9 files changed, 7 insertions, 638 deletions

diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile
index 057eb9cc54..d6175dfd5d 100644
--- a/src/lib/libcrypto/Makefile
+++ b/src/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.112 2023/04/25 17:54:10 tb Exp $
+# $OpenBSD: Makefile,v 1.113 2023/04/25 18:48:32 tb Exp $
 
 LIB=    crypto
 LIBREBUILD=y
@@ -704,7 +704,6 @@ SRCS+= x509_r2x.c
 SRCS+= x509_req.c
 SRCS+= x509_set.c
 SRCS+= x509_skey.c
-#SRCS+= x509_sxnet.c
 SRCS+= x509_trs.c
 SRCS+= x509_txt.c
 SRCS+= x509_utl.c
diff --git a/src/lib/libcrypto/Symbols.namespace b/src/lib/libcrypto/Symbols.namespace
index 2fc36f3853..f477c4d6ce 100644
--- a/src/lib/libcrypto/Symbols.namespace
+++ b/src/lib/libcrypto/Symbols.namespace
@@ -657,20 +657,6 @@ _libre_BASIC_CONSTRAINTS_new
 _libre_BASIC_CONSTRAINTS_free
 _libre_d2i_BASIC_CONSTRAINTS
 _libre_i2d_BASIC_CONSTRAINTS
-_libre_SXNET_new
-_libre_SXNET_free
-_libre_d2i_SXNET
-_libre_i2d_SXNET
-_libre_SXNETID_new
-_libre_SXNETID_free
-_libre_d2i_SXNETID
-_libre_i2d_SXNETID
-_libre_SXNET_add_id_asc
-_libre_SXNET_add_id_ulong
-_libre_SXNET_add_id_INTEGER
-_libre_SXNET_get_id_asc
-_libre_SXNET_get_id_ulong
-_libre_SXNET_get_id_INTEGER
 _libre_AUTHORITY_KEYID_new
 _libre_AUTHORITY_KEYID_free
 _libre_d2i_AUTHORITY_KEYID
diff --git a/src/lib/libcrypto/hidden/openssl/x509v3.h b/src/lib/libcrypto/hidden/openssl/x509v3.h
index eed75e0749..044b55334d 100644
--- a/src/lib/libcrypto/hidden/openssl/x509v3.h
+++ b/src/lib/libcrypto/hidden/openssl/x509v3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509v3.h,v 1.1 2022/11/14 17:48:49 beck Exp $ */
+/* $OpenBSD: x509v3.h,v 1.2 2023/04/25 18:48:32 tb Exp $ */
 /*
  * Copyright (c) 2022 Bob Beck <beck@openbsd.org>
  *
@@ -33,20 +33,6 @@ LCRYPTO_USED(BASIC_CONSTRAINTS_new);
 LCRYPTO_USED(BASIC_CONSTRAINTS_free);
 LCRYPTO_USED(d2i_BASIC_CONSTRAINTS);
 LCRYPTO_USED(i2d_BASIC_CONSTRAINTS);
-LCRYPTO_USED(SXNET_new);
-LCRYPTO_USED(SXNET_free);
-LCRYPTO_USED(d2i_SXNET);
-LCRYPTO_USED(i2d_SXNET);
-LCRYPTO_USED(SXNETID_new);
-LCRYPTO_USED(SXNETID_free);
-LCRYPTO_USED(d2i_SXNETID);
-LCRYPTO_USED(i2d_SXNETID);
-LCRYPTO_USED(SXNET_add_id_asc);
-LCRYPTO_USED(SXNET_add_id_ulong);
-LCRYPTO_USED(SXNET_add_id_INTEGER);
-LCRYPTO_USED(SXNET_get_id_asc);
-LCRYPTO_USED(SXNET_get_id_ulong);
-LCRYPTO_USED(SXNET_get_id_INTEGER);
 LCRYPTO_USED(AUTHORITY_KEYID_new);
 LCRYPTO_USED(AUTHORITY_KEYID_free);
 LCRYPTO_USED(d2i_AUTHORITY_KEYID);
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index b3fa34fe12..029c9473e1 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.244 2023/04/20 16:19:43 tb Exp $
+# $OpenBSD: Makefile,v 1.245 2023/04/25 18:48:32 tb Exp $
 
 .include <bsd.own.mk>
 
@@ -304,7 +304,6 @@ MAN=	\
         SMIME_write_CMS.3 \
         SMIME_write_PKCS7.3 \
         STACK_OF.3 \
-        SXNET_new.3 \
         TS_REQ_new.3 \
         UI_UTIL_read_pw.3 \
         UI_create_method.3 \
diff --git a/src/lib/libcrypto/man/SXNET_new.3 b/src/lib/libcrypto/man/SXNET_new.3
deleted file mode 100644
index 9a723be203..0000000000
--- a/src/lib/libcrypto/man/SXNET_new.3
+++ /dev/null
@@ -1,139 +0,0 @@
-.\"     $OpenBSD: SXNET_new.3,v 1.3 2018/03/21 17:57:48 schwarze Exp $
-.\"
-.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: March 21 2018 $
-.Dt SXNET_NEW 3
-.Os
-.Sh NAME
-.Nm SXNET_new ,
-.Nm SXNET_free ,
-.Nm SXNETID_new ,
-.Nm SXNETID_free ,
-.Nm d2i_SXNET ,
-.Nm i2d_SXNET ,
-.Nm d2i_SXNETID ,
-.Nm i2d_SXNETID
-.Nd Thawte strong extranet X.509 extension
-.Sh SYNOPSIS
-.In openssl/x509v3.h
-.Ft SXNET *
-.Fn SXNET_new void
-.Ft void
-.Fn SXNET_free "SXNET *sxnet"
-.Ft SXNETID *
-.Fn SXNETID_new void
-.Ft void
-.Fn SXNETID_free "SXNETID *sxnetid"
-.Ft SXNET *
-.Fo d2i_SXNET
-.Fa "SXNET **val_out"
-.Fa "const unsigned char **der_in"
-.Fa "long length"
-.Fc
-.Ft int
-.Fo i2d_SXNET
-.Fa "SXNET *val_in"
-.Fa "unsigned char **der_out"
-.Fc
-.Ft SXNETID *
-.Fo d2i_SXNETID
-.Fa "SXNETID **val_out"
-.Fa "const unsigned char **der_in"
-.Fa "long length"
-.Fc
-.Ft int
-.Fo i2d_SXNETID
-.Fa "SXNETID *val_in"
-.Fa "unsigned char **der_out"
-.Fc
-.Sh DESCRIPTION
-.Fn SXNET_new
-allocates and initializes an empty
-.Vt SXNET
-object representing a non-standard proprietary Thawte strong extranet
-X.509 extension.
-.Fn SXNET_free
-frees
-.Fa sxnet .
-.Pp
-.Fn SXNETID_new
-allocates and initializes an empty
-.Vt SXNETID
-object.
-It is used inside
-.Vt SXNET .
-.Fn SXNETID_free
-frees
-.Fa sxnetid .
-.Pp
-The remaining functions decode and encode these objects
-using DER format.
-For details about the semantics, examples, caveats, and bugs, see
-.Xr ASN1_item_d2i 3 .
-.Sh RETURN VALUES
-.Fn SXNET_new
-and
-.Fn d2i_SXNET
-return an
-.Vt SXNET
-object or
-.Dv NULL
-if an error occurs.
-.Pp
-.Fn SXNETID_new
-and
-.Fn d2i_SXNETID
-return an
-.Vt SXNETID
-object or
-.Dv NULL
-if an error occurs.
-.Pp
-.Fn i2d_SXNET
-and
-.Fn i2d_SXNETID
-return the number of bytes successfully encoded or a negative value
-if an error occurs.
-.Sh SEE ALSO
-.Xr X509_EXTENSION_new 3 ,
-.Xr X509_new 3
-.Rs
-.%A M. Shuttleworth
-.%R The Strong Extranet: real-world personal certification
-.%Q Thawte Consulting
-.%C South Africa
-.%D 1998
-.Re
-.Sh HISTORY
-These functions first appeared in OpenSSL 0.9.3
-and have been available since
-.Ox 2.6 .
-.Sh BUGS
-This manual page does not explain what the extension actually does
-because no authoritative information was found online so far.
-.Pp
-The only hint was found in an ancient white paper "Securing IBM
-Applications with Public Key Infrastructure" on the IBM website,
-dated June 13, 2001: "Thawte also has a technology called Strong
-Extranet that allows institutions to encode customer information
-in the extensions to their customer's certificates.
-Because multiple institutions can add information, the user needs
-only one certificate, making renewal and revocation simpler, although
-the issue of modifying an extension to an existing certificate is
-not addressed."
-.Pp
-It is unclear whether that explanation is accurate, but in any case,
-it is not very specific.
diff --git a/src/lib/libcrypto/man/X509_EXTENSION_set_object.3 b/src/lib/libcrypto/man/X509_EXTENSION_set_object.3
index 6a5b4e09a9..3ade50e4d6 100644
--- a/src/lib/libcrypto/man/X509_EXTENSION_set_object.3
+++ b/src/lib/libcrypto/man/X509_EXTENSION_set_object.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_EXTENSION_set_object.3,v 1.15 2021/10/29 10:22:00 schwarze Exp $
+.\" $OpenBSD: X509_EXTENSION_set_object.3,v 1.16 2023/04/25 18:48:32 tb Exp $
 .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 29 2021 $
+.Dd $Mdocdate: April 25 2023 $
 .Dt X509_EXTENSION_SET_OBJECT 3
 .Os
 .Sh NAME
@@ -292,7 +292,6 @@ pointer.
 .Xr PKEY_USAGE_PERIOD_new 3 ,
 .Xr POLICYINFO_new 3 ,
 .Xr PROXY_POLICY_new 3 ,
-.Xr SXNET_new 3 ,
 .Xr TS_REQ_new 3 ,
 .Xr X509_check_ca 3 ,
 .Xr X509_check_host 3 ,
diff --git a/src/lib/libcrypto/stack/safestack.h b/src/lib/libcrypto/stack/safestack.h
index b577f2f60f..0df128a7bd 100644
--- a/src/lib/libcrypto/stack/safestack.h
+++ b/src/lib/libcrypto/stack/safestack.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: safestack.h,v 1.24 2023/04/24 22:30:17 tb Exp $ */
+/* $OpenBSD: safestack.h,v 1.25 2023/04/25 18:48:32 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
@@ -1479,30 +1479,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 #define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st))
 #define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st))
 
-#if !defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL)
-#define sk_SXNETID_new(cmp) SKM_sk_new(SXNETID, (cmp))
-#define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID)
-#define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st))
-#define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st))
-#define sk_SXNETID_value(st, i) SKM_sk_value(SXNETID, (st), (i))
-#define sk_SXNETID_set(st, i, val) SKM_sk_set(SXNETID, (st), (i), (val))
-#define sk_SXNETID_zero(st) SKM_sk_zero(SXNETID, (st))
-#define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val))
-#define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val))
-#define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val))
-#define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val))
-#define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i))
-#define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr))
-#define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i))
-#define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp))
-#define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st)
-#define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func))
-#define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st))
-#define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st))
-#define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st))
-#define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st))
-#endif
-
 #define sk_UI_STRING_new(cmp) SKM_sk_new(UI_STRING, (cmp))
 #define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING)
 #define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st))
diff --git a/src/lib/libcrypto/x509/x509_sxnet.c b/src/lib/libcrypto/x509/x509_sxnet.c
deleted file mode 100644
index 77c792d227..0000000000
--- a/src/lib/libcrypto/x509/x509_sxnet.c
+++ /dev/null
@@ -1,397 +0,0 @@
-/* $OpenBSD: x509_sxnet.c,v 1.3 2023/02/16 08:38:17 tb Exp $ */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/conf.h>
-#include <openssl/err.h>
-#include <openssl/x509v3.h>
-
-/* Support for Thawte strong extranet extension */
-
-#define SXNET_TEST
-
-static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
-    int indent);
-#ifdef SXNET_TEST
-static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-    STACK_OF(CONF_VALUE) *nval);
-#endif
-
-const X509V3_EXT_METHOD v3_sxnet = {
-        .ext_nid = NID_sxnet,
-        .ext_flags = X509V3_EXT_MULTILINE,
-        .it = &SXNET_it,
-        .ext_new = NULL,
-        .ext_free = NULL,
-        .d2i = NULL,
-        .i2d = NULL,
-        .i2s = NULL,
-        .s2i = NULL,
-        .i2v = NULL,
-#ifdef SXNET_TEST
-        .v2i = (X509V3_EXT_V2I)sxnet_v2i,
-#else
-        .v2i = NULL,
-#endif
-        .i2r = (X509V3_EXT_I2R)sxnet_i2r,
-        .r2i = NULL,
-        .usr_data = NULL,
-};
-
-static const ASN1_TEMPLATE SXNETID_seq_tt[] = {
-        {
-                .flags = 0,
-                .tag = 0,
-                .offset = offsetof(SXNETID, zone),
-                .field_name = "zone",
-                .item = &ASN1_INTEGER_it,
-        },
-        {
-                .flags = 0,
-                .tag = 0,
-                .offset = offsetof(SXNETID, user),
-                .field_name = "user",
-                .item = &ASN1_OCTET_STRING_it,
-        },
-};
-
-const ASN1_ITEM SXNETID_it = {
-        .itype = ASN1_ITYPE_SEQUENCE,
-        .utype = V_ASN1_SEQUENCE,
-        .templates = SXNETID_seq_tt,
-        .tcount = sizeof(SXNETID_seq_tt) / sizeof(ASN1_TEMPLATE),
-        .funcs = NULL,
-        .size = sizeof(SXNETID),
-        .sname = "SXNETID",
-};
-
-
-SXNETID *
-d2i_SXNETID(SXNETID **a, const unsigned char **in, long len)
-{
-        return (SXNETID *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
-            &SXNETID_it);
-}
-LCRYPTO_ALIAS(d2i_SXNETID);
-
-int
-i2d_SXNETID(SXNETID *a, unsigned char **out)
-{
-        return ASN1_item_i2d((ASN1_VALUE *)a, out, &SXNETID_it);
-}
-LCRYPTO_ALIAS(i2d_SXNETID);
-
-SXNETID *
-SXNETID_new(void)
-{
-        return (SXNETID *)ASN1_item_new(&SXNETID_it);
-}
-LCRYPTO_ALIAS(SXNETID_new);
-
-void
-SXNETID_free(SXNETID *a)
-{
-        ASN1_item_free((ASN1_VALUE *)a, &SXNETID_it);
-}
-LCRYPTO_ALIAS(SXNETID_free);
-
-static const ASN1_TEMPLATE SXNET_seq_tt[] = {
-        {
-                .flags = 0,
-                .tag = 0,
-                .offset = offsetof(SXNET, version),
-                .field_name = "version",
-                .item = &ASN1_INTEGER_it,
-        },
-        {
-                .flags = ASN1_TFLG_SEQUENCE_OF,
-                .tag = 0,
-                .offset = offsetof(SXNET, ids),
-                .field_name = "ids",
-                .item = &SXNETID_it,
-        },
-};
-
-const ASN1_ITEM SXNET_it = {
-        .itype = ASN1_ITYPE_SEQUENCE,
-        .utype = V_ASN1_SEQUENCE,
-        .templates = SXNET_seq_tt,
-        .tcount = sizeof(SXNET_seq_tt) / sizeof(ASN1_TEMPLATE),
-        .funcs = NULL,
-        .size = sizeof(SXNET),
-        .sname = "SXNET",
-};
-
-
-SXNET *
-d2i_SXNET(SXNET **a, const unsigned char **in, long len)
-{
-        return (SXNET *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
-            &SXNET_it);
-}
-LCRYPTO_ALIAS(d2i_SXNET);
-
-int
-i2d_SXNET(SXNET *a, unsigned char **out)
-{
-        return ASN1_item_i2d((ASN1_VALUE *)a, out, &SXNET_it);
-}
-LCRYPTO_ALIAS(i2d_SXNET);
-
-SXNET *
-SXNET_new(void)
-{
-        return (SXNET *)ASN1_item_new(&SXNET_it);
-}
-LCRYPTO_ALIAS(SXNET_new);
-
-void
-SXNET_free(SXNET *a)
-{
-        ASN1_item_free((ASN1_VALUE *)a, &SXNET_it);
-}
-LCRYPTO_ALIAS(SXNET_free);
-
-static int
-sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent)
-{
-        long v;
-        char *tmp;
-        SXNETID *id;
-        int i;
-
-        v = ASN1_INTEGER_get(sx->version);
-        BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
-        for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
-                id = sk_SXNETID_value(sx->ids, i);
-                tmp = i2s_ASN1_INTEGER(NULL, id->zone);
-                BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
-                free(tmp);
-                ASN1_STRING_print(out, id->user);
-        }
-        return 1;
-}
-
-#ifdef SXNET_TEST
-
-/* NBB: this is used for testing only. It should *not* be used for anything
- * else because it will just take static IDs from the configuration file and
- * they should really be separate values for each user.
- */
-
-static SXNET *
-sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-    STACK_OF(CONF_VALUE) *nval)
-{
-        CONF_VALUE *cnf;
-        SXNET *sx = NULL;
-        int i;
-
-        for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-                cnf = sk_CONF_VALUE_value(nval, i);
-                if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
-                        return NULL;
-        }
-        return sx;
-}
-
-#endif
-
-/* Strong Extranet utility functions */
-
-/* Add an id given the zone as an ASCII number */
-
-int
-SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen)
-{
-        ASN1_INTEGER *izone = NULL;
-
-        if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
-                X509V3error(X509V3_R_ERROR_CONVERTING_ZONE);
-                return 0;
-        }
-        return SXNET_add_id_INTEGER(psx, izone, user, userlen);
-}
-LCRYPTO_ALIAS(SXNET_add_id_asc);
-
-/* Add an id given the zone as an unsigned long */
-
-int
-SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
-    int userlen)
-{
-        ASN1_INTEGER *izone = NULL;
-
-        if (!(izone = ASN1_INTEGER_new()) ||
-            !ASN1_INTEGER_set(izone, lzone)) {
-                X509V3error(ERR_R_MALLOC_FAILURE);
-                ASN1_INTEGER_free(izone);
-                return 0;
-        }
-        return SXNET_add_id_INTEGER(psx, izone, user, userlen);
-}
-LCRYPTO_ALIAS(SXNET_add_id_ulong);
-
-/* Add an id given the zone as an ASN1_INTEGER.
- * Note this version uses the passed integer and doesn't make a copy so don't
- * free it up afterwards.
- */
-
-int
-SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user,
-    int userlen)
-{
-        SXNET *sx = NULL;
-        SXNETID *id = NULL;
-
-        if (!psx || !zone || !user) {
-                X509V3error(X509V3_R_INVALID_NULL_ARGUMENT);
-                return 0;
-        }
-        if (userlen == -1)
-                userlen = strlen(user);
-        if (userlen > 64) {
-                X509V3error(X509V3_R_USER_TOO_LONG);
-                return 0;
-        }
-        if (!*psx) {
-                if (!(sx = SXNET_new()))
-                        goto err;
-                if (!ASN1_INTEGER_set(sx->version, 0))
-                        goto err;
-                *psx = sx;
-        } else
-                sx = *psx;
-        if (SXNET_get_id_INTEGER(sx, zone)) {
-                X509V3error(X509V3_R_DUPLICATE_ZONE_ID);
-                return 0;
-        }
-
-        if (!(id = SXNETID_new()))
-                goto err;
-        if (userlen == -1)
-                userlen = strlen(user);
-
-        if (!ASN1_STRING_set(id->user, user, userlen))
-                goto err;
-        if (!sk_SXNETID_push(sx->ids, id))
-                goto err;
-        id->zone = zone;
-        return 1;
-
-err:
-        X509V3error(ERR_R_MALLOC_FAILURE);
-        SXNETID_free(id);
-        SXNET_free(sx);
-        *psx = NULL;
-        return 0;
-}
-LCRYPTO_ALIAS(SXNET_add_id_INTEGER);
-
-ASN1_OCTET_STRING *
-SXNET_get_id_asc(SXNET *sx, const char *zone)
-{
-        ASN1_INTEGER *izone = NULL;
-        ASN1_OCTET_STRING *oct;
-
-        if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
-                X509V3error(X509V3_R_ERROR_CONVERTING_ZONE);
-                return NULL;
-        }
-        oct = SXNET_get_id_INTEGER(sx, izone);
-        ASN1_INTEGER_free(izone);
-        return oct;
-}
-LCRYPTO_ALIAS(SXNET_get_id_asc);
-
-ASN1_OCTET_STRING *
-SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
-{
-        ASN1_INTEGER *izone = NULL;
-        ASN1_OCTET_STRING *oct;
-
-        if (!(izone = ASN1_INTEGER_new()) ||
-            !ASN1_INTEGER_set(izone, lzone)) {
-                X509V3error(ERR_R_MALLOC_FAILURE);
-                ASN1_INTEGER_free(izone);
-                return NULL;
-        }
-        oct = SXNET_get_id_INTEGER(sx, izone);
-        ASN1_INTEGER_free(izone);
-        return oct;
-}
-LCRYPTO_ALIAS(SXNET_get_id_ulong);
-
-ASN1_OCTET_STRING *
-SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
-{
-        SXNETID *id;
-        int i;
-
-        for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
-                id = sk_SXNETID_value(sx->ids, i);
-                if (!ASN1_INTEGER_cmp(id->zone, zone))
-                        return id->user;
-        }
-        return NULL;
-}
-LCRYPTO_ALIAS(SXNET_get_id_INTEGER);
diff --git a/src/lib/libcrypto/x509/x509v3.h b/src/lib/libcrypto/x509/x509v3.h
index 8738b302cb..d7a0ef0165 100644
--- a/src/lib/libcrypto/x509/x509v3.h
+++ b/src/lib/libcrypto/x509/x509v3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509v3.h,v 1.22 2023/04/25 18:28:05 tb Exp $ */
+/* $OpenBSD: x509v3.h,v 1.23 2023/04/25 18:48:32 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -262,22 +262,6 @@ struct AUTHORITY_KEYID_st {
         ASN1_INTEGER *serial;
 };
 
-/* Strong extranet structures */
-
-#if !defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL)
-typedef struct SXNET_ID_st {
-        ASN1_INTEGER *zone;
-        ASN1_OCTET_STRING *user;
-} SXNETID;
-
-DECLARE_STACK_OF(SXNETID)
-
-typedef struct SXNET_st {
-        ASN1_INTEGER *version;
-        STACK_OF(SXNETID) *ids;
-} SXNET;
-#endif
-
 typedef struct NOTICEREF_st {
         ASN1_STRING *organization;
         STACK_OF(ASN1_INTEGER) *noticenos;
@@ -517,30 +501,6 @@ BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, const unsigned c
 int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **out);
 extern const ASN1_ITEM BASIC_CONSTRAINTS_it;
 
-#if !defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL)
-SXNET *SXNET_new(void);
-void SXNET_free(SXNET *a);
-SXNET *d2i_SXNET(SXNET **a, const unsigned char **in, long len);
-int i2d_SXNET(SXNET *a, unsigned char **out);
-extern const ASN1_ITEM SXNET_it;
-SXNETID *SXNETID_new(void);
-void SXNETID_free(SXNETID *a);
-SXNETID *d2i_SXNETID(SXNETID **a, const unsigned char **in, long len);
-int i2d_SXNETID(SXNETID *a, unsigned char **out);
-extern const ASN1_ITEM SXNETID_it;
-
-int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user,
-    int userlen);
-int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
-    int userlen);
-int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user,
-    int userlen);
-
-ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone);
-ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
-ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
-#endif
-
 AUTHORITY_KEYID *AUTHORITY_KEYID_new(void);
 void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a);
 AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, const unsigned char **in, long len);