1 files changed, 0 insertions, 387 deletions
diff --git a/src/lib/libcrypto/asn1/x_x509.c b/src/lib/libcrypto/asn1/x_x509.c
deleted file mode 100644
index 069d84926f..0000000000
--- a/src/lib/libcrypto/asn1/x_x509.c
+++ /dev/null
@@ -1,387 +0,0 @@
-/* $OpenBSD: x_x509.c,v 1.41 2025/02/21 05:44:28 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include <openssl/opensslconf.h>
-#include <openssl/asn1t.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include "x509_local.h"
-static const ASN1_AUX X509_CINF_aux = {
-        .flags = ASN1_AFLG_ENCODING,
-        .enc_offset = offsetof(X509_CINF, enc),
-};
-static const ASN1_TEMPLATE X509_CINF_seq_tt[] = {
-        {
-                .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
-                .offset = offsetof(X509_CINF, version),
-                .field_name = "version",
-                .item = &ASN1_INTEGER_it,
-        },
-        {
-                .offset = offsetof(X509_CINF, serialNumber),
-                .field_name = "serialNumber",
-                .item = &ASN1_INTEGER_it,
-        },
-        {
-                .offset = offsetof(X509_CINF, signature),
-                .field_name = "signature",
-                .item = &X509_ALGOR_it,
-        },
-        {
-                .offset = offsetof(X509_CINF, issuer),
-                .field_name = "issuer",
-                .item = &X509_NAME_it,
-        },
-        {
-                .offset = offsetof(X509_CINF, validity),
-                .field_name = "validity",
-                .item = &X509_VAL_it,
-        },
-        {
-                .offset = offsetof(X509_CINF, subject),
-                .field_name = "subject",
-                .item = &X509_NAME_it,
-        },
-        {
-                .offset = offsetof(X509_CINF, key),
-                .field_name = "key",
-                .item = &X509_PUBKEY_it,
-        },
-        {
-                .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
-                .tag = 1,
-                .offset = offsetof(X509_CINF, issuerUID),
-                .field_name = "issuerUID",
-                .item = &ASN1_BIT_STRING_it,
-        },
-        {
-                .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
-                .tag = 2,
-                .offset = offsetof(X509_CINF, subjectUID),
-                .field_name = "subjectUID",
-                .item = &ASN1_BIT_STRING_it,
-        },
-        {
-                .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF |
-                    ASN1_TFLG_OPTIONAL,
-                .tag = 3,
-                .offset = offsetof(X509_CINF, extensions),
-                .field_name = "extensions",
-                .item = &X509_EXTENSION_it,
-        },
-};
-const ASN1_ITEM X509_CINF_it = {
-        .itype = ASN1_ITYPE_SEQUENCE,
-        .utype = V_ASN1_SEQUENCE,
-        .templates = X509_CINF_seq_tt,
-        .tcount = sizeof(X509_CINF_seq_tt) / sizeof(ASN1_TEMPLATE),
-        .funcs = &X509_CINF_aux,
-        .size = sizeof(X509_CINF),
-        .sname = "X509_CINF",
-};
-LCRYPTO_ALIAS(X509_CINF_it);
-X509_CINF *
-d2i_X509_CINF(X509_CINF **a, const unsigned char **in, long len)
-{
-        return (X509_CINF *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
-            &X509_CINF_it);
-}
-LCRYPTO_ALIAS(d2i_X509_CINF);
-int
-i2d_X509_CINF(X509_CINF *a, unsigned char **out)
-{
-        return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_CINF_it);
-}
-LCRYPTO_ALIAS(i2d_X509_CINF);
-X509_CINF *
-X509_CINF_new(void)
-{
-        return (X509_CINF *)ASN1_item_new(&X509_CINF_it);
-}
-LCRYPTO_ALIAS(X509_CINF_new);
-void
-X509_CINF_free(X509_CINF *a)
-{
-        ASN1_item_free((ASN1_VALUE *)a, &X509_CINF_it);
-}
-LCRYPTO_ALIAS(X509_CINF_free);
-/* X509 top level structure needs a bit of customisation */
-static int
-x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
-{
-        X509 *ret = (X509 *)*pval;
-        switch (operation) {
-        case ASN1_OP_NEW_POST:
-                ret->ex_flags = 0;
-                ret->ex_pathlen = -1;
-                ret->skid = NULL;
-                ret->akid = NULL;
-                ret->aux = NULL;
-                ret->crldp = NULL;
-#ifndef OPENSSL_NO_RFC3779
-                ret->rfc3779_addr = NULL;
-                ret->rfc3779_asid = NULL;
-#endif
-                CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
-                break;
-        case ASN1_OP_FREE_POST:
-                CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
-                X509_CERT_AUX_free(ret->aux);
-                ASN1_OCTET_STRING_free(ret->skid);
-                AUTHORITY_KEYID_free(ret->akid);
-                CRL_DIST_POINTS_free(ret->crldp);
-                GENERAL_NAMES_free(ret->altname);
-                NAME_CONSTRAINTS_free(ret->nc);
-#ifndef OPENSSL_NO_RFC3779
-                sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
-                ASIdentifiers_free(ret->rfc3779_asid);
-#endif
-                break;
-        }
-        return 1;
-}
-LCRYPTO_ALIAS(d2i_X509_CINF);
-static const ASN1_AUX X509_aux = {
-        .app_data = NULL,
-        .flags = ASN1_AFLG_REFCOUNT,
-        .ref_offset = offsetof(X509, references),
-        .ref_lock = CRYPTO_LOCK_X509,
-        .asn1_cb = x509_cb,
-};
-static const ASN1_TEMPLATE X509_seq_tt[] = {
-        {
-                .offset = offsetof(X509, cert_info),
-                .field_name = "cert_info",
-                .item = &X509_CINF_it,
-        },
-        {
-                .offset = offsetof(X509, sig_alg),
-                .field_name = "sig_alg",
-                .item = &X509_ALGOR_it,
-        },
-        {
-                .offset = offsetof(X509, signature),
-                .field_name = "signature",
-                .item = &ASN1_BIT_STRING_it,
-        },
-};
-const ASN1_ITEM X509_it = {
-        .itype = ASN1_ITYPE_SEQUENCE,
-        .utype = V_ASN1_SEQUENCE,
-        .templates = X509_seq_tt,
-        .tcount = sizeof(X509_seq_tt) / sizeof(ASN1_TEMPLATE),
-        .funcs = &X509_aux,
-        .size = sizeof(X509),
-        .sname = "X509",
-};
-LCRYPTO_ALIAS(X509_it);
-X509 *
-d2i_X509(X509 **a, const unsigned char **in, long len)
-{
-        return (X509 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
-            &X509_it);
-}
-LCRYPTO_ALIAS(d2i_X509);
-int
-i2d_X509(X509 *a, unsigned char **out)
-{
-        return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_it);
-}
-LCRYPTO_ALIAS(i2d_X509);
-X509 *
-X509_new(void)
-{
-        return (X509 *)ASN1_item_new(&X509_it);
-}
-LCRYPTO_ALIAS(X509_new);
-void
-X509_free(X509 *a)
-{
-        ASN1_item_free((ASN1_VALUE *)a, &X509_it);
-}
-LCRYPTO_ALIAS(X509_free);
-X509 *
-X509_dup(X509 *x)
-{
-        return ASN1_item_dup(&X509_it, x);
-}
-LCRYPTO_ALIAS(X509_dup);
-int
-X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-{
-        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
-            new_func, dup_func, free_func);
-}
-LCRYPTO_ALIAS(X509_get_ex_new_index);
-int
-X509_set_ex_data(X509 *r, int idx, void *arg)
-{
-        return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
-}
-LCRYPTO_ALIAS(X509_set_ex_data);
-void *
-X509_get_ex_data(X509 *r, int idx)
-{
-        return (CRYPTO_get_ex_data(&r->ex_data, idx));
-}
-LCRYPTO_ALIAS(X509_get_ex_data);
-/* X509_AUX ASN1 routines. X509_AUX is the name given to
- * a certificate with extra info tagged on the end. Since these
- * functions set how a certificate is trusted they should only
- * be used when the certificate comes from a reliable source
- * such as local storage.
- *
- */
-X509 *
-d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
-{
-        const unsigned char *q;
-        X509 *ret;
-        /* Save start position */
-        q = *pp;
-        ret = d2i_X509(NULL, pp, length);
-        /* If certificate unreadable then forget it */
-        if (!ret)
-                return NULL;
-        /* update length */
-        length -= *pp - q;
-        if (length > 0) {
-                if (!d2i_X509_CERT_AUX(&ret->aux, pp, length))
-                        goto err;
-        }
-        if (a != NULL) {
-                X509_free(*a);
-                *a = ret;
-        }
-        return ret;
- err:
-        X509_free(ret);
-        return NULL;
-}
-LCRYPTO_ALIAS(d2i_X509_AUX);
-int
-i2d_X509_AUX(X509 *a, unsigned char **pp)
-{
-        int length;
-        length = i2d_X509(a, pp);
-        if (a)
-                length += i2d_X509_CERT_AUX(a->aux, pp);
-        return length;
-}
-LCRYPTO_ALIAS(i2d_X509_AUX);
-int
-i2d_re_X509_tbs(X509 *x, unsigned char **pp)
-{
-        x->cert_info->enc.modified = 1;
-        return i2d_X509_CINF(x->cert_info, pp);
-}
-LCRYPTO_ALIAS(i2d_re_X509_tbs);
-void
-X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg,
-    const X509 *x)
-{
-        if (psig != NULL)
-                *psig = x->signature;
-        if (palg != NULL)
-                *palg = x->sig_alg;
-}
-LCRYPTO_ALIAS(X509_get0_signature);
-int
-X509_get_signature_nid(const X509 *x)
-{
-        return OBJ_obj2nid(x->sig_alg->algorithm);
-}
-LCRYPTO_ALIAS(X509_get_signature_nid);

diff --git a/src/lib/libcrypto/asn1/x_x509.c b/src/lib/libcrypto/asn1/x_x509.c deleted file mode 100644 index 069d84926f..0000000000 --- a/src/lib/libcrypto/asn1/x_x509.c +++ /dev/null
@@ -1,387 +0,0 @@
1	/* $OpenBSD: x_x509.c,v 1.41 2025/02/21 05:44:28 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.
4	*
5	* This package is an SSL implementation written
6	* by Eric Young (eay@cryptsoft.com).
7	* The implementation was written so as to conform with Netscapes SSL.
8	*
9	* This library is free for commercial and non-commercial use as long as
10	* the following conditions are aheared to. The following conditions
11	* apply to all code found in this distribution, be it the RC4, RSA,
12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13	* included with this distribution is covered by the same copyright terms
14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15	*
16	* Copyright remains Eric Young's, and as such any Copyright notices in
17	* the code are not to be removed.
18	* If this package is used in a product, Eric Young should be given attribution
19	* as the author of the parts of the library used.
20	* This can be in the form of a textual message at program startup or
21	* in documentation (online or textual) provided with the package.
22	*
23	* Redistribution and use in source and binary forms, with or without
24	* modification, are permitted provided that the following conditions
25	* are met:
26	* 1. Redistributions of source code must retain the copyright
27	* notice, this list of conditions and the following disclaimer.
28	* 2. Redistributions in binary form must reproduce the above copyright
29	* notice, this list of conditions and the following disclaimer in the
30	* documentation and/or other materials provided with the distribution.
31	* 3. All advertising materials mentioning features or use of this software
32	* must display the following acknowledgement:
33	* "This product includes cryptographic software written by
34	* Eric Young (eay@cryptsoft.com)"
35	* The word 'cryptographic' can be left out if the rouines from the library
36	* being used are not cryptographic related :-).
37	* 4. If you include any Windows specific code (or a derivative thereof) from
38	* the apps directory (application code) you must include an acknowledgement:
39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40	*
41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51	* SUCH DAMAGE.
52	*
53	* The licence and distribution terms for any publically available version or
54	* derivative of this code cannot be changed. i.e. this code cannot simply be
55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]
57	*/
58
59	#include <stdio.h>
60
61	#include <openssl/opensslconf.h>
62
63	#include <openssl/asn1t.h>
64	#include <openssl/evp.h>
65	#include <openssl/x509.h>
66	#include <openssl/x509v3.h>
67
68	#include "x509_local.h"
69
70	static const ASN1_AUX X509_CINF_aux = {
71	.flags = ASN1_AFLG_ENCODING,
72	.enc_offset = offsetof(X509_CINF, enc),
73	};
74	static const ASN1_TEMPLATE X509_CINF_seq_tt[] = {
75	{
76	.flags = ASN1_TFLG_EXPLICIT \| ASN1_TFLG_OPTIONAL,
77	.offset = offsetof(X509_CINF, version),
78	.field_name = "version",
79	.item = &ASN1_INTEGER_it,
80	},
81	{
82	.offset = offsetof(X509_CINF, serialNumber),
83	.field_name = "serialNumber",
84	.item = &ASN1_INTEGER_it,
85	},
86	{
87	.offset = offsetof(X509_CINF, signature),
88	.field_name = "signature",
89	.item = &X509_ALGOR_it,
90	},
91	{
92	.offset = offsetof(X509_CINF, issuer),
93	.field_name = "issuer",
94	.item = &X509_NAME_it,
95	},
96	{
97	.offset = offsetof(X509_CINF, validity),
98	.field_name = "validity",
99	.item = &X509_VAL_it,
100	},
101	{
102	.offset = offsetof(X509_CINF, subject),
103	.field_name = "subject",
104	.item = &X509_NAME_it,
105	},
106	{
107	.offset = offsetof(X509_CINF, key),
108	.field_name = "key",
109	.item = &X509_PUBKEY_it,
110	},
111	{
112	.flags = ASN1_TFLG_IMPLICIT \| ASN1_TFLG_OPTIONAL,
113	.tag = 1,
114	.offset = offsetof(X509_CINF, issuerUID),
115	.field_name = "issuerUID",
116	.item = &ASN1_BIT_STRING_it,
117	},
118	{
119	.flags = ASN1_TFLG_IMPLICIT \| ASN1_TFLG_OPTIONAL,
120	.tag = 2,
121	.offset = offsetof(X509_CINF, subjectUID),
122	.field_name = "subjectUID",
123	.item = &ASN1_BIT_STRING_it,
124	},
125	{
126	.flags = ASN1_TFLG_EXPLICIT \| ASN1_TFLG_SEQUENCE_OF \|
127	ASN1_TFLG_OPTIONAL,
128	.tag = 3,
129	.offset = offsetof(X509_CINF, extensions),
130	.field_name = "extensions",
131	.item = &X509_EXTENSION_it,
132	},
133	};
134
135	const ASN1_ITEM X509_CINF_it = {
136	.itype = ASN1_ITYPE_SEQUENCE,
137	.utype = V_ASN1_SEQUENCE,
138	.templates = X509_CINF_seq_tt,
139	.tcount = sizeof(X509_CINF_seq_tt) / sizeof(ASN1_TEMPLATE),
140	.funcs = &X509_CINF_aux,
141	.size = sizeof(X509_CINF),
142	.sname = "X509_CINF",
143	};
144	LCRYPTO_ALIAS(X509_CINF_it);
145
146
147	X509_CINF *
148	d2i_X509_CINF(X509_CINF a, const unsigned char in, long len)
149	{
150	return (X509_CINF )ASN1_item_d2i((ASN1_VALUE *)a, in, len,
151	&X509_CINF_it);
152	}
153	LCRYPTO_ALIAS(d2i_X509_CINF);
154
155	int
156	i2d_X509_CINF(X509_CINF a, unsigned char *out)
157	{
158	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_CINF_it);
159	}
160	LCRYPTO_ALIAS(i2d_X509_CINF);
161
162	X509_CINF *
163	X509_CINF_new(void)
164	{
165	return (X509_CINF *)ASN1_item_new(&X509_CINF_it);
166	}
167	LCRYPTO_ALIAS(X509_CINF_new);
168
169	void
170	X509_CINF_free(X509_CINF *a)
171	{
172	ASN1_item_free((ASN1_VALUE *)a, &X509_CINF_it);
173	}
174	LCRYPTO_ALIAS(X509_CINF_free);
175	/* X509 top level structure needs a bit of customisation */
176
177	static int
178	x509_cb(int operation, ASN1_VALUE *pval, const ASN1_ITEM it, void *exarg)
179	{
180	X509 ret = (X509 )*pval;
181
182	switch (operation) {
183
184	case ASN1_OP_NEW_POST:
185	ret->ex_flags = 0;
186	ret->ex_pathlen = -1;
187	ret->skid = NULL;
188	ret->akid = NULL;
189	ret->aux = NULL;
190	ret->crldp = NULL;
191	#ifndef OPENSSL_NO_RFC3779
192	ret->rfc3779_addr = NULL;
193	ret->rfc3779_asid = NULL;
194	#endif
195	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
196	break;
197
198	case ASN1_OP_FREE_POST:
199	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
200	X509_CERT_AUX_free(ret->aux);
201	ASN1_OCTET_STRING_free(ret->skid);
202	AUTHORITY_KEYID_free(ret->akid);
203	CRL_DIST_POINTS_free(ret->crldp);
204	GENERAL_NAMES_free(ret->altname);
205	NAME_CONSTRAINTS_free(ret->nc);
206	#ifndef OPENSSL_NO_RFC3779
207	sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
208	ASIdentifiers_free(ret->rfc3779_asid);
209	#endif
210	break;
211	}
212
213	return 1;
214	}
215	LCRYPTO_ALIAS(d2i_X509_CINF);
216
217	static const ASN1_AUX X509_aux = {
218	.app_data = NULL,
219	.flags = ASN1_AFLG_REFCOUNT,
220	.ref_offset = offsetof(X509, references),
221	.ref_lock = CRYPTO_LOCK_X509,
222	.asn1_cb = x509_cb,
223	};
224	static const ASN1_TEMPLATE X509_seq_tt[] = {
225	{
226	.offset = offsetof(X509, cert_info),
227	.field_name = "cert_info",
228	.item = &X509_CINF_it,
229	},
230	{
231	.offset = offsetof(X509, sig_alg),
232	.field_name = "sig_alg",
233	.item = &X509_ALGOR_it,
234	},
235	{
236	.offset = offsetof(X509, signature),
237	.field_name = "signature",
238	.item = &ASN1_BIT_STRING_it,
239	},
240	};
241
242	const ASN1_ITEM X509_it = {
243	.itype = ASN1_ITYPE_SEQUENCE,
244	.utype = V_ASN1_SEQUENCE,
245	.templates = X509_seq_tt,
246	.tcount = sizeof(X509_seq_tt) / sizeof(ASN1_TEMPLATE),
247	.funcs = &X509_aux,
248	.size = sizeof(X509),
249	.sname = "X509",
250	};
251	LCRYPTO_ALIAS(X509_it);
252
253
254	X509 *
255	d2i_X509(X509 a, const unsigned char in, long len)
256	{
257	return (X509 )ASN1_item_d2i((ASN1_VALUE *)a, in, len,
258	&X509_it);
259	}
260	LCRYPTO_ALIAS(d2i_X509);
261
262	int
263	i2d_X509(X509 a, unsigned char *out)
264	{
265	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_it);
266	}
267	LCRYPTO_ALIAS(i2d_X509);
268
269	X509 *
270	X509_new(void)
271	{
272	return (X509 *)ASN1_item_new(&X509_it);
273	}
274	LCRYPTO_ALIAS(X509_new);
275
276	void
277	X509_free(X509 *a)
278	{
279	ASN1_item_free((ASN1_VALUE *)a, &X509_it);
280	}
281	LCRYPTO_ALIAS(X509_free);
282
283	X509 *
284	X509_dup(X509 *x)
285	{
286	return ASN1_item_dup(&X509_it, x);
287	}
288	LCRYPTO_ALIAS(X509_dup);
289
290	int
291	X509_get_ex_new_index(long argl, void argp, CRYPTO_EX_new new_func,
292	CRYPTO_EX_dup dup_func, CRYPTO_EX_free free_func)
293	{
294	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
295	new_func, dup_func, free_func);
296	}
297	LCRYPTO_ALIAS(X509_get_ex_new_index);
298
299	int
300	X509_set_ex_data(X509 r, int idx, void arg)
301	{
302	return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
303	}
304	LCRYPTO_ALIAS(X509_set_ex_data);
305
306	void *
307	X509_get_ex_data(X509 *r, int idx)
308	{
309	return (CRYPTO_get_ex_data(&r->ex_data, idx));
310	}
311	LCRYPTO_ALIAS(X509_get_ex_data);
312
313	/* X509_AUX ASN1 routines. X509_AUX is the name given to
314	* a certificate with extra info tagged on the end. Since these
315	* functions set how a certificate is trusted they should only
316	* be used when the certificate comes from a reliable source
317	* such as local storage.
318	*
319	*/
320
321	X509 *
322	d2i_X509_AUX(X509 a, const unsigned char pp, long length)
323	{
324	const unsigned char *q;
325	X509 *ret;
326
327	/* Save start position */
328	q = *pp;
329	ret = d2i_X509(NULL, pp, length);
330	/* If certificate unreadable then forget it */
331	if (!ret)
332	return NULL;
333	/* update length */
334	length -= *pp - q;
335	if (length > 0) {
336	if (!d2i_X509_CERT_AUX(&ret->aux, pp, length))
337	goto err;
338	}
339	if (a != NULL) {
340	X509_free(*a);
341	*a = ret;
342	}
343	return ret;
344
345	err:
346	X509_free(ret);
347	return NULL;
348	}
349	LCRYPTO_ALIAS(d2i_X509_AUX);
350
351	int
352	i2d_X509_AUX(X509 a, unsigned char *pp)
353	{
354	int length;
355
356	length = i2d_X509(a, pp);
357	if (a)
358	length += i2d_X509_CERT_AUX(a->aux, pp);
359	return length;
360	}
361	LCRYPTO_ALIAS(i2d_X509_AUX);
362
363	int
364	i2d_re_X509_tbs(X509 x, unsigned char *pp)
365	{
366	x->cert_info->enc.modified = 1;
367	return i2d_X509_CINF(x->cert_info, pp);
368	}
369	LCRYPTO_ALIAS(i2d_re_X509_tbs);
370
371	void
372	X509_get0_signature(const ASN1_BIT_STRING psig, const X509_ALGOR palg,
373	const X509 *x)
374	{
375	if (psig != NULL)
376	*psig = x->signature;
377	if (palg != NULL)
378	*palg = x->sig_alg;
379	}
380	LCRYPTO_ALIAS(X509_get0_signature);
381
382	int
383	X509_get_signature_nid(const X509 *x)
384	{
385	return OBJ_obj2nid(x->sig_alg->algorithm);
386	}
387	LCRYPTO_ALIAS(X509_get_signature_nid);