Fixed bunch of X509_PARSE related defines / dependencies
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index aaebed6..b7a1e9a 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -42,7 +42,7 @@
 #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) ||  \
     !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
     !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) ||         \
-    !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_X509_PARSE_C)
+    !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_X509_CRT_PARSE_C)
 int main( int argc, char *argv[] )
 {
     ((void) argc);
@@ -51,7 +51,7 @@
     printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
            "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
            "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
-           "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_PARSE_C "
+           "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C "
            "not defined.\n");
     return( 0 );
 }
@@ -278,7 +278,7 @@
     }
 #endif
 
-    x509_free( &cacert );
+    x509_crt_free( &cacert );
     net_close( server_fd );
     ssl_free( &ssl );
 
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 7d25de6..5ee97b7 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -111,7 +111,7 @@
     }
 }
 
-#if defined(POLARSSL_X509_PARSE_C)
+#if defined(POLARSSL_X509_CRT_PARSE_C)
 /*
  * Enabled if debug_level > 1 in code below
  */
@@ -150,9 +150,9 @@
 
     return( 0 );
 }
-#endif /* POLARSSL_X509_PARSE_C */
+#endif /* POLARSSL_X509_CRT_PARSE_C */
 
-#if defined(POLARSSL_X509_PARSE_C)
+#if defined(POLARSSL_X509_CRT_PARSE_C)
 #if defined(POLARSSL_FS_IO)
 #define USAGE_IO \
     "    ca_file=%%s          The single file containing the top-level CA(s) you fully trust\n" \
@@ -168,7 +168,7 @@
 #endif /* POLARSSL_FS_IO */
 #else
 #define USAGE_IO ""
-#endif /* POLARSSL_X509_PARSE_C */
+#endif /* POLARSSL_X509_CRT_PARSE_C */
 
 #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
 #define USAGE_PSK                                                   \
@@ -254,7 +254,7 @@
     ctr_drbg_context ctr_drbg;
     ssl_context ssl;
     ssl_session saved_session;
-#if defined(POLARSSL_X509_PARSE_C)
+#if defined(POLARSSL_X509_CRT_PARSE_C)
     x509_cert cacert;
     x509_cert clicert;
     pk_context pkey;
@@ -268,7 +268,7 @@
     server_fd = 0;
     memset( &ssl, 0, sizeof( ssl_context ) );
     memset( &saved_session, 0, sizeof( ssl_session ) );
-#if defined(POLARSSL_X509_PARSE_C)
+#if defined(POLARSSL_X509_CRT_PARSE_C)
     memset( &cacert, 0, sizeof( x509_cert ) );
     memset( &clicert, 0, sizeof( x509_cert ) );
     pk_init( &pkey );
@@ -565,7 +565,7 @@
 
     printf( " ok\n" );
 
-#if defined(POLARSSL_X509_PARSE_C)
+#if defined(POLARSSL_X509_CRT_PARSE_C)
     /*
      * 1.1. Load the trusted CA
      */
@@ -645,7 +645,7 @@
     }
 
     printf( " ok\n" );
-#endif /* POLARSSL_X509_PARSE_C */
+#endif /* POLARSSL_X509_CRT_PARSE_C */
 
     /*
      * 2. Start the connection
@@ -677,7 +677,7 @@
 
     printf( " ok\n" );
 
-#if defined(POLARSSL_X509_PARSE_C)
+#if defined(POLARSSL_X509_CRT_PARSE_C)
     if( opt.debug_level > 0 )
         ssl_set_verify( &ssl, my_verify, NULL );
 #endif
@@ -709,7 +709,7 @@
     ssl_set_renegotiation( &ssl, opt.renegotiation );
     ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
 
-#if defined(POLARSSL_X509_PARSE_C)
+#if defined(POLARSSL_X509_CRT_PARSE_C)
     ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
     ssl_set_own_cert( &ssl, &clicert, &pkey );
 #endif
@@ -760,7 +760,7 @@
         printf( " ok\n" );
     }
 
-#if defined(POLARSSL_X509_PARSE_C)
+#if defined(POLARSSL_X509_CRT_PARSE_C)
     /*
      * 5. Verify the server certificate
      */
@@ -794,7 +794,7 @@
                              ssl_get_peer_cert( &ssl ) );
         printf( "%s\n", buf );
     }
-#endif /* POLARSSL_X509_PARSE_C */
+#endif /* POLARSSL_X509_CRT_PARSE_C */
 
     /*
      * 6. Write the GET request
@@ -910,9 +910,9 @@
 
     if( server_fd )
         net_close( server_fd );
-#if defined(POLARSSL_X509_PARSE_C)
-    x509_free( &clicert );
-    x509_free( &cacert );
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+    x509_crt_free( &clicert );
+    x509_crt_free( &cacert );
     pk_free( &pkey );
 #endif
     ssl_session_free( &saved_session );
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index b37ddb0..af9cef6 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -56,7 +56,7 @@
     !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \
     !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) ||     \
     !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) ||    \
-    !defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_TIMING_C)
+    !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_TIMING_C)
 int main( int argc, char *argv[] )
 {
     ((void) argc);
@@ -65,7 +65,7 @@
     printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
            "and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
            "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
-           "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_PARSE_C and/or "
+           "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C and/or "
            "POLARSSL_TIMING_C not defined.\n");
     return( 0 );
 }
@@ -362,7 +362,7 @@
 exit:
 
     net_close( client_fd );
-    x509_free( &srvcert );
+    x509_crt_free( &srvcert );
     pk_free( &pkey );
     ssl_free( &ssl );
 
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 2440d27..f9465ca 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -58,7 +58,7 @@
 #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) ||  \
     !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
     !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) ||         \
-    !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_X509_PARSE_C)
+    !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_X509_CRT_PARSE_C)
 int main( int argc, char *argv[] )
 {
     ((void) argc);
@@ -67,7 +67,7 @@
     printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
            "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
            "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
-           "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_PARSE_C "
+           "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C "
            "not defined.\n");
     return( 0 );
 }
@@ -790,8 +790,8 @@
 
     if( server_fd )
         net_close( server_fd );
-    x509_free( &clicert );
-    x509_free( &cacert );
+    x509_crt_free( &clicert );
+    x509_crt_free( &cacert );
     pk_free( &pkey );
     ssl_free( &ssl );
 
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index a215a9e..38fa2f2 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -53,7 +53,7 @@
     !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \
     !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) ||     \
     !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) ||    \
-    !defined(POLARSSL_X509_PARSE_C)
+    !defined(POLARSSL_X509_CRT_PARSE_C)
 int main( int argc, char *argv[] )
 {
     ((void) argc);
@@ -62,7 +62,8 @@
     printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
            "and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
            "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
-           "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_PARSE_C not defined.\n");
+           "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C "
+           "not defined.\n");
     return( 0 );
 }
 #else
@@ -364,7 +365,7 @@
 #endif
 
     net_close( client_fd );
-    x509_free( &srvcert );
+    x509_crt_free( &srvcert );
     pk_free( &pkey );
     ssl_free( &ssl );
 #if defined(POLARSSL_SSL_CACHE_C)
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 7e3ced6..a7dfa5f 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -118,7 +118,7 @@
     }
 }
 
-#if defined(POLARSSL_X509_PARSE_C)
+#if defined(POLARSSL_X509_CRT_PARSE_C)
 #if defined(POLARSSL_FS_IO)
 #define USAGE_IO \
     "    ca_file=%%s          The single file containing the top-level CA(s) you fully trust\n" \
@@ -136,7 +136,7 @@
 #endif /* POLARSSL_FS_IO */
 #else
 #define USAGE_IO ""
-#endif /* POLARSSL_X509_PARSE_C */
+#endif /* POLARSSL_X509_CRT_PARSE_C */
 
 #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
 #define USAGE_PSK                                                   \
@@ -212,7 +212,7 @@
     entropy_context entropy;
     ctr_drbg_context ctr_drbg;
     ssl_context ssl;
-#if defined(POLARSSL_X509_PARSE_C)
+#if defined(POLARSSL_X509_CRT_PARSE_C)
     x509_cert cacert;
     x509_cert srvcert;
     pk_context pkey;
@@ -236,7 +236,7 @@
      * Make sure memory references are valid.
      */
     listen_fd = 0;
-#if defined(POLARSSL_X509_PARSE_C)
+#if defined(POLARSSL_X509_CRT_PARSE_C)
     memset( &cacert, 0, sizeof( x509_cert ) );
     memset( &srvcert, 0, sizeof( x509_cert ) );
     pk_init( &pkey );
@@ -516,7 +516,7 @@
 
     printf( " ok\n" );
 
-#if defined(POLARSSL_X509_PARSE_C)
+#if defined(POLARSSL_X509_CRT_PARSE_C)
     /*
      * 1.1. Load the trusted CA
      */
@@ -594,7 +594,7 @@
     }
 
     printf( " ok\n" );
-#endif /* POLARSSL_X509_PARSE_C */
+#endif /* POLARSSL_X509_CRT_PARSE_C */
 
     /*
      * 2. Setup the listening TCP socket
@@ -647,7 +647,7 @@
     ssl_set_renegotiation( &ssl, opt.renegotiation );
     ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
 
-#if defined(POLARSSL_X509_PARSE_C)
+#if defined(POLARSSL_X509_CRT_PARSE_C)
     ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );
     ssl_set_own_cert( &ssl, &srvcert, &pkey );
 #endif
@@ -747,7 +747,7 @@
     printf( " ok\n    [ Ciphersuite is %s ]\n",
             ssl_get_ciphersuite( &ssl ) );
 
-#if defined(POLARSSL_X509_PARSE_C)
+#if defined(POLARSSL_X509_CRT_PARSE_C)
     /*
      * 5. Verify the server certificate
      */
@@ -781,7 +781,7 @@
                              ssl_get_peer_cert( &ssl ) );
         printf( "%s\n", buf );
     }
-#endif /* POLARSSL_X509_PARSE_C */
+#endif /* POLARSSL_X509_CRT_PARSE_C */
 
     /*
      * 6. Read the HTTP Request
@@ -877,9 +877,9 @@
 #endif
 
     net_close( client_fd );
-#if defined(POLARSSL_X509_PARSE_C)
-    x509_free( &srvcert );
-    x509_free( &cacert );
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+    x509_crt_free( &srvcert );
+    x509_crt_free( &cacert );
     pk_free( &pkey );
 #endif
 
diff --git a/programs/test/o_p_test.c b/programs/test/o_p_test.c
index 8944940..dd488d7 100644
--- a/programs/test/o_p_test.c
+++ b/programs/test/o_p_test.c
@@ -40,20 +40,20 @@
 
 #include "polarssl/config.h"
 
+#include "polarssl/pk.h"
 #include "polarssl/x509.h"
-#include "polarssl/rsa.h"
 #include "polarssl/entropy.h"
 #include "polarssl/ctr_drbg.h"
 
 #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) ||         \
-    !defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_FS_IO)
+    !defined(POLARSSL_PK_PARSE_C) || !defined(POLARSSL_FS_IO)
 int main( int argc, char *argv[] )
 {
     ((void) argc);
     ((void) argv);
 
     printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
-           "POLARSSL_X509_PARSE_C and/or POLARSSL_FS_IO not defined.\n");
+           "POLARSSL_PK_PARSE_C and/or POLARSSL_FS_IO not defined.\n");
     return( 0 );
 }
 #else
@@ -62,7 +62,8 @@
     int ret;
     FILE *key_file;
     size_t olen;
-    rsa_context p_rsa;
+    pk_context p_pk;
+    rsa_context *p_rsa;
     RSA *o_rsa;
     entropy_context entropy;
     ctr_drbg_context ctr_drbg;
@@ -103,14 +104,23 @@
     printf( "  . Reading private key from %s into PolarSSL ...", argv[1] );
     fflush( stdout );
 
-    rsa_init( &p_rsa, RSA_PKCS_V15, 0 );
-    if( x509parse_keyfile_rsa( &p_rsa, argv[1], NULL ) != 0 )
+    pk_init( &p_pk );
+    if( pk_parse_keyfile( &p_pk, argv[1], NULL ) != 0 )
     {
         ret = 1;
         printf( " failed\n  ! Could not load key.\n\n" );
         goto exit;
     }
 
+    if( !pk_can_do( &p_pk, POLARSSL_PK_RSA ) )
+    {
+        ret = 1;
+        printf( " failed\n  ! Key is not an RSA key\n" );
+        goto exit;
+    }
+
+    p_rsa = pk_rsa( p_pk );
+
     printf( " passed\n");
 
     printf( "  . Reading private key from %s into OpenSSL  ...", argv[1] );
@@ -143,7 +153,7 @@
     printf( "  . Generating the RSA encrypted value with PolarSSL (RSA_PUBLIC)  ..." );
     fflush( stdout );
 
-    if( ( ret = rsa_pkcs1_encrypt( &p_rsa, ctr_drbg_random, &ctr_drbg, RSA_PUBLIC, strlen( argv[1] ), input, p_pub_encrypted ) ) != 0 )
+    if( ( ret = rsa_pkcs1_encrypt( p_rsa, ctr_drbg_random, &ctr_drbg, RSA_PUBLIC, strlen( argv[2] ), input, p_pub_encrypted ) ) != 0 )
     {
         printf( " failed\n  ! rsa_pkcs1_encrypt returned %d\n\n", ret );
         goto exit;
@@ -154,7 +164,7 @@
     printf( "  . Generating the RSA encrypted value with OpenSSL (PUBLIC)       ..." );
     fflush( stdout );
 
-    if( ( ret = RSA_public_encrypt( strlen( argv[1] ), input, o_pub_encrypted, o_rsa, RSA_PKCS1_PADDING ) ) == -1 )
+    if( ( ret = RSA_public_encrypt( strlen( argv[2] ), input, o_pub_encrypted, o_rsa, RSA_PKCS1_PADDING ) ) == -1 )
     {
         unsigned long code = ERR_get_error();
         printf( " failed\n  ! RSA_public_encrypt returned %d %s\n\n", ret, ERR_error_string( code, NULL ) );
@@ -169,7 +179,7 @@
     printf( "  . Generating the RSA encrypted value with PolarSSL (RSA_PRIVATE) ..." );
     fflush( stdout );
 
-    if( ( ret = rsa_pkcs1_encrypt( &p_rsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, strlen( argv[1] ), input, p_priv_encrypted ) ) != 0 )
+    if( ( ret = rsa_pkcs1_encrypt( p_rsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, strlen( argv[2] ), input, p_priv_encrypted ) ) != 0 )
     {
         printf( " failed\n  ! rsa_pkcs1_encrypt returned %d\n\n", ret );
         goto exit;
@@ -180,7 +190,7 @@
     printf( "  . Generating the RSA encrypted value with OpenSSL (PRIVATE)      ..." );
     fflush( stdout );
 
-    if( ( ret = RSA_private_encrypt( strlen( argv[1] ), input, o_priv_encrypted, o_rsa, RSA_PKCS1_PADDING ) ) == -1 )
+    if( ( ret = RSA_private_encrypt( strlen( argv[2] ), input, o_priv_encrypted, o_rsa, RSA_PKCS1_PADDING ) ) == -1 )
     {
         unsigned long code = ERR_get_error();
         printf( " failed\n  ! RSA_private_encrypt returned %d %s\n\n", ret, ERR_error_string( code, NULL ) );
@@ -197,7 +207,7 @@
     printf( "  . Generating the RSA decrypted value for OpenSSL (PUBLIC) with PolarSSL (PRIVATE) ..." );
     fflush( stdout );
 
-    if( ( ret = rsa_pkcs1_decrypt( &p_rsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, &olen, o_pub_encrypted, p_pub_decrypted, 1024 ) ) != 0 )
+    if( ( ret = rsa_pkcs1_decrypt( p_rsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, &olen, o_pub_encrypted, p_pub_decrypted, 1024 ) ) != 0 )
     {
         printf( " failed\n  ! rsa_pkcs1_decrypt returned %d\n\n", ret );
     }
@@ -207,7 +217,7 @@
     printf( "  . Generating the RSA decrypted value for PolarSSL (PUBLIC) with OpenSSL (PRIVATE) ..." );
     fflush( stdout );
 
-    if( ( ret = RSA_private_decrypt( p_rsa.len, p_pub_encrypted, o_pub_decrypted, o_rsa, RSA_PKCS1_PADDING ) ) == -1 )
+    if( ( ret = RSA_private_decrypt( p_rsa->len, p_pub_encrypted, o_pub_decrypted, o_rsa, RSA_PKCS1_PADDING ) ) == -1 )
     {
         unsigned long code = ERR_get_error();
         printf( " failed\n  ! RSA_private_decrypt returned %d %s\n\n", ret, ERR_error_string( code, NULL ) );
@@ -221,7 +231,7 @@
     printf( "  . Generating the RSA decrypted value for OpenSSL (PRIVATE) with PolarSSL (PUBLIC) ..." );
     fflush( stdout );
 
-    if( ( ret = rsa_pkcs1_decrypt( &p_rsa, NULL, NULL, RSA_PUBLIC, &olen, o_priv_encrypted, p_priv_decrypted, 1024 ) ) != 0 )
+    if( ( ret = rsa_pkcs1_decrypt( p_rsa, NULL, NULL, RSA_PUBLIC, &olen, o_priv_encrypted, p_priv_decrypted, 1024 ) ) != 0 )
     {
         printf( " failed\n  ! rsa_pkcs1_decrypt returned %d\n\n", ret );
     }
@@ -231,7 +241,7 @@
     printf( "  . Generating the RSA decrypted value for PolarSSL (PRIVATE) with OpenSSL (PUBLIC) ..." );
     fflush( stdout );
 
-    if( ( ret = RSA_public_decrypt( p_rsa.len, p_priv_encrypted, o_priv_decrypted, o_rsa, RSA_PKCS1_PADDING ) ) == -1 )
+    if( ( ret = RSA_public_decrypt( p_rsa->len, p_priv_encrypted, o_priv_decrypted, o_rsa, RSA_PKCS1_PADDING ) ) == -1 )
     {
         unsigned long code = ERR_get_error();
         printf( " failed\n  ! RSA_public_decrypt returned %d %s\n\n", ret, ERR_error_string( code, NULL ) );
@@ -255,4 +265,4 @@
     return( ret );
 }
 #endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C &&
-          POLARSSL_X509_PARSE_C && POLARSSL_FS_IO */
+          POLARSSL_PK_PARSE_C && POLARSSL_FS_IO */
diff --git a/programs/test/ssl_cert_test.c b/programs/test/ssl_cert_test.c
index a77a314..f1044cf 100644
--- a/programs/test/ssl_cert_test.c
+++ b/programs/test/ssl_cert_test.c
@@ -33,7 +33,7 @@
 #include "polarssl/config.h"
 
 #include "polarssl/certs.h"
-#include "polarssl/x509.h"
+#include "polarssl/x509_crt.h"
 
 #if defined _MSC_VER && !defined snprintf
 #define snprintf _snprintf
@@ -66,14 +66,16 @@
 };
 
 #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) ||  \
-    !defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_FS_IO)
+    !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PK_PARSE_C) || \
+    !defined(POLARSSL_FS_IO)
 int main( int argc, char *argv[] )
 {
     ((void) argc);
     ((void) argv);
 
     printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
-           "POLARSSL_X509_PARSE_C and/or POLARSSL_FS_IO not defined.\n");
+           "POLARSSL_X509_CRT_PARSE_C and/or POLARSSL_FS_IO and/or "
+           "POLARSSL_PK_PARSE_C not defined.\n");
     return( 0 );
 }
 #else
@@ -138,10 +140,10 @@
         char    name[512];
         int flags;
         x509_cert clicert;
-        rsa_context rsa;
+        pk_context pk;
 
         memset( &clicert, 0, sizeof( x509_cert ) );
-        memset( &rsa, 0, sizeof( rsa_context ) );
+        pk_init( &pk );
 
         snprintf(name, 512, "ssl/test-ca/%s", client_certificates[i]);
 
@@ -196,10 +198,10 @@
         printf( "  . Loading the client private key %s...", name );
         fflush( stdout );
 
-        ret = x509parse_keyfile_rsa( &rsa, name, NULL );
+        ret = pk_parse_keyfile( &pk, name, NULL );
         if( ret != 0 )
         {
-            printf( " failed\n  !  x509parse_key_rsa returned %d\n\n", ret );
+            printf( " failed\n  !  pk_parse_keyfile returned %d\n\n", ret );
             goto exit;
         }
 
@@ -220,21 +222,21 @@
             goto exit;
         }
 
-        ret = mpi_cmp_mpi(&rsa.N, &pk_rsa( clicert.pk )->N);
+        ret = mpi_cmp_mpi(&pk_rsa( pk )->N, &pk_rsa( clicert.pk )->N);
         if( ret != 0 )
         {
             printf( " failed\n  !  mpi_cmp_mpi for N returned %d\n\n", ret );
             goto exit;
         }
 
-        ret = mpi_cmp_mpi(&rsa.E, &pk_rsa( clicert.pk )->E);
+        ret = mpi_cmp_mpi(&pk_rsa( pk )->E, &pk_rsa( clicert.pk )->E);
         if( ret != 0 )
         {
             printf( " failed\n  !  mpi_cmp_mpi for E returned %d\n\n", ret );
             goto exit;
         }
 
-        ret = rsa_check_privkey( &rsa );
+        ret = rsa_check_privkey( pk_rsa( pk ) );
         if( ret != 0 )
         {
             printf( " failed\n  !  rsa_check_privkey returned %d\n\n", ret );
@@ -243,12 +245,12 @@
 
         printf( " ok\n" );
 
-        x509_free( &clicert );
-        rsa_free( &rsa );
+        x509_crt_free( &clicert );
+        pk_free( &pk );
     }
 
 exit:
-    x509_free( &cacert );
+    x509_crt_free( &cacert );
     x509_crl_free( &crl );
 
 #if defined(_WIN32)
@@ -258,5 +260,5 @@
 
     return( ret );
 }
-#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_X509_PARSE_C &&
-          POLARSSL_FS_IO */
+#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_X509_CRT_PARSE_C &&
+          POLARSSL_FS_IO && POLARSSL_PK_PARSE_C */
diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c
index 6221576..9d6391d 100644
--- a/programs/test/ssl_test.c
+++ b/programs/test/ssl_test.c
@@ -46,7 +46,7 @@
     !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_SRV_C) || \
     !defined(POLARSSL_SSL_CLI_C) || !defined(POLARSSL_NET_C) ||     \
     !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) ||    \
-    !defined(POLARSSL_X509_PARSE_C)
+    !defined(POLARSSL_X509_CRT_PARSE_C)
 int main( int argc, char *argv[] )
 {
     ((void) argc);
@@ -56,7 +56,7 @@
            "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
            "POLARSSL_SSL_CLI_C and/or POLARSSL_NET_C and/or "
            "POLARSSL_RSA_C and/or POLARSSL_CTR_DRBG_C and/or "
-           "POLARSSL_X509_PARSE_C not defined.\n");
+           "POLARSSL_X509_CRT_PARSE_C not defined.\n");
     return( 0 );
 }
 #else
@@ -400,7 +400,7 @@
         free( write_buf );
 
     ssl_close_notify( &ssl );
-    x509_free( &srvcert );
+    x509_crt_free( &srvcert );
     pk_free( &pkey );
     ssl_free( &ssl );
     net_close( client_fd );
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index 9bfbdbf..add75a0 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -159,7 +159,7 @@
     x509_cert cacert;
     x509_cert clicert;
     pk_context pkey;
-    int i, j, n;
+    int i, j;
     int flags, verify = 0;
     char *p, *q;
     const char *pers = "cert_app";
@@ -460,4 +460,4 @@
 }
 #endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C &&
           POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C &&
-          POLARSSL_X509_PARSE_C && POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */
+          POLARSSL_X509_CRT_PARSE_C && POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index ff65198..df8d05c 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -39,6 +39,7 @@
 #include "polarssl/error.h"
 
 #if !defined(POLARSSL_X509_CSR_WRITE_C) || !defined(POLARSSL_FS_IO) ||  \
+    !defined(POLARSSL_PK_PARSE_C) ||                                    \
     !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_CTR_DRBG_C)
 int main( int argc, char *argv[] )
 {
@@ -46,6 +47,7 @@
     ((void) argv);
 
     printf( "POLARSSL_X509_CSR_WRITE_C and/or POLARSSL_FS_IO and/or "
+            "POLARSSL_PK_PARSE_C and/or "
             "POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C "
             "not defined.\n");
     return( 0 );
@@ -339,5 +341,5 @@
 
     return( ret );
 }
-#endif /* POLARSSL_X509_WRITE_C && POLARSSL_X509_PARSE_C && POLARSSL_FS_IO &&
+#endif /* POLARSSL_X509_CSR_WRITE_C && POLARSSL_PK_PARSE_C && POLARSSL_FS_IO &&
           POLARSSL_ENTROPY_C && POLARSSL_CTR_DRBG_C */
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 0cc6482..c276321 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -649,6 +649,6 @@
 
     return( ret );
 }
-#endif /* POLARSSL_X509_WRITE_C && POLARSSL_X509_PARSE_C && POLARSSL_FS_IO &&
-          POLARSSL_ENTROPY_C && POLARSSL_CTR_DRBG_C &&
+#endif /* POLARSSL_X509_CRT_WRITE_C && POLARSSL_X509_CRT_PARSE_C &&
+          POLARSSL_FS_IO && POLARSSL_ENTROPY_C && POLARSSL_CTR_DRBG_C &&
           POLARSSL_ERROR_C */
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index 98edb2d..1cb9828 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -149,5 +149,5 @@
 
     return( ret );
 }
-#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_X509_PARSE_C &&
+#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_X509_CRL_PARSE_C &&
           POLARSSL_FS_IO */
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index a3f762c..5e05d60 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -149,5 +149,5 @@
 
     return( ret );
 }
-#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_X509_PARSE_C &&
+#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_X509_CSR_PARSE_C &&
           POLARSSL_FS_IO */