2 files changed, 218 insertions, 46 deletions

diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c
index 5946c71238..4e5e0b3b7e 100644
--- a/src/lib/libcrypto/x509/x509_addr.c
+++ b/src/lib/libcrypto/x509/x509_addr.c
@@ -29,29 +29,117 @@
  * OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
  */
 
-ASN1_SEQUENCE(IPAddressRange) = {
-  ASN1_SIMPLE(IPAddressRange, min, ASN1_BIT_STRING),
-  ASN1_SIMPLE(IPAddressRange, max, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END(IPAddressRange)
-
-ASN1_CHOICE(IPAddressOrRange) = {
-  ASN1_SIMPLE(IPAddressOrRange, u.addressPrefix, ASN1_BIT_STRING),
-  ASN1_SIMPLE(IPAddressOrRange, u.addressRange,  IPAddressRange)
-} ASN1_CHOICE_END(IPAddressOrRange)
-
-ASN1_CHOICE(IPAddressChoice) = {
-  ASN1_SIMPLE(IPAddressChoice,      u.inherit,           ASN1_NULL),
-  ASN1_SEQUENCE_OF(IPAddressChoice, u.addressesOrRanges, IPAddressOrRange)
-} ASN1_CHOICE_END(IPAddressChoice)
-
-ASN1_SEQUENCE(IPAddressFamily) = {
-  ASN1_SIMPLE(IPAddressFamily, addressFamily,   ASN1_OCTET_STRING),
-  ASN1_SIMPLE(IPAddressFamily, ipAddressChoice, IPAddressChoice)
-} ASN1_SEQUENCE_END(IPAddressFamily)
-
-ASN1_ITEM_TEMPLATE(IPAddrBlocks) =
-  ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
-                        IPAddrBlocks, IPAddressFamily)
+static const ASN1_TEMPLATE IPAddressRange_seq_tt[] = {
+        {
+                .flags = 0,
+                .tag = 0,
+                .offset = offsetof(IPAddressRange, min),
+                .field_name = "min",
+                .item = &ASN1_BIT_STRING_it,
+        },
+        {
+                .flags = 0,
+                .tag = 0,
+                .offset = offsetof(IPAddressRange, max),
+                .field_name = "max",
+                .item = &ASN1_BIT_STRING_it,
+        },
+};
+
+const ASN1_ITEM IPAddressRange_it = {
+        .itype = ASN1_ITYPE_SEQUENCE,
+        .utype = V_ASN1_SEQUENCE,
+        .templates = IPAddressRange_seq_tt,
+        .tcount = sizeof(IPAddressRange_seq_tt) / sizeof(ASN1_TEMPLATE),
+        .funcs = NULL,
+        .size = sizeof(IPAddressRange),
+        .sname = "IPAddressRange",
+};
+
+static const ASN1_TEMPLATE IPAddressOrRange_ch_tt[] = {
+        {
+                .flags = 0,
+                .tag = 0,
+                .offset = offsetof(IPAddressOrRange, u.addressPrefix),
+                .field_name = "u.addressPrefix",
+                .item = &ASN1_BIT_STRING_it,
+        },
+        {
+                .flags = 0,
+                .tag = 0,
+                .offset = offsetof(IPAddressOrRange, u.addressRange),
+                .field_name = "u.addressRange",
+                .item = &IPAddressRange_it,
+        },
+};
+
+const ASN1_ITEM IPAddressOrRange_it = {
+        .itype = ASN1_ITYPE_CHOICE,
+        .utype = offsetof(IPAddressOrRange, type),
+        .templates = IPAddressOrRange_ch_tt,
+        .tcount = sizeof(IPAddressOrRange_ch_tt) / sizeof(ASN1_TEMPLATE),
+        .funcs = NULL,
+        .size = sizeof(IPAddressOrRange),
+        .sname = "IPAddressOrRange",
+};
+
+static const ASN1_TEMPLATE IPAddressChoice_ch_tt[] = {
+        {
+                .flags = 0,
+                .tag = 0,
+                .offset = offsetof(IPAddressChoice, u.inherit),
+                .field_name = "u.inherit",
+                .item = &ASN1_NULL_it,
+        },
+        {
+                .flags = ASN1_TFLG_SEQUENCE_OF,
+                .tag = 0,
+                .offset = offsetof(IPAddressChoice, u.addressesOrRanges),
+                .field_name = "u.addressesOrRanges",
+                .item = &IPAddressOrRange_it,
+        },
+};
+
+const ASN1_ITEM IPAddressChoice_it = {
+        .itype = ASN1_ITYPE_CHOICE,
+        .utype = offsetof(IPAddressChoice, type),
+        .templates = IPAddressChoice_ch_tt,
+        .tcount = sizeof(IPAddressChoice_ch_tt) / sizeof(ASN1_TEMPLATE),
+        .funcs = NULL,
+        .size = sizeof(IPAddressChoice),
+        .sname = "IPAddressChoice",
+};
+
+static const ASN1_TEMPLATE IPAddressFamily_seq_tt[] = {
+        {
+                .flags = 0,
+                .tag = 0,
+                .offset = offsetof(IPAddressFamily, addressFamily),
+                .field_name = "addressFamily",
+                .item = &ASN1_OCTET_STRING_it,
+        },
+        {
+                .flags = 0,
+                .tag = 0,
+                .offset = offsetof(IPAddressFamily, ipAddressChoice),
+                .field_name = "ipAddressChoice",
+                .item = &IPAddressChoice_it,
+        },
+};
+
+const ASN1_ITEM IPAddressFamily_it = {
+        .itype = ASN1_ITYPE_SEQUENCE,
+        .utype = V_ASN1_SEQUENCE,
+        .templates = IPAddressFamily_seq_tt,
+        .tcount = sizeof(IPAddressFamily_seq_tt) / sizeof(ASN1_TEMPLATE),
+        .funcs = NULL,
+        .size = sizeof(IPAddressFamily),
+        .sname = "IPAddressFamily",
+};
+
+static const ASN1_TEMPLATE IPAddrBlocks_item_tt =
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, IPAddrBlocks,
+    IPAddressFamily)
 static_ASN1_ITEM_TEMPLATE_END(IPAddrBlocks)
 
 IPAddressRange *
@@ -1154,7 +1242,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
 const X509V3_EXT_METHOD v3_addr = {
     NID_sbgp_ipAddrBlock,       /* nid */
     0,                          /* flags */
-    ASN1_ITEM_ref(IPAddrBlocks), /* template */
+    &IPAddrBlocks_it,
     0, 0, 0, 0,                 /* old functions, ignored */
     0,                          /* i2s */
     0,                          /* s2i */
diff --git a/src/lib/libcrypto/x509/x509_asid.c b/src/lib/libcrypto/x509/x509_asid.c
index bcb6e4ea1d..59c7cabb13 100644
--- a/src/lib/libcrypto/x509/x509_asid.c
+++ b/src/lib/libcrypto/x509/x509_asid.c
@@ -26,29 +26,113 @@
 
 #ifndef OPENSSL_NO_RFC3779
 
-/*
- * OpenSSL ASN.1 template translation of RFC 3779 3.2.3.
- */
+static const ASN1_TEMPLATE ASRange_seq_tt[] = {
+        {
+                .flags = 0,
+                .tag = 0,
+                .offset = offsetof(ASRange, min),
+                .field_name = "min",
+                .item = &ASN1_INTEGER_it,
+        },
+        {
+                .flags = 0,
+                .tag = 0,
+                .offset = offsetof(ASRange, max),
+                .field_name = "max",
+                .item = &ASN1_INTEGER_it,
+        },
+};
+
+const ASN1_ITEM ASRange_it = {
+        .itype = ASN1_ITYPE_SEQUENCE,
+        .utype = V_ASN1_SEQUENCE,
+        .templates = ASRange_seq_tt,
+        .tcount = sizeof(ASRange_seq_tt) / sizeof(ASN1_TEMPLATE),
+        .funcs = NULL,
+        .size = sizeof(ASRange),
+        .sname = "ASRange",
+};
+
+static const ASN1_TEMPLATE ASIdOrRange_ch_tt[] = {
+        {
+                .flags = 0,
+                .tag = 0,
+                .offset = offsetof(ASIdOrRange, u.id),
+                .field_name = "u.id",
+                .item = &ASN1_INTEGER_it,
+        },
+        {
+                .flags = 0,
+                .tag = 0,
+                .offset = offsetof(ASIdOrRange, u.range),
+                .field_name = "u.range",
+                .item = &ASRange_it,
+        },
+};
+
+const ASN1_ITEM ASIdOrRange_it = {
+        .itype = ASN1_ITYPE_CHOICE,
+        .utype = offsetof(ASIdOrRange, type),
+        .templates = ASIdOrRange_ch_tt,
+        .tcount = sizeof(ASIdOrRange_ch_tt) / sizeof(ASN1_TEMPLATE),
+        .funcs = NULL,
+        .size = sizeof(ASIdOrRange),
+        .sname = "ASIdOrRange",
+};
+
+static const ASN1_TEMPLATE ASIdentifierChoice_ch_tt[] = {
+        {
+                .flags = 0,
+                .tag = 0,
+                .offset = offsetof(ASIdentifierChoice, u.inherit),
+                .field_name = "u.inherit",
+                .item = &ASN1_NULL_it,
+        },
+        {
+                .flags = ASN1_TFLG_SEQUENCE_OF,
+                .tag = 0,
+                .offset = offsetof(ASIdentifierChoice, u.asIdsOrRanges),
+                .field_name = "u.asIdsOrRanges",
+                .item = &ASIdOrRange_it,
+        },
+};
+
+const ASN1_ITEM ASIdentifierChoice_it = {
+        .itype = ASN1_ITYPE_CHOICE,
+        .utype = offsetof(ASIdentifierChoice, type),
+        .templates = ASIdentifierChoice_ch_tt,
+        .tcount = sizeof(ASIdentifierChoice_ch_tt) / sizeof(ASN1_TEMPLATE),
+        .funcs = NULL,
+        .size = sizeof(ASIdentifierChoice),
+        .sname = "ASIdentifierChoice",
+};
+
+static const ASN1_TEMPLATE ASIdentifiers_seq_tt[] = {
+        {
+                .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
+                .tag = 0,
+                .offset = offsetof(ASIdentifiers, asnum),
+                .field_name = "asnum",
+                .item = &ASIdentifierChoice_it,
+        },
+        {
+                .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
+                .tag = 1,
+                .offset = offsetof(ASIdentifiers, rdi),
+                .field_name = "rdi",
+                .item = &ASIdentifierChoice_it,
+        },
+};
 
-ASN1_SEQUENCE(ASRange) = {
-  ASN1_SIMPLE(ASRange, min, ASN1_INTEGER),
-  ASN1_SIMPLE(ASRange, max, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(ASRange)
-
-ASN1_CHOICE(ASIdOrRange) = {
-  ASN1_SIMPLE(ASIdOrRange, u.id,    ASN1_INTEGER),
-  ASN1_SIMPLE(ASIdOrRange, u.range, ASRange)
-} ASN1_CHOICE_END(ASIdOrRange)
-
-ASN1_CHOICE(ASIdentifierChoice) = {
-  ASN1_SIMPLE(ASIdentifierChoice,      u.inherit,       ASN1_NULL),
-  ASN1_SEQUENCE_OF(ASIdentifierChoice, u.asIdsOrRanges, ASIdOrRange)
-} ASN1_CHOICE_END(ASIdentifierChoice)
-
-ASN1_SEQUENCE(ASIdentifiers) = {
-  ASN1_EXP_OPT(ASIdentifiers, asnum, ASIdentifierChoice, 0),
-  ASN1_EXP_OPT(ASIdentifiers, rdi,   ASIdentifierChoice, 1)
-} ASN1_SEQUENCE_END(ASIdentifiers)
+const ASN1_ITEM ASIdentifiers_it = {
+        .itype = ASN1_ITYPE_SEQUENCE,
+        .utype = V_ASN1_SEQUENCE,
+        .templates = ASIdentifiers_seq_tt,
+        .tcount = sizeof(ASIdentifiers_seq_tt) / sizeof(ASN1_TEMPLATE),
+        .funcs = NULL,
+        .size = sizeof(ASIdentifiers),
+        .sname = "ASIdentifiers",
+};
 
 ASRange *
 d2i_ASRange(ASRange **a, const unsigned char **in, long len)