       unsigned */*to*/);
+
+int
+der_copy_unsigned64 (
+       const uint64_t */*from*/,
+       uint64_t */*to*/);
+
+int
+der_copy_utctime (
+       const time_t */*from*/,
+       time_t */*to*/);
 
 int
 der_copy_utf8string (
-       const heim_utf8_string * /*from*/,
-       heim_utf8_string * /*to*/);
+       const heim_utf8_string */*from*/,
+       heim_utf8_string */*to*/);
 
 int
 der_copy_visible_string (
-       const heim_visible_string * /*from*/,
-       heim_visible_string * /*to*/);
+       const heim_visible_string */*from*/,
+       heim_visible_string */*to*/);
+
+void
+der_free_bit_string (heim_bit_string */*k*/);
 
 void
-der_free_bit_string (heim_bit_string * /*k*/);
+der_free_bmp_string (heim_bmp_string */*k*/);
 
 void
-der_free_bmp_string (heim_bmp_string * /*k*/);
+der_free_general_string (heim_general_string */*str*/);
 
 void
-der_free_general_string (heim_general_string * /*str*/);
+der_free_generalized_time (time_t */*t*/);
 
 void
-der_free_heim_integer (heim_integer * /*k*/);
+der_free_heim_integer (heim_integer */*k*/);
 
 void
-der_free_ia5_string (heim_ia5_string * /*str*/);
+der_free_ia5_string (heim_ia5_string */*str*/);
 
 void
-der_free_octet_string (heim_octet_string * /*k*/);
+der_free_integer (int */*i*/);
 
 void
-der_free_oid (heim_oid * /*k*/);
+der_free_integer64 (int64_t */*i*/);
 
 void
-der_free_printable_string (heim_printable_string * /*str*/);
+der_free_octet_string (heim_octet_string */*k*/);
 
 void
-der_free_universal_string (heim_universal_string * /*k*/);
+der_free_oid (heim_oid */*k*/);
 
 void
-der_free_utf8string (heim_utf8_string * /*str*/);
+der_free_printable_string (heim_printable_string */*str*/);
 
 void
-der_free_visible_string (heim_visible_string * /*str*/);
+der_free_universal_string (heim_universal_string */*k*/);
+
+void
+der_free_unsigned (unsigned */*u*/);
+
+void
+der_free_unsigned64 (uint64_t */*u*/);
+
+void
+der_free_utctime (time_t */*t*/);
+
+void
+der_free_utf8string (heim_utf8_string */*str*/);
+
+void
+der_free_visible_string (heim_visible_string */*str*/);
 
 int
 der_get_bit_string (
-       const unsigned char * /*p*/,
+       const unsigned char */*p*/,
        size_t /*len*/,
-       heim_bit_string * /*data*/,
-       size_t * /*size*/);
+       heim_bit_string */*data*/,
+       size_t */*size*/);
 
 int
 der_get_bmp_string (
-       const unsigned char * /*p*/,
+       const unsigned char */*p*/,
        size_t /*len*/,
-       heim_bmp_string * /*data*/,
-       size_t * /*size*/);
+       heim_bmp_string */*data*/,
+       size_t */*size*/);
 
 int
 der_get_boolean (
-       const unsigned char * /*p*/,
+       const unsigned char */*p*/,
        size_t /*len*/,
-       int * /*data*/,
-       size_t * /*size*/);
+       int */*data*/,
+       size_t */*size*/);
 
 const char *
 der_get_class_name (unsigned /*num*/);
 
 int
-der_get_class_num (const char * /*name*/);
+der_get_class_num (const char */*name*/);
 
 int
 der_get_general_string (
-       const unsigned char * /*p*/,
+       const unsigned char */*p*/,
        size_t /*len*/,
-       heim_general_string * /*str*/,
-       size_t * /*size*/);
+       heim_general_string */*str*/,
+       size_t */*size*/);
 
 int
 der_get_generalized_time (
-       const unsigned char * /*p*/,
+       const unsigned char */*p*/,
        size_t /*len*/,
-       time_t * /*data*/,
-       size_t * /*size*/);
+       time_t */*data*/,
+       size_t */*size*/);
 
 int
 der_get_heim_integer (
-       const unsigned char * /*p*/,
+       const unsigned char */*p*/,
        size_t /*len*/,
-       heim_integer * /*data*/,
-       size_t * /*size*/);
+       heim_integer */*data*/,
+       size_t */*size*/);
 
 int
 der_get_ia5_string (
-       const unsigned char * /*p*/,
+       const unsigned char */*p*/,
        size_t /*len*/,
-       heim_ia5_string * /*str*/,
-       size_t * /*size*/);
+       heim_ia5_string */*str*/,
+       size_t */*size*/);
 
 int
 der_get_integer (
-       const unsigned char * /*p*/,
+       const unsigned char */*p*/,
        size_t /*len*/,
-       int * /*ret*/,
-       size_t * /*size*/);
+       int */*ret*/,
+       size_t */*size*/);
+
+int
+der_get_integer64 (
+       const unsigned char */*p*/,
+       size_t /*len*/,
+       int64_t */*ret*/,
+       size_t */*size*/);
 
 int
 der_get_length (
-       const unsigned char * /*p*/,
+       const unsigned char */*p*/,
        size_t /*len*/,
-       size_t * /*val*/,
-       size_t * /*size*/);
+       size_t */*val*/,
+       size_t */*size*/);
 
 int
 der_get_octet_string (
-       const unsigned char * /*p*/,
+       const unsigned char */*p*/,
        size_t /*len*/,
-       heim_octet_string * /*data*/,
-       size_t * /*size*/);
+       heim_octet_string */*data*/,
+       size_t */*size*/);
 
 int
 der_get_octet_string_ber (
-       const unsigned char * /*p*/,
+       const unsigned char */*p*/,
        size_t /*len*/,
-       heim_octet_string * /*data*/,
-       size_t * /*size*/);
+       heim_octet_string */*data*/,
+       size_t */*size*/);
 
 int
 der_get_oid (
-       const unsigned char * /*p*/,
+       const unsigned char */*p*/,
        size_t /*len*/,
-       heim_oid * /*data*/,
-       size_t * /*size*/);
+       heim_oid */*data*/,
+       size_t */*size*/);
 
 int
 der_get_printable_string (
-       const unsigned char * /*p*/,
+       const unsigned char */*p*/,
        size_t /*len*/,
-       heim_printable_string * /*str*/,
-       size_t * /*size*/);
+       heim_printable_string */*str*/,
+       size_t */*size*/);
 
 int
 der_get_tag (
-       const unsigned char * /*p*/,
+       const unsigned char */*p*/,
        size_t /*len*/,
-       Der_class * /*class*/,
-       Der_type * /*type*/,
-       unsigned int * /*tag*/,
-       size_t * /*size*/);
+       Der_class */*cls*/,
+       Der_type */*type*/,
+       unsigned int */*tag*/,
+       size_t */*size*/);
 
 const char *
 der_get_tag_name (unsigned /*num*/);
 
 int
-der_get_tag_num (const char * /*name*/);
+der_get_tag_num (const char */*name*/);
 
 const char *
 der_get_type_name (unsigned /*num*/);
 
 int
-der_get_type_num (const char * /*name*/);
+der_get_type_num (const char */*name*/);
 
 int
 der_get_universal_string (
-       const unsigned char * /*p*/,
+       const unsigned char */*p*/,
        size_t /*len*/,
-       heim_universal_string * /*data*/,
-       size_t * /*size*/);
+       heim_universal_string */*data*/,
+       size_t */*size*/);
 
 int
 der_get_unsigned (
-       const unsigned char * /*p*/,
+       const unsigned char */*p*/,
+       size_t /*len*/,
+       unsigned */*ret*/,
+       size_t */*size*/);
+
+int
+der_get_unsigned64 (
+       const unsigned char */*p*/,
        size_t /*len*/,
-       unsigned * /*ret*/,
-       size_t * /*size*/);
+       uint64_t */*ret*/,
+       size_t */*size*/);
 
 int
 der_get_utctime (
-       const unsigned char * /*p*/,
+       const unsigned char */*p*/,
        size_t /*len*/,
-       time_t * /*data*/,
-       size_t * /*size*/);
+       time_t */*data*/,
+       size_t */*size*/);
 
 int
 der_get_utf8string (
-       const unsigned char * /*p*/,
+       const unsigned char */*p*/,
        size_t /*len*/,
-       heim_utf8_string * /*str*/,
-       size_t * /*size*/);
+       heim_utf8_string */*str*/,
+       size_t */*size*/);
 
 int
 der_get_visible_string (
-       const unsigned char * /*p*/,
+       const unsigned char */*p*/,
        size_t /*len*/,
-       heim_visible_string * /*str*/,
-       size_t * /*size*/);
+       heim_visible_string */*str*/,
+       size_t */*size*/);
 
 int
 der_heim_bit_string_cmp (
-       const heim_bit_string * /*p*/,
-       const heim_bit_string * /*q*/);
+       const heim_bit_string */*p*/,
+       const heim_bit_string */*q*/);
 
 int
 der_heim_bmp_string_cmp (
-       const heim_bmp_string * /*p*/,
-       const heim_bmp_string * /*q*/);
+       const heim_bmp_string */*p*/,
+       const heim_bmp_string */*q*/);
 
 int
 der_heim_integer_cmp (
-       const heim_integer * /*p*/,
-       const heim_integer * /*q*/);
+       const heim_integer */*p*/,
+       const heim_integer */*q*/);
 
 int
 der_heim_octet_string_cmp (
-       const heim_octet_string * /*p*/,
-       const heim_octet_string * /*q*/);
+       const heim_octet_string */*p*/,
+       const heim_octet_string */*q*/);
 
 int
 der_heim_oid_cmp (
-       const heim_oid * /*p*/,
-       const heim_oid * /*q*/);
+       const heim_oid */*p*/,
+       const heim_oid */*q*/);
 
 int
 der_heim_universal_string_cmp (
-       const heim_universal_string * /*p*/,
-       const heim_universal_string * /*q*/);
+       const heim_universal_string */*p*/,
+       const heim_universal_string */*q*/);
+
+int
+der_ia5_string_cmp (
+       const heim_ia5_string */*p*/,
+       const heim_ia5_string */*q*/);
 
 size_t
-der_length_bit_string (const heim_bit_string * /*k*/);
+der_length_bit_string (const heim_bit_string */*k*/);
 
 size_t
-der_length_bmp_string (const heim_bmp_string * /*data*/);
+der_length_bmp_string (const heim_bmp_string */*data*/);
 
 size_t
-der_length_boolean (const int * /*k*/);
+der_length_boolean (const int */*k*/);
 
 size_t
-der_length_enumerated (const unsigned * /*data*/);
+der_length_enumerated (const unsigned */*data*/);
 
 size_t
-der_length_general_string (const heim_general_string * /*data*/);
+der_length_general_string (const heim_general_string */*data*/);
 
 size_t
-der_length_generalized_time (const time_t * /*t*/);
+der_length_generalized_time (const time_t */*t*/);
 
 size_t
-der_length_heim_integer (const heim_integer * /*k*/);
+der_length_heim_integer (const heim_integer */*k*/);
 
 size_t
-der_length_ia5_string (const heim_ia5_string * /*data*/);
+der_length_ia5_string (const heim_ia5_string */*data*/);
 
 size_t
-der_length_integer (const int * /*data*/);
+der_length_integer (const int */*data*/);
+
+size_t
+der_length_integer64 (const int64_t */*data*/);
 
 size_t
 der_length_len (size_t /*len*/);
 
 size_t
-der_length_octet_string (const heim_octet_string * /*k*/);
+der_length_octet_string (const heim_octet_string */*k*/);
+
+size_t
+der_length_oid (const heim_oid */*k*/);
+
+size_t
+der_length_printable_string (const heim_printable_string */*data*/);
 
 size_t
-der_length_oid (const heim_oid * /*k*/);
+der_length_tag (unsigned int /*tag*/);
 
 size_t
-der_length_printable_string (const heim_printable_string * /*data*/);
+der_length_universal_string (const heim_universal_string */*data*/);
 
 size_t
-der_length_universal_string (const heim_universal_string * /*data*/);
+der_length_unsigned (const unsigned */*data*/);
 
 size_t
-der_length_unsigned (const unsigned * /*data*/);
+der_length_unsigned64 (const uint64_t */*data*/);
 
 size_t
-der_length_utctime (const time_t * /*t*/);
+der_length_utctime (const time_t */*t*/);
 
 size_t
-der_length_utf8string (const heim_utf8_string * /*data*/);
+der_length_utf8string (const heim_utf8_string */*data*/);
 
 size_t
-der_length_visible_string (const heim_visible_string * /*data*/);
+der_length_visible_string (const heim_visible_string */*data*/);
 
 int
 der_match_tag (
-       const unsigned char * /*p*/,
+       const unsigned char */*p*/,
        size_t /*len*/,
-       Der_class /*class*/,
+       Der_class /*cls*/,
        Der_type /*type*/,
        unsigned int /*tag*/,
-       size_t * /*size*/);
+       size_t */*size*/);
 
 int
 der_match_tag2 (
-       const unsigned char * /*p*/,
+       const unsigned char */*p*/,
        size_t /*len*/,
-       Der_class /*class*/,
-       Der_type * /*type*/,
+       Der_class /*cls*/,
+       Der_type */*type*/,
        unsigned int /*tag*/,
-       size_t * /*size*/);
+       size_t */*size*/);
 
 int
 der_match_tag_and_length (
-       const unsigned char * /*p*/,
+       const unsigned char */*p*/,
        size_t /*len*/,
-       Der_class /*class*/,
-       Der_type * /*type*/,
+       Der_class /*cls*/,
+       Der_type */*type*/,
        unsigned int /*tag*/,
-       size_t * /*length_ret*/,
-       size_t * /*size*/);
+       size_t */*length_ret*/,
+       size_t */*size*/);
 
 int
 der_parse_heim_oid (
-       const char * /*str*/,
-       const char * /*sep*/,
-       heim_oid * /*data*/);
+       const char */*str*/,
+       const char */*sep*/,
+       heim_oid */*data*/);
 
 int
 der_parse_hex_heim_integer (
-       const char * /*p*/,
-       heim_integer * /*data*/);
+       const char */*p*/,
+       heim_integer */*data*/);
 
 int
 der_print_heim_oid (
-       const heim_oid * /*oid*/,
+       const heim_oid */*oid*/,
        char /*delim*/,
-       char ** /*str*/);
+       char **/*str*/);
 
 int
 der_print_hex_heim_integer (
-       const heim_integer * /*data*/,
-       char ** /*p*/);
+       const heim_integer */*data*/,
+       char **/*p*/);
+
+int
+der_printable_string_cmp (
+       const heim_printable_string */*p*/,
+       const heim_printable_string */*q*/);
 
 int
 der_put_bit_string (
-       unsigned char * /*p*/,
+       unsigned char */*p*/,
        size_t /*len*/,
-       const heim_bit_string * /*data*/,
-       size_t * /*size*/);
+       const heim_bit_string */*data*/,
+       size_t */*size*/);
 
 int
 der_put_bmp_string (
-       unsigned char * /*p*/,
+       unsigned char */*p*/,
        size_t /*len*/,
-       const heim_bmp_string * /*data*/,
-       size_t * /*size*/);
+       const heim_bmp_string */*data*/,
+       size_t */*size*/);
 
 int
 der_put_boolean (
-       unsigned char * /*p*/,
+       unsigned char */*p*/,
        size_t /*len*/,
-       const int * /*data*/,
-       size_t * /*size*/);
+       const int */*data*/,
+       size_t */*size*/);
 
 int
 der_put_general_string (
-       unsigned char * /*p*/,
+       unsigned char */*p*/,
        size_t /*len*/,
-       const heim_general_string * /*str*/,
-       size_t * /*size*/);
+       const heim_general_string */*str*/,
+       size_t */*size*/);
 
 int
 der_put_generalized_time (
-       unsigned char * /*p*/,
+       unsigned char */*p*/,
        size_t /*len*/,
-       const time_t * /*data*/,
-       size_t * /*size*/);
+       const time_t */*data*/,
+       size_t */*size*/);
 
 int
 der_put_heim_integer (
-       unsigned char * /*p*/,
+       unsigned char */*p*/,
        size_t /*len*/,
-       const heim_integer * /*data*/,
-       size_t * /*size*/);
+       const heim_integer */*data*/,
+       size_t */*size*/);
 
 int
 der_put_ia5_string (
-       unsigned char * /*p*/,
+       unsigned char */*p*/,
        size_t /*len*/,
-       const heim_ia5_string * /*str*/,
-       size_t * /*size*/);
+       const heim_ia5_string */*str*/,
+       size_t */*size*/);
 
 int
 der_put_integer (
-       unsigned char * /*p*/,
+       unsigned char */*p*/,
+       size_t /*len*/,
+       const int */*v*/,
+       size_t */*size*/);
+
+int
+der_put_integer64 (
+       unsigned char */*p*/,
        size_t /*len*/,
-       const int * /*v*/,
-       size_t * /*size*/);
+       const int64_t */*v*/,
+       size_t */*size*/);
 
 int
 der_put_length (
-       unsigned char * /*p*/,
+       unsigned char */*p*/,
        size_t /*len*/,
        size_t /*val*/,
-       size_t * /*size*/);
+       size_t */*size*/);
 
 int
 der_put_length_and_tag (
-       unsigned char * /*p*/,
+       unsigned char */*p*/,
        size_t /*len*/,
        size_t /*len_val*/,
        Der_class /*class*/,
        Der_type /*type*/,
        unsigned int /*tag*/,
-       size_t * /*size*/);
+       size_t */*size*/);
 
 int
 der_put_octet_string (
-       unsigned char * /*p*/,
+       unsigned char */*p*/,
        size_t /*len*/,
-       const heim_octet_string * /*data*/,
-       size_t * /*size*/);
+       const heim_octet_string */*data*/,
+       size_t */*size*/);
 
 int
 der_put_oid (
-       unsigned char * /*p*/,
+       unsigned char */*p*/,
        size_t /*len*/,
-       const heim_oid * /*data*/,
-       size_t * /*size*/);
+       const heim_oid */*data*/,
+       size_t */*size*/);
 
 int
 der_put_printable_string (
-       unsigned char * /*p*/,
+       unsigned char */*p*/,
        size_t /*len*/,
-       const heim_printable_string * /*str*/,
-       size_t * /*size*/);
+       const heim_printable_string */*str*/,
+       size_t */*size*/);
 
 int
 der_put_tag (
-       unsigned char * /*p*/,
+       unsigned char */*p*/,
        size_t /*len*/,
        Der_class /*class*/,
        Der_type /*type*/,
        unsigned int /*tag*/,
-       size_t * /*size*/);
+       size_t */*size*/);
 
 int
 der_put_universal_string (
-       unsigned char * /*p*/,
+       unsigned char */*p*/,
        size_t /*len*/,
-       const heim_universal_string * /*data*/,
-       size_t * /*size*/);
+       const heim_universal_string */*data*/,
+       size_t */*size*/);
 
 int
 der_put_unsigned (
-       unsigned char * /*p*/,
+       unsigned char */*p*/,
+       size_t /*len*/,
+       const unsigned */*v*/,
+       size_t */*size*/);
+
+int
+der_put_unsigned64 (
+       unsigned char */*p*/,
        size_t /*len*/,
-       const unsigned * /*v*/,
-       size_t * /*size*/);
+       const uint64_t */*v*/,
+       size_t */*size*/);
 
 int
 der_put_utctime (
-       unsigned char * /*p*/,
+       unsigned char */*p*/,
        size_t /*len*/,
-       const time_t * /*data*/,
-       size_t * /*size*/);
+       const time_t */*data*/,
+       size_t */*size*/);
 
 int
 der_put_utf8string (
-       unsigned char * /*p*/,
+       unsigned char */*p*/,
        size_t /*len*/,
-       const heim_utf8_string * /*str*/,
-       size_t * /*size*/);
+       const heim_utf8_string */*str*/,
+       size_t */*size*/);
 
 int
 der_put_visible_string (
-       unsigned char * /*p*/,
+       unsigned char */*p*/,
        size_t /*len*/,
-       const heim_visible_string * /*str*/,
-       size_t * /*size*/);
+       const heim_visible_string */*str*/,
+       size_t */*size*/);
 
 int
 encode_heim_any (
-       unsigned char * /*p*/,
+       unsigned char */*p*/,
        size_t /*len*/,
-       const heim_any * /*data*/,
-       size_t * /*size*/);
+       const heim_any */*data*/,
+       size_t */*size*/);
 
 int
 encode_heim_any_set (
-       unsigned char * /*p*/,
+       unsigned char */*p*/,
        size_t /*len*/,
-       const heim_any_set * /*data*/,
-       size_t * /*size*/);
+       const heim_any_set */*data*/,
+       size_t */*size*/);
 
 void
-free_heim_any (heim_any * /*data*/);
+free_heim_any (heim_any */*data*/);
 
 void
-free_heim_any_set (heim_any_set * /*data*/);
+free_heim_any_set (heim_any_set */*data*/);
 
 int
 heim_any_cmp (
-       const heim_any_set * /*p*/,
-       const heim_any_set * /*q*/);
+       const heim_any_set */*p*/,
+       const heim_any_set */*q*/);
 
 size_t
-length_heim_any (const heim_any * /*data*/);
+length_heim_any (const heim_any */*data*/);
 
 size_t
-length_heim_any_set (const heim_any * /*data*/);
+length_heim_any_set (const heim_any */*data*/);
 
 #ifdef __cplusplus
 }
 #endif
 
+#endif /* DOXY */
 #endif /* __der_protos_h__ */
index af3ee33..1a59d4f 100644 (file)
@@ -234,9 +234,9 @@ tkt_DecodeTicket5(char *ticket, afs_int32 ticket_len,
 
     /* Check that the key type really fit into 8 bytes */
     switch (t5.enc_part.etype) {
-    case ETYPE_DES_CBC_CRC:
-    case ETYPE_DES_CBC_MD4:
-    case ETYPE_DES_CBC_MD5:
+    case KRB5_ENCTYPE_DES_CBC_CRC:
+    case KRB5_ENCTYPE_DES_CBC_MD4:
+    case KRB5_ENCTYPE_DES_CBC_MD5:
        /* check ticket */
        if (t5.enc_part.cipher.length > sizeof(plain)
            || t5.enc_part.cipher.length % 8 != 0)
@@ -494,17 +494,17 @@ krb5_des_decrypt(struct ktc_encryptionKey *key, int etype, void *in,
 #define CONFOUNDERSZ 8
 
     switch (etype) {
-    case ETYPE_DES_CBC_CRC:
+    case KRB5_ENCTYPE_DES_CBC_CRC:
        memcpy(&ivec, key, sizeof(ivec));
        cksumsz = 4;
        cksum_func = verify_checksum_crc;
        break;
-    case ETYPE_DES_CBC_MD4:
+    case KRB5_ENCTYPE_DES_CBC_MD4:
        memset(&ivec, 0, sizeof(ivec));
        cksumsz = 16;
        cksum_func = verify_checksum_md4;
        break;
-    case ETYPE_DES_CBC_MD5:
+    case KRB5_ENCTYPE_DES_CBC_MD5:
        memset(&ivec, 0, sizeof(ivec));
        cksumsz = 16;
        cksum_func = verify_checksum_md5;
@@ -554,7 +554,7 @@ tkt_MakeTicket5(char *ticket, int *ticketLen, int enctype, int *kvno,
     memset(&data, 0, sizeof(data));
 
     data.flags.transited_policy_checked = 1;
-    data.key.keytype=ETYPE_DES_CBC_CRC;
+    data.key.keytype=KRB5_ENCTYPE_DES_CBC_CRC;
     data.key.keyvalue.data=sessionKey->data;
     data.key.keyvalue.length=8;
     data.crealm=cell;
@@ -718,16 +718,16 @@ tkt_DeriveDesKey(int enctype, void *keydata, size_t keylen,
                 struct ktc_encryptionKey *output)
 {
     switch (enctype) {
-    case ETYPE_DES_CBC_CRC:
-    case ETYPE_DES_CBC_MD4:
-    case ETYPE_DES_CBC_MD5:
+    case KRB5_ENCTYPE_DES_CBC_CRC:
+    case KRB5_ENCTYPE_DES_CBC_MD4:
+    case KRB5_ENCTYPE_DES_CBC_MD5:
        if (keylen != 8)
            return 1;
 
        /* Extract session key */
        memcpy(output, keydata, 8);
        break;
-    case ETYPE_NULL:
+    case KRB5_ENCTYPE_NULL:
     case 4:
     case 6:
     case 8:
@@ -741,9 +741,9 @@ tkt_DeriveDesKey(int enctype, void *keydata, size_t keylen,
        return 1;
        /*In order to become a "Cryptographic Key" as specified in
         * SP800-108, it must be indistinguishable from a random bitstring. */
-    case ETYPE_DES3_CBC_MD5:
-    case ETYPE_OLD_DES3_CBC_SHA1:
-    case ETYPE_DES3_CBC_SHA1:
+    case KRB5_ENCTYPE_DES3_CBC_MD5:
+    case KRB5_ENCTYPE_OLD_DES3_CBC_SHA1:
+    case KRB5_ENCTYPE_DES3_CBC_SHA1:
        if (compress_parity_bits(keydata, &keylen))
            return 1;
        /* FALLTHROUGH */
index 46ac9ce..98545b1 100644 (file)
@@ -35,7 +35,7 @@
  */
 
 
-/* RCSID("$Id$"); */
+#define ASN1_MAX_YEAR  2000
 
 static int
 is_leap(unsigned y)
@@ -44,6 +44,10 @@ is_leap(unsigned y)
     return (y % 4) == 0 && ((y % 100) != 0 || (y % 400) == 0);
 }
 
+static const unsigned ndays[2][12] ={
+    {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31},
+    {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}};
+
 /*
  * This is a simplifed version of timegm(3) that doesn't accept out of
  * bound values that timegm(3) normally accepts but those are not
@@ -53,17 +57,20 @@ is_leap(unsigned y)
 time_t
 _der_timegm (struct tm *tm)
 {
-  static const unsigned ndays[2][12] ={
-    {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31},
-    {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}};
   time_t res = 0;
-  unsigned i;
+  int i;
+
+  /*
+   * See comment in _der_gmtime
+   */
+  if (tm->tm_year > ASN1_MAX_YEAR)
+      return 0;
 
   if (tm->tm_year < 0)
       return -1;
   if (tm->tm_mon < 0 || tm->tm_mon > 11)
       return -1;
-  if (tm->tm_mday < 1 || tm->tm_mday > ndays[is_leap(tm->tm_year)][tm->tm_mon])
+  if (tm->tm_mday < 1 || tm->tm_mday > (int)ndays[is_leap(tm->tm_year)][tm->tm_mon])
       return -1;
   if (tm->tm_hour < 0 || tm->tm_hour > 23)
       return -1;
@@ -86,6 +93,49 @@ _der_timegm (struct tm *tm)
   res += tm->tm_sec;
   return res;
 }
+
+struct tm *
+_der_gmtime(time_t t, struct tm *tm)
+{
+    time_t secday = t % (3600 * 24);
+    time_t days = t / (3600 * 24);
+
+    memset(tm, 0, sizeof(*tm));
+
+    tm->tm_sec = secday % 60;
+    tm->tm_min = (secday % 3600) / 60;
+    tm->tm_hour = (int)(secday / 3600);
+
+    /*
+     * Refuse to calculate time ~ 2000 years into the future, this is
+     * not possible for systems where time_t is a int32_t, however,
+     * when time_t is a int64_t, that can happen, and this becomes a
+     * denial of sevice.
+     */
+    if (days > (ASN1_MAX_YEAR * 365))
+       return NULL;
+
+    tm->tm_year = 70;
+    while(1) {
+       unsigned dayinyear = (is_leap(tm->tm_year) ? 366 : 365);
+       if (days < dayinyear)
+           break;
+       tm->tm_year += 1;
+       days -= dayinyear;
+    }
+    tm->tm_mon = 0;
+
+    while (1) {
+       unsigned daysinmonth = ndays[is_leap(tm->tm_year)][tm->tm_mon];
+       if (days < daysinmonth)
+           break;
+       days -= daysinmonth;
+       tm->tm_mon++;
+    }
+    tm->tm_mday = (int)(days + 1);
+
+    return tm;
+}
 /*
  * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
@@ -135,9 +185,28 @@ der_get_unsigned (const unsigned char *p, size_t len,
     unsigned val = 0;
     size_t oldlen = len;
 
-    if (len == sizeof(unsigned) + 1 && p[0] == 0)
+    if (len == sizeof(val) + 1 && p[0] == 0)
        ;
-    else if (len > sizeof(unsigned))
+    else if (len > sizeof(val))
+       return ASN1_OVERRUN;
+
+    while (len--)
+       val = val * 256 + *p++;
+    *ret = val;
+    if(size) *size = oldlen;
+    return 0;
+}
+
+int
+der_get_unsigned64 (const unsigned char *p, size_t len,
+                   uint64_t *ret, size_t *size)
+{
+    uint64_t val = 0;
+    size_t oldlen = len;
+
+    if (len == sizeof(val) + 1 && p[0] == 0)
+       ;
+    else if (len > sizeof(val))
        return ASN1_OVERRUN;
 
     while (len--)
@@ -154,7 +223,7 @@ der_get_integer (const unsigned char *p, size_t len,
     int val = 0;
     size_t oldlen = len;
 
-    if (len > sizeof(int))
+    if (len > sizeof(val))
        return ASN1_OVERRUN;
 
     if (len > 0) {
@@ -168,6 +237,27 @@ der_get_integer (const unsigned char *p, size_t len,
 }
 
 int
+der_get_integer64 (const unsigned char *p, size_t len,
+                  int64_t *ret, size_t *size)
+{
+    int64_t val = 0;
+    size_t oldlen = len;
+
+    if (len > sizeof(val))
+        return ASN1_OVERRUN;
+
+    if (len > 0) {
+       val = (signed char)*p++;
+       while (--len)
+           val = val * 256 + *p++;
+    }
+    *ret = val;
+    if(size) *size = oldlen;
+    return 0;
+}
+
+
+int
 der_get_length (const unsigned char *p, size_t len,
                size_t *val, size_t *size)
 {
@@ -228,20 +318,24 @@ der_get_general_string (const unsigned char *p, size_t len,
         * an strings in the NEED_PREAUTH case that includes a
         * trailing NUL.
         */
-       while (p1 - p < len && *p1 == '\0')
+       while ((size_t)(p1 - p) < len && *p1 == '\0')
            p1++;
-       if (p1 - p != len)
+       if ((size_t)(p1 - p) != len) {
+           *str = NULL;
            return ASN1_BAD_CHARACTER;
+       }
     }
-    if (len > len + 1)
+    if (len == SIZE_MAX) {
+       *str = NULL;
        return ASN1_BAD_LENGTH;
+    }
 
-    s = malloc (len + 1);
+    *str = s = malloc (len + 1);
     if (s == NULL)
        return ENOMEM;
     memcpy (s, p, len);
     s[len] = '\0';
-    *str = s;
+
     if(size) *size = len;
     return 0;
 }
@@ -253,18 +347,34 @@ der_get_utf8string (const unsigned char *p, size_t len,
     return der_get_general_string(p, len, str, size);
 }
 
+#define gen_data_zero(_data) \
+       do { (_data)->length = 0; (_data)->data = NULL; } while(0)
+
 int
-der_get_printable_string (const unsigned char *p, size_t len,
-                         heim_printable_string *str, size_t *size)
+der_get_printable_string(const unsigned char *p, size_t len,
+                        heim_printable_string *str, size_t *size)
 {
-    return der_get_general_string(p, len, str, size);
+    if (len == SIZE_MAX) {
+       gen_data_zero(str);
+       return ASN1_BAD_LENGTH;
+    }
+    str->length = len;
+    str->data = malloc(len + 1);
+    if (str->data == NULL) {
+       gen_data_zero(str);
+       return ENOMEM;
+    }
+    memcpy(str->data, p, len);
+    ((char *)str->data)[len] = '\0';
+    if(size) *size = len;
+    return 0;
 }
 
 int
-der_get_ia5_string (const unsigned char *p, size_t len,
-                   heim_ia5_string *str, size_t *size)
+der_get_ia5_string(const unsigned char *p, size_t len,
+                  heim_ia5_string *str, size_t *size)
 {
-    return der_get_general_string(p, len, str, size);
+    return der_get_printable_string(p, len, str, size);
 }
 
 int
@@ -273,14 +383,20 @@ der_get_bmp_string (const unsigned char *p, size_t len,
 {
     size_t i;
 
-    if (len & 1)
+    if (len & 1) {
+       gen_data_zero(data);
        return ASN1_BAD_FORMAT;
+    }
     data->length = len / 2;
-    if (data->length > UINT_MAX/sizeof(data->data[0]))
+    if (data->length > UINT_MAX/sizeof(data->data[0])) {
+       gen_data_zero(data);
        return ERANGE;
+    }
     data->data = malloc(data->length * sizeof(data->data[0]));
-    if (data->data == NULL && data->length != 0)
+    if (data->data == NULL && data->length != 0) {
+       gen_data_zero(data);
        return ENOMEM;
+    }
 
     for (i = 0; i < data->length; i++) {
        data->data[i] = (p[0] << 8) | p[1];
@@ -288,8 +404,7 @@ der_get_bmp_string (const unsigned char *p, size_t len,
        /* check for NUL in the middle of the string */
        if (data->data[i] == 0 && i != (data->length - 1)) {
            free(data->data);
-           data->data = NULL;
-           data->length = 0;
+           gen_data_zero(data);
            return ASN1_BAD_CHARACTER;
        }
     }
@@ -304,14 +419,20 @@ der_get_universal_string (const unsigned char *p, size_t len,
 {
     size_t i;
 
-    if (len & 3)
+    if (len & 3) {
+       gen_data_zero(data);
        return ASN1_BAD_FORMAT;
+    }
     data->length = len / 4;
-    if (data->length > UINT_MAX/sizeof(data->data[0]))
+    if (data->length > UINT_MAX/sizeof(data->data[0])) {
+       gen_data_zero(data);
        return ERANGE;
+    }
     data->data = malloc(data->length * sizeof(data->data[0]));
-    if (data->data == NULL && data->length != 0)
+    if (data->data == NULL && data->length != 0) {
+       gen_data_zero(data);
        return ENOMEM;
+    }
 
     for (i = 0; i < data->length; i++) {
        data->data[i] = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
@@ -319,8 +440,7 @@ der_get_universal_string (const unsigned char *p, size_t len,
        /* check for NUL in the middle of the string */
        if (data->data[i] == 0 && i != (data->length - 1)) {
            free(data->data);
-           data->data = NULL;
-           data->length = 0;
+           gen_data_zero(data);
            return ASN1_BAD_CHARACTER;
        }
     }
@@ -354,7 +474,7 @@ der_get_octet_string_ber (const unsigned char *p, size_t len,
 {
     int e;
     Der_type type;
-    Der_class class;
+    Der_class cls;
     unsigned int tag, depth = 0;
     size_t l, datalen, oldlen = len;
 
@@ -362,9 +482,9 @@ der_get_octet_string_ber (const unsigned char *p, size_t len,
     data->data = NULL;
 
     while (len) {
-       e = der_get_tag (p, len, &class, &type, &tag, &l);
+       e = der_get_tag (p, len, &cls, &type, &tag, &l);
        if (e) goto out;
-       if (class != ASN1_C_UNIV) {
+       if (cls != ASN1_C_UNIV) {
            e = ASN1_BAD_ID;
            goto out;
        }
@@ -510,7 +630,7 @@ der_get_time (const unsigned char *p, size_t len,
     char *times;
     int e;
 
-    if (len > len + 1 || len == 0)
+    if (len == SIZE_MAX || len == 0)
        return ASN1_BAD_LENGTH;
 
     times = malloc(len + 1);
@@ -548,7 +668,7 @@ der_get_oid (const unsigned char *p, size_t len,
     if (len < 1)
        return ASN1_OVERRUN;
 
-    if (len > len + 1)
+    if (len == SIZE_MAX)
        return ASN1_BAD_LENGTH;
 
     if (len + 1 > UINT_MAX/sizeof(data->components[0]))
@@ -588,13 +708,13 @@ der_get_oid (const unsigned char *p, size_t len,
 
 int
 der_get_tag (const unsigned char *p, size_t len,
-            Der_class *class, Der_type *type,
+            Der_class *cls, Der_type *type,
             unsigned int *tag, size_t *size)
 {
     size_t ret = 0;
     if (len < 1)
        return ASN1_OVERRUN;
-    *class = (Der_class)(((*p) >> 6) & 0x03);
+    *cls = (Der_class)(((*p) >> 6) & 0x03);
     *type = (Der_type)(((*p) >> 5) & 0x01);
     *tag = (*p) & 0x1f;
     p++; len--; ret++;
@@ -620,13 +740,13 @@ der_get_tag (const unsigned char *p, size_t len,
 
 int
 der_match_tag (const unsigned char *p, size_t len,
-              Der_class class, Der_type type,
+              Der_class cls, Der_type type,
               unsigned int tag, size_t *size)
 {
     Der_type thistype;
     int e;
 
-    e = der_match_tag2(p, len, class, &thistype, tag, size);
+    e = der_match_tag2(p, len, cls, &thistype, tag, size);
     if (e) return e;
     if (thistype != type) return ASN1_BAD_ID;
     return 0;
@@ -634,7 +754,7 @@ der_match_tag (const unsigned char *p, size_t len,
 
 int
 der_match_tag2 (const unsigned char *p, size_t len,
-               Der_class class, Der_type *type,
+               Der_class cls, Der_type *type,
                unsigned int tag, size_t *size)
 {
     size_t l;
@@ -644,7 +764,7 @@ der_match_tag2 (const unsigned char *p, size_t len,
 
     e = der_get_tag (p, len, &thisclass, type, &thistag, &l);
     if (e) return e;
-    if (class != thisclass)
+    if (cls != thisclass)
        return ASN1_BAD_ID;
     if(tag > thistag)
        return ASN1_MISPLACED_FIELD;
@@ -656,13 +776,13 @@ der_match_tag2 (const unsigned char *p, size_t len,
 
 int
 der_match_tag_and_length (const unsigned char *p, size_t len,
-                         Der_class class, Der_type *type, unsigned int tag,
+                         Der_class cls, Der_type *type, unsigned int tag,
                          size_t *length_ret, size_t *size)
 {
     size_t l, ret = 0;
     int e;
 
-    e = der_match_tag2 (p, len, class, type, tag, &l);
+    e = der_match_tag2 (p, len, cls, type, tag, &l);
     if (e) return e;
     p += l;
     len -= l;
@@ -713,14 +833,19 @@ der_get_bit_string (const unsigned char *p, size_t len,
      * any of them will cause a interger overrun */
     if ((len - 1) >> (sizeof(len) * 8 - 3))
        return ASN1_OVERRUN;
-    data->length = (len - 1) * 8;
-    data->data = malloc(len - 1);
-    if (data->data == NULL && (len - 1) != 0)
-       return ENOMEM;
-    /* copy data is there is data to copy */
-    if (len - 1 != 0) {
-      memcpy (data->data, p + 1, len - 1);
-      data->length -= p[0];
+    /*
+     * If there is data to copy, do that now.
+     */
+    if (len - 1 > 0) {
+       data->length = (len - 1) * 8;
+       data->data = malloc(len - 1);
+       if (data->data == NULL)
+           return ENOMEM;
+       memcpy (data->data, p + 1, len - 1);
+       data->length -= p[0];
+    } else {
+       data->data = NULL;
+       data->length = 0;
     }
     if(size) *size = len;
     return 0;
@@ -802,6 +927,38 @@ der_put_unsigned (unsigned char *p, size_t len, const unsigned *v, size_t *size)
 }
 
 int
+der_put_unsigned64 (unsigned char *p, size_t len, const uint64_t *v, size_t *size)
+{
+    unsigned char *base = p;
+    uint64_t val = *v;
+
+    if (val) {
+       while (len > 0 && val) {
+           *p-- = val % 256;
+           val /= 256;
+           --len;
+       }
+       if (val != 0)
+           return ASN1_OVERFLOW;
+       else {
+           if(p[1] >= 128) {
+               if(len < 1)
+                   return ASN1_OVERFLOW;
+               *p-- = 0;
+           }
+           *size = base - p;
+           return 0;
+       }
+    } else if (len < 1)
+       return ASN1_OVERFLOW;
+    else {
+       *p    = 0;
+       *size = 1;
+       return 0;
+    }
+}
+
+int
 der_put_integer (unsigned char *p, size_t len, const int *v, size_t *size)
 {
     unsigned char *base = p;
@@ -841,6 +998,46 @@ der_put_integer (unsigned char *p, size_t len, const int *v, size_t *size)
     return 0;
 }
 
+int
+der_put_integer64 (unsigned char *p, size_t len, const int64_t *v, size_t *size)
+{
+    unsigned char *base = p;
+    int64_t val = *v;
+
+    if(val >= 0) {
+       do {
+           if(len < 1)
+               return ASN1_OVERFLOW;
+           *p-- = val % 256;
+           len--;
+           val /= 256;
+       } while(val);
+       if(p[1] >= 128) {
+           if(len < 1)
+               return ASN1_OVERFLOW;
+           *p-- = 0;
+           len--;
+       }
+    } else {
+       val = ~val;
+       do {
+           if(len < 1)
+               return ASN1_OVERFLOW;
+           *p-- = ~(val % 256);
+           len--;
+           val /= 256;
+       } while(val);
+       if(p[1] < 128) {
+           if(len < 1)
+               return ASN1_OVERFLOW;
+           *p-- = 0xff;
+           len--;
+       }
+    }
+    *size = base - p;
+    return 0;
+}
+
 
 int
 der_put_length (unsigned char *p, size_t len, size_t val, size_t *size)
@@ -907,14 +1104,14 @@ int
 der_put_printable_string (unsigned char *p, size_t len,
                          const heim_printable_string *str, size_t *size)
 {
-    return der_put_general_string(p, len, str, size);
+    return der_put_octet_string(p, len, str, size);
 }
 
 int
 der_put_ia5_string (unsigned char *p, size_t len,
                    const heim_ia5_string *str, size_t *size)
 {
-    return der_put_general_string(p, len, str, size);
+    return der_put_octet_string(p, len, str, size);
 }
 
 int
@@ -993,7 +1190,8 @@ der_put_heim_integer (unsigned char *p, size_t len,
     len -= data->length;
 
     if (data->negative) {
-       int i, carry;
+       ssize_t i;
+       int carry;
        for (i = data->length - 1, carry = 1; i >= 0; i--) {
            *p = buf[i] ^ 0xff;
            if (carry)
@@ -1069,7 +1267,7 @@ der_put_oid (unsigned char *p, size_t len,
             const heim_oid *data, size_t *size)
 {
     unsigned char *base = p;
-    int n;
+    size_t n;
 
     for (n = data->length - 1; n >= 2; --n) {
        unsigned u = data->components[n];
@@ -1152,22 +1350,25 @@ der_put_length_and_tag (unsigned char *p, size_t len, size_t len_val,
 int
 _heim_time2generalizedtime (time_t t, heim_octet_string *s, int gtimep)
 {
-     struct tm *tm;
+     struct tm tm;
      const size_t len = gtimep ? 15 : 13;
 
+     s->data = NULL;
+     s->length = 0;
+     if (_der_gmtime(t, &tm) == NULL)
+        return ASN1_BAD_TIMEFORMAT;
      s->data = malloc(len + 1);
      if (s->data == NULL)
         return ENOMEM;
      s->length = len;
-     tm = gmtime (&t);
      if (gtimep)
         snprintf (s->data, len + 1, "%04d%02d%02d%02d%02d%02dZ",
-                  tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
-                  tm->tm_hour, tm->tm_min, tm->tm_sec);
+                  tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday,
+                  tm.tm_hour, tm.tm_min, tm.tm_sec);
      else
         snprintf (s->data, len + 1, "%02d%02d%02d%02d%02d%02dZ",
-                  tm->tm_year % 100, tm->tm_mon + 1, tm->tm_mday,
-                  tm->tm_hour, tm->tm_min, tm->tm_sec);
+                  tm.tm_year % 100, tm.tm_mon + 1, tm.tm_mday,
+                  tm.tm_hour, tm.tm_min, tm.tm_sec);
 
      return 0;
 }
@@ -1193,14 +1394,14 @@ der_put_bit_string (unsigned char *p, size_t len,
 int
 _heim_der_set_sort(const void *a1, const void *a2)
 {
-    const struct heim_octet_string *s1 = a1, *s2 = a2;
+    const heim_octet_string *s1 = a1, *s2 = a2;
     int ret;
 
     ret = memcmp(s1->data, s2->data,
                 s1->length < s2->length ? s1->length : s2->length);
     if(ret)
        return ret;
-    return s1->length - s2->length;
+    return (int)(s1->length - s2->length);
 }
 /*
  * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
@@ -1254,12 +1455,24 @@ der_free_integer (int *i)
 }
 
 void
+der_free_integer64 (int64_t *i)
+{
+    *i = 0;
+}
+
+void
 der_free_unsigned (unsigned *u)
 {
     *u = 0;
 }
 
 void
+der_free_unsigned64 (uint64_t *u)
+{
+    *u = 0;
+}
+
+void
 der_free_generalized_time(time_t *t)
 {
     *t = 0;
@@ -1282,15 +1495,13 @@ der_free_utf8string (heim_utf8_string *str)
 void
 der_free_printable_string (heim_printable_string *str)
 {
-    free(*str);
-    *str = NULL;
+    der_free_octet_string(str);
 }
 
 void
 der_free_ia5_string (heim_ia5_string *str)
 {
-    free(*str);
-    *str = NULL;
+    der_free_octet_string(str);
 }
 
 void
@@ -1404,6 +1615,24 @@ _heim_len_unsigned (unsigned val)
 }
 
 size_t
+_heim_len_unsigned64 (uint64_t val)
+{
+    size_t ret = 0;
+    int last_val_gt_128;
+
+    do {
+       ++ret;
+       last_val_gt_128 = (val >= 128);
+       val /= 256;
+    } while (val);
+
+    if(last_val_gt_128)
+       ret++;
+
+    return ret;
+}
+
+size_t
 _heim_len_int (int val)
 {
     unsigned char q;
@@ -1430,11 +1659,38 @@ _heim_len_int (int val)
     return ret;
 }
 
+size_t
+_heim_len_int64 (int64_t val)
+{
+    unsigned char q;
+    size_t ret = 0;
+
+    if (val >= 0) {
+       do {
+           q = val % 256;
+           ret++;
+           val /= 256;
+       } while(val);
+       if(q >= 128)
+           ret++;
+    } else {
+       val = ~val;
+       do {
+           q = ~(val % 256);
+           ret++;
+           val /= 256;
+       } while(val);
+       if(q < 128)
+           ret++;
+    }
+    return ret;
+}
+
 static size_t
 len_oid (const heim_oid *oid)
 {
     size_t ret = 1;
-    int n;
+    size_t n;
 
     for (n = 2; n < oid->length; ++n) {
        unsigned u = oid->components[n];
@@ -1483,12 +1739,24 @@ der_length_integer (const int *data)
 }
 
 size_t
+der_length_integer64 (const int64_t *data)
+{
+    return _heim_len_int64 (*data);
+}
+
+size_t
 der_length_unsigned (const unsigned *data)
 {
     return _heim_len_unsigned(*data);
 }
 
 size_t
+der_length_unsigned64 (const uint64_t *data)
+{
+    return _heim_len_unsigned64(*data);
+}
+
+size_t
 der_length_enumerated (const unsigned *data)
 {
   return _heim_len_int (*data);
@@ -1509,13 +1777,13 @@ der_length_utf8string (const heim_utf8_string *data)
 size_t
 der_length_printable_string (const heim_printable_string *data)
 {
-    return strlen(*data);
+    return data->length;
 }
 
 size_t
 der_length_ia5_string (const heim_ia5_string *data)
 {
-    return strlen(*data);
+    return data->length;
 }
 
 size_t
@@ -1650,6 +1918,13 @@ der_copy_integer (const int *from, int *to)
 }
 
 int
+der_copy_integer64 (const int64_t *from, int64_t *to)
+{
+    *to = *from;
+    return 0;
+}
+
+int
 der_copy_unsigned (const unsigned *from, unsigned *to)
 {
     *to = *from;
@@ -1657,6 +1932,13 @@ der_copy_unsigned (const unsigned *from, unsigned *to)
 }
 
 int
+der_copy_unsigned64 (const uint64_t *from, uint64_t *to)
+{
+    *to = *from;
+    return 0;
+}
+
+int
 der_copy_generalized_time (const time_t *from, time_t *to)
 {
     *to = *from;
@@ -1680,14 +1962,20 @@ int
 der_copy_printable_string (const heim_printable_string *from,
                       heim_printable_string *to)
 {
-    return der_copy_general_string(from, to);
+    to->length = from->length;
+    to->data   = malloc(to->length + 1);
+    if(to->data == NULL)
+       return ENOMEM;
+    memcpy(to->data, from->data, to->length);
+    ((char *)to->data)[to->length] = '\0';
+    return 0;
 }
 
 int
-der_copy_ia5_string (const heim_printable_string *from,
-                    heim_printable_string *to)
+der_copy_ia5_string (const heim_ia5_string *from,
+                    heim_ia5_string *to)
 {
-    return der_copy_general_string(from, to);
+    return der_copy_printable_string(from, to);
 }
 
 int
index ce9220f..36c7f9d 100644 (file)
+#define encode_NAME_TYPE _rxkad_v5_encode_NAME_TYPE
+#define decode_NAME_TYPE _rxkad_v5_decode_NAME_TYPE
+#define free_NAME_TYPE _rxkad_v5_free_NAME_TYPE
+#define length_NAME_TYPE _rxkad_v5_length_NAME_TYPE
+#define copy_NAME_TYPE _rxkad_v5_copy_NAME_TYPE
+#define encode_MESSAGE_TYPE _rxkad_v5_encode_MESSAGE_TYPE
+#define decode_MESSAGE_TYPE _rxkad_v5_decode_MESSAGE_TYPE
+#define free_MESSAGE_TYPE _rxkad_v5_free_MESSAGE_TYPE
+#define length_MESSAGE_TYPE _rxkad_v5_length_MESSAGE_TYPE
+#define copy_MESSAGE_TYPE _rxkad_v5_copy_MESSAGE_TYPE
+#define encode_PADATA_TYPE _rxkad_v5_encode_PADATA_TYPE
+#define decode_PADATA_TYPE _rxkad_v5_decode_PADATA_TYPE
+#define free_PADATA_TYPE _rxkad_v5_free_PADATA_TYPE
+#define length_PADATA_TYPE _rxkad_v5_length_PADATA_TYPE
+#define copy_PADATA_TYPE _rxkad_v5_copy_PADATA_TYPE
+#define encode_AUTHDATA_TYPE _rxkad_v5_encode_AUTHDATA_TYPE
+#define decode_AUTHDATA_TYPE _rxkad_v5_decode_AUTHDATA_TYPE
+#define free_AUTHDATA_TYPE _rxkad_v5_free_AUTHDATA_TYPE
+#define length_AUTHDATA_TYPE _rxkad_v5_length_AUTHDATA_TYPE
+#define copy_AUTHDATA_TYPE _rxkad_v5_copy_AUTHDATA_TYPE
+#define encode_CKSUMTYPE _rxkad_v5_encode_CKSUMTYPE
+#define decode_CKSUMTYPE _rxkad_v5_decode_CKSUMTYPE
+#define free_CKSUMTYPE _rxkad_v5_free_CKSUMTYPE
+#define length_CKSUMTYPE _rxkad_v5_length_CKSUMTYPE
+#define copy_CKSUMTYPE _rxkad_v5_copy_CKSUMTYPE
+#define encode_ENCTYPE _rxkad_v5_encode_ENCTYPE
+#define decode_ENCTYPE _rxkad_v5_decode_ENCTYPE
+#define free_ENCTYPE _rxkad_v5_free_ENCTYPE
+#define length_ENCTYPE _rxkad_v5_length_ENCTYPE
+#define copy_ENCTYPE _rxkad_v5_copy_ENCTYPE
+#define encode_krb5uint32 _rxkad_v5_encode_krb5uint32
+#define decode_krb5uint32 _rxkad_v5_decode_krb5uint32
+#define free_krb5uint32 _rxkad_v5_free_krb5uint32
+#define length_krb5uint32 _rxkad_v5_length_krb5uint32
+#define copy_krb5uint32 _rxkad_v5_copy_krb5uint32
 #define encode_krb5int32 _rxkad_v5_encode_krb5int32
 #define decode_krb5int32 _rxkad_v5_decode_krb5int32
 #define free_krb5int32 _rxkad_v5_free_krb5int32
 #define length_krb5int32 _rxkad_v5_length_krb5int32
 #define copy_krb5int32 _rxkad_v5_copy_krb5int32
-#define encode_AuthorizationDataElement _rxkad_v5_encode_AuthorizationDataElement
-#define decode_AuthorizationDataElement _rxkad_v5_decode_AuthorizationDataElement
-#define free_AuthorizationDataElement _rxkad_v5_free_AuthorizationDataElement
-#define length_AuthorizationDataElement _rxkad_v5_length_AuthorizationDataElement
-#define copy_AuthorizationDataElement _rxkad_v5_copy_AuthorizationDataElement
-#define encode_Ticket _rxkad_v5_encode_Ticket
-#define decode_Ticket _rxkad_v5_decode_Ticket
-#define free_Ticket _rxkad_v5_free_Ticket
-#define length_Ticket _rxkad_v5_length_Ticket
-#define copy_Ticket _rxkad_v5_copy_Ticket
-#define encode_EncryptedData _rxkad_v5_encode_EncryptedData
-#define decode_EncryptedData _rxkad_v5_decode_EncryptedData
-#define free_EncryptedData _rxkad_v5_free_EncryptedData
-#define length_EncryptedData _rxkad_v5_length_EncryptedData
-#define copy_EncryptedData _rxkad_v5_copy_EncryptedData
+#define encode_KerberosString _rxkad_v5_encode_KerberosString
+#define decode_KerberosString _rxkad_v5_decode_KerberosString
+#define free_KerberosString _rxkad_v5_free_KerberosString
+#define length_KerberosString _rxkad_v5_length_KerberosString
+#define copy_KerberosString _rxkad_v5_copy_KerberosString
+#define encode_Realm _rxkad_v5_encode_Realm
+#define decode_Realm _rxkad_v5_decode_Realm
+#define free_Realm _rxkad_v5_free_Realm
+#define length_Realm _rxkad_v5_length_Realm
+#define copy_Realm _rxkad_v5_copy_Realm
 #define encode_PrincipalName _rxkad_v5_encode_PrincipalName
 #define decode_PrincipalName _rxkad_v5_decode_PrincipalName
 #define free_PrincipalName _rxkad_v5_free_PrincipalName
 #define length_PrincipalName _rxkad_v5_length_PrincipalName
 #define copy_PrincipalName _rxkad_v5_copy_PrincipalName
-#define encode_HostAddresses _rxkad_v5_encode_HostAddresses
-#define decode_HostAddresses _rxkad_v5_decode_HostAddresses
-#define free_HostAddresses _rxkad_v5_free_HostAddresses
-#define length_HostAddresses _rxkad_v5_length_HostAddresses
-#define copy_HostAddresses _rxkad_v5_copy_HostAddresses
+#define encode_Principal _rxkad_v5_encode_Principal
+#define decode_Principal _rxkad_v5_decode_Principal
+#define free_Principal _rxkad_v5_free_Principal
+#define length_Principal _rxkad_v5_length_Principal
+#define copy_Principal _rxkad_v5_copy_Principal
+#define encode_Principals _rxkad_v5_encode_Principals
+#define decode_Principals _rxkad_v5_decode_Principals
+#define free_Principals _rxkad_v5_free_Principals
+#define length_Principals _rxkad_v5_length_Principals
+#define copy_Principals _rxkad_v5_copy_Principals
 #define encode_HostAddress _rxkad_v5_encode_HostAddress
 #define decode_HostAddress _rxkad_v5_decode_HostAddress
 #define free_HostAddress _rxkad_v5_free_HostAddress
 #define length_HostAddress _rxkad_v5_length_HostAddress
 #define copy_HostAddress _rxkad_v5_copy_HostAddress
-#define add_AuthorizationData _rxkad_v5_add_AuthorizationData
-#define remove_AuthorizationData _rxkad_v5_remove_AuthorizationData
-#define encode_AuthorizationData _rxkad_v5_encode_AuthorizationData
-#define decode_AuthorizationData _rxkad_v5_decode_AuthorizationData
-#define free_AuthorizationData _rxkad_v5_free_AuthorizationData
-#define length_AuthorizationData _rxkad_v5_length_AuthorizationData
-#define copy_AuthorizationData _rxkad_v5_copy_AuthorizationData
-#define encode_EncTicketPart _rxkad_v5_encode_EncTicketPart
-#define decode_EncTicketPart _rxkad_v5_decode_EncTicketPart
-#define free_EncTicketPart _rxkad_v5_free_EncTicketPart
-#define length_EncTicketPart _rxkad_v5_length_EncTicketPart
-#define copy_EncTicketPart _rxkad_v5_copy_EncTicketPart
+#define encode_HostAddresses _rxkad_v5_encode_HostAddresses
+#define decode_HostAddresses _rxkad_v5_decode_HostAddresses
+#define free_HostAddresses _rxkad_v5_free_HostAddresses
+#define length_HostAddresses _rxkad_v5_length_HostAddresses
+#define copy_HostAddresses _rxkad_v5_copy_HostAddresses
 #define encode_KerberosTime _rxkad_v5_encode_KerberosTime
 #define decode_KerberosTime _rxkad_v5_decode_KerberosTime
 #define free_KerberosTime _rxkad_v5_free_KerberosTime
 #define length_KerberosTime _rxkad_v5_length_KerberosTime
 #define copy_KerberosTime _rxkad_v5_copy_KerberosTime
-#define encode_TransitedEncoding _rxkad_v5_encode_TransitedEncoding
-#define decode_TransitedEncoding _rxkad_v5_decode_TransitedEncoding
-#define free_TransitedEncoding _rxkad_v5_free_TransitedEncoding
-#define length_TransitedEncoding _rxkad_v5_length_TransitedEncoding
-#define copy_TransitedEncoding _rxkad_v5_copy_TransitedEncoding
-#define encode_EncryptionKey _rxkad_v5_encode_EncryptionKey
-#define decode_EncryptionKey _rxkad_v5_decode_EncryptionKey
-#define free_EncryptionKey _rxkad_v5_free_EncryptionKey
-#define length_EncryptionKey _rxkad_v5_length_EncryptionKey
-#define copy_EncryptionKey _rxkad_v5_copy_EncryptionKey
+#define encode_AuthorizationDataElement _rxkad_v5_encode_AuthorizationDataElement
+#define decode_AuthorizationDataElement _rxkad_v5_decode_AuthorizationDataElement
+#define free_AuthorizationDataElement _rxkad_v5_free_AuthorizationDataElement
+#define length_AuthorizationDataElement _rxkad_v5_length_AuthorizationDataElement
+#define copy_AuthorizationDataElement _rxkad_v5_copy_AuthorizationDataElement
+#define encode_AuthorizationData _rxkad_v5_encode_AuthorizationData
+#define decode_AuthorizationData _rxkad_v5_decode_AuthorizationData
+#define free_AuthorizationData _rxkad_v5_free_AuthorizationData
+#define length_AuthorizationData _rxkad_v5_length_AuthorizationData
+#define copy_AuthorizationData _rxkad_v5_copy_AuthorizationData
+#define encode_APOptions _rxkad_v5_encode_APOptions
+#define decode_APOptions _rxkad_v5_decode_APOptions
+#define free_APOptions _rxkad_v5_free_APOptions
+#define length_APOptions _rxkad_v5_length_APOptions
+#define copy_APOptions _rxkad_v5_copy_APOptions
 #define encode_TicketFlags _rxkad_v5_encode_TicketFlags
 #define decode_TicketFlags _rxkad_v5_decode_TicketFlags
 #define free_TicketFlags _rxkad_v5_free_TicketFlags
 #define length_TicketFlags _rxkad_v5_length_TicketFlags
 #define copy_TicketFlags _rxkad_v5_copy_TicketFlags
-#define encode_Realm _rxkad_v5_encode_Realm
-#define decode_Realm _rxkad_v5_decode_Realm
-#define free_Realm _rxkad_v5_free_Realm
-#define length_Realm _rxkad_v5_length_Realm
-#define copy_Realm _rxkad_v5_copy_Realm
-#define encode_ENCTYPE _rxkad_v5_encode_ENCTYPE
-#define decode_ENCTYPE _rxkad_v5_decode_ENCTYPE
-#define free_ENCTYPE _rxkad_v5_free_ENCTYPE
-#define length_ENCTYPE _rxkad_v5_length_ENCTYPE
-#define copy_ENCTYPE _rxkad_v5_copy_ENCTYPE
-#define encode_NAME_TYPE _rxkad_v5_encode_NAME_TYPE
-#define decode_NAME_TYPE _rxkad_v5_decode_NAME_TYPE
-#define free_NAME_TYPE _rxkad_v5_free_NAME_TYPE
-#define length_NAME_TYPE _rxkad_v5_length_NAME_TYPE
-#define copy_NAME_TYPE _rxkad_v5_copy_NAME_TYPE
-#define der_copy_bit_string _rxkad_v5_der_copy_bit_string
-#define der_copy_bmp_string _rxkad_v5_der_copy_bmp_string
-#define der_copy_general_string _rxkad_v5_der_copy_general_string
-#define der_copy_generalized_time _rxkad_v5_der_copy_generalized_time
-#define der_copy_heim_integer _rxkad_v5_der_copy_heim_integer
-#define der_copy_ia5_string _rxkad_v5_der_copy_ia5_string
-#define der_copy_integer _rxkad_v5_der_copy_integer
-#define der_copy_octet_string _rxkad_v5_der_copy_octet_string
-#define der_copy_oid _rxkad_v5_der_copy_oid
-#define der_copy_printable_string _rxkad_v5_der_copy_printable_string
-#define der_copy_universal_string _rxkad_v5_der_copy_universal_string
-#define der_copy_unsigned _rxkad_v5_der_copy_unsigned
-#define der_copy_utctime _rxkad_v5_der_copy_utctime
-#define der_copy_utf8string _rxkad_v5_der_copy_utf8string
-#define der_copy_visible_string _rxkad_v5_der_copy_visible_string
-#define der_free_bit_string _rxkad_v5_der_free_bit_string
-#define der_free_bmp_string _rxkad_v5_der_free_bmp_string
+#define encode_KDCOptions _rxkad_v5_encode_KDCOptions
+#define decode_KDCOptions _rxkad_v5_decode_KDCOptions
+#define free_KDCOptions _rxkad_v5_free_KDCOptions
+#define length_KDCOptions _rxkad_v5_length_KDCOptions
+#define copy_KDCOptions _rxkad_v5_copy_KDCOptions
+#define encode_LR_TYPE _rxkad_v5_encode_LR_TYPE
+#define decode_LR_TYPE _rxkad_v5_decode_LR_TYPE
+#define free_LR_TYPE _rxkad_v5_free_LR_TYPE
+#define length_LR_TYPE _rxkad_v5_length_LR_TYPE
+#define copy_LR_TYPE _rxkad_v5_copy_LR_TYPE
+#define encode_LastReq _rxkad_v5_encode_LastReq
+#define decode_LastReq _rxkad_v5_decode_LastReq
+#define free_LastReq _rxkad_v5_free_LastReq
+#define length_LastReq _rxkad_v5_length_LastReq
+#define copy_LastReq _rxkad_v5_copy_LastReq
+#define encode_EncryptedData _rxkad_v5_encode_EncryptedData
+#define decode_EncryptedData _rxkad_v5_decode_EncryptedData
+#define free_EncryptedData _rxkad_v5_free_EncryptedData
+#define length_EncryptedData _rxkad_v5_length_EncryptedData
+#define copy_EncryptedData _rxkad_v5_copy_EncryptedData
+#define encode_EncryptionKey _rxkad_v5_encode_EncryptionKey
+#define decode_EncryptionKey _rxkad_v5_decode_EncryptionKey
+#define free_EncryptionKey _rxkad_v5_free_EncryptionKey
+#define length_EncryptionKey _rxkad_v5_length_EncryptionKey
+#define copy_EncryptionKey _rxkad_v5_copy_EncryptionKey
+#define encode_TransitedEncoding _rxkad_v5_encode_TransitedEncoding
+#define decode_TransitedEncoding _rxkad_v5_decode_TransitedEncoding
+#define free_TransitedEncoding _rxkad_v5_free_TransitedEncoding
+#define length_TransitedEncoding _rxkad_v5_length_TransitedEncoding
+#define copy_TransitedEncoding _rxkad_v5_copy_TransitedEncoding
+#define encode_Ticket _rxkad_v5_encode_Ticket
+#define decode_Ticket _rxkad_v5_decode_Ticket
+#define free_Ticket _rxkad_v5_free_Ticket
+#define length_Ticket _rxkad_v5_length_Ticket
+#define copy_Ticket _rxkad_v5_copy_Ticket
+#define encode_EncTicketPart _rxkad_v5_encode_EncTicketPart
+#define decode_EncTicketPart _rxkad_v5_decode_EncTicketPart
+#define free_EncTicketPart _rxkad_v5_free_EncTicketPart
+#define length_EncTicketPart _rxkad_v5_length_EncTicketPart
+#define copy_EncTicketPart _rxkad_v5_copy_EncTicketPart
+#define der_get_unsigned _rxkad_v5_der_get_unsigned
+#define der_get_unsigned64 _rxkad_v5_der_get_unsigned64
+#define der_get_integer _rxkad_v5_der_get_integer
+#define der_get_integer64 _rxkad_v5_der_get_integer64
+#define der_get_length _rxkad_v5_der_get_length
+#define der_get_boolean _rxkad_v5_der_get_boolean
+#define der_get_general_string _rxkad_v5_der_get_general_string
+#define der_get_utf8string _rxkad_v5_der_get_utf8string
+#define der_get_printable_string _rxkad_v5_der_get_printable_string
+#define der_get_ia5_string _rxkad_v5_der_get_ia5_string
+#define der_get_bmp_string _rxkad_v5_der_get_bmp_string
+#define der_get_universal_string _rxkad_v5_der_get_universal_string
+#define der_get_visible_string _rxkad_v5_der_get_visible_string
+#define der_get_octet_string _rxkad_v5_der_get_octet_string
+#define der_get_octet_string_ber _rxkad_v5_der_get_octet_string_ber
+#define der_get_heim_integer _rxkad_v5_der_get_heim_integer
+#define der_get_time _rxkad_v5_der_get_time
+#define der_get_generalized_time _rxkad_v5_der_get_generalized_time
+#define der_get_utctime _rxkad_v5_der_get_utctime
+#define der_get_oid _rxkad_v5_der_get_oid
+#define der_get_tag _rxkad_v5_der_get_tag
+#define der_match_tag _rxkad_v5_der_match_tag
+#define der_match_tag2 _rxkad_v5_der_match_tag2
+#define der_match_tag_and_length _rxkad_v5_der_match_tag_and_length
+#define der_get_bit_string _rxkad_v5_der_get_bit_string
+#define der_put_unsigned _rxkad_v5_der_put_unsigned
+#define der_put_unsigned64 _rxkad_v5_der_put_unsigned64
+#define der_put_integer _rxkad_v5_der_put_integer
+#define der_put_integer64 _rxkad_v5_der_put_integer64
+#define der_put_length _rxkad_v5_der_put_length
+#define der_put_boolean _rxkad_v5_der_put_boolean
+#define der_put_general_string _rxkad_v5_der_put_general_string
+#define der_put_utf8string _rxkad_v5_der_put_utf8string
+#define der_put_printable_string _rxkad_v5_der_put_printable_string
+#define der_put_ia5_string _rxkad_v5_der_put_ia5_string
+#define der_put_bmp_string _rxkad_v5_der_put_bmp_string
+#define der_put_universal_string _rxkad_v5_der_put_universal_string
+#define der_put_visible_string _rxkad_v5_der_put_visible_string
+#define der_put_octet_string _rxkad_v5_der_put_octet_string
+#define der_put_heim_integer _rxkad_v5_der_put_heim_integer
+#define der_put_generalized_time _rxkad_v5_der_put_generalized_time
+#define der_put_utctime _rxkad_v5_der_put_utctime
+#define der_put_oid _rxkad_v5_der_put_oid
+#define der_put_tag _rxkad_v5_der_put_tag
+#define der_put_length_and_tag _rxkad_v5_der_put_length_and_tag
+#define der_put_bit_string _rxkad_v5_der_put_bit_string
 #define der_free_general_string _rxkad_v5_der_free_general_string
-#define der_free_generalized_time _rxkad_v5_der_free_generalized_time
-#define der_free_heim_integer _rxkad_v5_der_free_heim_integer
-#define der_free_ia5_string _rxkad_v5_der_free_ia5_string
 #define der_free_integer _rxkad_v5_der_free_integer
-#define der_free_octet_string _rxkad_v5_der_free_octet_string
-#define der_free_oid _rxkad_v5_der_free_oid
-#define der_free_printable_string _rxkad_v5_der_free_printable_string
-#define der_free_universal_string _rxkad_v5_der_free_universal_string
+#define der_free_integer64 _rxkad_v5_der_free_integer64
 #define der_free_unsigned _rxkad_v5_der_free_unsigned
+#define der_free_unsigned64 _rxkad_v5_der_free_unsigned64
+#define der_free_generalized_time _rxkad_v5_der_free_generalized_time
 #define der_free_utctime _rxkad_v5_der_free_utctime
 #define der_free_utf8string _rxkad_v5_der_free_utf8string
+#define der_free_printable_string _rxkad_v5_der_free_printable_string
+#define der_free_ia5_string _rxkad_v5_der_free_ia5_string
+#define der_free_bmp_string _rxkad_v5_der_free_bmp_string
+#define der_free_universal_string _rxkad_v5_der_free_universal_string
 #define der_free_visible_string _rxkad_v5_der_free_visible_string
-#define der_get_bit_string _rxkad_v5_der_get_bit_string
-#define der_get_generalized_time _rxkad_v5_der_get_generalized_time
-#define der_get_heim_integer _rxkad_v5_der_get_heim_integer
-#define der_get_ia5_string _rxkad_v5_der_get_ia5_string
-#define der_get_octet_string_ber _rxkad_v5_der_get_octet_string_ber
-#define der_get_printable_string _rxkad_v5_der_get_printable_string
-#define der_get_time _rxkad_v5_der_get_time
-#define der_get_utf8string _rxkad_v5_der_get_utf8string
-#define der_get_visible_string _rxkad_v5_der_get_visible_string
-#define der_get_bmp_string _rxkad_v5_der_get_bmp_string
-#define der_get_boolean _rxkad_v5_der_get_boolean
-#define der_get_unsigned  _rxkad_v5_der_get_unsigned
-#define der_get_integer _rxkad_v5_der_get_integer
-#define der_get_int  _rxkad_v5_der_get_int
-#define der_get_length  _rxkad_v5_der_get_length
-#define der_get_general_string  _rxkad_v5_der_get_general_string
-#define der_get_octet_string  _rxkad_v5_der_get_octet_string
-#define der_get_oid  _rxkad_v5_der_get_oid
-#define der_get_tag  _rxkad_v5_der_get_tag
-#define der_get_universal_string _rxkad_v5_der_get_universal_string
-#define der_get_utctime _rxkad_v5_der_get_utctime
-#define der_length_bit_string _rxkad_v5_der_length_bit_string
-#define der_length_bmp_string _rxkad_v5_der_length_bmp_string
-#define der_length_boolean _rxkad_v5_der_length_boolean
+#define der_free_octet_string _rxkad_v5_der_free_octet_string
+#define der_free_heim_integer _rxkad_v5_der_free_heim_integer
+#define der_free_oid _rxkad_v5_der_free_oid
+#define der_free_bit_string _rxkad_v5_der_free_bit_string
+#define len_oid _rxkad_v5_len_oid
+#define der_length_len _rxkad_v5_der_length_len
+#define der_length_tag _rxkad_v5_der_length_tag
+#define der_length_integer _rxkad_v5_der_length_integer
+#define der_length_integer64 _rxkad_v5_der_length_integer64
+#define der_length_unsigned _rxkad_v5_der_length_unsigned
+#define der_length_unsigned64 _rxkad_v5_der_length_unsigned64
 #define der_length_enumerated _rxkad_v5_der_length_enumerated
 #define der_length_general_string _rxkad_v5_der_length_general_string
-#define der_length_generalized_time _rxkad_v5_der_length_generalized_time
-#define der_length_heim_integer _rxkad_v5_der_length_heim_integer
+#define der_length_utf8string _rxkad_v5_der_length_utf8string
+#define der_length_printable_string _rxkad_v5_der_length_printable_string
 #define der_length_ia5_string _rxkad_v5_der_length_ia5_string
-#define der_length_integer _rxkad_v5_der_length_integer
-#define der_length_len _rxkad_v5_der_length_len
+#define der_length_bmp_string _rxkad_v5_der_length_bmp_string
+#define der_length_universal_string _rxkad_v5_der_length_universal_string
+#define der_length_visible_string _rxkad_v5_der_length_visible_string
 #define der_length_octet_string _rxkad_v5_der_length_octet_string
+#define der_length_heim_integer _rxkad_v5_der_length_heim_integer
 #define der_length_oid _rxkad_v5_der_length_oid
-#define der_length_printable_string _rxkad_v5_der_length_printable_string
-#define der_length_tag _rxkad_v5_der_length_tag
-#define der_length_universal_string _rxkad_v5_der_length_universal_string
-#define der_length_unsigned _rxkad_v5_der_length_unsigned
+#define der_length_generalized_time _rxkad_v5_der_length_generalized_time
 #define der_length_utctime _rxkad_v5_der_length_utctime
-#define der_length_utf8string _rxkad_v5_der_length_utf8string
-#define der_length_visible_string _rxkad_v5_der_length_visible_string
-#define der_match_tag  _rxkad_v5_der_match_tag
-#define der_match_tag_and_length  _rxkad_v5_der_match_tag_and_length
-#define der_match_tag2 _rxkad_v5_der_match_tag2
-#define decode_integer  _rxkad_v5_decode_integer
-#define decode_unsigned  _rxkad_v5_decode_unsigned
-#define decode_enumerated  _rxkad_v5_decode_enumerated
-#define decode_general_string  _rxkad_v5_decode_general_string
-#define decode_octet_string  _rxkad_v5_decode_octet_string
-#define decode_oid  _rxkad_v5_decode_oid
-#define decode_generalized_time  _rxkad_v5_decode_generalized_time
-#define fix_dce _rxkad_v5_fix_dce
-#define der_put_bit_string _rxkad_v5_der_put_bit_string
-#define der_put_generalized_time _rxkad_v5_der_put_generalized_time
-#define der_put_heim_integer _rxkad_v5_der_put_heim_integer
-#define der_put_ia5_string _rxkad_v5_der_put_ia5_string
-#define der_put_printable_string _rxkad_v5_der_put_printable_string
-#define der_put_utf8string _rxkad_v5_der_put_utf8string
-#define der_put_visible_string _rxkad_v5_der_put_visible_string
-#define der_put_bmp_string _rxkad_v5_der_put_bmp_string
-#define der_put_boolean _rxkad_v5_der_put_boolean
-#define der_put_unsigned  _rxkad_v5_der_put_unsigned
-#define der_put_int  _rxkad_v5_der_put_int
-#define der_put_integer _rxkad_v5_der_put_integer
-#define der_put_length  _rxkad_v5_der_put_length
-#define der_put_general_string  _rxkad_v5_der_put_general_string
-#define der_put_octet_string  _rxkad_v5_der_put_octet_string
-#define der_put_oid  _rxkad_v5_der_put_oid
-#define der_put_tag  _rxkad_v5_der_put_tag
-#define der_put_length_and_tag  _rxkad_v5_der_put_length_and_tag
-#define der_put_universal_string _rxkad_v5_der_put_universal_string
-#define der_put_utctime _rxkad_v5_der_put_utctime
-#define encode_integer  _rxkad_v5_encode_integer
-#define encode_unsigned  _rxkad_v5_encode_unsigned
-#define encode_enumerated  _rxkad_v5_encode_enumerated
-#define encode_general_string  _rxkad_v5_encode_general_string
-#define encode_octet_string  _rxkad_v5_encode_octet_string
-#define encode_oid _rxkad_v5_encode_oid
-#define time2generalizedtime  _rxkad_v5_time2generalizedtime
-#define encode_generalized_time  _rxkad_v5_encode_generalized_time
-#define free_general_string  _rxkad_v5_free_general_string
-#define free_octet_string  _rxkad_v5_free_octet_string
-#define free_oid  _rxkad_v5_free_oid
-#define len_unsigned  _rxkad_v5_len_unsigned
-#define len_int  _rxkad_v5_len_int
-#define len_oid  _rxkad_v5_len_oid
-#define length_len  _rxkad_v5_length_len
-#define length_integer  _rxkad_v5_length_integer
-#define length_unsigned  _rxkad_v5_length_unsigned
-#define length_enumerated  _rxkad_v5_length_enumerated
-#define length_general_string  _rxkad_v5_length_general_string
-#define length_octet_string  _rxkad_v5_length_octet_string
-#define length_oid  _rxkad_v5_length_oid
-#define length_generalized_time  _rxkad_v5_length_generalized_time
-#define copy_general_string  _rxkad_v5_copy_general_string
-#define copy_octet_string  _rxkad_v5_copy_octet_string
-#define copy_oid  _rxkad_v5_copy_oid
+#define der_length_boolean _rxkad_v5_der_length_boolean
+#define der_length_bit_string _rxkad_v5_der_length_bit_string
+#define der_copy_general_string _rxkad_v5_der_copy_general_string
+#define der_copy_integer _rxkad_v5_der_copy_integer
+#define der_copy_integer64 _rxkad_v5_der_copy_integer64
+#define der_copy_unsigned _rxkad_v5_der_copy_unsigned
+#define der_copy_unsigned64 _rxkad_v5_der_copy_unsigned64
+#define der_copy_generalized_time _rxkad_v5_der_copy_generalized_time
+#define der_copy_utctime _rxkad_v5_der_copy_utctime
+#define der_copy_utf8string _rxkad_v5_der_copy_utf8string
+#define der_copy_printable_string _rxkad_v5_der_copy_printable_string
+#define der_copy_ia5_string _rxkad_v5_der_copy_ia5_string
+#define der_copy_bmp_string _rxkad_v5_der_copy_bmp_string
+#define der_copy_universal_string _rxkad_v5_der_copy_universal_string
+#define der_copy_visible_string _rxkad_v5_der_copy_visible_string
+#define der_copy_octet_string _rxkad_v5_der_copy_octet_string
+#define der_copy_heim_integer _rxkad_v5_der_copy_heim_integer
+#define der_copy_oid _rxkad_v5_der_copy_oid
+#define der_copy_bit_string _rxkad_v5_der_copy_bit_string
 #define TicketFlags2int _rxkad_v5_TicketFlags2int
 #define int2TicketFlags _rxkad_v5_int2TicketFlags
-#ifndef HAVE_TIMEGM
-#define timegm _rxkad_timegm
-#endif
-#define _heim_fix_dce _rxkad_v5__heim_fix_dce
-#define _der_timegm _rxkad_v5__der_timegm
-#define _heim_der_set_sort _rxkad_v5__heim_der_set_sort
-#define _heim_len_int _rxkad_v5__heim_len_int
-#define _heim_len_unsigned _rxkad_v5__heim_len_unsigned
-#define _heim_time2generalizedtime _rxkad_v5__heim_time2generalizedtime
index f182325..83a419b 100644 (file)
@@ -1,6 +1,214 @@
+#define HEIMDAL_UNUSED_ATTRIBUTE AFS_UNUSED
+int ASN1CALL decode_MESSAGE_TYPE(const unsigned char *, size_t,
+                                MESSAGE_TYPE *, size_t *);
+int ASN1CALL encode_MESSAGE_TYPE(unsigned char *, size_t,
+                                const MESSAGE_TYPE *, size_t *);
+size_t ASN1CALL length_MESSAGE_TYPE(const MESSAGE_TYPE *);
+int ASN1CALL copy_MESSAGE_TYPE(const MESSAGE_TYPE *, MESSAGE_TYPE *);
+void ASN1CALL free_MESSAGE_TYPE(MESSAGE_TYPE *);
+
+
+int ASN1CALL decode_krb5uint32(const unsigned char *, size_t, krb5uint32 *,
+                              size_t *);
+int ASN1CALL encode_krb5uint32(unsigned char *, size_t, const krb5uint32 *,
+                              size_t *);
+size_t ASN1CALL length_krb5uint32(const krb5uint32 *);
+int ASN1CALL copy_krb5uint32(const krb5uint32 *, krb5uint32 *);
+void ASN1CALL free_krb5uint32(krb5uint32 *);
+
+
+int ASN1CALL decode_krb5int32(const unsigned char *, size_t, krb5int32 *,
+                             size_t *);
+int ASN1CALL encode_krb5int32(unsigned char *, size_t, const krb5int32 *,
+                             size_t *);
+size_t ASN1CALL length_krb5int32(const krb5int32 *);
+int ASN1CALL copy_krb5int32(const krb5int32 *, krb5int32 *);
+void ASN1CALL free_krb5int32(krb5int32 *);
+
+
+int ASN1CALL decode_APOptions(const unsigned char *, size_t, APOptions *,
+                             size_t *);
+int ASN1CALL encode_APOptions(unsigned char *, size_t, const APOptions *,
+                             size_t *);
+size_t ASN1CALL length_APOptions(const APOptions *);
+int ASN1CALL copy_APOptions(const APOptions *, APOptions *);
+void ASN1CALL free_APOptions(APOptions *);
+
+
+int ASN1CALL decode_TYPED_DATA(const unsigned char *, size_t, TYPED_DATA *,
+                              size_t *);
+int ASN1CALL encode_TYPED_DATA(unsigned char *, size_t, const TYPED_DATA *,
+                              size_t *);
+size_t ASN1CALL length_TYPED_DATA(const TYPED_DATA *);
+int ASN1CALL copy_TYPED_DATA(const TYPED_DATA *, TYPED_DATA *);
+void ASN1CALL free_TYPED_DATA(TYPED_DATA *);
+
+
+int ASN1CALL decode_KDC_REQ(const unsigned char *, size_t, KDC_REQ *,
+                           size_t *);
+int ASN1CALL encode_KDC_REQ(unsigned char *, size_t, const KDC_REQ *,
+                           size_t *);
+size_t ASN1CALL length_KDC_REQ(const KDC_REQ *);
+int ASN1CALL copy_KDC_REQ(const KDC_REQ *, KDC_REQ *);
+void ASN1CALL free_KDC_REQ(KDC_REQ *);
+
+
+int ASN1CALL decode_PROV_SRV_LOCATION(const unsigned char *, size_t,
+                                     PROV_SRV_LOCATION *, size_t *);
+int ASN1CALL encode_PROV_SRV_LOCATION(unsigned char *, size_t,
+                                     const PROV_SRV_LOCATION *, size_t *);
+size_t ASN1CALL length_PROV_SRV_LOCATION(const PROV_SRV_LOCATION *);
+int ASN1CALL copy_PROV_SRV_LOCATION(const PROV_SRV_LOCATION *,
+                                   PROV_SRV_LOCATION *);
+void ASN1CALL free_PROV_SRV_LOCATION(PROV_SRV_LOCATION *);
+
+
+int ASN1CALL decode_AD_MANDATORY_FOR_KDC(const unsigned char *, size_t,
+                                        AD_MANDATORY_FOR_KDC *, size_t *);
+int ASN1CALL encode_AD_MANDATORY_FOR_KDC(unsigned char *, size_t,
+                                        const AD_MANDATORY_FOR_KDC *,
+                                        size_t *);
+size_t ASN1CALL length_AD_MANDATORY_FOR_KDC(const AD_MANDATORY_FOR_KDC *);
+int ASN1CALL copy_AD_MANDATORY_FOR_KDC(const AD_MANDATORY_FOR_KDC *,
+                                      AD_MANDATORY_FOR_KDC *);
+void ASN1CALL free_AD_MANDATORY_FOR_KDC(AD_MANDATORY_FOR_KDC *);
+
+
+int ASN1CALL decode_PA_SAM_TYPE(const unsigned char *, size_t, PA_SAM_TYPE *,
+                               size_t *);
+int ASN1CALL encode_PA_SAM_TYPE(unsigned char *, size_t, const PA_SAM_TYPE *,
+                               size_t *);
+size_t ASN1CALL length_PA_SAM_TYPE(const PA_SAM_TYPE *);
+int ASN1CALL copy_PA_SAM_TYPE(const PA_SAM_TYPE *, PA_SAM_TYPE *);
+void ASN1CALL free_PA_SAM_TYPE(PA_SAM_TYPE *);
+
+
+int ASN1CALL decode_PA_SAM_REDIRECT(const unsigned char *, size_t,
+                                   PA_SAM_REDIRECT *, size_t *);
+int ASN1CALL encode_PA_SAM_REDIRECT(unsigned char *, size_t,
+                                   const PA_SAM_REDIRECT *, size_t *);
+size_t ASN1CALL length_PA_SAM_REDIRECT(const PA_SAM_REDIRECT *);
+int ASN1CALL copy_PA_SAM_REDIRECT(const PA_SAM_REDIRECT *, PA_SAM_REDIRECT *);
+void ASN1CALL free_PA_SAM_REDIRECT(PA_SAM_REDIRECT *);
+
+
+int ASN1CALL decode_SAMFlags(const unsigned char *, size_t, SAMFlags *,
+                            size_t *);
+int ASN1CALL encode_SAMFlags(unsigned char *, size_t, const SAMFlags *,
+                            size_t *);
+size_t ASN1CALL length_SAMFlags(const SAMFlags *);
+int ASN1CALL copy_SAMFlags(const SAMFlags *, SAMFlags *);
+void ASN1CALL free_SAMFlags(SAMFlags *);
+
+
+int ASN1CALL decode_PA_SAM_CHALLENGE_2_BODY(const unsigned char *, size_t,
+                                           PA_SAM_CHALLENGE_2_BODY *,
+                                           size_t *);
+int ASN1CALL encode_PA_SAM_CHALLENGE_2_BODY(unsigned char *, size_t,
+                                           const PA_SAM_CHALLENGE_2_BODY *,
+                                           size_t *);
+size_t ASN1CALL length_PA_SAM_CHALLENGE_2_BODY(const PA_SAM_CHALLENGE_2_BODY
+                                              *);
+int ASN1CALL copy_PA_SAM_CHALLENGE_2_BODY(const PA_SAM_CHALLENGE_2_BODY *,
+                                         PA_SAM_CHALLENGE_2_BODY *);
+void ASN1CALL free_PA_SAM_CHALLENGE_2_BODY(PA_SAM_CHALLENGE_2_BODY *);
+
+
+int ASN1CALL decode_PA_SAM_CHALLENGE_2(const unsigned char *, size_t,
+                                      PA_SAM_CHALLENGE_2 *, size_t *);
+int ASN1CALL encode_PA_SAM_CHALLENGE_2(unsigned char *, size_t,
+                                      const PA_SAM_CHALLENGE_2 *, size_t *);
+size_t ASN1CALL length_PA_SAM_CHALLENGE_2(const PA_SAM_CHALLENGE_2 *);
+int ASN1CALL copy_PA_SAM_CHALLENGE_2(const PA_SAM_CHALLENGE_2 *,
+                                    PA_SAM_CHALLENGE_2 *);
+void ASN1CALL free_PA_SAM_CHALLENGE_2(PA_SAM_CHALLENGE_2 *);
+
+
+int ASN1CALL decode_PA_SAM_RESPONSE_2(const unsigned char *, size_t,
+                                     PA_SAM_RESPONSE_2 *, size_t *);
+int ASN1CALL encode_PA_SAM_RESPONSE_2(unsigned char *, size_t,
+                                     const PA_SAM_RESPONSE_2 *, size_t *);
+size_t ASN1CALL length_PA_SAM_RESPONSE_2(const PA_SAM_RESPONSE_2 *);
+int ASN1CALL copy_PA_SAM_RESPONSE_2(const PA_SAM_RESPONSE_2 *,
+                                   PA_SAM_RESPONSE_2 *);
+void ASN1CALL free_PA_SAM_RESPONSE_2(PA_SAM_RESPONSE_2 *);
+
+
+int ASN1CALL decode_PA_ENC_SAM_RESPONSE_ENC(const unsigned char *, size_t,
+                                           PA_ENC_SAM_RESPONSE_ENC *,
+                                           size_t *);
+int ASN1CALL encode_PA_ENC_SAM_RESPONSE_ENC(unsigned char *, size_t,
+                                           const PA_ENC_SAM_RESPONSE_ENC *,
+                                           size_t *);
+size_t ASN1CALL length_PA_ENC_SAM_RESPONSE_ENC(const PA_ENC_SAM_RESPONSE_ENC
+                                              *);
+int ASN1CALL copy_PA_ENC_SAM_RESPONSE_ENC(const PA_ENC_SAM_RESPONSE_ENC *,
+                                         PA_ENC_SAM_RESPONSE_ENC *);
+void ASN1CALL free_PA_ENC_SAM_RESPONSE_ENC(PA_ENC_SAM_RESPONSE_ENC *);
+
+
+int ASN1CALL decode_FastOptions(const unsigned char *, size_t, FastOptions *,
+                               size_t *);
+int ASN1CALL encode_FastOptions(unsigned char *, size_t, const FastOptions *,
+                               size_t *);
+size_t ASN1CALL length_FastOptions(const FastOptions *);
+int ASN1CALL copy_FastOptions(const FastOptions *, FastOptions *);
+void ASN1CALL free_FastOptions(FastOptions *);
+
+
+int ASN1CALL decode_KrbFastArmoredReq(const unsigned char *, size_t,
+                                     KrbFastArmoredReq *, size_t *);
+int ASN1CALL encode_KrbFastArmoredReq(unsigned char *, size_t,
+                                     const KrbFastArmoredReq *, size_t *);
+size_t ASN1CALL length_KrbFastArmoredReq(const KrbFastArmoredReq *);
+int ASN1CALL copy_KrbFastArmoredReq(const KrbFastArmoredReq *,
+                                   KrbFastArmoredReq *);
+void ASN1CALL free_KrbFastArmoredReq(KrbFastArmoredReq *);
+
+
+int ASN1CALL decode_KrbFastArmoredRep(const unsigned char *, size_t,
+                                     KrbFastArmoredRep *, size_t *);
+int ASN1CALL encode_KrbFastArmoredRep(unsigned char *, size_t,
+                                     const KrbFastArmoredRep *, size_t *);
+size_t ASN1CALL length_KrbFastArmoredRep(const KrbFastArmoredRep *);
+int ASN1CALL copy_KrbFastArmoredRep(const KrbFastArmoredRep *,
+                                   KrbFastArmoredRep *);
+void ASN1CALL free_KrbFastArmoredRep(KrbFastArmoredRep *);
+
+
+int ASN1CALL decode_KDCFastFlags(const unsigned char *, size_t,
+                                KDCFastFlags *, size_t *);
+int ASN1CALL encode_KDCFastFlags(unsigned char *, size_t,
+                                const KDCFastFlags *, size_t *);
+size_t ASN1CALL length_KDCFastFlags(const KDCFastFlags *);
+int ASN1CALL copy_KDCFastFlags(const KDCFastFlags *, KDCFastFlags *);
+void ASN1CALL free_KDCFastFlags(KDCFastFlags *);
+
+
+int ASN1CALL decode_KERB_TGS_REP_IN(const unsigned char *, size_t,
+                                   KERB_TGS_REP_IN *, size_t *);
+int ASN1CALL encode_KERB_TGS_REP_IN(unsigned char *, size_t,
+                                   const KERB_TGS_REP_IN *, size_t *);
+size_t ASN1CALL length_KERB_TGS_REP_IN(const KERB_TGS_REP_IN *);
+int ASN1CALL copy_KERB_TGS_REP_IN(const KERB_TGS_REP_IN *, KERB_TGS_REP_IN *);
+void ASN1CALL free_KERB_TGS_REP_IN(KERB_TGS_REP_IN *);
+
+
+int ASN1CALL decode_KERB_TGS_REP_OUT(const unsigned char *, size_t,
+                                    KERB_TGS_REP_OUT *, size_t *);
+int ASN1CALL encode_KERB_TGS_REP_OUT(unsigned char *, size_t,
+                                    const KERB_TGS_REP_OUT *, size_t *);
+size_t ASN1CALL length_KERB_TGS_REP_OUT(const KERB_TGS_REP_OUT *);
+int ASN1CALL copy_KERB_TGS_REP_OUT(const KERB_TGS_REP_OUT *,
+                                  KERB_TGS_REP_OUT *);
+void ASN1CALL free_KERB_TGS_REP_OUT(KERB_TGS_REP_OUT *);
+
+
 /* Generated from ./krb5.asn1 */
 /* Do not edit */
 
+#define  ASN1_LIB
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
 #include <limits.h>
 #include <asn1_err.h>
 
-int
-encode_krb5int32(unsigned char *p, size_t len, const krb5int32 * data, size_t * size)
+
+int ASN1CALL
+encode_NAME_TYPE(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                size_t len HEIMDAL_UNUSED_ATTRIBUTE, const NAME_TYPE * data,
+                size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    {
+       int enumint = (int) *data;
+       e = der_put_integer(p, len, &enumint, &l);
+       if (e)
+           return e;
+       p -= l;
+       len -= l;
+       ret += l;
+
+    }
+    ;
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_Integer,
+                              &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
+
+    *size = ret;
+    return 0;
+}
+
+int ASN1CALL
+decode_NAME_TYPE(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                size_t len HEIMDAL_UNUSED_ATTRIBUTE, NAME_TYPE * data,
+                size_t * size)
+{
+    size_t ret = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    memset(data, 0, sizeof(*data));
+    {
+       size_t Top_datalen, Top_oldlen;
+       Der_type Top_type;
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_Integer, &Top_datalen, &l);
+       if (e == 0 && Top_type != PRIM) {
+           e = ASN1_BAD_ID;
+       }
+       if (e)
+           goto fail;
+       p += l;
+       len -= l;
+       ret += l;
+       Top_oldlen = len;
+       if (Top_datalen > len) {
+           e = ASN1_OVERRUN;
+           goto fail;
+       }
+       len = Top_datalen;
+       {
+           int enumint;
+           e = der_get_integer(p, len, &enumint, &l);
+           if (e)
+               goto fail;
+           p += l;
+           len -= l;
+           ret += l;
+           *data = enumint;
+       }
+       len = Top_oldlen - Top_datalen;
+    }
+    if (size)
+       *size = ret;
+    return 0;
+  fail:
+    free_NAME_TYPE(data);
+    return e;
+}
+
+void ASN1CALL
+free_NAME_TYPE(NAME_TYPE * data)
+{
+}
+
+size_t ASN1CALL
+length_NAME_TYPE(const NAME_TYPE * data)
+{
+    size_t ret = 0;
+    {
+       int enumint = *data;
+       ret += der_length_integer(&enumint);
+    }
+    ret += 1 + der_length_len(ret);
+    return ret;
+}
+
+int ASN1CALL
+copy_NAME_TYPE(const NAME_TYPE * from, NAME_TYPE * to)
+{
+    memset(to, 0, sizeof(*to));
+    *(to) = *(from);
+    return 0;
+}
+
+int ASN1CALL
+encode_MESSAGE_TYPE(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                   size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                   const MESSAGE_TYPE * data, size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    {
+       int enumint = (int) *data;
+       e = der_put_integer(p, len, &enumint, &l);
+       if (e)
+           return e;
+       p -= l;
+       len -= l;
+       ret += l;
+
+    }
+    ;
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_Integer,
+                              &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
+
+    *size = ret;
+    return 0;
+}
+
+int ASN1CALL
+decode_MESSAGE_TYPE(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                   size_t len HEIMDAL_UNUSED_ATTRIBUTE, MESSAGE_TYPE * data,
+                   size_t * size)
+{
+    size_t ret = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    memset(data, 0, sizeof(*data));
+    {
+       size_t Top_datalen, Top_oldlen;
+       Der_type Top_type;
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_Integer, &Top_datalen, &l);
+       if (e == 0 && Top_type != PRIM) {
+           e = ASN1_BAD_ID;
+       }
+       if (e)
+           goto fail;
+       p += l;
+       len -= l;
+       ret += l;
+       Top_oldlen = len;
+       if (Top_datalen > len) {
+           e = ASN1_OVERRUN;
+           goto fail;
+       }
+       len = Top_datalen;
+       {
+           int enumint;
+           e = der_get_integer(p, len, &enumint, &l);
+           if (e)
+               goto fail;
+           p += l;
+           len -= l;
+           ret += l;
+           *data = enumint;
+       }
+       len = Top_oldlen - Top_datalen;
+    }
+    if (size)
+       *size = ret;
+    return 0;
+  fail:
+    free_MESSAGE_TYPE(data);
+    return e;
+}
+
+void ASN1CALL
+free_MESSAGE_TYPE(MESSAGE_TYPE * data)
+{
+}
+
+size_t ASN1CALL
+length_MESSAGE_TYPE(const MESSAGE_TYPE * data)
+{
+    size_t ret = 0;
+    {
+       int enumint = *data;
+       ret += der_length_integer(&enumint);
+    }
+    ret += 1 + der_length_len(ret);
+    return ret;
+}
+
+int ASN1CALL
+copy_MESSAGE_TYPE(const MESSAGE_TYPE * from, MESSAGE_TYPE * to)
+{
+    memset(to, 0, sizeof(*to));
+    *(to) = *(from);
+    return 0;
+}
+
+int ASN1CALL
+encode_PADATA_TYPE(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                  size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                  const PADATA_TYPE * data, size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    {
+       int enumint = (int) *data;
+       e = der_put_integer(p, len, &enumint, &l);
+       if (e)
+           return e;
+       p -= l;
+       len -= l;
+       ret += l;
+
+    }
+    ;
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_Integer,
+                              &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
+
+    *size = ret;
+    return 0;
+}
+
+int ASN1CALL
+decode_PADATA_TYPE(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                  size_t len HEIMDAL_UNUSED_ATTRIBUTE, PADATA_TYPE * data,
+                  size_t * size)
+{
+    size_t ret = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    memset(data, 0, sizeof(*data));
+    {
+       size_t Top_datalen, Top_oldlen;
+       Der_type Top_type;
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_Integer, &Top_datalen, &l);
+       if (e == 0 && Top_type != PRIM) {
+           e = ASN1_BAD_ID;
+       }
+       if (e)
+           goto fail;
+       p += l;
+       len -= l;
+       ret += l;
+       Top_oldlen = len;
+       if (Top_datalen > len) {
+           e = ASN1_OVERRUN;
+           goto fail;
+       }
+       len = Top_datalen;
+       {
+           int enumint;
+           e = der_get_integer(p, len, &enumint, &l);
+           if (e)
+               goto fail;
+           p += l;
+           len -= l;
+           ret += l;
+           *data = enumint;
+       }
+       len = Top_oldlen - Top_datalen;
+    }
+    if (size)
+       *size = ret;
+    return 0;
+  fail:
+    free_PADATA_TYPE(data);
+    return e;
+}
+
+void ASN1CALL
+free_PADATA_TYPE(PADATA_TYPE * data)
+{
+}
+
+size_t ASN1CALL
+length_PADATA_TYPE(const PADATA_TYPE * data)
+{
+    size_t ret = 0;
+    {
+       int enumint = *data;
+       ret += der_length_integer(&enumint);
+    }
+    ret += 1 + der_length_len(ret);
+    return ret;
+}
+
+int ASN1CALL
+copy_PADATA_TYPE(const PADATA_TYPE * from, PADATA_TYPE * to)
+{
+    memset(to, 0, sizeof(*to));
+    *(to) = *(from);
+    return 0;
+}
+
+int ASN1CALL
+encode_AUTHDATA_TYPE(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                    size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                    const AUTHDATA_TYPE * data, size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    {
+       int enumint = (int) *data;
+       e = der_put_integer(p, len, &enumint, &l);
+       if (e)
+           return e;
+       p -= l;
+       len -= l;
+       ret += l;
+
+    }
+    ;
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_Integer,
+                              &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
+
+    *size = ret;
+    return 0;
+}
+
+int ASN1CALL
+decode_AUTHDATA_TYPE(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                    size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                    AUTHDATA_TYPE * data, size_t * size)
+{
+    size_t ret = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    memset(data, 0, sizeof(*data));
+    {
+       size_t Top_datalen, Top_oldlen;
+       Der_type Top_type;
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_Integer, &Top_datalen, &l);
+       if (e == 0 && Top_type != PRIM) {
+           e = ASN1_BAD_ID;
+       }
+       if (e)
+           goto fail;
+       p += l;
+       len -= l;
+       ret += l;
+       Top_oldlen = len;
+       if (Top_datalen > len) {
+           e = ASN1_OVERRUN;
+           goto fail;
+       }
+       len = Top_datalen;
+       {
+           int enumint;
+           e = der_get_integer(p, len, &enumint, &l);
+           if (e)
+               goto fail;
+           p += l;
+           len -= l;
+           ret += l;
+           *data = enumint;
+       }
+       len = Top_oldlen - Top_datalen;
+    }
+    if (size)
+       *size = ret;
+    return 0;
+  fail:
+    free_AUTHDATA_TYPE(data);
+    return e;
+}
+
+void ASN1CALL
+free_AUTHDATA_TYPE(AUTHDATA_TYPE * data)
+{
+}
+
+size_t ASN1CALL
+length_AUTHDATA_TYPE(const AUTHDATA_TYPE * data)
+{
+    size_t ret = 0;
+    {
+       int enumint = *data;
+       ret += der_length_integer(&enumint);
+    }
+    ret += 1 + der_length_len(ret);
+    return ret;
+}
+
+int ASN1CALL
+copy_AUTHDATA_TYPE(const AUTHDATA_TYPE * from, AUTHDATA_TYPE * to)
+{
+    memset(to, 0, sizeof(*to));
+    *(to) = *(from);
+    return 0;
+}
+
+int ASN1CALL
+encode_CKSUMTYPE(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                size_t len HEIMDAL_UNUSED_ATTRIBUTE, const CKSUMTYPE * data,
+                size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    {
+       int enumint = (int) *data;
+       e = der_put_integer(p, len, &enumint, &l);
+       if (e)
+           return e;
+       p -= l;
+       len -= l;
+       ret += l;
+
+    }
+    ;
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_Integer,
+                              &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
+
+    *size = ret;
+    return 0;
+}
+
+int ASN1CALL
+decode_CKSUMTYPE(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                size_t len HEIMDAL_UNUSED_ATTRIBUTE, CKSUMTYPE * data,
+                size_t * size)
+{
+    size_t ret = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    memset(data, 0, sizeof(*data));
+    {
+       size_t Top_datalen, Top_oldlen;
+       Der_type Top_type;
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_Integer, &Top_datalen, &l);
+       if (e == 0 && Top_type != PRIM) {
+           e = ASN1_BAD_ID;
+       }
+       if (e)
+           goto fail;
+       p += l;
+       len -= l;
+       ret += l;
+       Top_oldlen = len;
+       if (Top_datalen > len) {
+           e = ASN1_OVERRUN;
+           goto fail;
+       }
+       len = Top_datalen;
+       {
+           int enumint;
+           e = der_get_integer(p, len, &enumint, &l);
+           if (e)
+               goto fail;
+           p += l;
+           len -= l;
+           ret += l;
+           *data = enumint;
+       }
+       len = Top_oldlen - Top_datalen;
+    }
+    if (size)
+       *size = ret;
+    return 0;
+  fail:
+    free_CKSUMTYPE(data);
+    return e;
+}
+
+void ASN1CALL
+free_CKSUMTYPE(CKSUMTYPE * data)
+{
+}
+
+size_t ASN1CALL
+length_CKSUMTYPE(const CKSUMTYPE * data)
+{
+    size_t ret = 0;
+    {
+       int enumint = *data;
+       ret += der_length_integer(&enumint);
+    }
+    ret += 1 + der_length_len(ret);
+    return ret;
+}
+
+int ASN1CALL
+copy_CKSUMTYPE(const CKSUMTYPE * from, CKSUMTYPE * to)
+{
+    memset(to, 0, sizeof(*to));
+    *(to) = *(from);
+    return 0;
+}
+
+int ASN1CALL
+encode_ENCTYPE(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+              size_t len HEIMDAL_UNUSED_ATTRIBUTE, const ENCTYPE * data,
+              size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    {
+       int enumint = (int) *data;
+       e = der_put_integer(p, len, &enumint, &l);
+       if (e)
+           return e;
+       p -= l;
+       len -= l;
+       ret += l;
+
+    }
+    ;
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_Integer,
+                              &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
+
+    *size = ret;
+    return 0;
+}
+
+int ASN1CALL
+decode_ENCTYPE(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+              size_t len HEIMDAL_UNUSED_ATTRIBUTE, ENCTYPE * data,
+              size_t * size)
+{
+    size_t ret = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    memset(data, 0, sizeof(*data));
+    {
+       size_t Top_datalen, Top_oldlen;
+       Der_type Top_type;
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_Integer, &Top_datalen, &l);
+       if (e == 0 && Top_type != PRIM) {
+           e = ASN1_BAD_ID;
+       }
+       if (e)
+           goto fail;
+       p += l;
+       len -= l;
+       ret += l;
+       Top_oldlen = len;
+       if (Top_datalen > len) {
+           e = ASN1_OVERRUN;
+           goto fail;
+       }
+       len = Top_datalen;
+       {
+           int enumint;
+           e = der_get_integer(p, len, &enumint, &l);
+           if (e)
+               goto fail;
+           p += l;
+           len -= l;
+           ret += l;
+           *data = enumint;
+       }
+       len = Top_oldlen - Top_datalen;
+    }
+    if (size)
+       *size = ret;
+    return 0;
+  fail:
+    free_ENCTYPE(data);
+    return e;
+}
+
+void ASN1CALL
+free_ENCTYPE(ENCTYPE * data)
+{
+}
+
+size_t ASN1CALL
+length_ENCTYPE(const ENCTYPE * data)
+{
+    size_t ret = 0;
+    {
+       int enumint = *data;
+       ret += der_length_integer(&enumint);
+    }
+    ret += 1 + der_length_len(ret);
+    return ret;
+}
+
+int ASN1CALL
+copy_ENCTYPE(const ENCTYPE * from, ENCTYPE * to)
+{
+    memset(to, 0, sizeof(*to));
+    *(to) = *(from);
+    return 0;
+}
+
+int ASN1CALL
+encode_krb5uint32(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                 size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                 const krb5uint32 * data, size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    e = der_put_unsigned(p, len, data, &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
+
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_Integer,
+                              &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
+
+    *size = ret;
+    return 0;
+}
+
+int ASN1CALL
+decode_krb5uint32(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                 size_t len HEIMDAL_UNUSED_ATTRIBUTE, krb5uint32 * data,
+                 size_t * size)
+{
+    size_t ret = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    memset(data, 0, sizeof(*data));
+    {
+       size_t Top_datalen, Top_oldlen;
+       Der_type Top_type;
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_Integer, &Top_datalen, &l);
+       if (e == 0 && Top_type != PRIM) {
+           e = ASN1_BAD_ID;
+       }
+       if (e)
+           goto fail;
+       p += l;
+       len -= l;
+       ret += l;
+       Top_oldlen = len;
+       if (Top_datalen > len) {
+           e = ASN1_OVERRUN;
+           goto fail;
+       }
+       len = Top_datalen;
+       e = der_get_unsigned(p, len, data, &l);
+       if (e)
+           goto fail;
+       p += l;
+       len -= l;
+       ret += l;
+       len = Top_oldlen - Top_datalen;
+    }
+    if (size)
+       *size = ret;
+    return 0;
+  fail:
+    free_krb5uint32(data);
+    return e;
+}
+
+void ASN1CALL
+free_krb5uint32(krb5uint32 * data)
+{
+}
+
+size_t ASN1CALL
+length_krb5uint32(const krb5uint32 * data)
 {
     size_t ret = 0;
-    size_t l;
-    int i AFS_UNUSED, e;
+    ret += der_length_unsigned(data);
+    ret += 1 + der_length_len(ret);
+    return ret;
+}
+
+int ASN1CALL
+copy_krb5uint32(const krb5uint32 * from, krb5uint32 * to)
+{
+    memset(to, 0, sizeof(*to));
+    *(to) = *(from);
+    return 0;
+}
+
+int ASN1CALL
+encode_krb5int32(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                size_t len HEIMDAL_UNUSED_ATTRIBUTE, const krb5int32 * data,
+                size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
 
-    i = 0;
     e = der_put_integer(p, len, data, &l);
     if (e)
        return e;
@@ -24,7 +965,8 @@ encode_krb5int32(unsigned char *p, size_t len, const krb5int32 * data, size_t *
     len -= l;
     ret += l;
 
-    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_Integer, &l);
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_Integer,
+                              &l);
     if (e)
        return e;
     p -= l;
@@ -35,18 +977,21 @@ encode_krb5int32(unsigned char *p, size_t len, const krb5int32 * data, size_t *
     return 0;
 }
 
-int
-decode_krb5int32(const unsigned char *p, size_t len, krb5int32 * data, size_t * size)
+int ASN1CALL
+decode_krb5int32(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                size_t len HEIMDAL_UNUSED_ATTRIBUTE, krb5int32 * data,
+                size_t * size)
 {
     size_t ret = 0;
-    size_t l;
-    int e;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
 
     memset(data, 0, sizeof(*data));
     {
        size_t Top_datalen, Top_oldlen;
        Der_type Top_type;
-       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type, UT_Integer, &Top_datalen, &l);
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_Integer, &Top_datalen, &l);
        if (e == 0 && Top_type != PRIM) {
            e = ASN1_BAD_ID;
        }
@@ -72,17 +1017,17 @@ decode_krb5int32(const unsigned char *p, size_t len, krb5int32 * data, size_t *
     if (size)
        *size = ret;
     return 0;
-fail:
+  fail:
     free_krb5int32(data);
     return e;
 }
 
-void
+void ASN1CALL
 free_krb5int32(krb5int32 * data)
 {
 }
 
-size_t
+size_t ASN1CALL
 length_krb5int32(const krb5int32 * data)
 {
     size_t ret = 0;
@@ -91,7 +1036,7 @@ length_krb5int32(const krb5int32 * data)
     return ret;
 }
 
-int
+int ASN1CALL
 copy_krb5int32(const krb5int32 * from, krb5int32 * to)
 {
     memset(to, 0, sizeof(*to));
@@ -99,70 +1044,558 @@ copy_krb5int32(const krb5int32 * from, krb5int32 * to)
     return 0;
 }
 
+int ASN1CALL
+encode_KerberosString(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                     size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                     const KerberosString * data, size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
 
+    e = der_put_general_string(p, len, data, &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
 
-/* Generated from ./krb5.asn1 */
-/* Do not edit */
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM,
+                              UT_GeneralString, &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
 
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <errno.h>
-#include <limits.h>
-#include <asn1_err.h>
+    *size = ret;
+    return 0;
+}
 
-int
-encode_Ticket(unsigned char *p, size_t len, const Ticket * data, size_t * size)
+int ASN1CALL
+decode_KerberosString(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                     size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                     KerberosString * data, size_t * size)
 {
     size_t ret = 0;
-    size_t l;
-    int i AFS_UNUSED, e;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
 
-    i = 0;
-/* enc-part */
+    memset(data, 0, sizeof(*data));
     {
-       size_t Top_tag_tag_oldret = ret;
+       size_t Top_datalen, Top_oldlen;
+       Der_type Top_type;
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_GeneralString, &Top_datalen, &l);
+       if (e == 0 && Top_type != PRIM) {
+           e = ASN1_BAD_ID;
+       }
+       if (e)
+           goto fail;
+       p += l;
+       len -= l;
+       ret += l;
+       Top_oldlen = len;
+       if (Top_datalen > len) {
+           e = ASN1_OVERRUN;
+           goto fail;
+       }
+       len = Top_datalen;
+       e = der_get_general_string(p, len, data, &l);
+       if (e)
+           goto fail;
+       p += l;
+       len -= l;
+       ret += l;
+       len = Top_oldlen - Top_datalen;
+    }
+    if (size)
+       *size = ret;
+    return 0;
+  fail:
+    free_KerberosString(data);
+    return e;
+}
+
+void ASN1CALL
+free_KerberosString(KerberosString * data)
+{
+    der_free_general_string(data);
+}
+
+size_t ASN1CALL
+length_KerberosString(const KerberosString * data)
+{
+    size_t ret = 0;
+    ret += der_length_general_string(data);
+    ret += 1 + der_length_len(ret);
+    return ret;
+}
+
+int ASN1CALL
+copy_KerberosString(const KerberosString * from, KerberosString * to)
+{
+    memset(to, 0, sizeof(*to));
+    if (der_copy_general_string(from, to))
+       goto fail;
+    return 0;
+  fail:
+    free_KerberosString(to);
+    return ENOMEM;
+}
+
+int ASN1CALL
+encode_Realm(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+            size_t len HEIMDAL_UNUSED_ATTRIBUTE, const Realm * data,
+            size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    e = der_put_general_string(p, len, data, &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
+
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM,
+                              UT_GeneralString, &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
+
+    *size = ret;
+    return 0;
+}
+
+int ASN1CALL
+decode_Realm(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+            size_t len HEIMDAL_UNUSED_ATTRIBUTE, Realm * data, size_t * size)
+{
+    size_t ret = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    memset(data, 0, sizeof(*data));
+    {
+       size_t Top_datalen, Top_oldlen;
+       Der_type Top_type;
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_GeneralString, &Top_datalen, &l);
+       if (e == 0 && Top_type != PRIM) {
+           e = ASN1_BAD_ID;
+       }
+       if (e)
+           goto fail;
+       p += l;
+       len -= l;
+       ret += l;
+       Top_oldlen = len;
+       if (Top_datalen > len) {
+           e = ASN1_OVERRUN;
+           goto fail;
+       }
+       len = Top_datalen;
+       e = der_get_general_string(p, len, data, &l);
+       if (e)
+           goto fail;
+       p += l;
+       len -= l;
+       ret += l;
+       len = Top_oldlen - Top_datalen;
+    }
+    if (size)
+       *size = ret;
+    return 0;
+  fail:
+    free_Realm(data);
+    return e;
+}
+
+void ASN1CALL
+free_Realm(Realm * data)
+{
+    der_free_general_string(data);
+}
+
+size_t ASN1CALL
+length_Realm(const Realm * data)
+{
+    size_t ret = 0;
+    ret += der_length_general_string(data);
+    ret += 1 + der_length_len(ret);
+    return ret;
+}
+
+int ASN1CALL
+copy_Realm(const Realm * from, Realm * to)
+{
+    memset(to, 0, sizeof(*to));
+    if (der_copy_general_string(from, to))
+       goto fail;
+    return 0;
+  fail:
+    free_Realm(to);
+    return ENOMEM;
+}
+
+int ASN1CALL
+encode_PrincipalName(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                    size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                    const PrincipalName * data, size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
+
+/* name-string */
+    {
+       size_t Top_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
-       e = encode_EncryptedData(p, len, &(data)->enc_part, &l);
+       for (i = (int) (&(data)->name_string)->len - 1; i >= 0; --i) {
+           size_t name_string_tag_tag_for_oldret = ret;
+           ret = 0;
+           e = der_put_general_string(p, len,
+                                      &(&(data)->name_string)->val[i], &l);
+           if (e)
+               return e;
+           p -= l;
+           len -= l;
+           ret += l;
+
+           e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM,
+                                      UT_GeneralString, &l);
+           if (e)
+               return e;
+           p -= l;
+           len -= l;
+           ret += l;
+
+           ret += name_string_tag_tag_for_oldret;
+       }
+       e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS,
+                                  UT_Sequence, &l);
        if (e)
            return e;
        p -= l;
        len -= l;
        ret += l;
 
-       e = der_put_length_and_tag(p, len, ret, ASN1_C_CONTEXT, CONS, 3, &l);
+       e = der_put_length_and_tag(p, len, ret, ASN1_C_CONTEXT, CONS, 1, &l);
        if (e)
            return e;
        p -= l;
        len -= l;
        ret += l;
 
-       ret += Top_tag_tag_oldret;
+       ret += Top_tag_oldret;
     }
-/* sname */
+/* name-type */
     {
-       size_t Top_tag_tag_oldret = ret;
+       size_t Top_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
-       e = encode_PrincipalName(p, len, &(data)->sname, &l);
+       e = encode_NAME_TYPE(p, len, &(data)->name_type, &l);
        if (e)
            return e;
        p -= l;
        len -= l;
        ret += l;
 
-       e = der_put_length_and_tag(p, len, ret, ASN1_C_CONTEXT, CONS, 2, &l);
+       e = der_put_length_and_tag(p, len, ret, ASN1_C_CONTEXT, CONS, 0, &l);
        if (e)
            return e;
        p -= l;
        len -= l;
        ret += l;
 
-       ret += Top_tag_tag_oldret;
+       ret += Top_tag_oldret;
+    }
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence,
+                              &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
+
+    *size = ret;
+    return 0;
+}
+
+int ASN1CALL
+decode_PrincipalName(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                    size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                    PrincipalName * data, size_t * size)
+{
+    size_t ret = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    memset(data, 0, sizeof(*data));
+    {
+       size_t Top_datalen, Top_oldlen;
+       Der_type Top_type;
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_Sequence, &Top_datalen, &l);
+       if (e == 0 && Top_type != CONS) {
+           e = ASN1_BAD_ID;
+       }
+       if (e)
+           goto fail;
+       p += l;
+       len -= l;
+       ret += l;
+       Top_oldlen = len;
+       if (Top_datalen > len) {
+           e = ASN1_OVERRUN;
+           goto fail;
+       }
+       len = Top_datalen;
+       {
+           size_t name_type_datalen, name_type_oldlen;
+           Der_type name_type_type;
+           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                        &name_type_type, 0,
+                                        &name_type_datalen, &l);
+           if (e == 0 && name_type_type != CONS) {
+               e = ASN1_BAD_ID;
+           }
+           if (e)
+               goto fail;
+           p += l;
+           len -= l;
+           ret += l;
+           name_type_oldlen = len;
+           if (name_type_datalen > len) {
+               e = ASN1_OVERRUN;
+               goto fail;
+           }
+           len = name_type_datalen;
+           e = decode_NAME_TYPE(p, len, &(data)->name_type, &l);
+           if (e)
+               goto fail;
+           p += l;
+           len -= l;
+           ret += l;
+           len = name_type_oldlen - name_type_datalen;
+       }
+       {
+           size_t name_string_datalen, name_string_oldlen;
+           Der_type name_string_type;
+           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                        &name_string_type, 1,
+                                        &name_string_datalen, &l);
+           if (e == 0 && name_string_type != CONS) {
+               e = ASN1_BAD_ID;
+           }
+           if (e)
+               goto fail;
+           p += l;
+           len -= l;
+           ret += l;
+           name_string_oldlen = len;
+           if (name_string_datalen > len) {
+               e = ASN1_OVERRUN;
+               goto fail;
+           }
+           len = name_string_datalen;
+           {
+               size_t name_string_Tag_datalen, name_string_Tag_oldlen;
+               Der_type name_string_Tag_type;
+               e = der_match_tag_and_length(p, len, ASN1_C_UNIV,
+                                            &name_string_Tag_type,
+                                            UT_Sequence,
+                                            &name_string_Tag_datalen, &l);
+               if (e == 0 && name_string_Tag_type != CONS) {
+                   e = ASN1_BAD_ID;
+               }
+               if (e)
+                   goto fail;
+               p += l;
+               len -= l;
+               ret += l;
+               name_string_Tag_oldlen = len;
+               if (name_string_Tag_datalen > len) {
+                   e = ASN1_OVERRUN;
+                   goto fail;
+               }
+               len = name_string_Tag_datalen;
+               {
+                   size_t name_string_Tag_Tag_origlen = len;
+                   size_t name_string_Tag_Tag_oldret = ret;
+                   size_t name_string_Tag_Tag_olen = 0;
+                   void *name_string_Tag_Tag_tmp;
+                   ret = 0;
+                   (&(data)->name_string)->len = 0;
+                   (&(data)->name_string)->val = NULL;
+                   while (ret < name_string_Tag_Tag_origlen) {
+                       size_t name_string_Tag_Tag_nlen =
+                           name_string_Tag_Tag_olen +
+                           sizeof(*((&(data)->name_string)->val));
+                       if (name_string_Tag_Tag_olen >
+                           name_string_Tag_Tag_nlen) {
+                           e = ASN1_OVERFLOW;
+                           goto fail;
+                       }
+                       name_string_Tag_Tag_olen = name_string_Tag_Tag_nlen;
+                       name_string_Tag_Tag_tmp =
+                           realloc((&(data)->name_string)->val,
+                                   name_string_Tag_Tag_olen);
+                       if (name_string_Tag_Tag_tmp == NULL) {
+                           e = ENOMEM;
+                           goto fail;
+                       }
+                       (&(data)->name_string)->val = name_string_Tag_Tag_tmp;
+                       {
+                           size_t name_string_Tag_Tag_s_of_datalen,
+                               name_string_Tag_Tag_s_of_oldlen;
+                           Der_type name_string_Tag_Tag_s_of_type;
+                           e = der_match_tag_and_length(p, len, ASN1_C_UNIV,
+                                                        &name_string_Tag_Tag_s_of_type,
+                                                        UT_GeneralString,
+                                                        &name_string_Tag_Tag_s_of_datalen,
+                                                        &l);
+                           if (e == 0
+                               && name_string_Tag_Tag_s_of_type != PRIM) {
+                               e = ASN1_BAD_ID;
+                           }
+                           if (e)
+                               goto fail;
+                           p += l;
+                           len -= l;
+                           ret += l;
+                           name_string_Tag_Tag_s_of_oldlen = len;
+                           if (name_string_Tag_Tag_s_of_datalen > len) {
+                               e = ASN1_OVERRUN;
+                               goto fail;
+                           }
+                           len = name_string_Tag_Tag_s_of_datalen;
+                           e = der_get_general_string(p, len,
+                                                      &(&(data)->
+                                                        name_string)->
+                                                      val[(&(data)->
+                                                           name_string)->
+                                                          len], &l);
+                           if (e)
+                               goto fail;
+                           p += l;
+                           len -= l;
+                           ret += l;
+                           len =
+                               name_string_Tag_Tag_s_of_oldlen -
+                               name_string_Tag_Tag_s_of_datalen;
+                       }
+                       (&(data)->name_string)->len++;
+                       len = name_string_Tag_Tag_origlen - ret;
+                   }
+                   ret += name_string_Tag_Tag_oldret;
+               }
+               len = name_string_Tag_oldlen - name_string_Tag_datalen;
+           }
+           len = name_string_oldlen - name_string_datalen;
+       }
+       len = Top_oldlen - Top_datalen;
+    }
+    if (size)
+       *size = ret;
+    return 0;
+  fail:
+    free_PrincipalName(data);
+    return e;
+}
+
+void ASN1CALL
+free_PrincipalName(PrincipalName * data)
+{
+    free_NAME_TYPE(&(data)->name_type);
+    while ((&(data)->name_string)->len) {
+       der_free_general_string(&(&(data)->name_string)->
+                               val[(&(data)->name_string)->len - 1]);
+       (&(data)->name_string)->len--;
+    }
+    free((&(data)->name_string)->val);
+    (&(data)->name_string)->val = NULL;
+}
+
+size_t ASN1CALL
+length_PrincipalName(const PrincipalName * data)
+{
+    size_t ret = 0;
+    {
+       size_t Top_tag_oldret = ret;
+       ret = 0;
+       ret += length_NAME_TYPE(&(data)->name_type);
+       ret += 1 + der_length_len(ret);
+       ret += Top_tag_oldret;
+    }
+    {
+       size_t Top_tag_oldret = ret;
+       ret = 0;
+       {
+           size_t name_string_tag_tag_oldret = ret;
+           unsigned int n_name_string_tag_tag;
+           ret = 0;
+           for (n_name_string_tag_tag = (&(data)->name_string)->len;
+                n_name_string_tag_tag > 0; --n_name_string_tag_tag) {
+               size_t name_string_tag_tag_for_oldret = ret;
+               ret = 0;
+               ret +=
+                   der_length_general_string(&(&(data)->name_string)->
+                                             val[n_name_string_tag_tag - 1]);
+               ret += 1 + der_length_len(ret);
+               ret += name_string_tag_tag_for_oldret;
+           }
+           ret += name_string_tag_tag_oldret;
+       }
+       ret += 1 + der_length_len(ret);
+       ret += 1 + der_length_len(ret);
+       ret += Top_tag_oldret;
+    }
+    ret += 1 + der_length_len(ret);
+    return ret;
+}
+
+int ASN1CALL
+copy_PrincipalName(const PrincipalName * from, PrincipalName * to)
+{
+    memset(to, 0, sizeof(*to));
+    if (copy_NAME_TYPE(&(from)->name_type, &(to)->name_type))
+       goto fail;
+    if (((&(to)->name_string)->val =
+        malloc((&(from)->name_string)->len *
+               sizeof(*(&(to)->name_string)->val))) == NULL
+       && (&(from)->name_string)->len != 0)
+       goto fail;
+    for ((&(to)->name_string)->len = 0;
+        (&(to)->name_string)->len < (&(from)->name_string)->len;
+        (&(to)->name_string)->len++) {
+       if (der_copy_general_string
+           (&(&(from)->name_string)->val[(&(to)->name_string)->len],
+            &(&(to)->name_string)->val[(&(to)->name_string)->len]))
+           goto fail;
     }
+    return 0;
+  fail:
+    free_PrincipalName(to);
+    return ENOMEM;
+}
+
+int ASN1CALL
+encode_Principal(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                size_t len HEIMDAL_UNUSED_ATTRIBUTE, const Principal * data,
+                size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
+
 /* realm */
     {
-       size_t Top_tag_tag_oldret = ret;
+       size_t Top_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
        e = encode_Realm(p, len, &(data)->realm, &l);
        if (e)
@@ -178,13 +1611,13 @@ encode_Ticket(unsigned char *p, size_t len, const Ticket * data, size_t * size)
        len -= l;
        ret += l;
 
-       ret += Top_tag_tag_oldret;
+       ret += Top_tag_oldret;
     }
-/* tkt-vno */
+/* name */
     {
-       size_t Top_tag_tag_oldret = ret;
+       size_t Top_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
-       e = encode_krb5int32(p, len, &(data)->tkt_vno, &l);
+       e = encode_PrincipalName(p, len, &(data)->name, &l);
        if (e)
            return e;
        p -= l;
@@ -198,16 +1631,10 @@ encode_Ticket(unsigned char *p, size_t len, const Ticket * data, size_t * size)
        len -= l;
        ret += l;
 
-       ret += Top_tag_tag_oldret;
+       ret += Top_tag_oldret;
     }
-    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence, &l);
-    if (e)
-       return e;
-    p -= l;
-    len -= l;
-    ret += l;
-
-    e = der_put_length_and_tag(p, len, ret, ASN1_C_APPL, CONS, 1, &l);
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence,
+                              &l);
     if (e)
        return e;
     p -= l;
@@ -218,18 +1645,21 @@ encode_Ticket(unsigned char *p, size_t len, const Ticket * data, size_t * size)
     return 0;
 }
 
-int
-decode_Ticket(const unsigned char *p, size_t len, Ticket * data, size_t * size)
+int ASN1CALL
+decode_Principal(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                size_t len HEIMDAL_UNUSED_ATTRIBUTE, Principal * data,
+                size_t * size)
 {
     size_t ret = 0;
-    size_t l;
-    int e;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
 
     memset(data, 0, sizeof(*data));
     {
        size_t Top_datalen, Top_oldlen;
        Der_type Top_type;
-       e = der_match_tag_and_length(p, len, ASN1_C_APPL, &Top_type, 1, &Top_datalen, &l);
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_Sequence, &Top_datalen, &l);
        if (e == 0 && Top_type != CONS) {
            e = ASN1_BAD_ID;
        }
@@ -245,10 +1675,11 @@ decode_Ticket(const unsigned char *p, size_t len, Ticket * data, size_t * size)
        }
        len = Top_datalen;
        {
-           size_t Top_Tag_datalen, Top_Tag_oldlen;
-           Der_type Top_Tag_type;
-           e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_Tag_type, UT_Sequence, &Top_Tag_datalen, &l);
-           if (e == 0 && Top_Tag_type != CONS) {
+           size_t name_datalen, name_oldlen;
+           Der_type name_type;
+           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &name_type,
+                                        0, &name_datalen, &l);
+           if (e == 0 && name_type != CONS) {
                e = ASN1_BAD_ID;
            }
            if (e)
@@ -256,95 +1687,442 @@ decode_Ticket(const unsigned char *p, size_t len, Ticket * data, size_t * size)
            p += l;
            len -= l;
            ret += l;
-           Top_Tag_oldlen = len;
-           if (Top_Tag_datalen > len) {
+           name_oldlen = len;
+           if (name_datalen > len) {
                e = ASN1_OVERRUN;
                goto fail;
            }
-           len = Top_Tag_datalen;
-           {
-               size_t tkt_vno_datalen, tkt_vno_oldlen;
-               Der_type tkt_vno_type;
-               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &tkt_vno_type, 0, &tkt_vno_datalen, &l);
-               if (e == 0 && tkt_vno_type != CONS) {
-                   e = ASN1_BAD_ID;
-               }
-               if (e)
-                   goto fail;
-               p += l;
-               len -= l;
-               ret += l;
-               tkt_vno_oldlen = len;
-               if (tkt_vno_datalen > len) {
-                   e = ASN1_OVERRUN;
-                   goto fail;
-               }
-               len = tkt_vno_datalen;
-               e = decode_krb5int32(p, len, &(data)->tkt_vno, &l);
-               if (e)
-                   goto fail;
-               p += l;
-               len -= l;
-               ret += l;
-               len = tkt_vno_oldlen - tkt_vno_datalen;
+           len = name_datalen;
+           e = decode_PrincipalName(p, len, &(data)->name, &l);
+           if (e)
+               goto fail;
+           p += l;
+           len -= l;
+           ret += l;
+           len = name_oldlen - name_datalen;
+       }
+       {
+           size_t realm_datalen, realm_oldlen;
+           Der_type realm_type;
+           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &realm_type,
+                                        1, &realm_datalen, &l);
+           if (e == 0 && realm_type != CONS) {
+               e = ASN1_BAD_ID;
            }
-           {
-               size_t realm_datalen, realm_oldlen;
-               Der_type realm_type;
-               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &realm_type, 1, &realm_datalen, &l);
-               if (e == 0 && realm_type != CONS) {
-                   e = ASN1_BAD_ID;
-               }
-               if (e)
-                   goto fail;
-               p += l;
-               len -= l;
-               ret += l;
-               realm_oldlen = len;
-               if (realm_datalen > len) {
-                   e = ASN1_OVERRUN;
-                   goto fail;
-               }
-               len = realm_datalen;
-               e = decode_Realm(p, len, &(data)->realm, &l);
-               if (e)
-                   goto fail;
-               p += l;
-               len -= l;
-               ret += l;
-               len = realm_oldlen - realm_datalen;
+           if (e)
+               goto fail;
+           p += l;
+           len -= l;
+           ret += l;
+           realm_oldlen = len;
+           if (realm_datalen > len) {
+               e = ASN1_OVERRUN;
+               goto fail;
            }
-           {
-               size_t sname_datalen, sname_oldlen;
-               Der_type sname_type;
-               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &sname_type, 2, &sname_datalen, &l);
-               if (e == 0 && sname_type != CONS) {
-                   e = ASN1_BAD_ID;
-               }
-               if (e)
+           len = realm_datalen;
+           e = decode_Realm(p, len, &(data)->realm, &l);
+           if (e)
+               goto fail;
+           p += l;
+           len -= l;
+           ret += l;
+           len = realm_oldlen - realm_datalen;
+       }
+       len = Top_oldlen - Top_datalen;
+    }
+    if (size)
+       *size = ret;
+    return 0;
+  fail:
+    free_Principal(data);
+    return e;
+}
+
+void ASN1CALL
+free_Principal(Principal * data)
+{
+    free_PrincipalName(&(data)->name);
+    free_Realm(&(data)->realm);
+}
+
+size_t ASN1CALL
+length_Principal(const Principal * data)
+{
+    size_t ret = 0;
+    {
+       size_t Top_tag_oldret = ret;
+       ret = 0;
+       ret += length_PrincipalName(&(data)->name);
+       ret += 1 + der_length_len(ret);
+       ret += Top_tag_oldret;
+    }
+    {
+       size_t Top_tag_oldret = ret;
+       ret = 0;
+       ret += length_Realm(&(data)->realm);
+       ret += 1 + der_length_len(ret);
+       ret += Top_tag_oldret;
+    }
+    ret += 1 + der_length_len(ret);
+    return ret;
+}
+
+int ASN1CALL
+copy_Principal(const Principal * from, Principal * to)
+{
+    memset(to, 0, sizeof(*to));
+    if (copy_PrincipalName(&(from)->name, &(to)->name))
+       goto fail;
+    if (copy_Realm(&(from)->realm, &(to)->realm))
+       goto fail;
+    return 0;
+  fail:
+    free_Principal(to);
+    return ENOMEM;
+}
+
+int ASN1CALL
+encode_Principals(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                 size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                 const Principals * data, size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    for (i = (int) (data)->len - 1; i >= 0; --i) {
+       size_t Top_tag_for_oldret = ret;
+       ret = 0;
+       e = encode_Principal(p, len, &(data)->val[i], &l);
+       if (e)
+           return e;
+       p -= l;
+       len -= l;
+       ret += l;
+
+       ret += Top_tag_for_oldret;
+    }
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence,
+                              &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
+
+    *size = ret;
+    return 0;
+}
+
+int ASN1CALL
+decode_Principals(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                 size_t len HEIMDAL_UNUSED_ATTRIBUTE, Principals * data,
+                 size_t * size)
+{
+    size_t ret = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    memset(data, 0, sizeof(*data));
+    {
+       size_t Top_datalen, Top_oldlen;
+       Der_type Top_type;
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_Sequence, &Top_datalen, &l);
+       if (e == 0 && Top_type != CONS) {
+           e = ASN1_BAD_ID;
+       }
+       if (e)
+           goto fail;
+       p += l;
+       len -= l;
+       ret += l;
+       Top_oldlen = len;
+       if (Top_datalen > len) {
+           e = ASN1_OVERRUN;
+           goto fail;
+       }
+       len = Top_datalen;
+       {
+           size_t Top_Tag_origlen = len;
+           size_t Top_Tag_oldret = ret;
+           size_t Top_Tag_olen = 0;
+           void *Top_Tag_tmp;
+           ret = 0;
+           (data)->len = 0;
+           (data)->val = NULL;
+           while (ret < Top_Tag_origlen) {
+               size_t Top_Tag_nlen = Top_Tag_olen + sizeof(*((data)->val));
+               if (Top_Tag_olen > Top_Tag_nlen) {
+                   e = ASN1_OVERFLOW;
                    goto fail;
-               p += l;
-               len -= l;
-               ret += l;
-               sname_oldlen = len;
-               if (sname_datalen > len) {
-                   e = ASN1_OVERRUN;
+               }
+               Top_Tag_olen = Top_Tag_nlen;
+               Top_Tag_tmp = realloc((data)->val, Top_Tag_olen);
+               if (Top_Tag_tmp == NULL) {
+                   e = ENOMEM;
                    goto fail;
                }
-               len = sname_datalen;
-               e = decode_PrincipalName(p, len, &(data)->sname, &l);
+               (data)->val = Top_Tag_tmp;
+               e = decode_Principal(p, len, &(data)->val[(data)->len], &l);
                if (e)
                    goto fail;
                p += l;
                len -= l;
                ret += l;
-               len = sname_oldlen - sname_datalen;
+               (data)->len++;
+               len = Top_Tag_origlen - ret;
            }
+           ret += Top_Tag_oldret;
+       }
+       len = Top_oldlen - Top_datalen;
+    }
+    if (size)
+       *size = ret;
+    return 0;
+  fail:
+    free_Principals(data);
+    return e;
+}
+
+void ASN1CALL
+free_Principals(Principals * data)
+{
+    while ((data)->len) {
+       free_Principal(&(data)->val[(data)->len - 1]);
+       (data)->len--;
+    }
+    free((data)->val);
+    (data)->val = NULL;
+}
+
+size_t ASN1CALL
+length_Principals(const Principals * data)
+{
+    size_t ret = 0;
+    {
+       size_t Top_tag_oldret = ret;
+       unsigned int n_Top_tag;
+       ret = 0;
+       for (n_Top_tag = (data)->len; n_Top_tag > 0; --n_Top_tag) {
+           size_t Top_tag_for_oldret = ret;
+           ret = 0;
+           ret += length_Principal(&(data)->val[n_Top_tag - 1]);
+           ret += Top_tag_for_oldret;
+       }
+       ret += Top_tag_oldret;
+    }
+    ret += 1 + der_length_len(ret);
+    return ret;
+}
+
+int ASN1CALL
+copy_Principals(const Principals * from, Principals * to)
+{
+    memset(to, 0, sizeof(*to));
+    if (((to)->val = malloc((from)->len * sizeof(*(to)->val))) == NULL
+       && (from)->len != 0)
+       goto fail;
+    for ((to)->len = 0; (to)->len < (from)->len; (to)->len++) {
+       if (copy_Principal(&(from)->val[(to)->len], &(to)->val[(to)->len]))
+           goto fail;
+    }
+    return 0;
+  fail:
+    free_Principals(to);
+    return ENOMEM;
+}
+
+int ASN1CALL
+add_Principals(Principals * data, const Principal * element)
+{
+    int ret;
+    void *ptr;
+
+    ptr = realloc(data->val, (data->len + 1) * sizeof(data->val[0]));
+    if (ptr == NULL)
+       return ENOMEM;
+    data->val = ptr;
+
+    ret = copy_Principal(element, &data->val[data->len]);
+    if (ret)
+       return ret;
+    data->len++;
+    return 0;
+}
+
+int ASN1CALL
+remove_Principals(Principals * data, unsigned int element)
+{
+    void *ptr;
+
+    if (data->len == 0 || element >= data->len)
+       return ASN1_OVERRUN;
+    free_Principal(&data->val[element]);
+    data->len--;
+    if (element < data->len)
+       memmove(&data->val[element], &data->val[element + 1],
+               sizeof(data->val[0]) * (data->len - element));
+    ptr = realloc(data->val, data->len * sizeof(data->val[0]));
+    if (ptr != NULL || data->len == 0)
+       data->val = ptr;
+    return 0;
+}
+
+int ASN1CALL
+encode_HostAddress(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                  size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                  const HostAddress * data, size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
+
+/* address */
+    {
+       size_t Top_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
+       ret = 0;
+       e = der_put_octet_string(p, len, &(data)->address, &l);
+       if (e)
+           return e;
+       p -= l;
+       len -= l;
+       ret += l;
+
+       e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM,
+                                  UT_OctetString, &l);
+       if (e)
+           return e;
+       p -= l;
+       len -= l;
+       ret += l;
+
+       e = der_put_length_and_tag(p, len, ret, ASN1_C_CONTEXT, CONS, 1, &l);
+       if (e)
+           return e;
+       p -= l;
+       len -= l;
+       ret += l;
+
+       ret += Top_tag_oldret;
+    }
+/* addr-type */
+    {
+       size_t Top_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
+       ret = 0;
+       e = encode_krb5int32(p, len, &(data)->addr_type, &l);
+       if (e)
+           return e;
+       p -= l;
+       len -= l;
+       ret += l;
+
+       e = der_put_length_and_tag(p, len, ret, ASN1_C_CONTEXT, CONS, 0, &l);
+       if (e)
+           return e;
+       p -= l;
+       len -= l;
+       ret += l;
+
+       ret += Top_tag_oldret;
+    }
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence,
+                              &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
+
+    *size = ret;
+    return 0;
+}
+
+int ASN1CALL
+decode_HostAddress(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                  size_t len HEIMDAL_UNUSED_ATTRIBUTE, HostAddress * data,
+                  size_t * size)
+{
+    size_t ret = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    memset(data, 0, sizeof(*data));
+    {
+       size_t Top_datalen, Top_oldlen;
+       Der_type Top_type;
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_Sequence, &Top_datalen, &l);
+       if (e == 0 && Top_type != CONS) {
+           e = ASN1_BAD_ID;
+       }
+       if (e)
+           goto fail;
+       p += l;
+       len -= l;
+       ret += l;
+       Top_oldlen = len;
+       if (Top_datalen > len) {
+           e = ASN1_OVERRUN;
+           goto fail;
+       }
+       len = Top_datalen;
+       {
+           size_t addr_type_datalen, addr_type_oldlen;
+           Der_type addr_type_type;
+           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                        &addr_type_type, 0,
+                                        &addr_type_datalen, &l);
+           if (e == 0 && addr_type_type != CONS) {
+               e = ASN1_BAD_ID;
+           }
+           if (e)
+               goto fail;
+           p += l;
+           len -= l;
+           ret += l;
+           addr_type_oldlen = len;
+           if (addr_type_datalen > len) {
+               e = ASN1_OVERRUN;
+               goto fail;
+           }
+           len = addr_type_datalen;
+           e = decode_krb5int32(p, len, &(data)->addr_type, &l);
+           if (e)
+               goto fail;
+           p += l;
+           len -= l;
+           ret += l;
+           len = addr_type_oldlen - addr_type_datalen;
+       }
+       {
+           size_t address_datalen, address_oldlen;
+           Der_type address_type;
+           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                        &address_type, 1, &address_datalen,
+                                        &l);
+           if (e == 0 && address_type != CONS) {
+               e = ASN1_BAD_ID;
+           }
+           if (e)
+               goto fail;
+           p += l;
+           len -= l;
+           ret += l;
+           address_oldlen = len;
+           if (address_datalen > len) {
+               e = ASN1_OVERRUN;
+               goto fail;
+           }
+           len = address_datalen;
            {
-               size_t enc_part_datalen, enc_part_oldlen;
-               Der_type enc_part_type;
-               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &enc_part_type, 3, &enc_part_datalen, &l);
-               if (e == 0 && enc_part_type != CONS) {
+               size_t address_Tag_datalen, address_Tag_oldlen;
+               Der_type address_Tag_type;
+               e = der_match_tag_and_length(p, len, ASN1_C_UNIV,
+                                            &address_Tag_type,
+                                            UT_OctetString,
+                                            &address_Tag_datalen, &l);
+               if (e == 0 && address_Tag_type != PRIM) {
                    e = ASN1_BAD_ID;
                }
                if (e)
@@ -352,120 +2130,336 @@ decode_Ticket(const unsigned char *p, size_t len, Ticket * data, size_t * size)
                p += l;
                len -= l;
                ret += l;
-               enc_part_oldlen = len;
-               if (enc_part_datalen > len) {
+               address_Tag_oldlen = len;
+               if (address_Tag_datalen > len) {
                    e = ASN1_OVERRUN;
                    goto fail;
                }
-               len = enc_part_datalen;
-               e = decode_EncryptedData(p, len, &(data)->enc_part, &l);
+               len = address_Tag_datalen;
+               e = der_get_octet_string(p, len, &(data)->address, &l);
                if (e)
                    goto fail;
                p += l;
                len -= l;
                ret += l;
-               len = enc_part_oldlen - enc_part_datalen;
+               len = address_Tag_oldlen - address_Tag_datalen;
            }
-           len = Top_Tag_oldlen - Top_Tag_datalen;
+           len = address_oldlen - address_datalen;
        }
        len = Top_oldlen - Top_datalen;
     }
     if (size)
        *size = ret;
     return 0;
-fail:
-    free_Ticket(data);
+  fail:
+    free_HostAddress(data);
     return e;
 }
 
-void
-free_Ticket(Ticket * data)
+void ASN1CALL
+free_HostAddress(HostAddress * data)
 {
-    free_krb5int32(&(data)->tkt_vno);
-    free_Realm(&(data)->realm);
-    free_PrincipalName(&(data)->sname);
-    free_EncryptedData(&(data)->enc_part);
+    free_krb5int32(&(data)->addr_type);
+    der_free_octet_string(&(data)->address);
 }
 
-size_t
-length_Ticket(const Ticket * data)
+size_t ASN1CALL
+length_HostAddress(const HostAddress * data)
 {
     size_t ret = 0;
     {
-       size_t Top_tag_tag_oldret = ret;
+       size_t Top_tag_oldret = ret;
        ret = 0;
-       ret += length_krb5int32(&(data)->tkt_vno);
+       ret += length_krb5int32(&(data)->addr_type);
        ret += 1 + der_length_len(ret);
-       ret += Top_tag_tag_oldret;
+       ret += Top_tag_oldret;
     }
     {
-       size_t Top_tag_tag_oldret = ret;
+       size_t Top_tag_oldret = ret;
        ret = 0;
-       ret += length_Realm(&(data)->realm);
+       ret += der_length_octet_string(&(data)->address);
        ret += 1 + der_length_len(ret);
-       ret += Top_tag_tag_oldret;
+       ret += 1 + der_length_len(ret);
+       ret += Top_tag_oldret;
     }
-    {
-       size_t Top_tag_tag_oldret = ret;
+    ret += 1 + der_length_len(ret);
+    return ret;
+}
+
+int ASN1CALL
+copy_HostAddress(const HostAddress * from, HostAddress * to)
+{
+    memset(to, 0, sizeof(*to));
+    if (copy_krb5int32(&(from)->addr_type, &(to)->addr_type))
+       goto fail;
+    if (der_copy_octet_string(&(from)->address, &(to)->address))
+       goto fail;
+    return 0;
+  fail:
+    free_HostAddress(to);
+    return ENOMEM;
+}
+
+int ASN1CALL
+encode_HostAddresses(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                    size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                    const HostAddresses * data, size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    for (i = (int) (data)->len - 1; i >= 0; --i) {
+       size_t Top_tag_for_oldret = ret;
        ret = 0;
-       ret += length_PrincipalName(&(data)->sname);
-       ret += 1 + der_length_len(ret);
-       ret += Top_tag_tag_oldret;
+       e = encode_HostAddress(p, len, &(data)->val[i], &l);
+       if (e)
+           return e;
+       p -= l;
+       len -= l;
+       ret += l;
+
+       ret += Top_tag_for_oldret;
     }
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence,
+                              &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
+
+    *size = ret;
+    return 0;
+}
+
+int ASN1CALL
+decode_HostAddresses(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                    size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                    HostAddresses * data, size_t * size)
+{
+    size_t ret = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    memset(data, 0, sizeof(*data));
     {
-       size_t Top_tag_tag_oldret = ret;
+       size_t Top_datalen, Top_oldlen;
+       Der_type Top_type;
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_Sequence, &Top_datalen, &l);
+       if (e == 0 && Top_type != CONS) {
+           e = ASN1_BAD_ID;
+       }
+       if (e)
+           goto fail;
+       p += l;
+       len -= l;
+       ret += l;
+       Top_oldlen = len;
+       if (Top_datalen > len) {
+           e = ASN1_OVERRUN;
+           goto fail;
+       }
+       len = Top_datalen;
+       {
+           size_t Top_Tag_origlen = len;
+           size_t Top_Tag_oldret = ret;
+           size_t Top_Tag_olen = 0;
+           void *Top_Tag_tmp;
+           ret = 0;
+           (data)->len = 0;
+           (data)->val = NULL;
+           while (ret < Top_Tag_origlen) {
+               size_t Top_Tag_nlen = Top_Tag_olen + sizeof(*((data)->val));
+               if (Top_Tag_olen > Top_Tag_nlen) {
+                   e = ASN1_OVERFLOW;
+                   goto fail;
+               }
+               Top_Tag_olen = Top_Tag_nlen;
+               Top_Tag_tmp = realloc((data)->val, Top_Tag_olen);
+               if (Top_Tag_tmp == NULL) {
+                   e = ENOMEM;
+                   goto fail;
+               }
+               (data)->val = Top_Tag_tmp;
+               e = decode_HostAddress(p, len, &(data)->val[(data)->len], &l);
+               if (e)
+                   goto fail;
+               p += l;
+               len -= l;
+               ret += l;
+               (data)->len++;
+               len = Top_Tag_origlen - ret;
+           }
+           ret += Top_Tag_oldret;
+       }
+       len = Top_oldlen - Top_datalen;
+    }
+    if (size)
+       *size = ret;
+    return 0;
+  fail:
+    free_HostAddresses(data);
+    return e;
+}
+
+void ASN1CALL
+free_HostAddresses(HostAddresses * data)
+{
+    while ((data)->len) {
+       free_HostAddress(&(data)->val[(data)->len - 1]);
+       (data)->len--;
+    }
+    free((data)->val);
+    (data)->val = NULL;
+}
+
+size_t ASN1CALL
+length_HostAddresses(const HostAddresses * data)
+{
+    size_t ret = 0;
+    {
+       size_t Top_tag_oldret = ret;
+       unsigned int n_Top_tag;
        ret = 0;
-       ret += length_EncryptedData(&(data)->enc_part);
-       ret += 1 + der_length_len(ret);
-       ret += Top_tag_tag_oldret;
+       for (n_Top_tag = (data)->len; n_Top_tag > 0; --n_Top_tag) {
+           size_t Top_tag_for_oldret = ret;
+           ret = 0;
+           ret += length_HostAddress(&(data)->val[n_Top_tag - 1]);
+           ret += Top_tag_for_oldret;
+       }
+       ret += Top_tag_oldret;
     }
     ret += 1 + der_length_len(ret);
-    ret += 1 + der_length_len(ret);
     return ret;
 }
 
-int
-copy_Ticket(const Ticket * from, Ticket * to)
+int ASN1CALL
+copy_HostAddresses(const HostAddresses * from, HostAddresses * to)
 {
     memset(to, 0, sizeof(*to));
-    if (copy_krb5int32(&(from)->tkt_vno, &(to)->tkt_vno))
-       goto fail;
-    if (copy_Realm(&(from)->realm, &(to)->realm))
-       goto fail;
-    if (copy_PrincipalName(&(from)->sname, &(to)->sname))
-       goto fail;
-    if (copy_EncryptedData(&(from)->enc_part, &(to)->enc_part))
+    if (((to)->val = malloc((from)->len * sizeof(*(to)->val))) == NULL
+       && (from)->len != 0)
        goto fail;
+    for ((to)->len = 0; (to)->len < (from)->len; (to)->len++) {
+       if (copy_HostAddress(&(from)->val[(to)->len], &(to)->val[(to)->len]))
+           goto fail;
+    }
     return 0;
-fail:
-    free_Ticket(to);
+  fail:
+    free_HostAddresses(to);
     return ENOMEM;
 }
 
+int ASN1CALL
+encode_KerberosTime(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                   size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                   const KerberosTime * data, size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
 
+    e = der_put_generalized_time(p, len, data, &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
 
-/* Generated from ./krb5.asn1 */
-/* Do not edit */
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM,
+                              UT_GeneralizedTime, &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
 
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <errno.h>
-#include <limits.h>
-#include <asn1_err.h>
+    *size = ret;
+    return 0;
+}
+
+int ASN1CALL
+decode_KerberosTime(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                   size_t len HEIMDAL_UNUSED_ATTRIBUTE, KerberosTime * data,
+                   size_t * size)
+{
+    size_t ret = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    memset(data, 0, sizeof(*data));
+    {
+       size_t Top_datalen, Top_oldlen;
+       Der_type Top_type;
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_GeneralizedTime, &Top_datalen, &l);
+       if (e == 0 && Top_type != PRIM) {
+           e = ASN1_BAD_ID;
+       }
+       if (e)
+           goto fail;
+       p += l;
+       len -= l;
+       ret += l;
+       Top_oldlen = len;
+       if (Top_datalen > len) {
+           e = ASN1_OVERRUN;
+           goto fail;
+       }
+       len = Top_datalen;
+       e = der_get_generalized_time(p, len, data, &l);
+       if (e)
+           goto fail;
+       p += l;
+       len -= l;
+       ret += l;
+       len = Top_oldlen - Top_datalen;
+    }
+    if (size)
+       *size = ret;
+    return 0;
+  fail:
+    free_KerberosTime(data);
+    return e;
+}
 
-int
-encode_AuthorizationDataElement(unsigned char *p, size_t len, const AuthorizationDataElement * data, size_t * size)
+void ASN1CALL
+free_KerberosTime(KerberosTime * data)
+{
+}
+
+size_t ASN1CALL
+length_KerberosTime(const KerberosTime * data)
 {
     size_t ret = 0;
-    size_t l;
-    int i AFS_UNUSED, e;
+    ret += der_length_generalized_time(data);
+    ret += 1 + der_length_len(ret);
+    return ret;
+}
+
+int ASN1CALL
+copy_KerberosTime(const KerberosTime * from, KerberosTime * to)
+{
+    memset(to, 0, sizeof(*to));
+    *(to) = *(from);
+    return 0;
+}
+
+int ASN1CALL
+encode_AuthorizationDataElement(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                               size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                               const AuthorizationDataElement * data,
+                               size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
 
-    i = 0;
 /* ad-data */
     {
-       size_t Top_tag_oldret = ret;
+       size_t Top_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
        e = der_put_octet_string(p, len, &(data)->ad_data, &l);
        if (e)
@@ -474,7 +2468,8 @@ encode_AuthorizationDataElement(unsigned char *p, size_t len, const Authorizatio
        len -= l;
        ret += l;
 
-       e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_OctetString, &l);
+       e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM,
+                                  UT_OctetString, &l);
        if (e)
            return e;
        p -= l;
@@ -492,7 +2487,7 @@ encode_AuthorizationDataElement(unsigned char *p, size_t len, const Authorizatio
     }
 /* ad-type */
     {
-       size_t Top_tag_oldret = ret;
+       size_t Top_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
        e = encode_krb5int32(p, len, &(data)->ad_type, &l);
        if (e)
@@ -510,7 +2505,8 @@ encode_AuthorizationDataElement(unsigned char *p, size_t len, const Authorizatio
 
        ret += Top_tag_oldret;
     }
-    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence, &l);
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence,
+                              &l);
     if (e)
        return e;
     p -= l;
@@ -521,18 +2517,23 @@ encode_AuthorizationDataElement(unsigned char *p, size_t len, const Authorizatio
     return 0;
 }
 
-int
-decode_AuthorizationDataElement(const unsigned char *p, size_t len, AuthorizationDataElement * data, size_t * size)
+int ASN1CALL
+decode_AuthorizationDataElement(const unsigned char *p
+                               HEIMDAL_UNUSED_ATTRIBUTE,
+                               size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                               AuthorizationDataElement * data,
+                               size_t * size)
 {
     size_t ret = 0;
-    size_t l;
-    int e;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
 
     memset(data, 0, sizeof(*data));
     {
        size_t Top_datalen, Top_oldlen;
        Der_type Top_type;
-       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type, UT_Sequence, &Top_datalen, &l);
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_Sequence, &Top_datalen, &l);
        if (e == 0 && Top_type != CONS) {
            e = ASN1_BAD_ID;
        }
@@ -550,7 +2551,9 @@ decode_AuthorizationDataElement(const unsigned char *p, size_t len, Authorizatio
        {
            size_t ad_type_datalen, ad_type_oldlen;
            Der_type ad_type_type;
-           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &ad_type_type, 0, &ad_type_datalen, &l);
+           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                        &ad_type_type, 0, &ad_type_datalen,
+                                        &l);
            if (e == 0 && ad_type_type != CONS) {
                e = ASN1_BAD_ID;
            }
@@ -576,7 +2579,9 @@ decode_AuthorizationDataElement(const unsigned char *p, size_t len, Authorizatio
        {
            size_t ad_data_datalen, ad_data_oldlen;
            Der_type ad_data_type;
-           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &ad_data_type, 1, &ad_data_datalen, &l);
+           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                        &ad_data_type, 1, &ad_data_datalen,
+                                        &l);
            if (e == 0 && ad_data_type != CONS) {
                e = ASN1_BAD_ID;
            }
@@ -594,7 +2599,10 @@ decode_AuthorizationDataElement(const unsigned char *p, size_t len, Authorizatio
            {
                size_t ad_data_Tag_datalen, ad_data_Tag_oldlen;
                Der_type ad_data_Tag_type;
-               e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &ad_data_Tag_type, UT_OctetString, &ad_data_Tag_datalen, &l);
+               e = der_match_tag_and_length(p, len, ASN1_C_UNIV,
+                                            &ad_data_Tag_type,
+                                            UT_OctetString,
+                                            &ad_data_Tag_datalen, &l);
                if (e == 0 && ad_data_Tag_type != PRIM) {
                    e = ASN1_BAD_ID;
                }
@@ -624,19 +2632,19 @@ decode_AuthorizationDataElement(const unsigned char *p, size_t len, Authorizatio
     if (size)
        *size = ret;
     return 0;
-fail:
+  fail:
     free_AuthorizationDataElement(data);
     return e;
 }
 
-void
+void ASN1CALL
 free_AuthorizationDataElement(AuthorizationDataElement * data)
 {
     free_krb5int32(&(data)->ad_type);
     der_free_octet_string(&(data)->ad_data);
 }
 
-size_t
+size_t ASN1CALL
 length_AuthorizationDataElement(const AuthorizationDataElement * data)
 {
     size_t ret = 0;
@@ -659,8 +2667,9 @@ length_AuthorizationDataElement(const AuthorizationDataElement * data)
     return ret;
 }
 
-int
-copy_AuthorizationDataElement(const AuthorizationDataElement * from, AuthorizationDataElement * to)
+int ASN1CALL
+copy_AuthorizationDataElement(const AuthorizationDataElement * from,
+                             AuthorizationDataElement * to)
 {
     memset(to, 0, sizeof(*to));
     if (copy_krb5int32(&(from)->ad_type, &(to)->ad_type))
@@ -668,35 +2677,1320 @@ copy_AuthorizationDataElement(const AuthorizationDataElement * from, Authorizati
     if (der_copy_octet_string(&(from)->ad_data, &(to)->ad_data))
        goto fail;
     return 0;
-fail:
+  fail:
     free_AuthorizationDataElement(to);
     return ENOMEM;
 }
 
+int ASN1CALL
+encode_AuthorizationData(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                        size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                        const AuthorizationData * data, size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
 
+    for (i = (int) (data)->len - 1; i >= 0; --i) {
+       size_t Top_tag_for_oldret = ret;
+       ret = 0;
+       e = encode_AuthorizationDataElement(p, len, &(data)->val[i], &l);
+       if (e)
+           return e;
+       p -= l;
+       len -= l;
+       ret += l;
 
-/* Generated from ./krb5.asn1 */
-/* Do not edit */
+       ret += Top_tag_for_oldret;
+    }
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence,
+                              &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
 
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <errno.h>
-#include <limits.h>
-#include <asn1_err.h>
+    *size = ret;
+    return 0;
+}
 
-int
-encode_EncryptedData(unsigned char *p, size_t len, const EncryptedData * data, size_t * size)
+int ASN1CALL
+decode_AuthorizationData(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                        size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                        AuthorizationData * data, size_t * size)
 {
     size_t ret = 0;
-    size_t l;
-    int i AFS_UNUSED, e;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
 
-    i = 0;
-/* cipher */
+    memset(data, 0, sizeof(*data));
+    {
+       size_t Top_datalen, Top_oldlen;
+       Der_type Top_type;
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_Sequence, &Top_datalen, &l);
+       if (e == 0 && Top_type != CONS) {
+           e = ASN1_BAD_ID;
+       }
+       if (e)
+           goto fail;
+       p += l;
+       len -= l;
+       ret += l;
+       Top_oldlen = len;
+       if (Top_datalen > len) {
+           e = ASN1_OVERRUN;
+           goto fail;
+       }
+       len = Top_datalen;
+       {
+           size_t Top_Tag_origlen = len;
+           size_t Top_Tag_oldret = ret;
+           size_t Top_Tag_olen = 0;
+           void *Top_Tag_tmp;
+           ret = 0;
+           (data)->len = 0;
+           (data)->val = NULL;
+           while (ret < Top_Tag_origlen) {
+               size_t Top_Tag_nlen = Top_Tag_olen + sizeof(*((data)->val));
+               if (Top_Tag_olen > Top_Tag_nlen) {
+                   e = ASN1_OVERFLOW;
+                   goto fail;
+               }
+               Top_Tag_olen = Top_Tag_nlen;
+               Top_Tag_tmp = realloc((data)->val, Top_Tag_olen);
+               if (Top_Tag_tmp == NULL) {
+                   e = ENOMEM;
+                   goto fail;
+               }
+               (data)->val = Top_Tag_tmp;
+               e = decode_AuthorizationDataElement(p, len,
+                                                   &(data)->val[(data)->len],
+                                                   &l);
+               if (e)
+                   goto fail;
+               p += l;
+               len -= l;
+               ret += l;
+               (data)->len++;
+               len = Top_Tag_origlen - ret;
+           }
+           ret += Top_Tag_oldret;
+       }
+       len = Top_oldlen - Top_datalen;
+    }
+    if (size)
+       *size = ret;
+    return 0;
+  fail:
+    free_AuthorizationData(data);
+    return e;
+}
+
+void ASN1CALL
+free_AuthorizationData(AuthorizationData * data)
+{
+    while ((data)->len) {
+       free_AuthorizationDataElement(&(data)->val[(data)->len - 1]);
+       (data)->len--;
+    }
+    free((data)->val);
+    (data)->val = NULL;
+}
+
+size_t ASN1CALL
+length_AuthorizationData(const AuthorizationData * data)
+{
+    size_t ret = 0;
     {
        size_t Top_tag_oldret = ret;
+       unsigned int n_Top_tag;
+       ret = 0;
+       for (n_Top_tag = (data)->len; n_Top_tag > 0; --n_Top_tag) {
+           size_t Top_tag_for_oldret = ret;
+           ret = 0;
+           ret +=
+               length_AuthorizationDataElement(&(data)->val[n_Top_tag - 1]);
+           ret += Top_tag_for_oldret;
+       }
+       ret += Top_tag_oldret;
+    }
+    ret += 1 + der_length_len(ret);
+    return ret;
+}
+
+int ASN1CALL
+copy_AuthorizationData(const AuthorizationData * from, AuthorizationData * to)
+{
+    memset(to, 0, sizeof(*to));
+    if (((to)->val = malloc((from)->len * sizeof(*(to)->val))) == NULL
+       && (from)->len != 0)
+       goto fail;
+    for ((to)->len = 0; (to)->len < (from)->len; (to)->len++) {
+       if (copy_AuthorizationDataElement
+           (&(from)->val[(to)->len], &(to)->val[(to)->len]))
+           goto fail;
+    }
+    return 0;
+  fail:
+    free_AuthorizationData(to);
+    return ENOMEM;
+}
+
+int ASN1CALL
+add_AuthorizationData(AuthorizationData * data,
+                     const AuthorizationDataElement * element)
+{
+    int ret;
+    void *ptr;
+
+    ptr = realloc(data->val, (data->len + 1) * sizeof(data->val[0]));
+    if (ptr == NULL)
+       return ENOMEM;
+    data->val = ptr;
+
+    ret = copy_AuthorizationDataElement(element, &data->val[data->len]);
+    if (ret)
+       return ret;
+    data->len++;
+    return 0;
+}
+
+int ASN1CALL
+remove_AuthorizationData(AuthorizationData * data, unsigned int element)
+{
+    void *ptr;
+
+    if (data->len == 0 || element >= data->len)
+       return ASN1_OVERRUN;
+    free_AuthorizationDataElement(&data->val[element]);
+    data->len--;
+    if (element < data->len)
+       memmove(&data->val[element], &data->val[element + 1],
+               sizeof(data->val[0]) * (data->len - element));
+    ptr = realloc(data->val, data->len * sizeof(data->val[0]));
+    if (ptr != NULL || data->len == 0)
+       data->val = ptr;
+    return 0;
+}
+
+int ASN1CALL
+encode_APOptions(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                size_t len HEIMDAL_UNUSED_ATTRIBUTE, const APOptions * data,
+                size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    {
+       unsigned char c = 0;
+       if (len < 1)
+           return ASN1_OVERFLOW;
+       *p-- = c;
+       len--;
+       ret++;
+       c = 0;
+       if (len < 1)
+           return ASN1_OVERFLOW;
+       *p-- = c;
+       len--;
+       ret++;
+       c = 0;
+       if (len < 1)
+           return ASN1_OVERFLOW;
+       *p-- = c;
+       len--;
+       ret++;
+       c = 0;
+       if ((data)->mutual_required) {
+           c |= 1 << 5;
+       }
+       if ((data)->use_session_key) {
+           c |= 1 << 6;
+       }
+       if ((data)->reserved) {
+           c |= 1 << 7;
+       }
+       if (len < 1)
+           return ASN1_OVERFLOW;
+       *p-- = c;
+       len--;
+       ret++;
+       if (len < 1)
+           return ASN1_OVERFLOW;
+       *p-- = 0;
+       len -= 1;
+       ret += 1;
+    }
+
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_BitString,
+                              &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
+
+    *size = ret;
+    return 0;
+}
+
+int ASN1CALL
+decode_APOptions(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                size_t len HEIMDAL_UNUSED_ATTRIBUTE, APOptions * data,
+                size_t * size)
+{
+    size_t ret = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    memset(data, 0, sizeof(*data));
+    {
+       size_t Top_datalen, Top_oldlen;
+       Der_type Top_type;
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_BitString, &Top_datalen, &l);
+       if (e == 0 && Top_type != PRIM) {
+           e = ASN1_BAD_ID;
+       }
+       if (e)
+           goto fail;
+       p += l;
+       len -= l;
+       ret += l;
+       Top_oldlen = len;
+       if (Top_datalen > len) {
+           e = ASN1_OVERRUN;
+           goto fail;
+       }
+       len = Top_datalen;
+       if (len < 1)
+           return ASN1_OVERRUN;
+       p++;
+       len--;
+       ret++;
+       do {
+           if (len < 1)
+               break;
+           (data)->reserved = (*p >> 7) & 1;
+           (data)->use_session_key = (*p >> 6) & 1;
+           (data)->mutual_required = (*p >> 5) & 1;
+       } while (0);
+       p += len;
+       ret += len;
+       len = Top_oldlen - Top_datalen;
+    }
+    if (size)
+       *size = ret;
+    return 0;
+  fail:
+    free_APOptions(data);
+    return e;
+}
+
+void ASN1CALL
+free_APOptions(APOptions * data)
+{
+}
+
+size_t ASN1CALL
+length_APOptions(const APOptions * data)
+{
+    size_t ret = 0;
+    ret += 5;
+    ret += 1 + der_length_len(ret);
+    return ret;
+}
+
+int ASN1CALL
+copy_APOptions(const APOptions * from, APOptions * to)
+{
+    memset(to, 0, sizeof(*to));
+    *(to) = *(from);
+    return 0;
+}
+
+unsigned
+APOptions2int(APOptions f)
+{
+    unsigned r = 0;
+    if (f.reserved)
+       r |= (1U << 0);
+    if (f.use_session_key)
+       r |= (1U << 1);
+    if (f.mutual_required)
+       r |= (1U << 2);
+    return r;
+}
+
+APOptions
+int2APOptions(unsigned n)
+{
+    APOptions flags;
+
+    memset(&flags, 0, sizeof(flags));
+
+    flags.reserved = (n >> 0) & 1;
+    flags.use_session_key = (n >> 1) & 1;
+    flags.mutual_required = (n >> 2) & 1;
+    return flags;
+}
+
+
+
+int ASN1CALL
+encode_TicketFlags(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                  size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                  const TicketFlags * data, size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    {
+       unsigned char c = 0;
+       if (len < 1)
+           return ASN1_OVERFLOW;
+       *p-- = c;
+       len--;
+       ret++;
+       c = 0;
+       if ((data)->anonymous) {
+           c |= 1 << 7;
+       }
+       if (len < 1)
+           return ASN1_OVERFLOW;
+       *p-- = c;
+       len--;
+       ret++;
+       c = 0;
+       if ((data)->enc_pa_rep) {
+           c |= 1 << 0;
+       }
+       if ((data)->ok_as_delegate) {
+           c |= 1 << 2;
+       }
+       if ((data)->transited_policy_checked) {
+           c |= 1 << 3;
+       }
+       if ((data)->hw_authent) {
+           c |= 1 << 4;
+       }
+       if ((data)->pre_authent) {
+           c |= 1 << 5;
+       }
+       if ((data)->initial) {
+           c |= 1 << 6;
+       }
+       if ((data)->renewable) {
+           c |= 1 << 7;
+       }
+       if (len < 1)
+           return ASN1_OVERFLOW;
+       *p-- = c;
+       len--;
+       ret++;
+       c = 0;
+       if ((data)->invalid) {
+           c |= 1 << 0;
+       }
+       if ((data)->postdated) {
+           c |= 1 << 1;
+       }
+       if ((data)->may_postdate) {
+           c |= 1 << 2;
+       }
+       if ((data)->proxy) {
+           c |= 1 << 3;
+       }
+       if ((data)->proxiable) {
+           c |= 1 << 4;
+       }
+       if ((data)->forwarded) {
+           c |= 1 << 5;
+       }
+       if ((data)->forwardable) {
+           c |= 1 << 6;
+       }
+       if ((data)->reserved) {
+           c |= 1 << 7;
+       }
+       if (len < 1)
+           return ASN1_OVERFLOW;
+       *p-- = c;
+       len--;
+       ret++;
+       if (len < 1)
+           return ASN1_OVERFLOW;
+       *p-- = 0;
+       len -= 1;
+       ret += 1;
+    }
+
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_BitString,
+                              &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
+
+    *size = ret;
+    return 0;
+}
+
+int ASN1CALL
+decode_TicketFlags(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                  size_t len HEIMDAL_UNUSED_ATTRIBUTE, TicketFlags * data,
+                  size_t * size)
+{
+    size_t ret = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    memset(data, 0, sizeof(*data));
+    {
+       size_t Top_datalen, Top_oldlen;
+       Der_type Top_type;
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_BitString, &Top_datalen, &l);
+       if (e == 0 && Top_type != PRIM) {
+           e = ASN1_BAD_ID;
+       }
+       if (e)
+           goto fail;
+       p += l;
+       len -= l;
+       ret += l;
+       Top_oldlen = len;
+       if (Top_datalen > len) {
+           e = ASN1_OVERRUN;
+           goto fail;
+       }
+       len = Top_datalen;
+       if (len < 1)
+           return ASN1_OVERRUN;
+       p++;
+       len--;
+       ret++;
+       do {
+           if (len < 1)
+               break;
+           (data)->reserved = (*p >> 7) & 1;
+           (data)->forwardable = (*p >> 6) & 1;
+           (data)->forwarded = (*p >> 5) & 1;
+           (data)->proxiable = (*p >> 4) & 1;
+           (data)->proxy = (*p >> 3) & 1;
+           (data)->may_postdate = (*p >> 2) & 1;
+           (data)->postdated = (*p >> 1) & 1;
+           (data)->invalid = (*p >> 0) & 1;
+           p++;
+           len--;
+           ret++;
+           if (len < 1)
+               break;
+           (data)->renewable = (*p >> 7) & 1;
+           (data)->initial = (*p >> 6) & 1;
+           (data)->pre_authent = (*p >> 5) & 1;
+           (data)->hw_authent = (*p >> 4) & 1;
+           (data)->transited_policy_checked = (*p >> 3) & 1;
+           (data)->ok_as_delegate = (*p >> 2) & 1;
+           (data)->enc_pa_rep = (*p >> 0) & 1;
+           p++;
+           len--;
+           ret++;
+           if (len < 1)
+               break;
+           (data)->anonymous = (*p >> 7) & 1;
+       } while (0);
+       p += len;
+       ret += len;
+       len = Top_oldlen - Top_datalen;
+    }
+    if (size)
+       *size = ret;
+    return 0;
+  fail:
+    free_TicketFlags(data);
+    return e;
+}
+
+void ASN1CALL
+free_TicketFlags(TicketFlags * data)
+{
+}
+
+size_t ASN1CALL
+length_TicketFlags(const TicketFlags * data)
+{
+    size_t ret = 0;
+    ret += 5;
+    ret += 1 + der_length_len(ret);
+    return ret;
+}
+
+int ASN1CALL
+copy_TicketFlags(const TicketFlags * from, TicketFlags * to)
+{
+    memset(to, 0, sizeof(*to));
+    *(to) = *(from);
+    return 0;
+}
+
+unsigned
+TicketFlags2int(TicketFlags f)
+{
+    unsigned r = 0;
+    if (f.reserved)
+       r |= (1U << 0);
+    if (f.forwardable)
+       r |= (1U << 1);
+    if (f.forwarded)
+       r |= (1U << 2);
+    if (f.proxiable)
+       r |= (1U << 3);
+    if (f.proxy)
+       r |= (1U << 4);
+    if (f.may_postdate)
+       r |= (1U << 5);
+    if (f.postdated)
+       r |= (1U << 6);
+    if (f.invalid)
+       r |= (1U << 7);
+    if (f.renewable)
+       r |= (1U << 8);
+    if (f.initial)
+       r |= (1U << 9);
+    if (f.pre_authent)
+       r |= (1U << 10);
+    if (f.hw_authent)
+       r |= (1U << 11);
+    if (f.transited_policy_checked)
+       r |= (1U << 12);
+    if (f.ok_as_delegate)
+       r |= (1U << 13);
+    if (f.enc_pa_rep)
+       r |= (1U << 15);
+    if (f.anonymous)
+       r |= (1U << 16);
+    return r;
+}
+
+TicketFlags
+int2TicketFlags(unsigned n)
+{
+    TicketFlags flags;
+
+    memset(&flags, 0, sizeof(flags));
+
+    flags.reserved = (n >> 0) & 1;
+    flags.forwardable = (n >> 1) & 1;
+    flags.forwarded = (n >> 2) & 1;
+    flags.proxiable = (n >> 3) & 1;
+    flags.proxy = (n >> 4) & 1;
+    flags.may_postdate = (n >> 5) & 1;
+    flags.postdated = (n >> 6) & 1;
+    flags.invalid = (n >> 7) & 1;
+    flags.renewable = (n >> 8) & 1;
+    flags.initial = (n >> 9) & 1;
+    flags.pre_authent = (n >> 10) & 1;
+    flags.hw_authent = (n >> 11) & 1;
+    flags.transited_policy_checked = (n >> 12) & 1;
+    flags.ok_as_delegate = (n >> 13) & 1;
+    flags.enc_pa_rep = (n >> 15) & 1;
+    flags.anonymous = (n >> 16) & 1;
+    return flags;
+}
+
+
+
+int ASN1CALL
+encode_KDCOptions(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                 size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                 const KDCOptions * data, size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    {
+       unsigned char c = 0;
+       if ((data)->validate) {
+           c |= 1 << 0;
+       }
+       if ((data)->renew) {
+           c |= 1 << 1;
+       }
+       if ((data)->enc_tkt_in_skey) {
+           c |= 1 << 3;
+       }
+       if ((data)->renewable_ok) {
+           c |= 1 << 4;
+       }
+       if ((data)->disable_transited_check) {
+           c |= 1 << 5;
+       }
+       if (len < 1)
+           return ASN1_OVERFLOW;
+       *p-- = c;
+       len--;
+       ret++;
+       c = 0;
+       if ((data)->request_anonymous) {
+           c |= 1 << 7;
+       }
+       if (len < 1)
+           return ASN1_OVERFLOW;
+       *p-- = c;
+       len--;
+       ret++;
+       c = 0;
+       if ((data)->canonicalize) {
+           c |= 1 << 0;
+       }
+       if ((data)->cname_in_addl_tkt) {
+           c |= 1 << 1;
+       }
+       if ((data)->renewable) {
+           c |= 1 << 7;
+       }
+       if (len < 1)
+           return ASN1_OVERFLOW;
+       *p-- = c;
+       len--;
+       ret++;
+       c = 0;
+       if ((data)->postdated) {
+           c |= 1 << 1;
+       }
+       if ((data)->allow_postdate) {
+           c |= 1 << 2;
+       }
+       if ((data)->proxy) {
+           c |= 1 << 3;
+       }
+       if ((data)->proxiable) {
+           c |= 1 << 4;
+       }
+       if ((data)->forwarded) {
+           c |= 1 << 5;
+       }
+       if ((data)->forwardable) {
+           c |= 1 << 6;
+       }
+       if ((data)->reserved) {
+           c |= 1 << 7;
+       }
+       if (len < 1)
+           return ASN1_OVERFLOW;
+       *p-- = c;
+       len--;
+       ret++;
+       if (len < 1)
+           return ASN1_OVERFLOW;
+       *p-- = 0;
+       len -= 1;
+       ret += 1;
+    }
+
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_BitString,
+                              &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
+
+    *size = ret;
+    return 0;
+}
+
+int ASN1CALL
+decode_KDCOptions(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                 size_t len HEIMDAL_UNUSED_ATTRIBUTE, KDCOptions * data,
+                 size_t * size)
+{
+    size_t ret = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    memset(data, 0, sizeof(*data));
+    {
+       size_t Top_datalen, Top_oldlen;
+       Der_type Top_type;
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_BitString, &Top_datalen, &l);
+       if (e == 0 && Top_type != PRIM) {
+           e = ASN1_BAD_ID;
+       }
+       if (e)
+           goto fail;
+       p += l;
+       len -= l;
+       ret += l;
+       Top_oldlen = len;
+       if (Top_datalen > len) {
+           e = ASN1_OVERRUN;
+           goto fail;
+       }
+       len = Top_datalen;
+       if (len < 1)
+           return ASN1_OVERRUN;
+       p++;
+       len--;
+       ret++;
+       do {
+           if (len < 1)
+               break;
+           (data)->reserved = (*p >> 7) & 1;
+           (data)->forwardable = (*p >> 6) & 1;
+           (data)->forwarded = (*p >> 5) & 1;
+           (data)->proxiable = (*p >> 4) & 1;
+           (data)->proxy = (*p >> 3) & 1;
+           (data)->allow_postdate = (*p >> 2) & 1;
+           (data)->postdated = (*p >> 1) & 1;
+           p++;
+           len--;
+           ret++;
+           if (len < 1)
+               break;
+           (data)->renewable = (*p >> 7) & 1;
+           (data)->cname_in_addl_tkt = (*p >> 1) & 1;
+           (data)->canonicalize = (*p >> 0) & 1;
+           p++;
+           len--;
+           ret++;
+           if (len < 1)
+               break;
+           (data)->request_anonymous = (*p >> 7) & 1;
+           p++;
+           len--;
+           ret++;
+           if (len < 1)
+               break;
+           (data)->disable_transited_check = (*p >> 5) & 1;
+           (data)->renewable_ok = (*p >> 4) & 1;
+           (data)->enc_tkt_in_skey = (*p >> 3) & 1;
+           (data)->renew = (*p >> 1) & 1;
+           (data)->validate = (*p >> 0) & 1;
+       } while (0);
+       p += len;
+       ret += len;
+       len = Top_oldlen - Top_datalen;
+    }
+    if (size)
+       *size = ret;
+    return 0;
+  fail:
+    free_KDCOptions(data);
+    return e;
+}
+
+void ASN1CALL
+free_KDCOptions(KDCOptions * data)
+{
+}
+
+size_t ASN1CALL
+length_KDCOptions(const KDCOptions * data)
+{
+    size_t ret = 0;
+    ret += 5;
+    ret += 1 + der_length_len(ret);
+    return ret;
+}
+
+int ASN1CALL
+copy_KDCOptions(const KDCOptions * from, KDCOptions * to)
+{
+    memset(to, 0, sizeof(*to));
+    *(to) = *(from);
+    return 0;
+}
+
+unsigned
+KDCOptions2int(KDCOptions f)
+{
+    unsigned r = 0;
+    if (f.reserved)
+       r |= (1U << 0);
+    if (f.forwardable)
+       r |= (1U << 1);
+    if (f.forwarded)
+       r |= (1U << 2);
+    if (f.proxiable)
+       r |= (1U << 3);
+    if (f.proxy)
+       r |= (1U << 4);
+    if (f.allow_postdate)
+       r |= (1U << 5);
+    if (f.postdated)
+       r |= (1U << 6);
+    if (f.renewable)
+       r |= (1U << 8);
+    if (f.cname_in_addl_tkt)
+       r |= (1U << 14);
+    if (f.canonicalize)
+       r |= (1U << 15);
+    if (f.request_anonymous)
+       r |= (1U << 16);
+    if (f.disable_transited_check)
+       r |= (1U << 26);
+    if (f.renewable_ok)
+       r |= (1U << 27);
+    if (f.enc_tkt_in_skey)
+       r |= (1U << 28);
+    if (f.renew)
+       r |= (1U << 30);
+    if (f.validate)
+       r |= (1U << 31);
+    return r;
+}
+
+KDCOptions
+int2KDCOptions(unsigned n)
+{
+    KDCOptions flags;
+
+    memset(&flags, 0, sizeof(flags));
+
+    flags.reserved = (n >> 0) & 1;
+    flags.forwardable = (n >> 1) & 1;
+    flags.forwarded = (n >> 2) & 1;
+    flags.proxiable = (n >> 3) & 1;
+    flags.proxy = (n >> 4) & 1;
+    flags.allow_postdate = (n >> 5) & 1;
+    flags.postdated = (n >> 6) & 1;
+    flags.renewable = (n >> 8) & 1;
+    flags.cname_in_addl_tkt = (n >> 14) & 1;
+    flags.canonicalize = (n >> 15) & 1;
+    flags.request_anonymous = (n >> 16) & 1;
+    flags.disable_transited_check = (n >> 26) & 1;
+    flags.renewable_ok = (n >> 27) & 1;
+    flags.enc_tkt_in_skey = (n >> 28) & 1;
+    flags.renew = (n >> 30) & 1;
+    flags.validate = (n >> 31) & 1;
+    return flags;
+}
+
+
+
+int ASN1CALL
+encode_LR_TYPE(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+              size_t len HEIMDAL_UNUSED_ATTRIBUTE, const LR_TYPE * data,
+              size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    {
+       int enumint = (int) *data;
+       e = der_put_integer(p, len, &enumint, &l);
+       if (e)
+           return e;
+       p -= l;
+       len -= l;
+       ret += l;
+
+    }
+    ;
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_Integer,
+                              &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
+
+    *size = ret;
+    return 0;
+}
+
+int ASN1CALL
+decode_LR_TYPE(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+              size_t len HEIMDAL_UNUSED_ATTRIBUTE, LR_TYPE * data,
+              size_t * size)
+{
+    size_t ret = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    memset(data, 0, sizeof(*data));
+    {
+       size_t Top_datalen, Top_oldlen;
+       Der_type Top_type;
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_Integer, &Top_datalen, &l);
+       if (e == 0 && Top_type != PRIM) {
+           e = ASN1_BAD_ID;
+       }
+       if (e)
+           goto fail;
+       p += l;
+       len -= l;
+       ret += l;
+       Top_oldlen = len;
+       if (Top_datalen > len) {
+           e = ASN1_OVERRUN;
+           goto fail;
+       }
+       len = Top_datalen;
+       {
+           int enumint;
+           e = der_get_integer(p, len, &enumint, &l);
+           if (e)
+               goto fail;
+           p += l;
+           len -= l;
+           ret += l;
+           *data = enumint;
+       }
+       len = Top_oldlen - Top_datalen;
+    }
+    if (size)
+       *size = ret;
+    return 0;
+  fail:
+    free_LR_TYPE(data);
+    return e;
+}
+
+void ASN1CALL
+free_LR_TYPE(LR_TYPE * data)
+{
+}
+
+size_t ASN1CALL
+length_LR_TYPE(const LR_TYPE * data)
+{
+    size_t ret = 0;
+    {
+       int enumint = *data;
+       ret += der_length_integer(&enumint);
+    }
+    ret += 1 + der_length_len(ret);
+    return ret;
+}
+
+int ASN1CALL
+copy_LR_TYPE(const LR_TYPE * from, LR_TYPE * to)
+{
+    memset(to, 0, sizeof(*to));
+    *(to) = *(from);
+    return 0;
+}
+
+int ASN1CALL
+encode_LastReq(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+              size_t len HEIMDAL_UNUSED_ATTRIBUTE, const LastReq * data,
+              size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    for (i = (int) (data)->len - 1; i >= 0; --i) {
+       size_t Top_tag_for_oldret = ret;
+       ret = 0;
+/* lr-value */
+       {
+           size_t Top_tag_S_Of_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
+           ret = 0;
+           e = encode_KerberosTime(p, len, &(&(data)->val[i])->lr_value, &l);
+           if (e)
+               return e;
+           p -= l;
+           len -= l;
+           ret += l;
+
+           e = der_put_length_and_tag(p, len, ret, ASN1_C_CONTEXT, CONS, 1,
+                                      &l);
+           if (e)
+               return e;
+           p -= l;
+           len -= l;
+           ret += l;
+
+           ret += Top_tag_S_Of_tag_oldret;
+       }
+/* lr-type */
+       {
+           size_t Top_tag_S_Of_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
+           ret = 0;
+           e = encode_LR_TYPE(p, len, &(&(data)->val[i])->lr_type, &l);
+           if (e)
+               return e;
+           p -= l;
+           len -= l;
+           ret += l;
+
+           e = der_put_length_and_tag(p, len, ret, ASN1_C_CONTEXT, CONS, 0,
+                                      &l);
+           if (e)
+               return e;
+           p -= l;
+           len -= l;
+           ret += l;
+
+           ret += Top_tag_S_Of_tag_oldret;
+       }
+       e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS,
+                                  UT_Sequence, &l);
+       if (e)
+           return e;
+       p -= l;
+       len -= l;
+       ret += l;
+
+       ret += Top_tag_for_oldret;
+    }
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence,
+                              &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
+
+    *size = ret;
+    return 0;
+}
+
+int ASN1CALL
+decode_LastReq(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+              size_t len HEIMDAL_UNUSED_ATTRIBUTE, LastReq * data,
+              size_t * size)
+{
+    size_t ret = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
+
+    memset(data, 0, sizeof(*data));
+    {
+       size_t Top_datalen, Top_oldlen;
+       Der_type Top_type;
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_Sequence, &Top_datalen, &l);
+       if (e == 0 && Top_type != CONS) {
+           e = ASN1_BAD_ID;
+       }
+       if (e)
+           goto fail;
+       p += l;
+       len -= l;
+       ret += l;
+       Top_oldlen = len;
+       if (Top_datalen > len) {
+           e = ASN1_OVERRUN;
+           goto fail;
+       }
+       len = Top_datalen;
+       {
+           size_t Top_Tag_origlen = len;
+           size_t Top_Tag_oldret = ret;
+           size_t Top_Tag_olen = 0;
+           void *Top_Tag_tmp;
+           ret = 0;
+           (data)->len = 0;
+           (data)->val = NULL;
+           while (ret < Top_Tag_origlen) {
+               size_t Top_Tag_nlen = Top_Tag_olen + sizeof(*((data)->val));
+               if (Top_Tag_olen > Top_Tag_nlen) {
+                   e = ASN1_OVERFLOW;
+                   goto fail;
+               }
+               Top_Tag_olen = Top_Tag_nlen;
+               Top_Tag_tmp = realloc((data)->val, Top_Tag_olen);
+               if (Top_Tag_tmp == NULL) {
+                   e = ENOMEM;
+                   goto fail;
+               }
+               (data)->val = Top_Tag_tmp;
+               {
+                   size_t Top_Tag_s_of_datalen, Top_Tag_s_of_oldlen;
+                   Der_type Top_Tag_s_of_type;
+                   e = der_match_tag_and_length(p, len, ASN1_C_UNIV,
+                                                &Top_Tag_s_of_type,
+                                                UT_Sequence,
+                                                &Top_Tag_s_of_datalen, &l);
+                   if (e == 0 && Top_Tag_s_of_type != CONS) {
+                       e = ASN1_BAD_ID;
+                   }
+                   if (e)
+                       goto fail;
+                   p += l;
+                   len -= l;
+                   ret += l;
+                   Top_Tag_s_of_oldlen = len;
+                   if (Top_Tag_s_of_datalen > len) {
+                       e = ASN1_OVERRUN;
+                       goto fail;
+                   }
+                   len = Top_Tag_s_of_datalen;
+                   {
+                       size_t lr_type_datalen, lr_type_oldlen;
+                       Der_type lr_type_type;
+                       e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                                    &lr_type_type, 0,
+                                                    &lr_type_datalen, &l);
+                       if (e == 0 && lr_type_type != CONS) {
+                           e = ASN1_BAD_ID;
+                       }
+                       if (e)
+                           goto fail;
+                       p += l;
+                       len -= l;
+                       ret += l;
+                       lr_type_oldlen = len;
+                       if (lr_type_datalen > len) {
+                           e = ASN1_OVERRUN;
+                           goto fail;
+                       }
+                       len = lr_type_datalen;
+                       e = decode_LR_TYPE(p, len,
+                                          &(&(data)->val[(data)->len])->
+                                          lr_type, &l);
+                       if (e)
+                           goto fail;
+                       p += l;
+                       len -= l;
+                       ret += l;
+                       len = lr_type_oldlen - lr_type_datalen;
+                   }
+                   {
+                       size_t lr_value_datalen, lr_value_oldlen;
+                       Der_type lr_value_type;
+                       e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                                    &lr_value_type, 1,
+                                                    &lr_value_datalen, &l);
+                       if (e == 0 && lr_value_type != CONS) {
+                           e = ASN1_BAD_ID;
+                       }
+                       if (e)
+                           goto fail;
+                       p += l;
+                       len -= l;
+                       ret += l;
+                       lr_value_oldlen = len;
+                       if (lr_value_datalen > len) {
+                           e = ASN1_OVERRUN;
+                           goto fail;
+                       }
+                       len = lr_value_datalen;
+                       e = decode_KerberosTime(p, len,
+                                               &(&(data)->val[(data)->len])->
+                                               lr_value, &l);
+                       if (e)
+                           goto fail;
+                       p += l;
+                       len -= l;
+                       ret += l;
+                       len = lr_value_oldlen - lr_value_datalen;
+                   }
+                   len = Top_Tag_s_of_oldlen - Top_Tag_s_of_datalen;
+               }
+               (data)->len++;
+               len = Top_Tag_origlen - ret;
+           }
+           ret += Top_Tag_oldret;
+       }
+       len = Top_oldlen - Top_datalen;
+    }
+    if (size)
+       *size = ret;
+    return 0;
+  fail:
+    free_LastReq(data);
+    return e;
+}
+
+void ASN1CALL
+free_LastReq(LastReq * data)
+{
+    while ((data)->len) {
+       free_LR_TYPE(&(&(data)->val[(data)->len - 1])->lr_type);
+       free_KerberosTime(&(&(data)->val[(data)->len - 1])->lr_value);
+       (data)->len--;
+    }
+    free((data)->val);
+    (data)->val = NULL;
+}
+
+size_t ASN1CALL
+length_LastReq(const LastReq * data)
+{
+    size_t ret = 0;
+    {
+       size_t Top_tag_oldret = ret;
+       unsigned int n_Top_tag;
+       ret = 0;
+       for (n_Top_tag = (data)->len; n_Top_tag > 0; --n_Top_tag) {
+           size_t Top_tag_for_oldret = ret;
+           ret = 0;
+           {
+               size_t Top_tag_S_Of_tag_oldret = ret;
+               ret = 0;
+               ret +=
+                   length_LR_TYPE(&(&(data)->val[n_Top_tag - 1])->lr_type);
+               ret += 1 + der_length_len(ret);
+               ret += Top_tag_S_Of_tag_oldret;
+           }
+           {
+               size_t Top_tag_S_Of_tag_oldret = ret;
+               ret = 0;
+               ret +=
+                   length_KerberosTime(&(&(data)->val[n_Top_tag - 1])->
+                                       lr_value);
+               ret += 1 + der_length_len(ret);
+               ret += Top_tag_S_Of_tag_oldret;
+           }
+           ret += 1 + der_length_len(ret);
+           ret += Top_tag_for_oldret;
+       }
+       ret += Top_tag_oldret;
+    }
+    ret += 1 + der_length_len(ret);
+    return ret;
+}
+
+int ASN1CALL
+copy_LastReq(const LastReq * from, LastReq * to)
+{
+    memset(to, 0, sizeof(*to));
+    if (((to)->val = malloc((from)->len * sizeof(*(to)->val))) == NULL
+       && (from)->len != 0)
+       goto fail;
+    for ((to)->len = 0; (to)->len < (from)->len; (to)->len++) {
+       if (copy_LR_TYPE
+           (&(&(from)->val[(to)->len])->lr_type,
+            &(&(to)->val[(to)->len])->lr_type))
+           goto fail;
+       if (copy_KerberosTime
+           (&(&(from)->val[(to)->len])->lr_value,
+            &(&(to)->val[(to)->len])->lr_value))
+           goto fail;
+    }
+    return 0;
+  fail:
+    free_LastReq(to);
+    return ENOMEM;
+}
+
+int ASN1CALL
+encode_EncryptedData(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                    size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                    const EncryptedData * data, size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
+
+/* cipher */
+    {
+       size_t Top_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
        e = der_put_octet_string(p, len, &(data)->cipher, &l);
        if (e)
@@ -705,7 +3999,8 @@ encode_EncryptedData(unsigned char *p, size_t len, const EncryptedData * data, s
        len -= l;
        ret += l;
 
-       e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_OctetString, &l);
+       e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM,
+                                  UT_OctetString, &l);
        if (e)
            return e;
        p -= l;
@@ -723,7 +4018,7 @@ encode_EncryptedData(unsigned char *p, size_t len, const EncryptedData * data, s
     }
 /* kvno */
     if ((data)->kvno) {
-       size_t Top_tag_oldret = ret;
+       size_t Top_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
        e = encode_krb5int32(p, len, (data)->kvno, &l);
        if (e)
@@ -743,7 +4038,7 @@ encode_EncryptedData(unsigned char *p, size_t len, const EncryptedData * data, s
     }
 /* etype */
     {
-       size_t Top_tag_oldret = ret;
+       size_t Top_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
        e = encode_ENCTYPE(p, len, &(data)->etype, &l);
        if (e)
@@ -761,7 +4056,8 @@ encode_EncryptedData(unsigned char *p, size_t len, const EncryptedData * data, s
 
        ret += Top_tag_oldret;
     }
-    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence, &l);
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence,
+                              &l);
     if (e)
        return e;
     p -= l;
@@ -772,18 +4068,21 @@ encode_EncryptedData(unsigned char *p, size_t len, const EncryptedData * data, s
     return 0;
 }
 
-int
-decode_EncryptedData(const unsigned char *p, size_t len, EncryptedData * data, size_t * size)
+int ASN1CALL
+decode_EncryptedData(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                    size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                    EncryptedData * data, size_t * size)
 {
     size_t ret = 0;
-    size_t l;
-    int e;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
 
     memset(data, 0, sizeof(*data));
     {
        size_t Top_datalen, Top_oldlen;
        Der_type Top_type;
-       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type, UT_Sequence, &Top_datalen, &l);
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_Sequence, &Top_datalen, &l);
        if (e == 0 && Top_type != CONS) {
            e = ASN1_BAD_ID;
        }
@@ -801,7 +4100,8 @@ decode_EncryptedData(const unsigned char *p, size_t len, EncryptedData * data, s
        {
            size_t etype_datalen, etype_oldlen;
            Der_type etype_type;
-           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &etype_type, 0, &etype_datalen, &l);
+           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &etype_type,
+                                        0, &etype_datalen, &l);
            if (e == 0 && etype_type != CONS) {
                e = ASN1_BAD_ID;
            }
@@ -827,7 +4127,8 @@ decode_EncryptedData(const unsigned char *p, size_t len, EncryptedData * data, s
        {
            size_t kvno_datalen, kvno_oldlen;
            Der_type kvno_type;
-           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &kvno_type, 1, &kvno_datalen, &l);
+           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &kvno_type,
+                                        1, &kvno_datalen, &l);
            if (e == 0 && kvno_type != CONS) {
                e = ASN1_BAD_ID;
            }
@@ -860,7 +4161,8 @@ decode_EncryptedData(const unsigned char *p, size_t len, EncryptedData * data, s
        {
            size_t cipher_datalen, cipher_oldlen;
            Der_type cipher_type;
-           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &cipher_type, 2, &cipher_datalen, &l);
+           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &cipher_type,
+                                        2, &cipher_datalen, &l);
            if (e == 0 && cipher_type != CONS) {
                e = ASN1_BAD_ID;
            }
@@ -878,7 +4180,9 @@ decode_EncryptedData(const unsigned char *p, size_t len, EncryptedData * data, s
            {
                size_t cipher_Tag_datalen, cipher_Tag_oldlen;
                Der_type cipher_Tag_type;
-               e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &cipher_Tag_type, UT_OctetString, &cipher_Tag_datalen, &l);
+               e = der_match_tag_and_length(p, len, ASN1_C_UNIV,
+                                            &cipher_Tag_type, UT_OctetString,
+                                            &cipher_Tag_datalen, &l);
                if (e == 0 && cipher_Tag_type != PRIM) {
                    e = ASN1_BAD_ID;
                }
@@ -908,12 +4212,12 @@ decode_EncryptedData(const unsigned char *p, size_t len, EncryptedData * data, s
     if (size)
        *size = ret;
     return 0;
-fail:
+  fail:
     free_EncryptedData(data);
     return e;
 }
 
-void
+void ASN1CALL
 free_EncryptedData(EncryptedData * data)
 {
     free_ENCTYPE(&(data)->etype);
@@ -925,7 +4229,7 @@ free_EncryptedData(EncryptedData * data)
     der_free_octet_string(&(data)->cipher);
 }
 
-size_t
+size_t ASN1CALL
 length_EncryptedData(const EncryptedData * data)
 {
     size_t ret = 0;
@@ -942,7 +4246,8 @@ length_EncryptedData(const EncryptedData * data)
        ret += length_krb5int32((data)->kvno);
        ret += 1 + der_length_len(ret);
        ret += Top_tag_oldret;
-    } {
+    }
+    {
        size_t Top_tag_oldret = ret;
        ret = 0;
        ret += der_length_octet_string(&(data)->cipher);
@@ -954,7 +4259,7 @@ length_EncryptedData(const EncryptedData * data)
     return ret;
 }
 
-int
+int ASN1CALL
 copy_EncryptedData(const EncryptedData * from, EncryptedData * to)
 {
     memset(to, 0, sizeof(*to));
@@ -971,56 +4276,33 @@ copy_EncryptedData(const EncryptedData * from, EncryptedData * to)
     if (der_copy_octet_string(&(from)->cipher, &(to)->cipher))
        goto fail;
     return 0;
-fail:
+  fail:
     free_EncryptedData(to);
     return ENOMEM;
 }
 
-
-
-/* Generated from ./krb5.asn1 */
-/* Do not edit */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <errno.h>
-#include <limits.h>
-#include <asn1_err.h>
-
-int
-encode_PrincipalName(unsigned char *p, size_t len, const PrincipalName * data, size_t * size)
+int ASN1CALL
+encode_EncryptionKey(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                    size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                    const EncryptionKey * data, size_t * size)
 {
-    size_t ret = 0;
-    size_t l;
-    int i, e;
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
 
-    i = 0;
-/* name-string */
+/* keyvalue */
     {
-       size_t Top_tag_oldret = ret;
+       size_t Top_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
-       for (i = (&(data)->name_string)->len - 1; i >= 0; --i) {
-           size_t name_string_tag_tag_for_oldret = ret;
-           ret = 0;
-           e = der_put_general_string(p, len, &(&(data)->name_string)->val[i], &l);
-           if (e)
-               return e;
-           p -= l;
-           len -= l;
-           ret += l;
-
-           e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_GeneralString, &l);
-           if (e)
-               return e;
-           p -= l;
-           len -= l;
-           ret += l;
+       e = der_put_octet_string(p, len, &(data)->keyvalue, &l);
+       if (e)
+           return e;
+       p -= l;
+       len -= l;
+       ret += l;
 
-           ret += name_string_tag_tag_for_oldret;
-       }
-       e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence, &l);
+       e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM,
+                                  UT_OctetString, &l);
        if (e)
            return e;
        p -= l;
@@ -1036,11 +4318,11 @@ encode_PrincipalName(unsigned char *p, size_t len, const PrincipalName * data, s
 
        ret += Top_tag_oldret;
     }
-/* name-type */
+/* keytype */
     {
-       size_t Top_tag_oldret = ret;
+       size_t Top_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
-       e = encode_NAME_TYPE(p, len, &(data)->name_type, &l);
+       e = encode_krb5int32(p, len, &(data)->keytype, &l);
        if (e)
            return e;
        p -= l;
@@ -1056,7 +4338,8 @@ encode_PrincipalName(unsigned char *p, size_t len, const PrincipalName * data, s
 
        ret += Top_tag_oldret;
     }
-    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence, &l);
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence,
+                              &l);
     if (e)
        return e;
     p -= l;
@@ -1067,18 +4350,21 @@ encode_PrincipalName(unsigned char *p, size_t len, const PrincipalName * data, s
     return 0;
 }
 
-int
-decode_PrincipalName(const unsigned char *p, size_t len, PrincipalName * data, size_t * size)
+int ASN1CALL
+decode_EncryptionKey(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                    size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                    EncryptionKey * data, size_t * size)
 {
     size_t ret = 0;
-    size_t l;
-    int e;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
 
     memset(data, 0, sizeof(*data));
     {
        size_t Top_datalen, Top_oldlen;
        Der_type Top_type;
-       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type, UT_Sequence, &Top_datalen, &l);
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_Sequence, &Top_datalen, &l);
        if (e == 0 && Top_type != CONS) {
            e = ASN1_BAD_ID;
        }
@@ -1094,10 +4380,12 @@ decode_PrincipalName(const unsigned char *p, size_t len, PrincipalName * data, s
        }
        len = Top_datalen;
        {
-           size_t name_type_datalen, name_type_oldlen;
-           Der_type name_type_type;
-           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &name_type_type, 0, &name_type_datalen, &l);
-           if (e == 0 && name_type_type != CONS) {
+           size_t keytype_datalen, keytype_oldlen;
+           Der_type keytype_type;
+           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                        &keytype_type, 0, &keytype_datalen,
+                                        &l);
+           if (e == 0 && keytype_type != CONS) {
                e = ASN1_BAD_ID;
            }
            if (e)
@@ -1105,25 +4393,27 @@ decode_PrincipalName(const unsigned char *p, size_t len, PrincipalName * data, s
            p += l;
            len -= l;
            ret += l;
-           name_type_oldlen = len;
-           if (name_type_datalen > len) {
+           keytype_oldlen = len;
+           if (keytype_datalen > len) {
                e = ASN1_OVERRUN;
                goto fail;
            }
-           len = name_type_datalen;
-           e = decode_NAME_TYPE(p, len, &(data)->name_type, &l);
+           len = keytype_datalen;
+           e = decode_krb5int32(p, len, &(data)->keytype, &l);
            if (e)
                goto fail;
            p += l;
            len -= l;
            ret += l;
-           len = name_type_oldlen - name_type_datalen;
+           len = keytype_oldlen - keytype_datalen;
        }
        {
-           size_t name_string_datalen, name_string_oldlen;
-           Der_type name_string_type;
-           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &name_string_type, 1, &name_string_datalen, &l);
-           if (e == 0 && name_string_type != CONS) {
+           size_t keyvalue_datalen, keyvalue_oldlen;
+           Der_type keyvalue_type;
+           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                        &keyvalue_type, 1, &keyvalue_datalen,
+                                        &l);
+           if (e == 0 && keyvalue_type != CONS) {
                e = ASN1_BAD_ID;
            }
            if (e)
@@ -1131,17 +4421,20 @@ decode_PrincipalName(const unsigned char *p, size_t len, PrincipalName * data, s
            p += l;
            len -= l;
            ret += l;
-           name_string_oldlen = len;
-           if (name_string_datalen > len) {
+           keyvalue_oldlen = len;
+           if (keyvalue_datalen > len) {
                e = ASN1_OVERRUN;
                goto fail;
            }
-           len = name_string_datalen;
+           len = keyvalue_datalen;
            {
-               size_t name_string_Tag_datalen, name_string_Tag_oldlen;
-               Der_type name_string_Tag_type;
-               e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &name_string_Tag_type, UT_Sequence, &name_string_Tag_datalen, &l);
-               if (e == 0 && name_string_Tag_type != CONS) {
+               size_t keyvalue_Tag_datalen, keyvalue_Tag_oldlen;
+               Der_type keyvalue_Tag_type;
+               e = der_match_tag_and_length(p, len, ASN1_C_UNIV,
+                                            &keyvalue_Tag_type,
+                                            UT_OctetString,
+                                            &keyvalue_Tag_datalen, &l);
+               if (e == 0 && keyvalue_Tag_type != PRIM) {
                    e = ASN1_BAD_ID;
                }
                if (e)
@@ -1149,117 +4442,54 @@ decode_PrincipalName(const unsigned char *p, size_t len, PrincipalName * data, s
                p += l;
                len -= l;
                ret += l;
-               name_string_Tag_oldlen = len;
-               if (name_string_Tag_datalen > len) {
+               keyvalue_Tag_oldlen = len;
+               if (keyvalue_Tag_datalen > len) {
                    e = ASN1_OVERRUN;
                    goto fail;
                }
-               len = name_string_Tag_datalen;
-               {
-                   size_t name_string_Tag_Tag_origlen = len;
-                   size_t name_string_Tag_Tag_oldret = ret;
-                   size_t name_string_Tag_Tag_olen = 0;
-                   void *name_string_Tag_Tag_tmp;
-                   ret = 0;
-                   (&(data)->name_string)->len = 0;
-                   (&(data)->name_string)->val = NULL;
-                   while (ret < name_string_Tag_Tag_origlen) {
-                       size_t name_string_Tag_Tag_nlen = name_string_Tag_Tag_olen + sizeof(*((&(data)->name_string)->val));
-                       if (name_string_Tag_Tag_olen > name_string_Tag_Tag_nlen) {
-                           e = ASN1_OVERFLOW;
-                           goto fail;
-                       }
-                       name_string_Tag_Tag_olen = name_string_Tag_Tag_nlen;
-                       name_string_Tag_Tag_tmp = realloc((&(data)->name_string)->val, name_string_Tag_Tag_olen);
-                       if (name_string_Tag_Tag_tmp == NULL) {
-                           e = ENOMEM;
-                           goto fail;
-                       }
-                       (&(data)->name_string)->val = name_string_Tag_Tag_tmp;
-                       {
-                           size_t name_string_Tag_Tag_s_of_datalen, name_string_Tag_Tag_s_of_oldlen;
-                           Der_type name_string_Tag_Tag_s_of_type;
-                           e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &name_string_Tag_Tag_s_of_type, UT_GeneralString, &name_string_Tag_Tag_s_of_datalen, &l);
-                           if (e == 0 && name_string_Tag_Tag_s_of_type != PRIM) {
-                               e = ASN1_BAD_ID;
-                           }
-                           if (e)
-                               goto fail;
-                           p += l;
-                           len -= l;
-                           ret += l;
-                           name_string_Tag_Tag_s_of_oldlen = len;
-                           if (name_string_Tag_Tag_s_of_datalen > len) {
-                               e = ASN1_OVERRUN;
-                               goto fail;
-                           }
-                           len = name_string_Tag_Tag_s_of_datalen;
-                           e = der_get_general_string(p, len, &(&(data)->name_string)->val[(&(data)->name_string)->len], &l);
-                           if (e)
-                               goto fail;
-                           p += l;
-                           len -= l;
-                           ret += l;
-                           len = name_string_Tag_Tag_s_of_oldlen - name_string_Tag_Tag_s_of_datalen;
-                       }
-                       (&(data)->name_string)->len++;
-                       len = name_string_Tag_Tag_origlen - ret;
-                   }
-                   ret += name_string_Tag_Tag_oldret;
-               }
-               len = name_string_Tag_oldlen - name_string_Tag_datalen;
+               len = keyvalue_Tag_datalen;
+               e = der_get_octet_string(p, len, &(data)->keyvalue, &l);
+               if (e)
+                   goto fail;
+               p += l;
+               len -= l;
+               ret += l;
+               len = keyvalue_Tag_oldlen - keyvalue_Tag_datalen;
            }
-           len = name_string_oldlen - name_string_datalen;
+           len = keyvalue_oldlen - keyvalue_datalen;
        }
        len = Top_oldlen - Top_datalen;
     }
     if (size)
        *size = ret;
     return 0;
-fail:
-    free_PrincipalName(data);
+  fail:
+    free_EncryptionKey(data);
     return e;
 }
 
-void
-free_PrincipalName(PrincipalName * data)
+void ASN1CALL
+free_EncryptionKey(EncryptionKey * data)
 {
-    free_NAME_TYPE(&(data)->name_type);
-    while ((&(data)->name_string)->len) {
-       der_free_general_string(&(&(data)->name_string)->val[(&(data)->name_string)->len - 1]);
-       (&(data)->name_string)->len--;
-    }
-    free((&(data)->name_string)->val);
-    (&(data)->name_string)->val = NULL;
+    free_krb5int32(&(data)->keytype);
+    der_free_octet_string(&(data)->keyvalue);
 }
 
-size_t
-length_PrincipalName(const PrincipalName * data)
+size_t ASN1CALL
+length_EncryptionKey(const EncryptionKey * data)
 {
     size_t ret = 0;
     {
        size_t Top_tag_oldret = ret;
        ret = 0;
-       ret += length_NAME_TYPE(&(data)->name_type);
+       ret += length_krb5int32(&(data)->keytype);
        ret += 1 + der_length_len(ret);
        ret += Top_tag_oldret;
     }
     {
        size_t Top_tag_oldret = ret;
        ret = 0;
-       {
-           int name_string_tag_tag_oldret = ret;
-           int i;
-           ret = 0;
-           for (i = (&(data)->name_string)->len - 1; i >= 0; --i) {
-               int name_string_tag_tag_for_oldret = ret;
-               ret = 0;
-               ret += der_length_general_string(&(&(data)->name_string)->val[i]);
-               ret += 1 + der_length_len(ret);
-               ret += name_string_tag_tag_for_oldret;
-           }
-           ret += name_string_tag_tag_oldret;
-       }
+       ret += der_length_octet_string(&(data)->keyvalue);
        ret += 1 + der_length_len(ret);
        ret += 1 + der_length_len(ret);
        ret += Top_tag_oldret;
@@ -1268,216 +4498,42 @@ length_PrincipalName(const PrincipalName * data)
     return ret;
 }
 
-int
-copy_PrincipalName(const PrincipalName * from, PrincipalName * to)
+int ASN1CALL
+copy_EncryptionKey(const EncryptionKey * from, EncryptionKey * to)
 {
     memset(to, 0, sizeof(*to));
-    if (copy_NAME_TYPE(&(from)->name_type, &(to)->name_type))
-       goto fail;
-    if (((&(to)->name_string)->val = malloc((&(from)->name_string)->len * sizeof(*(&(to)->name_string)->val))) == NULL && (&(from)->name_string)->len != 0)
+    if (copy_krb5int32(&(from)->keytype, &(to)->keytype))
        goto fail;
-    for ((&(to)->name_string)->len = 0; (&(to)->name_string)->len < (&(from)->name_string)->len; (&(to)->name_string)->len++) {
-       if (der_copy_general_string(&(&(from)->name_string)->val[(&(to)->name_string)->len], &(&(to)->name_string)->val[(&(to)->name_string)->len]))
-           goto fail;
-    }
-    return 0;
-fail:
-    free_PrincipalName(to);
-    return ENOMEM;
-}
-
-
-
-/* Generated from ./krb5.asn1 */
-/* Do not edit */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <errno.h>
-#include <limits.h>
-#include <asn1_err.h>
-
-int
-encode_HostAddresses(unsigned char *p, size_t len, const HostAddresses * data, size_t * size)
-{
-    size_t ret = 0;
-    size_t l;
-    int i, e;
-
-    i = 0;
-    for (i = (data)->len - 1; i >= 0; --i) {
-       size_t Top_tag_for_oldret = ret;
-       ret = 0;
-       e = encode_HostAddress(p, len, &(data)->val[i], &l);
-       if (e)
-           return e;
-       p -= l;
-       len -= l;
-       ret += l;
-
-       ret += Top_tag_for_oldret;
-    }
-    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence, &l);
-    if (e)
-       return e;
-    p -= l;
-    len -= l;
-    ret += l;
-
-    *size = ret;
-    return 0;
-}
-
-int
-decode_HostAddresses(const unsigned char *p, size_t len, HostAddresses * data, size_t * size)
-{
-    size_t ret = 0;
-    size_t l;
-    int e;
-
-    memset(data, 0, sizeof(*data));
-    {
-       size_t Top_datalen, Top_oldlen;
-       Der_type Top_type;
-       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type, UT_Sequence, &Top_datalen, &l);
-       if (e == 0 && Top_type != CONS) {
-           e = ASN1_BAD_ID;
-       }
-       if (e)
-           goto fail;
-       p += l;
-       len -= l;
-       ret += l;
-       Top_oldlen = len;
-       if (Top_datalen > len) {
-           e = ASN1_OVERRUN;
-           goto fail;
-       }
-       len = Top_datalen;
-       {
-           size_t Top_Tag_origlen = len;
-           size_t Top_Tag_oldret = ret;
-           size_t Top_Tag_olen = 0;
-           void *Top_Tag_tmp;
-           ret = 0;
-           (data)->len = 0;
-           (data)->val = NULL;
-           while (ret < Top_Tag_origlen) {
-               size_t Top_Tag_nlen = Top_Tag_olen + sizeof(*((data)->val));
-               if (Top_Tag_olen > Top_Tag_nlen) {
-                   e = ASN1_OVERFLOW;
-                   goto fail;
-               }
-               Top_Tag_olen = Top_Tag_nlen;
-               Top_Tag_tmp = realloc((data)->val, Top_Tag_olen);
-               if (Top_Tag_tmp == NULL) {
-                   e = ENOMEM;
-                   goto fail;
-               }
-               (data)->val = Top_Tag_tmp;
-               e = decode_HostAddress(p, len, &(data)->val[(data)->len], &l);
-               if (e)
-                   goto fail;
-               p += l;
-               len -= l;
-               ret += l;
-               (data)->len++;
-               len = Top_Tag_origlen - ret;
-           }
-           ret += Top_Tag_oldret;
-       }
-       len = Top_oldlen - Top_datalen;
-    }
-    if (size)
-       *size = ret;
-    return 0;
-fail:
-    free_HostAddresses(data);
-    return e;
-}
-
-void
-free_HostAddresses(HostAddresses * data)
-{
-    while ((data)->len) {
-       free_HostAddress(&(data)->val[(data)->len - 1]);
-       (data)->len--;
-    }
-    free((data)->val);
-    (data)->val = NULL;
-}
-
-size_t
-length_HostAddresses(const HostAddresses * data)
-{
-    size_t ret = 0;
-    {
-       int Top_tag_oldret = ret;
-       int i;
-       ret = 0;
-       for (i = (data)->len - 1; i >= 0; --i) {
-           int Top_tag_for_oldret = ret;
-           ret = 0;
-           ret += length_HostAddress(&(data)->val[i]);
-           ret += Top_tag_for_oldret;
-       }
-       ret += Top_tag_oldret;
-    }
-    ret += 1 + der_length_len(ret);
-    return ret;
-}
-
-int
-copy_HostAddresses(const HostAddresses * from, HostAddresses * to)
-{
-    memset(to, 0, sizeof(*to));
-    if (((to)->val = malloc((from)->len * sizeof(*(to)->val))) == NULL && (from)->len != 0)
+    if (der_copy_octet_string(&(from)->keyvalue, &(to)->keyvalue))
        goto fail;
-    for ((to)->len = 0; (to)->len < (from)->len; (to)->len++) {
-       if (copy_HostAddress(&(from)->val[(to)->len], &(to)->val[(to)->len]))
-           goto fail;
-    }
     return 0;
-fail:
-    free_HostAddresses(to);
+  fail:
+    free_EncryptionKey(to);
     return ENOMEM;
 }
 
-
-
-/* Generated from ./krb5.asn1 */
-/* Do not edit */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <errno.h>
-#include <limits.h>
-#include <asn1_err.h>
-
-int
-encode_HostAddress(unsigned char *p, size_t len, const HostAddress * data, size_t * size)
+int ASN1CALL
+encode_TransitedEncoding(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                        size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                        const TransitedEncoding * data, size_t * size)
 {
-    size_t ret = 0;
-    size_t l;
-    int i AFS_UNUSED, e;
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
 
-    i = 0;
-/* address */
+/* contents */
     {
-       size_t Top_tag_oldret = ret;
+       size_t Top_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
-       e = der_put_octet_string(p, len, &(data)->address, &l);
+       e = der_put_octet_string(p, len, &(data)->contents, &l);
        if (e)
            return e;
        p -= l;
        len -= l;
        ret += l;
 
-       e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_OctetString, &l);
+       e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM,
+                                  UT_OctetString, &l);
        if (e)
            return e;
        p -= l;
@@ -1493,11 +4549,11 @@ encode_HostAddress(unsigned char *p, size_t len, const HostAddress * data, size_
 
        ret += Top_tag_oldret;
     }
-/* addr-type */
+/* tr-type */
     {
-       size_t Top_tag_oldret = ret;
+       size_t Top_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
-       e = encode_krb5int32(p, len, &(data)->addr_type, &l);
+       e = encode_krb5int32(p, len, &(data)->tr_type, &l);
        if (e)
            return e;
        p -= l;
@@ -1513,7 +4569,8 @@ encode_HostAddress(unsigned char *p, size_t len, const HostAddress * data, size_
 
        ret += Top_tag_oldret;
     }
-    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence, &l);
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence,
+                              &l);
     if (e)
        return e;
     p -= l;
@@ -1524,18 +4581,21 @@ encode_HostAddress(unsigned char *p, size_t len, const HostAddress * data, size_
     return 0;
 }
 
-int
-decode_HostAddress(const unsigned char *p, size_t len, HostAddress * data, size_t * size)
+int ASN1CALL
+decode_TransitedEncoding(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                        size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                        TransitedEncoding * data, size_t * size)
 {
     size_t ret = 0;
-    size_t l;
-    int e;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
 
     memset(data, 0, sizeof(*data));
     {
        size_t Top_datalen, Top_oldlen;
        Der_type Top_type;
-       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type, UT_Sequence, &Top_datalen, &l);
+       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type,
+                                    UT_Sequence, &Top_datalen, &l);
        if (e == 0 && Top_type != CONS) {
            e = ASN1_BAD_ID;
        }
@@ -1551,10 +4611,12 @@ decode_HostAddress(const unsigned char *p, size_t len, HostAddress * data, size_
        }
        len = Top_datalen;
        {
-           size_t addr_type_datalen, addr_type_oldlen;
-           Der_type addr_type_type;
-           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &addr_type_type, 0, &addr_type_datalen, &l);
-           if (e == 0 && addr_type_type != CONS) {
+           size_t tr_type_datalen, tr_type_oldlen;
+           Der_type tr_type_type;
+           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                        &tr_type_type, 0, &tr_type_datalen,
+                                        &l);
+           if (e == 0 && tr_type_type != CONS) {
                e = ASN1_BAD_ID;
            }
            if (e)
@@ -1562,25 +4624,27 @@ decode_HostAddress(const unsigned char *p, size_t len, HostAddress * data, size_
            p += l;
            len -= l;
            ret += l;
-           addr_type_oldlen = len;
-           if (addr_type_datalen > len) {
+           tr_type_oldlen = len;
+           if (tr_type_datalen > len) {
                e = ASN1_OVERRUN;
                goto fail;
            }
-           len = addr_type_datalen;
-           e = decode_krb5int32(p, len, &(data)->addr_type, &l);
+           len = tr_type_datalen;
+           e = decode_krb5int32(p, len, &(data)->tr_type, &l);
            if (e)
                goto fail;
            p += l;
            len -= l;
            ret += l;
-           len = addr_type_oldlen - addr_type_datalen;
+           len = tr_type_oldlen - tr_type_datalen;
        }
        {
-           size_t address_datalen, address_oldlen;
-           Der_type address_type;
-           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &address_type, 1, &address_datalen, &l);
-           if (e == 0 && address_type != CONS) {
+           size_t contents_datalen, contents_oldlen;
+           Der_type contents_type;
+           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                        &contents_type, 1, &contents_datalen,
+                                        &l);
+           if (e == 0 && contents_type != CONS) {
                e = ASN1_BAD_ID;
            }
            if (e)
@@ -1588,17 +4652,20 @@ decode_HostAddress(const unsigned char *p, size_t len, HostAddress * data, size_
            p += l;
            len -= l;
            ret += l;
-           address_oldlen = len;
-           if (address_datalen > len) {
+           contents_oldlen = len;
+           if (contents_datalen > len) {
                e = ASN1_OVERRUN;
                goto fail;
            }
-           len = address_datalen;
+           len = contents_datalen;
            {
-               size_t address_Tag_datalen, address_Tag_oldlen;
-               Der_type address_Tag_type;
-               e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &address_Tag_type, UT_OctetString, &address_Tag_datalen, &l);
-               if (e == 0 && address_Tag_type != PRIM) {
+               size_t contents_Tag_datalen, contents_Tag_oldlen;
+               Der_type contents_Tag_type;
+               e = der_match_tag_and_length(p, len, ASN1_C_UNIV,
+                                            &contents_Tag_type,
+                                            UT_OctetString,
+                                            &contents_Tag_datalen, &l);
+               if (e == 0 && contents_Tag_type != PRIM) {
                    e = ASN1_BAD_ID;
                }
                if (e)
@@ -1606,54 +4673,54 @@ decode_HostAddress(const unsigned char *p, size_t len, HostAddress * data, size_
                p += l;
                len -= l;
                ret += l;
-               address_Tag_oldlen = len;
-               if (address_Tag_datalen > len) {
+               contents_Tag_oldlen = len;
+               if (contents_Tag_datalen > len) {
                    e = ASN1_OVERRUN;
                    goto fail;
                }
-               len = address_Tag_datalen;
-               e = der_get_octet_string(p, len, &(data)->address, &l);
+               len = contents_Tag_datalen;
+               e = der_get_octet_string(p, len, &(data)->contents, &l);
                if (e)
                    goto fail;
                p += l;
                len -= l;
                ret += l;
-               len = address_Tag_oldlen - address_Tag_datalen;
+               len = contents_Tag_oldlen - contents_Tag_datalen;
            }
-           len = address_oldlen - address_datalen;
+           len = contents_oldlen - contents_datalen;
        }
        len = Top_oldlen - Top_datalen;
     }
     if (size)
        *size = ret;
     return 0;
-fail:
-    free_HostAddress(data);
+  fail:
+    free_TransitedEncoding(data);
     return e;
 }
 
-void
-free_HostAddress(HostAddress * data)
+void ASN1CALL
+free_TransitedEncoding(TransitedEncoding * data)
 {
-    free_krb5int32(&(data)->addr_type);
-    der_free_octet_string(&(data)->address);
+    free_krb5int32(&(data)->tr_type);
+    der_free_octet_string(&(data)->contents);
 }
 
-size_t
-length_HostAddress(const HostAddress * data)
+size_t ASN1CALL
+length_TransitedEncoding(const TransitedEncoding * data)
 {
     size_t ret = 0;
     {
        size_t Top_tag_oldret = ret;
        ret = 0;
-       ret += length_krb5int32(&(data)->addr_type);
+       ret += length_krb5int32(&(data)->tr_type);
        ret += 1 + der_length_len(ret);
        ret += Top_tag_oldret;
     }
     {
        size_t Top_tag_oldret = ret;
        ret = 0;
-       ret += der_length_octet_string(&(data)->address);
+       ret += der_length_octet_string(&(data)->contents);
        ret += 1 + der_length_len(ret);
        ret += 1 + der_length_len(ret);
        ret += Top_tag_oldret;
@@ -1662,54 +4729,118 @@ length_HostAddress(const HostAddress * data)
     return ret;
 }
 
-int
-copy_HostAddress(const HostAddress * from, HostAddress * to)
+int ASN1CALL
+copy_TransitedEncoding(const TransitedEncoding * from, TransitedEncoding * to)
 {
     memset(to, 0, sizeof(*to));
-    if (copy_krb5int32(&(from)->addr_type, &(to)->addr_type))
+    if (copy_krb5int32(&(from)->tr_type, &(to)->tr_type))
        goto fail;
-    if (der_copy_octet_string(&(from)->address, &(to)->address))
+    if (der_copy_octet_string(&(from)->contents, &(to)->contents))
        goto fail;
     return 0;
-fail:
-    free_HostAddress(to);
+  fail:
+    free_TransitedEncoding(to);
     return ENOMEM;
 }
 
+int ASN1CALL
+encode_Ticket(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+             size_t len HEIMDAL_UNUSED_ATTRIBUTE, const Ticket * data,
+             size_t * size)
+{
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
 
+/* enc-part */
+    {
+       size_t Top_tag_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
+       ret = 0;
+       e = encode_EncryptedData(p, len, &(data)->enc_part, &l);
+       if (e)
+           return e;
+       p -= l;
+       len -= l;
+       ret += l;
 
-/* Generated from ./krb5.asn1 */
-/* Do not edit */
+       e = der_put_length_and_tag(p, len, ret, ASN1_C_CONTEXT, CONS, 3, &l);
+       if (e)
+           return e;
+       p -= l;
+       len -= l;
+       ret += l;
 
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <errno.h>
-#include <limits.h>
-#include <asn1_err.h>
+       ret += Top_tag_tag_oldret;
+    }
+/* sname */
+    {
+       size_t Top_tag_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
+       ret = 0;
+       e = encode_PrincipalName(p, len, &(data)->sname, &l);
+       if (e)
+           return e;
+       p -= l;
+       len -= l;
+       ret += l;
 
-int
-encode_AuthorizationData(unsigned char *p, size_t len, const AuthorizationData * data, size_t * size)
-{
-    size_t ret = 0;
-    size_t l;
-    int i, e;
+       e = der_put_length_and_tag(p, len, ret, ASN1_C_CONTEXT, CONS, 2, &l);
+       if (e)
+           return e;
+       p -= l;
+       len -= l;
+       ret += l;
 
-    i = 0;
-    for (i = (data)->len - 1; i >= 0; --i) {
-       size_t Top_tag_for_oldret = ret;
+       ret += Top_tag_tag_oldret;
+    }
+/* realm */
+    {
+       size_t Top_tag_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
-       e = encode_AuthorizationDataElement(p, len, &(data)->val[i], &l);
+       e = encode_Realm(p, len, &(data)->realm, &l);
        if (e)
            return e;
        p -= l;
        len -= l;
        ret += l;
 
-       ret += Top_tag_for_oldret;
+       e = der_put_length_and_tag(p, len, ret, ASN1_C_CONTEXT, CONS, 1, &l);
+       if (e)
+           return e;
+       p -= l;
+       len -= l;
+       ret += l;
+
+       ret += Top_tag_tag_oldret;
+    }
+/* tkt-vno */
+    {
+       size_t Top_tag_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
+       ret = 0;
+       e = encode_krb5int32(p, len, &(data)->tkt_vno, &l);
+       if (e)
+           return e;
+       p -= l;
+       len -= l;
+       ret += l;
+
+       e = der_put_length_and_tag(p, len, ret, ASN1_C_CONTEXT, CONS, 0, &l);
+       if (e)
+           return e;
+       p -= l;
+       len -= l;
+       ret += l;
+
+       ret += Top_tag_tag_oldret;
     }
-    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence, &l);
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence,
+                              &l);
+    if (e)
+       return e;
+    p -= l;
+    len -= l;
+    ret += l;
+
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_APPL, CONS, 1, &l);
     if (e)
        return e;
     p -= l;
@@ -1720,18 +4851,21 @@ encode_AuthorizationData(unsigned char *p, size_t len, const AuthorizationData *
     return 0;
 }
 
-int
-decode_AuthorizationData(const unsigned char *p, size_t len, AuthorizationData * data, size_t * size)
+int ASN1CALL
+decode_Ticket(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+             size_t len HEIMDAL_UNUSED_ATTRIBUTE, Ticket * data,
+             size_t * size)
 {
     size_t ret = 0;
-    size_t l;
-    int e;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
 
     memset(data, 0, sizeof(*data));
     {
        size_t Top_datalen, Top_oldlen;
        Der_type Top_type;
-       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type, UT_Sequence, &Top_datalen, &l);
+       e = der_match_tag_and_length(p, len, ASN1_C_APPL, &Top_type, 1,
+                                    &Top_datalen, &l);
        if (e == 0 && Top_type != CONS) {
            e = ASN1_BAD_ID;
        }
@@ -1747,155 +4881,224 @@ decode_AuthorizationData(const unsigned char *p, size_t len, AuthorizationData *
        }
        len = Top_datalen;
        {
-           size_t Top_Tag_origlen = len;
-           size_t Top_Tag_oldret = ret;
-           size_t Top_Tag_olen = 0;
-           void *Top_Tag_tmp;
-           ret = 0;
-           (data)->len = 0;
-           (data)->val = NULL;
-           while (ret < Top_Tag_origlen) {
-               size_t Top_Tag_nlen = Top_Tag_olen + sizeof(*((data)->val));
-               if (Top_Tag_olen > Top_Tag_nlen) {
-                   e = ASN1_OVERFLOW;
+           size_t Top_Tag_datalen, Top_Tag_oldlen;
+           Der_type Top_Tag_type;
+           e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_Tag_type,
+                                        UT_Sequence, &Top_Tag_datalen, &l);
+           if (e == 0 && Top_Tag_type != CONS) {
+               e = ASN1_BAD_ID;
+           }
+           if (e)
+               goto fail;
+           p += l;
+           len -= l;
+           ret += l;
+           Top_Tag_oldlen = len;
+           if (Top_Tag_datalen > len) {
+               e = ASN1_OVERRUN;
+               goto fail;
+           }
+           len = Top_Tag_datalen;
+           {
+               size_t tkt_vno_datalen, tkt_vno_oldlen;
+               Der_type tkt_vno_type;
+               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                            &tkt_vno_type, 0,
+                                            &tkt_vno_datalen, &l);
+               if (e == 0 && tkt_vno_type != CONS) {
+                   e = ASN1_BAD_ID;
+               }
+               if (e)
+                   goto fail;
+               p += l;
+               len -= l;
+               ret += l;
+               tkt_vno_oldlen = len;
+               if (tkt_vno_datalen > len) {
+                   e = ASN1_OVERRUN;
                    goto fail;
                }
-               Top_Tag_olen = Top_Tag_nlen;
-               Top_Tag_tmp = realloc((data)->val, Top_Tag_olen);
-               if (Top_Tag_tmp == NULL) {
-                   e = ENOMEM;
+               len = tkt_vno_datalen;
+               e = decode_krb5int32(p, len, &(data)->tkt_vno, &l);
+               if (e)
                    goto fail;
+               p += l;
+               len -= l;
+               ret += l;
+               len = tkt_vno_oldlen - tkt_vno_datalen;
+           }
+           {
+               size_t realm_datalen, realm_oldlen;
+               Der_type realm_type;
+               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                            &realm_type, 1, &realm_datalen,
+                                            &l);
+               if (e == 0 && realm_type != CONS) {
+                   e = ASN1_BAD_ID;
                }
-               (data)->val = Top_Tag_tmp;
-               e = decode_AuthorizationDataElement(p, len, &(data)->val[(data)->len], &l);
                if (e)
                    goto fail;
                p += l;
                len -= l;
                ret += l;
-               (data)->len++;
-               len = Top_Tag_origlen - ret;
+               realm_oldlen = len;
+               if (realm_datalen > len) {
+                   e = ASN1_OVERRUN;
+                   goto fail;
+               }
+               len = realm_datalen;
+               e = decode_Realm(p, len, &(data)->realm, &l);
+               if (e)
+                   goto fail;
+               p += l;
+               len -= l;
+               ret += l;
+               len = realm_oldlen - realm_datalen;
            }
-           ret += Top_Tag_oldret;
+           {
+               size_t sname_datalen, sname_oldlen;
+               Der_type sname_type;
+               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                            &sname_type, 2, &sname_datalen,
+                                            &l);
+               if (e == 0 && sname_type != CONS) {
+                   e = ASN1_BAD_ID;
+               }
+               if (e)
+                   goto fail;
+               p += l;
+               len -= l;
+               ret += l;
+               sname_oldlen = len;
+               if (sname_datalen > len) {
+                   e = ASN1_OVERRUN;
+                   goto fail;
+               }
+               len = sname_datalen;
+               e = decode_PrincipalName(p, len, &(data)->sname, &l);
+               if (e)
+                   goto fail;
+               p += l;
+               len -= l;
+               ret += l;
+               len = sname_oldlen - sname_datalen;
+           }
+           {
+               size_t enc_part_datalen, enc_part_oldlen;
+               Der_type enc_part_type;
+               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                            &enc_part_type, 3,
+                                            &enc_part_datalen, &l);
+               if (e == 0 && enc_part_type != CONS) {
+                   e = ASN1_BAD_ID;
+               }
+               if (e)
+                   goto fail;
+               p += l;
+               len -= l;
+               ret += l;
+               enc_part_oldlen = len;
+               if (enc_part_datalen > len) {
+                   e = ASN1_OVERRUN;
+                   goto fail;
+               }
+               len = enc_part_datalen;
+               e = decode_EncryptedData(p, len, &(data)->enc_part, &l);
+               if (e)
+                   goto fail;
+               p += l;
+               len -= l;
+               ret += l;
+               len = enc_part_oldlen - enc_part_datalen;
+           }
+           len = Top_Tag_oldlen - Top_Tag_datalen;
        }
        len = Top_oldlen - Top_datalen;
     }
     if (size)
        *size = ret;
     return 0;
-fail:
-    free_AuthorizationData(data);
+  fail:
+    free_Ticket(data);
     return e;
 }
 
-void
-free_AuthorizationData(AuthorizationData * data)
+void ASN1CALL
+free_Ticket(Ticket * data)
 {
-    while ((data)->len) {
-       free_AuthorizationDataElement(&(data)->val[(data)->len - 1]);
-       (data)->len--;
-    }
-    free((data)->val);
-    (data)->val = NULL;
+    free_krb5int32(&(data)->tkt_vno);
+    free_Realm(&(data)->realm);
+    free_PrincipalName(&(data)->sname);
+    free_EncryptedData(&(data)->enc_part);
 }
 
-size_t
-length_AuthorizationData(const AuthorizationData * data)
+size_t ASN1CALL
+length_Ticket(const Ticket * data)
 {
     size_t ret = 0;
     {
-       int Top_tag_oldret = ret;
-       int i;
+       size_t Top_tag_tag_oldret = ret;
        ret = 0;
-       for (i = (data)->len - 1; i >= 0; --i) {
-           int Top_tag_for_oldret = ret;
-           ret = 0;
-           ret += length_AuthorizationDataElement(&(data)->val[i]);
-           ret += Top_tag_for_oldret;
-       }
-       ret += Top_tag_oldret;
+       ret += length_krb5int32(&(data)->tkt_vno);
+       ret += 1 + der_length_len(ret);
+       ret += Top_tag_tag_oldret;
+    }
+    {
+       size_t Top_tag_tag_oldret = ret;
+       ret = 0;
+       ret += length_Realm(&(data)->realm);
+       ret += 1 + der_length_len(ret);
+       ret += Top_tag_tag_oldret;
+    }
+    {
+       size_t Top_tag_tag_oldret = ret;
+       ret = 0;
+       ret += length_PrincipalName(&(data)->sname);
+       ret += 1 + der_length_len(ret);
+       ret += Top_tag_tag_oldret;
+    }
+    {
+       size_t Top_tag_tag_oldret = ret;
+       ret = 0;
+       ret += length_EncryptedData(&(data)->enc_part);
+       ret += 1 + der_length_len(ret);
+       ret += Top_tag_tag_oldret;
     }
     ret += 1 + der_length_len(ret);
+    ret += 1 + der_length_len(ret);
     return ret;
 }
 
-int
-copy_AuthorizationData(const AuthorizationData * from, AuthorizationData * to)
+int ASN1CALL
+copy_Ticket(const Ticket * from, Ticket * to)
 {
     memset(to, 0, sizeof(*to));
-    if (((to)->val = malloc((from)->len * sizeof(*(to)->val))) == NULL && (from)->len != 0)
+    if (copy_krb5int32(&(from)->tkt_vno, &(to)->tkt_vno))
+       goto fail;
+    if (copy_Realm(&(from)->realm, &(to)->realm))
+       goto fail;
+    if (copy_PrincipalName(&(from)->sname, &(to)->sname))
+       goto fail;
+    if (copy_EncryptedData(&(from)->enc_part, &(to)->enc_part))
        goto fail;
-    for ((to)->len = 0; (to)->len < (from)->len; (to)->len++) {
-       if (copy_AuthorizationDataElement(&(from)->val[(to)->len], &(to)->val[(to)->len]))
-           goto fail;
-    }
     return 0;
-fail:
-    free_AuthorizationData(to);
+  fail:
+    free_Ticket(to);
     return ENOMEM;
 }
 
-int
-add_AuthorizationData(AuthorizationData * data, const AuthorizationDataElement * element)
+int ASN1CALL
+encode_EncTicketPart(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                    size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                    const EncTicketPart * data, size_t * size)
 {
-    int ret;
-    void *ptr;
+    size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;
 
-    ptr = realloc(data->val,
-                 (data->len + 1) * sizeof(data->val[0]));
-    if (ptr == NULL)
-       return ENOMEM;
-    data->val = ptr;
-
-    ret = copy_AuthorizationDataElement(element, &data->val[data->len]);
-    if (ret)
-       return ret;
-    data->len++;
-    return 0;
-}
-
-int
-remove_AuthorizationData(AuthorizationData * data, unsigned int element)
-{
-    void *ptr;
-
-    if (data->len == 0 || element >= data->len)
-       return ASN1_OVERRUN;
-    free_AuthorizationDataElement(&data->val[element]);
-    data->len--;
-    if (element < data->len)
-       memmove(&data->val[element], &data->val[element + 1],
-               sizeof(data->val[0]) * data->len);
-    ptr = realloc(data->val, data->len * sizeof(data->val[0]));
-    if (ptr != NULL || data->len == 0)
-       data->val = ptr;
-    return 0;
-}
-
-
-
-/* Generated from ./krb5.asn1 */
-/* Do not edit */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <errno.h>
-#include <limits.h>
-#include <asn1_err.h>
-
-int
-encode_EncTicketPart(unsigned char *p, size_t len, const EncTicketPart * data, size_t * size)
-{
-    size_t ret = 0;
-    size_t l;
-    int i AFS_UNUSED, e;
-
-    i = 0;
 /* authorization-data */
     if ((data)->authorization_data) {
-       size_t Top_tag_tag_oldret = ret;
+       size_t Top_tag_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
        e = encode_AuthorizationData(p, len, (data)->authorization_data, &l);
        if (e)
@@ -1915,7 +5118,7 @@ encode_EncTicketPart(unsigned char *p, size_t len, const EncTicketPart * data, s
     }
 /* caddr */
     if ((data)->caddr) {
-       size_t Top_tag_tag_oldret = ret;
+       size_t Top_tag_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
        e = encode_HostAddresses(p, len, (data)->caddr, &l);
        if (e)
@@ -1935,7 +5138,7 @@ encode_EncTicketPart(unsigned char *p, size_t len, const EncTicketPart * data, s
     }
 /* renew-till */
     if ((data)->renew_till) {
-       size_t Top_tag_tag_oldret = ret;
+       size_t Top_tag_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
        e = encode_KerberosTime(p, len, (data)->renew_till, &l);
        if (e)
@@ -1955,7 +5158,7 @@ encode_EncTicketPart(unsigned char *p, size_t len, const EncTicketPart * data, s
     }
 /* endtime */
     {
-       size_t Top_tag_tag_oldret = ret;
+       size_t Top_tag_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
        e = encode_KerberosTime(p, len, &(data)->endtime, &l);
        if (e)
@@ -1975,7 +5178,7 @@ encode_EncTicketPart(unsigned char *p, size_t len, const EncTicketPart * data, s
     }
 /* starttime */
     if ((data)->starttime) {
-       size_t Top_tag_tag_oldret = ret;
+       size_t Top_tag_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
        e = encode_KerberosTime(p, len, (data)->starttime, &l);
        if (e)
@@ -1995,7 +5198,7 @@ encode_EncTicketPart(unsigned char *p, size_t len, const EncTicketPart * data, s
     }
 /* authtime */
     {
-       size_t Top_tag_tag_oldret = ret;
+       size_t Top_tag_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
        e = encode_KerberosTime(p, len, &(data)->authtime, &l);
        if (e)
@@ -2015,7 +5218,7 @@ encode_EncTicketPart(unsigned char *p, size_t len, const EncTicketPart * data, s
     }
 /* transited */
     {
-       size_t Top_tag_tag_oldret = ret;
+       size_t Top_tag_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
        e = encode_TransitedEncoding(p, len, &(data)->transited, &l);
        if (e)
@@ -2035,7 +5238,7 @@ encode_EncTicketPart(unsigned char *p, size_t len, const EncTicketPart * data, s
     }
 /* cname */
     {
-       size_t Top_tag_tag_oldret = ret;
+       size_t Top_tag_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
        e = encode_PrincipalName(p, len, &(data)->cname, &l);
        if (e)
@@ -2055,7 +5258,7 @@ encode_EncTicketPart(unsigned char *p, size_t len, const EncTicketPart * data, s
     }
 /* crealm */
     {
-       size_t Top_tag_tag_oldret = ret;
+       size_t Top_tag_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
        e = encode_Realm(p, len, &(data)->crealm, &l);
        if (e)
@@ -2075,7 +5278,7 @@ encode_EncTicketPart(unsigned char *p, size_t len, const EncTicketPart * data, s
     }
 /* key */
     {
-       size_t Top_tag_tag_oldret = ret;
+       size_t Top_tag_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
        e = encode_EncryptionKey(p, len, &(data)->key, &l);
        if (e)
@@ -2095,7 +5298,7 @@ encode_EncTicketPart(unsigned char *p, size_t len, const EncTicketPart * data, s
     }
 /* flags */
     {
-       size_t Top_tag_tag_oldret = ret;
+       size_t Top_tag_tag_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;
        ret = 0;
        e = encode_TicketFlags(p, len, &(data)->flags, &l);
        if (e)
@@ -2113,7 +5316,8 @@ encode_EncTicketPart(unsigned char *p, size_t len, const EncTicketPart * data, s
 
        ret += Top_tag_tag_oldret;
     }
-    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence, &l);
+    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence,
+                              &l);
     if (e)
        return e;
     p -= l;
@@ -2131,18 +5335,21 @@ encode_EncTicketPart(unsigned char *p, size_t len, const EncTicketPart * data, s
     return 0;
 }
 
-int
-decode_EncTicketPart(const unsigned char *p, size_t len, EncTicketPart * data, size_t * size)
+int ASN1CALL
+decode_EncTicketPart(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE,
+                    size_t len HEIMDAL_UNUSED_ATTRIBUTE,
+                    EncTicketPart * data, size_t * size)
 {
     size_t ret = 0;
-    size_t l;
-    int e;
+    size_t l HEIMDAL_UNUSED_ATTRIBUTE;
+    int e HEIMDAL_UNUSED_ATTRIBUTE;
 
     memset(data, 0, sizeof(*data));
     {
        size_t Top_datalen, Top_oldlen;
        Der_type Top_type;
-       e = der_match_tag_and_length(p, len, ASN1_C_APPL, &Top_type, 3, &Top_datalen, &l);
+       e = der_match_tag_and_length(p, len, ASN1_C_APPL, &Top_type, 3,
+                                    &Top_datalen, &l);
        if (e == 0 && Top_type != CONS) {
            e = ASN1_BAD_ID;
        }
@@ -2160,7 +5367,8 @@ decode_EncTicketPart(const unsigned char *p, size_t len, EncTicketPart * data, s
        {
            size_t Top_Tag_datalen, Top_Tag_oldlen;
            Der_type Top_Tag_type;
-           e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_Tag_type, UT_Sequence, &Top_Tag_datalen, &l);
+           e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_Tag_type,
+                                        UT_Sequence, &Top_Tag_datalen, &l);
            if (e == 0 && Top_Tag_type != CONS) {
                e = ASN1_BAD_ID;
            }
@@ -2178,7 +5386,9 @@ decode_EncTicketPart(const unsigned char *p, size_t len, EncTicketPart * data, s
            {
                size_t flags_datalen, flags_oldlen;
                Der_type flags_type;
-               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &flags_type, 0, &flags_datalen, &l);
+               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                            &flags_type, 0, &flags_datalen,
+                                            &l);
                if (e == 0 && flags_type != CONS) {
                    e = ASN1_BAD_ID;
                }
@@ -2204,7 +5414,8 @@ decode_EncTicketPart(const unsigned char *p, size_t len, EncTicketPart * data, s
            {
                size_t key_datalen, key_oldlen;
                Der_type key_type;
-               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &key_type, 1, &key_datalen, &l);
+               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                            &key_type, 1, &key_datalen, &l);
                if (e == 0 && key_type != CONS) {
                    e = ASN1_BAD_ID;
                }
@@ -2230,7 +5441,9 @@ decode_EncTicketPart(const unsigned char *p, size_t len, EncTicketPart * data, s
            {
                size_t crealm_datalen, crealm_oldlen;
                Der_type crealm_type;
-               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &crealm_type, 2, &crealm_datalen, &l);
+               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                            &crealm_type, 2, &crealm_datalen,
+                                            &l);
                if (e == 0 && crealm_type != CONS) {
                    e = ASN1_BAD_ID;
                }
@@ -2256,7 +5469,9 @@ decode_EncTicketPart(const unsigned char *p, size_t len, EncTicketPart * data, s
            {
                size_t cname_datalen, cname_oldlen;
                Der_type cname_type;
-               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &cname_type, 3, &cname_datalen, &l);
+               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                            &cname_type, 3, &cname_datalen,
+                                            &l);
                if (e == 0 && cname_type != CONS) {
                    e = ASN1_BAD_ID;
                }
@@ -2282,7 +5497,9 @@ decode_EncTicketPart(const unsigned char *p, size_t len, EncTicketPart * data, s
            {
                size_t transited_datalen, transited_oldlen;
                Der_type transited_type;
-               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &transited_type, 4, &transited_datalen, &l);
+               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                            &transited_type, 4,
+                                            &transited_datalen, &l);
                if (e == 0 && transited_type != CONS) {
                    e = ASN1_BAD_ID;
                }
@@ -2308,7 +5525,9 @@ decode_EncTicketPart(const unsigned char *p, size_t len, EncTicketPart * data, s
            {
                size_t authtime_datalen, authtime_oldlen;
                Der_type authtime_type;
-               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &authtime_type, 5, &authtime_datalen, &l);
+               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                            &authtime_type, 5,
+                                            &authtime_datalen, &l);
                if (e == 0 && authtime_type != CONS) {
                    e = ASN1_BAD_ID;
                }
@@ -2334,7 +5553,9 @@ decode_EncTicketPart(const unsigned char *p, size_t len, EncTicketPart * data, s
            {
                size_t starttime_datalen, starttime_oldlen;
                Der_type starttime_type;
-               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &starttime_type, 6, &starttime_datalen, &l);
+               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                            &starttime_type, 6,
+                                            &starttime_datalen, &l);
                if (e == 0 && starttime_type != CONS) {
                    e = ASN1_BAD_ID;
                }
@@ -2367,7 +5588,9 @@ decode_EncTicketPart(const unsigned char *p, size_t len, EncTicketPart * data, s
            {
                size_t endtime_datalen, endtime_oldlen;
                Der_type endtime_type;
-               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &endtime_type, 7, &endtime_datalen, &l);
+               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                            &endtime_type, 7,
+                                            &endtime_datalen, &l);
                if (e == 0 && endtime_type != CONS) {
                    e = ASN1_BAD_ID;
                }
@@ -2393,14 +5616,17 @@ decode_EncTicketPart(const unsigned char *p, size_t len, EncTicketPart * data, s
            {
                size_t renew_till_datalen, renew_till_oldlen;
                Der_type renew_till_type;
-               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &renew_till_type, 8, &renew_till_datalen, &l);
+               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                            &renew_till_type, 8,
+                                            &renew_till_datalen, &l);
                if (e == 0 && renew_till_type != CONS) {
                    e = ASN1_BAD_ID;
                }
                if (e) {
                    (data)->renew_till = NULL;
                } else {
-                   (data)->renew_till = calloc(1, sizeof(*(data)->renew_till));
+                   (data)->renew_till =
+                       calloc(1, sizeof(*(data)->renew_till));
                    if ((data)->renew_till == NULL) {
                        e = ENOMEM;
                        goto fail;
@@ -2426,7 +5652,9 @@ decode_EncTicketPart(const unsigned char *p, size_t len, EncTicketPart * data, s
            {
                size_t caddr_datalen, caddr_oldlen;
                Der_type caddr_type;
-               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &caddr_type, 9, &caddr_datalen, &l);
+               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                            &caddr_type, 9, &caddr_datalen,
+                                            &l);
                if (e == 0 && caddr_type != CONS) {
                    e = ASN1_BAD_ID;
                }
@@ -2459,14 +5687,17 @@ decode_EncTicketPart(const unsigned char *p, size_t len, EncTicketPart * data, s
            {
                size_t authorization_data_datalen, authorization_data_oldlen;
                Der_type authorization_data_type;
-               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &authorization_data_type, 10, &authorization_data_datalen, &l);
+               e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT,
+                                            &authorization_data_type, 10,
+                                            &authorization_data_datalen, &l);
                if (e == 0 && authorization_data_type != CONS) {
                    e = ASN1_BAD_ID;
                }
                if (e) {
                    (data)->authorization_data = NULL;
                } else {
-                   (data)->authorization_data = calloc(1, sizeof(*(data)->authorization_data));
+                   (data)->authorization_data =
+                       calloc(1, sizeof(*(data)->authorization_data));
                    if ((data)->authorization_data == NULL) {
                        e = ENOMEM;
                        goto fail;
@@ -2480,13 +5711,17 @@ decode_EncTicketPart(const unsigned char *p, size_t len, EncTicketPart * data, s
                        goto fail;
                    }
                    len = authorization_data_datalen;
-                   e = decode_AuthorizationData(p, len, (data)->authorization_data, &l);
+                   e = decode_AuthorizationData(p, len,
+                                                (data)->authorization_data,
+                                                &l);
                    if (e)
                        goto fail;
                    p += l;
                    len -= l;
                    ret += l;
-                   len = authorization_data_oldlen - authorization_data_datalen;
+                   len =
+                       authorization_data_oldlen -
+                       authorization_data_datalen;
                }
            }
            len = Top_Tag_oldlen - Top_Tag_datalen;
@@ -2496,12 +5731,12 @@ decode_EncTicketPart(const unsigned char *p, size_t len, EncTicketPart * data, s
     if (size)
        *size = ret;
     return 0;
-fail:
+  fail:
     free_EncTicketPart(data);
     return e;
 }
 
-void
+void ASN1CALL
 free_EncTicketPart(EncTicketPart * data)
 {
     free_TicketFlags(&(data)->flags);
@@ -2533,7 +5768,7 @@ free_EncTicketPart(EncTicketPart * data)
     }
 }
 
-size_t
+size_t ASN1CALL
 length_EncTicketPart(const EncTicketPart * data)
 {
     size_t ret = 0;
@@ -2585,7 +5820,8 @@ length_EncTicketPart(const EncTicketPart * data)
        ret += length_KerberosTime((data)->starttime);
        ret += 1 + der_length_len(ret);
        ret += Top_tag_tag_oldret;
-    } {
+    }
+    {
        size_t Top_tag_tag_oldret = ret;
        ret = 0;
        ret += length_KerberosTime(&(data)->endtime);
@@ -2618,7 +5854,7 @@ length_EncTicketPart(const EncTicketPart * data)
     return ret;
 }
 
-int
+int ASN1CALL
 copy_EncTicketPart(const EncTicketPart * from, EncTicketPart * to)
 {
     memset(to, 0, sizeof(*to));
@@ -2664,1175 +5900,13 @@ copy_EncTicketPart(const EncTicketPart * from, EncTicketPart * to)
        (to)->authorization_data = malloc(sizeof(*(to)->authorization_data));
        if ((to)->authorization_data == NULL)
            goto fail;
-       if (copy_AuthorizationData((from)->authorization_data, (to)->authorization_data))
+       if (copy_AuthorizationData
+           ((from)->authorization_data, (to)->authorization_data))
            goto fail;
     } else
        (to)->authorization_data = NULL;
     return 0;
-fail:
+  fail:
     free_EncTicketPart(to);
     return ENOMEM;
 }
-
-
-
-/* Generated from ./krb5.asn1 */
-/* Do not edit */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <errno.h>
-#include <limits.h>
-#include <asn1_err.h>
-
-int
-encode_KerberosTime(unsigned char *p, size_t len, const KerberosTime * data, size_t * size)
-{
-    size_t ret = 0;
-    size_t l;
-    int i AFS_UNUSED, e;
-
-    i = 0;
-    e = der_put_generalized_time(p, len, data, &l);
-    if (e)
-       return e;
-    p -= l;
-    len -= l;
-    ret += l;
-
-    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_GeneralizedTime, &l);
-    if (e)
-       return e;
-    p -= l;
-    len -= l;
-    ret += l;
-
-    *size = ret;
-    return 0;
-}
-
-int
-decode_KerberosTime(const unsigned char *p, size_t len, KerberosTime * data, size_t * size)
-{
-    size_t ret = 0;
-    size_t l;
-    int e;
-
-    memset(data, 0, sizeof(*data));
-    {
-       size_t Top_datalen, Top_oldlen;
-       Der_type Top_type;
-       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type, UT_GeneralizedTime, &Top_datalen, &l);
-       if (e == 0 && Top_type != PRIM) {
-           e = ASN1_BAD_ID;
-       }
-       if (e)
-           goto fail;
-       p += l;
-       len -= l;
-       ret += l;
-       Top_oldlen = len;
-       if (Top_datalen > len) {
-           e = ASN1_OVERRUN;
-           goto fail;
-       }
-       len = Top_datalen;
-       e = der_get_generalized_time(p, len, data, &l);
-       if (e)
-           goto fail;
-       p += l;
-       len -= l;
-       ret += l;
-       len = Top_oldlen - Top_datalen;
-    }
-    if (size)
-       *size = ret;
-    return 0;
-fail:
-    free_KerberosTime(data);
-    return e;
-}
-
-void
-free_KerberosTime(KerberosTime * data)
-{
-}
-
-size_t
-length_KerberosTime(const KerberosTime * data)
-{
-    size_t ret = 0;
-    ret += der_length_generalized_time(data);
-    ret += 1 + der_length_len(ret);
-    return ret;
-}
-
-int
-copy_KerberosTime(const KerberosTime * from, KerberosTime * to)
-{
-    memset(to, 0, sizeof(*to));
-    *(to) = *(from);
-    return 0;
-}
-
-
-
-/* Generated from ./krb5.asn1 */
-/* Do not edit */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <errno.h>
-#include <limits.h>
-#include <asn1_err.h>
-
-int
-encode_TransitedEncoding(unsigned char *p, size_t len, const TransitedEncoding * data, size_t * size)
-{
-    size_t ret = 0;
-    size_t l;
-    int i AFS_UNUSED, e;
-
-    i = 0;
-/* contents */
-    {
-       size_t Top_tag_oldret = ret;
-       ret = 0;
-       e = der_put_octet_string(p, len, &(data)->contents, &l);
-       if (e)
-           return e;
-       p -= l;
-       len -= l;
-       ret += l;
-
-       e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_OctetString, &l);
-       if (e)
-           return e;
-       p -= l;
-       len -= l;
-       ret += l;
-
-       e = der_put_length_and_tag(p, len, ret, ASN1_C_CONTEXT, CONS, 1, &l);
-       if (e)
-           return e;
-       p -= l;
-       len -= l;
-       ret += l;
-
-       ret += Top_tag_oldret;
-    }
-/* tr-type */
-    {
-       size_t Top_tag_oldret = ret;
-       ret = 0;
-       e = encode_krb5int32(p, len, &(data)->tr_type, &l);
-       if (e)
-           return e;
-       p -= l;
-       len -= l;
-       ret += l;
-
-       e = der_put_length_and_tag(p, len, ret, ASN1_C_CONTEXT, CONS, 0, &l);
-       if (e)
-           return e;
-       p -= l;
-       len -= l;
-       ret += l;
-
-       ret += Top_tag_oldret;
-    }
-    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence, &l);
-    if (e)
-       return e;
-    p -= l;
-    len -= l;
-    ret += l;
-
-    *size = ret;
-    return 0;
-}
-
-int
-decode_TransitedEncoding(const unsigned char *p, size_t len, TransitedEncoding * data, size_t * size)
-{
-    size_t ret = 0;
-    size_t l;
-    int e;
-
-    memset(data, 0, sizeof(*data));
-    {
-       size_t Top_datalen, Top_oldlen;
-       Der_type Top_type;
-       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type, UT_Sequence, &Top_datalen, &l);
-       if (e == 0 && Top_type != CONS) {
-           e = ASN1_BAD_ID;
-       }
-       if (e)
-           goto fail;
-       p += l;
-       len -= l;
-       ret += l;
-       Top_oldlen = len;
-       if (Top_datalen > len) {
-           e = ASN1_OVERRUN;
-           goto fail;
-       }
-       len = Top_datalen;
-       {
-           size_t tr_type_datalen, tr_type_oldlen;
-           Der_type tr_type_type;
-           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &tr_type_type, 0, &tr_type_datalen, &l);
-           if (e == 0 && tr_type_type != CONS) {
-               e = ASN1_BAD_ID;
-           }
-           if (e)
-               goto fail;
-           p += l;
-           len -= l;
-           ret += l;
-           tr_type_oldlen = len;
-           if (tr_type_datalen > len) {
-               e = ASN1_OVERRUN;
-               goto fail;
-           }
-           len = tr_type_datalen;
-           e = decode_krb5int32(p, len, &(data)->tr_type, &l);
-           if (e)
-               goto fail;
-           p += l;
-           len -= l;
-           ret += l;
-           len = tr_type_oldlen - tr_type_datalen;
-       }
-       {
-           size_t contents_datalen, contents_oldlen;
-           Der_type contents_type;
-           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &contents_type, 1, &contents_datalen, &l);
-           if (e == 0 && contents_type != CONS) {
-               e = ASN1_BAD_ID;
-           }
-           if (e)
-               goto fail;
-           p += l;
-           len -= l;
-           ret += l;
-           contents_oldlen = len;
-           if (contents_datalen > len) {
-               e = ASN1_OVERRUN;
-               goto fail;
-           }
-           len = contents_datalen;
-           {
-               size_t contents_Tag_datalen, contents_Tag_oldlen;
-               Der_type contents_Tag_type;
-               e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &contents_Tag_type, UT_OctetString, &contents_Tag_datalen, &l);
-               if (e == 0 && contents_Tag_type != PRIM) {
-                   e = ASN1_BAD_ID;
-               }
-               if (e)
-                   goto fail;
-               p += l;
-               len -= l;
-               ret += l;
-               contents_Tag_oldlen = len;
-               if (contents_Tag_datalen > len) {
-                   e = ASN1_OVERRUN;
-                   goto fail;
-               }
-               len = contents_Tag_datalen;
-               e = der_get_octet_string(p, len, &(data)->contents, &l);
-               if (e)
-                   goto fail;
-               p += l;
-               len -= l;
-               ret += l;
-               len = contents_Tag_oldlen - contents_Tag_datalen;
-           }
-           len = contents_oldlen - contents_datalen;
-       }
-       len = Top_oldlen - Top_datalen;
-    }
-    if (size)
-       *size = ret;
-    return 0;
-fail:
-    free_TransitedEncoding(data);
-    return e;
-}
-
-void
-free_TransitedEncoding(TransitedEncoding * data)
-{
-    free_krb5int32(&(data)->tr_type);
-    der_free_octet_string(&(data)->contents);
-}
-
-size_t
-length_TransitedEncoding(const TransitedEncoding * data)
-{
-    size_t ret = 0;
-    {
-       size_t Top_tag_oldret = ret;
-       ret = 0;
-       ret += length_krb5int32(&(data)->tr_type);
-       ret += 1 + der_length_len(ret);
-       ret += Top_tag_oldret;
-    }
-    {
-       size_t Top_tag_oldret = ret;
-       ret = 0;
-       ret += der_length_octet_string(&(data)->contents);
-       ret += 1 + der_length_len(ret);
-       ret += 1 + der_length_len(ret);
-       ret += Top_tag_oldret;
-    }
-    ret += 1 + der_length_len(ret);
-    return ret;
-}
-
-int
-copy_TransitedEncoding(const TransitedEncoding * from, TransitedEncoding * to)
-{
-    memset(to, 0, sizeof(*to));
-    if (copy_krb5int32(&(from)->tr_type, &(to)->tr_type))
-       goto fail;
-    if (der_copy_octet_string(&(from)->contents, &(to)->contents))
-       goto fail;
-    return 0;
-fail:
-    free_TransitedEncoding(to);
-    return ENOMEM;
-}
-
-
-
-/* Generated from ./krb5.asn1 */
-/* Do not edit */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <errno.h>
-#include <limits.h>
-#include <asn1_err.h>
-
-int
-encode_EncryptionKey(unsigned char *p, size_t len, const EncryptionKey * data, size_t * size)
-{
-    size_t ret = 0;
-    size_t l;
-    int i AFS_UNUSED, e;
-
-    i = 0;
-/* keyvalue */
-    {
-       size_t Top_tag_oldret = ret;
-       ret = 0;
-       e = der_put_octet_string(p, len, &(data)->keyvalue, &l);
-       if (e)
-           return e;
-       p -= l;
-       len -= l;
-       ret += l;
-
-       e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_OctetString, &l);
-       if (e)
-           return e;
-       p -= l;
-       len -= l;
-       ret += l;
-
-       e = der_put_length_and_tag(p, len, ret, ASN1_C_CONTEXT, CONS, 1, &l);
-       if (e)
-           return e;
-       p -= l;
-       len -= l;
-       ret += l;
-
-       ret += Top_tag_oldret;
-    }
-/* keytype */
-    {
-       size_t Top_tag_oldret = ret;
-       ret = 0;
-       e = encode_krb5int32(p, len, &(data)->keytype, &l);
-       if (e)
-           return e;
-       p -= l;
-       len -= l;
-       ret += l;
-
-       e = der_put_length_and_tag(p, len, ret, ASN1_C_CONTEXT, CONS, 0, &l);
-       if (e)
-           return e;
-       p -= l;
-       len -= l;
-       ret += l;
-
-       ret += Top_tag_oldret;
-    }
-    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence, &l);
-    if (e)
-       return e;
-    p -= l;
-    len -= l;
-    ret += l;
-
-    *size = ret;
-    return 0;
-}
-
-int
-decode_EncryptionKey(const unsigned char *p, size_t len, EncryptionKey * data, size_t * size)
-{
-    size_t ret = 0;
-    size_t l;
-    int e;
-
-    memset(data, 0, sizeof(*data));
-    {
-       size_t Top_datalen, Top_oldlen;
-       Der_type Top_type;
-       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type, UT_Sequence, &Top_datalen, &l);
-       if (e == 0 && Top_type != CONS) {
-           e = ASN1_BAD_ID;
-       }
-       if (e)
-           goto fail;
-       p += l;
-       len -= l;
-       ret += l;
-       Top_oldlen = len;
-       if (Top_datalen > len) {
-           e = ASN1_OVERRUN;
-           goto fail;
-       }
-       len = Top_datalen;
-       {
-           size_t keytype_datalen, keytype_oldlen;
-           Der_type keytype_type;
-           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &keytype_type, 0, &keytype_datalen, &l);
-           if (e == 0 && keytype_type != CONS) {
-               e = ASN1_BAD_ID;
-           }
-           if (e)
-               goto fail;
-           p += l;
-           len -= l;
-           ret += l;
-           keytype_oldlen = len;
-           if (keytype_datalen > len) {
-               e = ASN1_OVERRUN;
-               goto fail;
-           }
-           len = keytype_datalen;
-           e = decode_krb5int32(p, len, &(data)->keytype, &l);
-           if (e)
-               goto fail;
-           p += l;
-           len -= l;
-           ret += l;
-           len = keytype_oldlen - keytype_datalen;
-       }
-       {
-           size_t keyvalue_datalen, keyvalue_oldlen;
-           Der_type keyvalue_type;
-           e = der_match_tag_and_length(p, len, ASN1_C_CONTEXT, &keyvalue_type, 1, &keyvalue_datalen, &l);
-           if (e == 0 && keyvalue_type != CONS) {
-               e = ASN1_BAD_ID;
-           }
-           if (e)
-               goto fail;
-           p += l;
-           len -= l;
-           ret += l;
-           keyvalue_oldlen = len;
-           if (keyvalue_datalen > len) {
-               e = ASN1_OVERRUN;
-               goto fail;
-           }
-           len = keyvalue_datalen;
-           {
-               size_t keyvalue_Tag_datalen, keyvalue_Tag_oldlen;
-               Der_type keyvalue_Tag_type;
-               e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &keyvalue_Tag_type, UT_OctetString, &keyvalue_Tag_datalen, &l);
-               if (e == 0 && keyvalue_Tag_type != PRIM) {
-                   e = ASN1_BAD_ID;
-               }
-               if (e)
-                   goto fail;
-               p += l;
-               len -= l;
-               ret += l;
-               keyvalue_Tag_oldlen = len;
-               if (keyvalue_Tag_datalen > len) {
-                   e = ASN1_OVERRUN;
-                   goto fail;
-               }
-               len = keyvalue_Tag_datalen;
-               e = der_get_octet_string(p, len, &(data)->keyvalue, &l);
-               if (e)
-                   goto fail;
-               p += l;
-               len -= l;
-               ret += l;
-               len = keyvalue_Tag_oldlen - keyvalue_Tag_datalen;
-           }
-           len = keyvalue_oldlen - keyvalue_datalen;
-       }
-       len = Top_oldlen - Top_datalen;
-    }
-    if (size)
-       *size = ret;
-    return 0;
-fail:
-    free_EncryptionKey(data);
-    return e;
-}
-
-void
-free_EncryptionKey(EncryptionKey * data)
-{
-    free_krb5int32(&(data)->keytype);
-    der_free_octet_string(&(data)->keyvalue);
-}
-
-size_t
-length_EncryptionKey(const EncryptionKey * data)
-{
-    size_t ret = 0;
-    {
-       size_t Top_tag_oldret = ret;
-       ret = 0;
-       ret += length_krb5int32(&(data)->keytype);
-       ret += 1 + der_length_len(ret);
-       ret += Top_tag_oldret;
-    }
-    {
-       size_t Top_tag_oldret = ret;
-       ret = 0;
-       ret += der_length_octet_string(&(data)->keyvalue);
-       ret += 1 + der_length_len(ret);
-       ret += 1 + der_length_len(ret);
-       ret += Top_tag_oldret;
-    }
-    ret += 1 + der_length_len(ret);
-    return ret;
-}
-
-int
-copy_EncryptionKey(const EncryptionKey * from, EncryptionKey * to)
-{
-    memset(to, 0, sizeof(*to));
-    if (copy_krb5int32(&(from)->keytype, &(to)->keytype))
-       goto fail;
-    if (der_copy_octet_string(&(from)->keyvalue, &(to)->keyvalue))
-       goto fail;
-    return 0;
-fail:
-    free_EncryptionKey(to);
-    return ENOMEM;
-}
-
-
-
-/* Generated from ./krb5.asn1 */
-/* Do not edit */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <errno.h>
-#include <limits.h>
-#include <asn1_err.h>
-
-int
-encode_TicketFlags(unsigned char *p, size_t len, const TicketFlags * data, size_t * size)
-{
-    size_t ret = 0;
-    size_t l;
-    int i AFS_UNUSED, e;
-
-    i = 0;
-    {
-       unsigned char c = 0;
-       if (len < 1)
-           return ASN1_OVERFLOW;
-       *p-- = c;
-       len--;
-       ret++;
-       c = 0;
-       if (len < 1)
-           return ASN1_OVERFLOW;
-       *p-- = c;
-       len--;
-       ret++;
-       c = 0;
-       if ((data)->anonymous) {
-           c |= 1 << 1;
-       }
-       if ((data)->ok_as_delegate) {
-           c |= 1 << 2;
-       }
-       if ((data)->transited_policy_checked) {
-           c |= 1 << 3;
-       }
-       if ((data)->hw_authent) {
-           c |= 1 << 4;
-       }
-       if ((data)->pre_authent) {
-           c |= 1 << 5;
-       }
-       if ((data)->initial) {
-           c |= 1 << 6;
-       }
-       if ((data)->renewable) {
-           c |= 1 << 7;
-       }
-       if (len < 1)
-           return ASN1_OVERFLOW;
-       *p-- = c;
-       len--;
-       ret++;
-       c = 0;
-       if ((data)->invalid) {
-           c |= 1 << 0;
-       }
-       if ((data)->postdated) {
-           c |= 1 << 1;
-       }
-       if ((data)->may_postdate) {
-           c |= 1 << 2;
-       }
-       if ((data)->proxy) {
-           c |= 1 << 3;
-       }
-       if ((data)->proxiable) {
-           c |= 1 << 4;
-       }
-       if ((data)->forwarded) {
-           c |= 1 << 5;
-       }
-       if ((data)->forwardable) {
-           c |= 1 << 6;
-       }
-       if ((data)->reserved) {
-           c |= 1 << 7;
-       }
-       if (len < 1)
-           return ASN1_OVERFLOW;
-       *p-- = c;
-       len--;
-       ret++;
-       if (len < 1)
-           return ASN1_OVERFLOW;
-       *p-- = 0;
-       len -= 1;
-       ret += 1;
-    }
-
-    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_BitString, &l);
-    if (e)
-       return e;
-    p -= l;
-    len -= l;
-    ret += l;
-
-    *size = ret;
-    return 0;
-}
-
-int
-decode_TicketFlags(const unsigned char *p, size_t len, TicketFlags * data, size_t * size)
-{
-    size_t ret = 0;
-    size_t l;
-    int e;
-
-    memset(data, 0, sizeof(*data));
-    {
-       size_t Top_datalen, Top_oldlen;
-       Der_type Top_type;
-       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type, UT_BitString, &Top_datalen, &l);
-       if (e == 0 && Top_type != PRIM) {
-           e = ASN1_BAD_ID;
-       }
-       if (e)
-           goto fail;
-       p += l;
-       len -= l;
-       ret += l;
-       Top_oldlen = len;
-       if (Top_datalen > len) {
-           e = ASN1_OVERRUN;
-           goto fail;
-       }
-       len = Top_datalen;
-       if (len < 1)
-           return ASN1_OVERRUN;
-       p++;
-       len--;
-       ret++;
-       do {
-           if (len < 1)
-               break;
-           (data)->reserved = (*p >> 7) & 1;
-           (data)->forwardable = (*p >> 6) & 1;
-           (data)->forwarded = (*p >> 5) & 1;
-           (data)->proxiable = (*p >> 4) & 1;
-           (data)->proxy = (*p >> 3) & 1;
-           (data)->may_postdate = (*p >> 2) & 1;
-           (data)->postdated = (*p >> 1) & 1;
-           (data)->invalid = (*p >> 0) & 1;
-           p++;
-           len--;
-           ret++;
-           if (len < 1)
-               break;
-           (data)->renewable = (*p >> 7) & 1;
-           (data)->initial = (*p >> 6) & 1;
-           (data)->pre_authent = (*p >> 5) & 1;
-           (data)->hw_authent = (*p >> 4) & 1;
-           (data)->transited_policy_checked = (*p >> 3) & 1;
-           (data)->ok_as_delegate = (*p >> 2) & 1;
-           (data)->anonymous = (*p >> 1) & 1;
-       } while (0);
-       p += len;
-       ret += len;
-       len = Top_oldlen - Top_datalen;
-    }
-    if (size)
-       *size = ret;
-    return 0;
-fail:
-    free_TicketFlags(data);
-    return e;
-}
-
-void
-free_TicketFlags(TicketFlags * data)
-{
-}
-
-size_t
-length_TicketFlags(const TicketFlags * data)
-{
-    size_t ret = 0;
-    ret += 5;
-    ret += 1 + der_length_len(ret);
-    return ret;
-}
-
-int
-copy_TicketFlags(const TicketFlags * from, TicketFlags * to)
-{
-    memset(to, 0, sizeof(*to));
-    *(to) = *(from);
-    return 0;
-}
-
-unsigned
-TicketFlags2int(TicketFlags f)
-{
-    unsigned r = 0;
-    if (f.reserved)
-       r |= (1U << 0);
-    if (f.forwardable)
-       r |= (1U << 1);
-    if (f.forwarded)
-       r |= (1U << 2);
-    if (f.proxiable)
-       r |= (1U << 3);
-    if (f.proxy)
-       r |= (1U << 4);
-    if (f.may_postdate)
-       r |= (1U << 5);
-    if (f.postdated)
-       r |= (1U << 6);
-    if (f.invalid)
-       r |= (1U << 7);
-    if (f.renewable)
-       r |= (1U << 8);
-    if (f.initial)
-       r |= (1U << 9);
-    if (f.pre_authent)
-       r |= (1U << 10);
-    if (f.hw_authent)
-       r |= (1U << 11);
-    if (f.transited_policy_checked)
-       r |= (1U << 12);
-    if (f.ok_as_delegate)
-       r |= (1U << 13);
-    if (f.anonymous)
-       r |= (1U << 14);
-    return r;
-}
-
-TicketFlags
-int2TicketFlags(unsigned n)
-{
-    TicketFlags flags;
-
-    memset(&flags, 0, sizeof(flags));
-
-    flags.reserved = (n >> 0) & 1;
-    flags.forwardable = (n >> 1) & 1;
-    flags.forwarded = (n >> 2) & 1;
-    flags.proxiable = (n >> 3) & 1;
-    flags.proxy = (n >> 4) & 1;
-    flags.may_postdate = (n >> 5) & 1;
-    flags.postdated = (n >> 6) & 1;
-    flags.invalid = (n >> 7) & 1;
-    flags.renewable = (n >> 8) & 1;
-    flags.initial = (n >> 9) & 1;
-    flags.pre_authent = (n >> 10) & 1;
-    flags.hw_authent = (n >> 11) & 1;
-    flags.transited_policy_checked = (n >> 12) & 1;
-    flags.ok_as_delegate = (n >> 13) & 1;
-    flags.anonymous = (n >> 14) & 1;
-    return flags;
-}
-
-
-
-
-
-/* Generated from ./krb5.asn1 */
-/* Do not edit */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <errno.h>
-#include <limits.h>
-#include <asn1_err.h>
-
-int
-encode_Realm(unsigned char *p, size_t len, const Realm * data, size_t * size)
-{
-    size_t ret = 0;
-    size_t l;
-    int i AFS_UNUSED, e;
-
-    i = 0;
-    e = der_put_general_string(p, len, data, &l);
-    if (e)
-       return e;
-    p -= l;
-    len -= l;
-    ret += l;
-
-    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_GeneralString, &l);
-    if (e)
-       return e;
-    p -= l;
-    len -= l;
-    ret += l;
-
-    *size = ret;
-    return 0;
-}
-
-int
-decode_Realm(const unsigned char *p, size_t len, Realm * data, size_t * size)
-{
-    size_t ret = 0;
-    size_t l;
-    int e;
-
-    memset(data, 0, sizeof(*data));
-    {
-       size_t Top_datalen, Top_oldlen;
-       Der_type Top_type;
-       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type, UT_GeneralString, &Top_datalen, &l);
-       if (e == 0 && Top_type != PRIM) {
-           e = ASN1_BAD_ID;
-       }
-       if (e)
-           goto fail;
-       p += l;
-       len -= l;
-       ret += l;
-       Top_oldlen = len;
-       if (Top_datalen > len) {
-           e = ASN1_OVERRUN;
-           goto fail;
-       }
-       len = Top_datalen;
-       e = der_get_general_string(p, len, data, &l);
-       if (e)
-           goto fail;
-       p += l;
-       len -= l;
-       ret += l;
-       len = Top_oldlen - Top_datalen;
-    }
-    if (size)
-       *size = ret;
-    return 0;
-fail:
-    free_Realm(data);
-    return e;
-}
-
-void
-free_Realm(Realm * data)
-{
-    der_free_general_string(data);
-}
-
-size_t
-length_Realm(const Realm * data)
-{
-    size_t ret = 0;
-    ret += der_length_general_string(data);
-    ret += 1 + der_length_len(ret);
-    return ret;
-}
-
-int
-copy_Realm(const Realm * from, Realm * to)
-{
-    memset(to, 0, sizeof(*to));
-    if (der_copy_general_string(from, to))
-       goto fail;
-    return 0;
-fail:
-    free_Realm(to);
-    return ENOMEM;
-}
-
-
-
-/* Generated from ./krb5.asn1 */
-/* Do not edit */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <errno.h>
-#include <limits.h>
-#include <asn1_err.h>
-
-int
-encode_ENCTYPE(unsigned char *p, size_t len, const ENCTYPE * data, size_t * size)
-{
-    size_t ret = 0;
-    size_t l;
-    int i AFS_UNUSED, e;
-
-    i = 0;
-    {
-       int enumint = (int) *data;
-       e = der_put_integer(p, len, &enumint, &l);
-       if (e)
-           return e;
-       p -= l;
-       len -= l;
-       ret += l;
-
-    }
-    ;
-    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_Integer, &l);
-    if (e)
-       return e;
-    p -= l;
-    len -= l;
-    ret += l;
-
-    *size = ret;
-    return 0;
-}
-
-int
-decode_ENCTYPE(const unsigned char *p, size_t len, ENCTYPE * data, size_t * size)
-{
-    size_t ret = 0;
-    size_t l;
-    int e;
-
-    memset(data, 0, sizeof(*data));
-    {
-       size_t Top_datalen, Top_oldlen;
-       Der_type Top_type;
-       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type, UT_Integer, &Top_datalen, &l);
-       if (e == 0 && Top_type != PRIM) {
-           e = ASN1_BAD_ID;
-       }
-       if (e)
-           goto fail;
-       p += l;
-       len -= l;
-       ret += l;
-       Top_oldlen = len;
-       if (Top_datalen > len) {
-           e = ASN1_OVERRUN;
-           goto fail;
-       }
-       len = Top_datalen;
-       {
-           int enumint;
-           e = der_get_integer(p, len, &enumint, &l);
-           if (e)
-               goto fail;
-           p += l;
-           len -= l;
-           ret += l;
-           *data = enumint;
-       }
-       len = Top_oldlen - Top_datalen;
-    }
-    if (size)
-       *size = ret;
-    return 0;
-fail:
-    free_ENCTYPE(data);
-    return e;
-}
-
-void
-free_ENCTYPE(ENCTYPE * data)
-{
-}
-
-size_t
-length_ENCTYPE(const ENCTYPE * data)
-{
-    size_t ret = 0;
-    {
-       int enumint = *data;
-       ret += der_length_integer(&enumint);
-    }
-    ret += 1 + der_length_len(ret);
-    return ret;
-}
-
-int
-copy_ENCTYPE(const ENCTYPE * from, ENCTYPE * to)
-{
-    memset(to, 0, sizeof(*to));
-    *(to) = *(from);
-    return 0;
-}
-
-
-
-/* Generated from ./krb5.asn1 */
-/* Do not edit */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <errno.h>
-#include <limits.h>
-#include <asn1_err.h>
-
-int
-encode_NAME_TYPE(unsigned char *p, size_t len, const NAME_TYPE * data, size_t * size)
-{
-    size_t ret = 0;
-    size_t l;
-    int i AFS_UNUSED, e;
-
-    i = 0;
-    {
-       int enumint = (int) *data;
-       e = der_put_integer(p, len, &enumint, &l);
-       if (e)
-           return e;
-       p -= l;
-       len -= l;
-       ret += l;
-
-    }
-    ;
-    e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_Integer, &l);
-    if (e)
-       return e;
-    p -= l;
-    len -= l;
-    ret += l;
-
-    *size = ret;
-    return 0;
-}
-
-int
-decode_NAME_TYPE(const unsigned char *p, size_t len, NAME_TYPE * data, size_t * size)
-{
-    size_t ret = 0;
-    size_t l;
-    int e;
-
-    memset(data, 0, sizeof(*data));
-    {
-       size_t Top_datalen, Top_oldlen;
-       Der_type Top_type;
-       e = der_match_tag_and_length(p, len, ASN1_C_UNIV, &Top_type, UT_Integer, &Top_datalen, &l);
-       if (e == 0 && Top_type != PRIM) {
-           e = ASN1_BAD_ID;
-       }
-       if (e)
-           goto fail;
-       p += l;
-       len -= l;
-       ret += l;
-       Top_oldlen = len;
-       if (Top_datalen > len) {
-           e = ASN1_OVERRUN;
-           goto fail;
-       }
-       len = Top_datalen;
-       {
-           int enumint;
-           e = der_get_integer(p, len, &enumint, &l);
-           if (e)
-               goto fail;
-           p += l;
-           len -= l;
-           ret += l;
-           *data = enumint;
-       }
-       len = Top_oldlen - Top_datalen;
-    }
-    if (size)
-       *size = ret;
-    return 0;
-fail:
-    free_NAME_TYPE(data);
-    return e;
-}
-
-void
-free_NAME_TYPE(NAME_TYPE * data)
-{
-}
-
-size_t
-length_NAME_TYPE(const NAME_TYPE * data)
-{
-    size_t ret = 0;
-    {
-       int enumint = *data;
-       ret += der_length_integer(&enumint);
-    }
-    ret += 1 + der_length_len(ret);
-    return ret;
-}
-
-int
-copy_NAME_TYPE(const NAME_TYPE * from, NAME_TYPE * to)
-{
-    memset(to, 0, sizeof(*to));
-    *(to) = *(from);
-    return 0;
-}
index 5ca4f97..e0ec33e 100644 (file)
 #ifndef __asn1_common_definitions__
 #define __asn1_common_definitions__
 
+#ifndef __HEIM_BASE_DATA__
+#define __HEIM_BASE_DATA__ 1
+struct heim_base_data {
+    size_t length;
+    void *data;
+};
+typedef struct heim_base_data heim_octet_string;
+#endif
+
 typedef struct heim_integer {
   size_t length;
   void *data;
   int negative;
 } heim_integer;
 
-typedef struct heim_octet_string {
-  size_t length;
-  void *data;
-} heim_octet_string;
-
 typedef char *heim_general_string;
 
 typedef char *heim_utf8_string;
 
-typedef char *heim_printable_string;
+typedef struct heim_base_data heim_printable_string;
 
-typedef char *heim_ia5_string;
+typedef struct heim_base_data heim_ia5_string;
 
 typedef struct heim_bmp_string {
   size_t length;
@@ -51,8 +55,8 @@ typedef struct heim_bit_string {
   void *data;
 } heim_bit_string;
 
-typedef struct heim_octet_string heim_any;
-typedef struct heim_octet_string heim_any_set;
+typedef struct heim_base_data heim_any;
+typedef struct heim_base_data heim_any_set;
 
 #define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R)                  \
   do {                                                         \
@@ -70,6 +74,17 @@ typedef struct heim_octet_string heim_any_set;
     }                                                          \
   } while (0)
 
+#ifdef _WIN32
+#ifndef ASN1_LIB
+#define ASN1EXP  __declspec(dllimport)
+#else
+#define ASN1EXP
+#endif
+#define ASN1CALL __stdcall
+#else
+#define ASN1EXP
+#define ASN1CALL
+#endif
 
 #endif
 
@@ -85,10 +100,15 @@ NAME-TYPE ::= INTEGER {
   KRB5_NT_SMTP_NAME(7),
   KRB5_NT_ENTERPRISE_PRINCIPAL(10),
   KRB5_NT_WELLKNOWN(11),
+  KRB5_NT_SRV_HST_DOMAIN(12),
   KRB5_NT_ENT_PRINCIPAL_AND_ID(-130),
   KRB5_NT_MS_PRINCIPAL(-128),
   KRB5_NT_MS_PRINCIPAL_AND_ID(-129),
-  KRB5_NT_NTLM(-1200)
+  KRB5_NT_NTLM(-1200),
+  KRB5_NT_X509_GENERAL_NAME(-1201),
+  KRB5_NT_GSS_HOSTBASED_SERVICE(-1202),
+  KRB5_NT_CACHE_UUID(-1203),
+  KRB5_NT_SRV_HST_NEEDS_CANON(-195894762)
 }
 */
 
@@ -103,17 +123,22 @@ typedef enum NAME_TYPE {
   KRB5_NT_SMTP_NAME = 7,
   KRB5_NT_ENTERPRISE_PRINCIPAL = 10,
   KRB5_NT_WELLKNOWN = 11,
+  KRB5_NT_SRV_HST_DOMAIN = 12,
   KRB5_NT_ENT_PRINCIPAL_AND_ID = -130,
   KRB5_NT_MS_PRINCIPAL = -128,
   KRB5_NT_MS_PRINCIPAL_AND_ID = -129,
-  KRB5_NT_NTLM = -1200
+  KRB5_NT_NTLM = -1200,
+  KRB5_NT_X509_GENERAL_NAME = -1201,
+  KRB5_NT_GSS_HOSTBASED_SERVICE = -1202,
+  KRB5_NT_CACHE_UUID = -1203,
+  KRB5_NT_SRV_HST_NEEDS_CANON = -195894762
 } NAME_TYPE;
 
-int    decode_NAME_TYPE(const unsigned char *, size_t, NAME_TYPE *, size_t *);
-int    encode_NAME_TYPE(unsigned char *, size_t, const NAME_TYPE *, size_t *);
-size_t length_NAME_TYPE(const NAME_TYPE *);
-int    copy_NAME_TYPE  (const NAME_TYPE *, NAME_TYPE *);
-void   free_NAME_TYPE  (NAME_TYPE *);
+ASN1EXP int    ASN1CALL decode_NAME_TYPE(const unsigned char *, size_t, NAME_TYPE *, size_t *);
+ASN1EXP int    ASN1CALL encode_NAME_TYPE(unsigned char *, size_t, const NAME_TYPE *, size_t *);
+ASN1EXP size_t ASN1CALL length_NAME_TYPE(const NAME_TYPE *);
+ASN1EXP int    ASN1CALL copy_NAME_TYPE  (const NAME_TYPE *, NAME_TYPE *);
+ASN1EXP void   ASN1CALL free_NAME_TYPE  (NAME_TYPE *);
 
 
 /*
@@ -144,13 +169,6 @@ typedef enum MESSAGE_TYPE {
   krb_error = 30
 } MESSAGE_TYPE;
 
-int    decode_MESSAGE_TYPE(const unsigned char *, size_t, MESSAGE_TYPE *, size_t *);
-int    encode_MESSAGE_TYPE(unsigned char *, size_t, const MESSAGE_TYPE *, size_t *);
-size_t length_MESSAGE_TYPE(const MESSAGE_TYPE *);
-int    copy_MESSAGE_TYPE  (const MESSAGE_TYPE *, MESSAGE_TYPE *);
-void   free_MESSAGE_TYPE  (MESSAGE_TYPE *);
-
-
 /*
 PADATA-TYPE ::= INTEGER {
   KRB5_PADATA_NONE(0),
@@ -184,6 +202,7 @@ PADATA-TYPE ::= INTEGER {
   KRB5_PADATA_SAM_CHALLENGE2(30),
   KRB5_PADATA_SAM_RESPONSE2(31),
   KRB5_PA_EXTRA_TGT(41),
+  KRB5_PADATA_FX_FAST_ARMOR(71),
   KRB5_PADATA_TD_KRB_PRINCIPAL(102),
   KRB5_PADATA_PK_TD_TRUSTED_CERTIFIERS(104),
   KRB5_PADATA_PK_TD_CERTIFICATE_INDEX(105),
@@ -196,7 +215,6 @@ PADATA-TYPE ::= INTEGER {
   KRB5_PADATA_FOR_CHECK_DUPS(131),
   KRB5_PADATA_AS_CHECKSUM(132),
   KRB5_PADATA_PK_AS_09_BINDING(132),
-  KRB5_PADATA_CLIENT_CANONICALIZED(133),
   KRB5_PADATA_FX_COOKIE(133),
   KRB5_PADATA_AUTHENTICATION_SET(134),
   KRB5_PADATA_AUTH_SET_SELECTED(135),
@@ -211,6 +229,7 @@ PADATA-TYPE ::= INTEGER {
   KRB5_PADATA_EPAK_AS_REP(146),
   KRB5_PADATA_PKINIT_KX(147),
   KRB5_PADATA_PKU2U_NAME(148),
+  KRB5_PADATA_REQ_ENC_PA_REP(149),
   KRB5_PADATA_SUPPORTED_ETYPES(165)
 }
 */
@@ -247,6 +266,7 @@ typedef enum PADATA_TYPE {
   KRB5_PADATA_SAM_CHALLENGE2 = 30,
   KRB5_PADATA_SAM_RESPONSE2 = 31,
   KRB5_PA_EXTRA_TGT = 41,
+  KRB5_PADATA_FX_FAST_ARMOR = 71,
   KRB5_PADATA_TD_KRB_PRINCIPAL = 102,
   KRB5_PADATA_PK_TD_TRUSTED_CERTIFIERS = 104,
   KRB5_PADATA_PK_TD_CERTIFICATE_INDEX = 105,
@@ -259,7 +279,6 @@ typedef enum PADATA_TYPE {
   KRB5_PADATA_FOR_CHECK_DUPS = 131,
   KRB5_PADATA_AS_CHECKSUM = 132,
   KRB5_PADATA_PK_AS_09_BINDING = 132,
-  KRB5_PADATA_CLIENT_CANONICALIZED = 133,
   KRB5_PADATA_FX_COOKIE = 133,
   KRB5_PADATA_AUTHENTICATION_SET = 134,
   KRB5_PADATA_AUTH_SET_SELECTED = 135,
@@ -274,14 +293,15 @@ typedef enum PADATA_TYPE {
   KRB5_PADATA_EPAK_AS_REP = 146,
   KRB5_PADATA_PKINIT_KX = 147,
   KRB5_PADATA_PKU2U_NAME = 148,
+  KRB5_PADATA_REQ_ENC_PA_REP = 149,
   KRB5_PADATA_SUPPORTED_ETYPES = 165
 } PADATA_TYPE;
 
-int    decode_PADATA_TYPE(const unsigned char *, size_t, PADATA_TYPE *, size_t *);
-int    encode_PADATA_TYPE(unsigned char *, size_t, const PADATA_TYPE *, size_t *);