1 files changed, 0 insertions, 503 deletions
diff --git a/src/lib/libcrypto/x509/x509_local.h b/src/lib/libcrypto/x509/x509_local.h
deleted file mode 100644
index 796a2ee718..0000000000
--- a/src/lib/libcrypto/x509/x509_local.h
+++ /dev/null
@@ -1,503 +0,0 @@
-/*      $OpenBSD: x509_local.h,v 1.38 2025/03/06 07:20:01 tb Exp $ */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2013.
- */
-/* ====================================================================
- * Copyright (c) 2013 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef HEADER_X509_LOCAL_H
-#define HEADER_X509_LOCAL_H
-#include <openssl/x509v3.h>
-#include "bytestring.h"
-__BEGIN_HIDDEN_DECLS
-#define TS_HASH_EVP             EVP_sha1()
-#define TS_HASH_LEN             SHA_DIGEST_LENGTH
-#define X509_CERT_HASH_EVP      EVP_sha512()
-#define X509_CERT_HASH_LEN      SHA512_DIGEST_LENGTH
-#define X509_CRL_HASH_EVP       EVP_sha512()
-#define X509_CRL_HASH_LEN       SHA512_DIGEST_LENGTH
-#define X509_TRUST_ACCEPT_ALL   -1
-/* check_trust return codes */
-#define X509_TRUST_TRUSTED      1
-#define X509_TRUST_REJECTED     2
-#define X509_TRUST_UNTRUSTED    3
-int X509_check_trust(X509 *x, int id, int flags);
-struct X509_val_st {
-        ASN1_TIME *notBefore;
-        ASN1_TIME *notAfter;
-} /* X509_VAL */;
-struct X509_pubkey_st {
-        X509_ALGOR *algor;
-        ASN1_BIT_STRING *public_key;
-        EVP_PKEY *pkey;
-};
-struct X509_sig_st {
-        X509_ALGOR *algor;
-        ASN1_OCTET_STRING *digest;
-} /* X509_SIG */;
-struct X509_name_entry_st {
-        ASN1_OBJECT *object;
-        ASN1_STRING *value;
-        int set;
-        int size;       /* temp variable */
-} /* X509_NAME_ENTRY */;
-/* we always keep X509_NAMEs in 2 forms. */
-struct X509_name_st {
-        STACK_OF(X509_NAME_ENTRY) *entries;
-        int modified;   /* true if 'bytes' needs to be built */
-#ifndef OPENSSL_NO_BUFFER
-        BUF_MEM *bytes;
-#else
-        char *bytes;
-#endif
-/*      unsigned long hash; Keep the hash around for lookups */
-        unsigned char *canon_enc;
-        int canon_enclen;
-} /* X509_NAME */;
-struct X509_extension_st {
-        ASN1_OBJECT *object;
-        ASN1_BOOLEAN critical;
-        ASN1_OCTET_STRING *value;
-} /* X509_EXTENSION */;
-struct x509_attributes_st {
-        ASN1_OBJECT *object;
-        STACK_OF(ASN1_TYPE) *set;
-} /* X509_ATTRIBUTE */;
-struct X509_req_info_st {
-        ASN1_ENCODING enc;
-        ASN1_INTEGER *version;
-        X509_NAME *subject;
-        X509_PUBKEY *pubkey;
-        /*  d=2 hl=2 l=  0 cons: cont: 00 */
-        STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
-} /* X509_REQ_INFO */;
-struct X509_req_st {
-        X509_REQ_INFO *req_info;
-        X509_ALGOR *sig_alg;
-        ASN1_BIT_STRING *signature;
-        int references;
-} /* X509_REQ */;
-/*
- * This stuff is certificate "auxiliary info" it contains details which are
- * useful in certificate stores and databases. When used this is tagged onto
- * the end of the certificate itself.
- */
-typedef struct x509_cert_aux_st {
-        STACK_OF(ASN1_OBJECT) *trust;           /* trusted uses */
-        STACK_OF(ASN1_OBJECT) *reject;          /* rejected uses */
-        ASN1_UTF8STRING *alias;                 /* "friendly name" */
-        ASN1_OCTET_STRING *keyid;               /* key id of private key */
-        STACK_OF(X509_ALGOR) *other;            /* other unspecified info */
-} X509_CERT_AUX;
-X509_CERT_AUX *X509_CERT_AUX_new(void);
-void X509_CERT_AUX_free(X509_CERT_AUX *a);
-X509_CERT_AUX *d2i_X509_CERT_AUX(X509_CERT_AUX **a, const unsigned char **in, long len);
-int i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **out);
-extern const ASN1_ITEM X509_CERT_AUX_it;
-int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
-struct x509_cinf_st {
-        ASN1_INTEGER *version;          /* [ 0 ] default of v1 */
-        ASN1_INTEGER *serialNumber;
-        X509_ALGOR *signature;
-        X509_NAME *issuer;
-        X509_VAL *validity;
-        X509_NAME *subject;
-        X509_PUBKEY *key;
-        ASN1_BIT_STRING *issuerUID;             /* [ 1 ] optional in v2 */
-        ASN1_BIT_STRING *subjectUID;            /* [ 2 ] optional in v2 */
-        STACK_OF(X509_EXTENSION) *extensions;   /* [ 3 ] optional in v3 */
-        ASN1_ENCODING enc;
-} /* X509_CINF */;
-struct x509_st {
-        X509_CINF *cert_info;
-        X509_ALGOR *sig_alg;
-        ASN1_BIT_STRING *signature;
-        int references;
-        CRYPTO_EX_DATA ex_data;
-        /* These contain copies of various extension values */
-        long ex_pathlen;
-        unsigned long ex_flags;
-        unsigned long ex_kusage;
-        unsigned long ex_xkusage;
-        unsigned long ex_nscert;
-        ASN1_OCTET_STRING *skid;
-        AUTHORITY_KEYID *akid;
-        STACK_OF(DIST_POINT) *crldp;
-        STACK_OF(GENERAL_NAME) *altname;
-        NAME_CONSTRAINTS *nc;
-#ifndef OPENSSL_NO_RFC3779
-        STACK_OF(IPAddressFamily) *rfc3779_addr;
-        ASIdentifiers *rfc3779_asid;
-#endif
-        unsigned char hash[X509_CERT_HASH_LEN];
-        X509_CERT_AUX *aux;
-} /* X509 */;
-struct x509_revoked_st {
-        ASN1_INTEGER *serialNumber;
-        ASN1_TIME *revocationDate;
-        STACK_OF(X509_EXTENSION) /* optional */ *extensions;
-        /* Set up if indirect CRL */
-        STACK_OF(GENERAL_NAME) *issuer;
-        /* Revocation reason */
-        int reason;
-        int sequence; /* load sequence */
-};
-struct X509_crl_info_st {
-        ASN1_INTEGER *version;
-        X509_ALGOR *sig_alg;
-        X509_NAME *issuer;
-        ASN1_TIME *lastUpdate;
-        ASN1_TIME *nextUpdate;
-        STACK_OF(X509_REVOKED) *revoked;
-        STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
-        ASN1_ENCODING enc;
-} /* X509_CRL_INFO */;
-struct X509_crl_st {
-        /* actual signature */
-        X509_CRL_INFO *crl;
-        X509_ALGOR *sig_alg;
-        ASN1_BIT_STRING *signature;
-        int references;
-        int flags;
-        /* Copies of various extensions */
-        AUTHORITY_KEYID *akid;
-        ISSUING_DIST_POINT *idp;
-        /* Convenient breakdown of IDP */
-        int idp_flags;
-        int idp_reasons;
-        /* CRL and base CRL numbers for delta processing */
-        ASN1_INTEGER *crl_number;
-        ASN1_INTEGER *base_crl_number;
-        unsigned char hash[X509_CRL_HASH_LEN];
-        STACK_OF(GENERAL_NAMES) *issuers;
-} /* X509_CRL */;
-struct pkcs8_priv_key_info_st {
-        ASN1_INTEGER *version;
-        X509_ALGOR *pkeyalg;
-        ASN1_OCTET_STRING *pkey;
-        STACK_OF(X509_ATTRIBUTE) *attributes;
-};
-struct x509_object_st {
-        /* one of the above types */
-        int type;
-        union {
-                X509 *x509;
-                X509_CRL *crl;
-        } data;
-} /* X509_OBJECT */;
-struct x509_lookup_method_st {
-        const char *name;
-        int (*new_item)(X509_LOOKUP *ctx);
-        void (*free)(X509_LOOKUP *ctx);
-        int (*ctrl)(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
-            char **ret);
-        int (*get_by_subject)(X509_LOOKUP *ctx, int type, X509_NAME *name,
-            X509_OBJECT *ret);
-} /* X509_LOOKUP_METHOD */;
-struct X509_VERIFY_PARAM_st {
-        char *name;
-        time_t check_time;      /* Time to use */
-        unsigned long inh_flags; /* Inheritance flags */
-        unsigned long flags;    /* Various verify flags */
-        int purpose;            /* purpose to check untrusted certificates */
-        int trust;              /* trust setting to check */
-        int depth;              /* Verify depth */
-        int security_level;     /* 'Security level', see SP800-57. */
-        STACK_OF(ASN1_OBJECT) *policies;        /* Permissible policies */
-        STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */
-        unsigned int hostflags;     /* Flags to control matching features */
-        char *peername;             /* Matching hostname in peer certificate */
-        char *email;                /* If not NULL email address to match */
-        size_t emaillen;
-        unsigned char *ip;          /* If not NULL IP address to match */
-        size_t iplen;               /* Length of IP address */
-        int poisoned;
-} /* X509_VERIFY_PARAM */;
-/*
- * This is used to hold everything.  It is used for all certificate
- * validation.  Once we have a certificate chain, the 'verify'
- * function is then called to actually check the cert chain.
- */
-struct x509_store_st {
-        /* The following is a cache of trusted certs */
-        STACK_OF(X509_OBJECT) *objs;    /* Cache of all objects */
-        /* These are external lookup methods */
-        STACK_OF(X509_LOOKUP) *get_cert_methods;
-        X509_VERIFY_PARAM *param;
-        /* Callbacks for various operations */
-        int (*verify)(X509_STORE_CTX *ctx);     /* called to verify a certificate */
-        int (*verify_cb)(int ok,X509_STORE_CTX *ctx);   /* error callback */
-        int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
-        CRYPTO_EX_DATA ex_data;
-        int references;
-} /* X509_STORE */;
-/* This is the functions plus an instance of the local variables. */
-struct x509_lookup_st {
-        const X509_LOOKUP_METHOD *method;       /* the functions */
-        void *method_data;              /* method data */
-        X509_STORE *store_ctx;  /* who owns us */
-} /* X509_LOOKUP */;
-/*
- * This is used when verifying cert chains.  Since the gathering of the cert
- * chain can take some time (and has to be 'retried'), this needs to be kept
- * and passed around.
- */
-struct x509_store_ctx_st {
-        X509_STORE *store;
-        int current_method;     /* used when looking up certs */
-        /* The following are set by the caller */
-        X509 *cert;             /* The cert to check */
-        STACK_OF(X509) *untrusted;      /* chain of X509s - untrusted - passed in */
-        STACK_OF(X509) *trusted;        /* trusted stack for use with get_issuer() */
-        STACK_OF(X509_CRL) *crls;       /* set of CRLs passed in */
-        X509_VERIFY_PARAM *param;
-        /* Callbacks for various operations */
-        int (*verify)(X509_STORE_CTX *ctx);     /* called to verify a certificate */
-        int (*verify_cb)(int ok,X509_STORE_CTX *ctx);           /* error callback */
-        int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
-        int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
-        /* The following is built up */
-        int valid;              /* if 0, rebuild chain */
-        int num_untrusted;      /* number of untrusted certs in chain */
-        STACK_OF(X509) *chain;          /* chain of X509s - built up and trusted */
-        int explicit_policy;    /* Require explicit policy value */
-        /* When something goes wrong, this is why */
-        int error_depth;
-        int error;
-        X509 *current_cert;
-        X509 *current_issuer;   /* cert currently being tested as valid issuer */
-        X509_CRL *current_crl;  /* current CRL */
-        int current_crl_score;  /* score of current CRL */
-        unsigned int current_reasons;  /* Reason mask */
-        X509_STORE_CTX *parent; /* For CRL path validation: parent context */
-        CRYPTO_EX_DATA ex_data;
-} /* X509_STORE_CTX */;
-int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet);
-int name_cmp(const char *name, const char *cmp);
-int X509_ALGOR_set_evp_md(X509_ALGOR *alg, const EVP_MD *md);
-int X509_ALGOR_set0_by_nid(X509_ALGOR *alg, int nid, int parameter_type,
-    void *parameter_value);
-int X509_policy_check(const STACK_OF(X509) *certs,
-    const STACK_OF(ASN1_OBJECT) *user_policies, unsigned long flags,
-    X509 **out_current_cert);
-PBEPARAM *PBEPARAM_new(void);
-void PBEPARAM_free(PBEPARAM *a);
-PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, const unsigned char **in, long len);
-int i2d_PBEPARAM(PBEPARAM *a, unsigned char **out);
-/* Password based encryption V2 structures */
-typedef struct PBE2PARAM_st {
-        X509_ALGOR *keyfunc;
-        X509_ALGOR *encryption;
-} PBE2PARAM;
-PBE2PARAM *PBE2PARAM_new(void);
-void PBE2PARAM_free(PBE2PARAM *a);
-PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, const unsigned char **in, long len);
-int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **out);
-extern const ASN1_ITEM PBE2PARAM_it;
-typedef struct PBKDF2PARAM_st {
-        /* Usually OCTET STRING but could be anything */
-        ASN1_TYPE *salt;
-        ASN1_INTEGER *iter;
-        ASN1_INTEGER *keylength;
-        X509_ALGOR *prf;
-} PBKDF2PARAM;
-PBKDF2PARAM *PBKDF2PARAM_new(void);
-void PBKDF2PARAM_free(PBKDF2PARAM *a);
-PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, const unsigned char **in, long len);
-int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **out);
-extern const ASN1_ITEM PBKDF2PARAM_it;
-int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
-    const unsigned char *salt, int saltlen);
-X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
-    unsigned char *salt, int saltlen);
-X509_ALGOR *PKCS5_pbe_set(int alg, int iter, const unsigned char *salt,
-    int saltlen);
-X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
-    int prf_nid, int keylen);
-int X509_PURPOSE_get_by_id(int id);
-int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);
-int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
-    int lastpos);
-int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
-    const ASN1_OBJECT *obj, int lastpos);
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
-    X509_ATTRIBUTE *attr);
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
-    const ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
-    int nid, int type, const unsigned char *bytes, int len);
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
-    const char *attrname, int type, const unsigned char *bytes, int len);
-void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
-    const ASN1_OBJECT *obj, int lastpos, int type);
-int X509_NAME_ENTRY_add_cbb(CBB *cbb, const X509_NAME_ENTRY *ne);
-int X509V3_add_value(const char *name, const char *value,
-    STACK_OF(CONF_VALUE) **extlist);
-int X509V3_add_value_uchar(const char *name, const unsigned char *value,
-    STACK_OF(CONF_VALUE) **extlist);
-int X509V3_add_value_bool(const char *name, int asn1_bool,
-    STACK_OF(CONF_VALUE) **extlist);
-int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint,
-    STACK_OF(CONF_VALUE) **extlist);
-int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool);
-int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint);
-STACK_OF(CONF_VALUE) *X509V3_get0_section(X509V3_CTX *ctx, const char *section);
-const X509V3_EXT_METHOD *x509v3_ext_method_authority_key_identifier(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_basic_constraints(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_certificate_issuer(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_certificate_policies(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_crl_distribution_points(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_crl_number(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_crl_reason(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_ct_cert_scts(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_ct_precert_poison(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_ct_precert_scts(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_delta_crl(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_ext_key_usage(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_freshest_crl(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_hold_instruction_code(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_id_pkix_OCSP_CrlID(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_id_pkix_OCSP_Nonce(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_id_pkix_OCSP_acceptableResponses(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_id_pkix_OCSP_archiveCutoff(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_id_pkix_OCSP_serviceLocator(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_info_access(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_inhibit_any_policy(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_invalidity_date(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_issuer_alt_name(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_issuing_distribution_point(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_key_usage(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_name_constraints(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_netscape_base_url(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_netscape_ca_policy_url(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_netscape_ca_revocation_url(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_netscape_cert_type(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_netscape_comment(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_netscape_renewal_url(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_netscape_revocation_url(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_netscape_ssl_server_name(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_policy_constraints(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_policy_mappings(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_private_key_usage_period(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_sbgp_ipAddrBlock(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_sbgp_autonomousSysNum(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_sinfo_access(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_subject_alt_name(void);
-const X509V3_EXT_METHOD *x509v3_ext_method_subject_key_identifier(void);
-__END_HIDDEN_DECLS
-#endif /* !HEADER_X509_LOCAL_H */

diff --git a/src/lib/libcrypto/x509/x509_local.h b/src/lib/libcrypto/x509/x509_local.h deleted file mode 100644 index 796a2ee718..0000000000 --- a/src/lib/libcrypto/x509/x509_local.h +++ /dev/null
@@ -1,503 +0,0 @@
1	/* $OpenBSD: x509_local.h,v 1.38 2025/03/06 07:20:01 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2013.
4	*/
5	/* ====================================================================
6	* Copyright (c) 2013 The OpenSSL Project. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in
17	* the documentation and/or other materials provided with the
18	* distribution.
19	*
20	* 3. All advertising materials mentioning features or use of this
21	* software must display the following acknowledgment:
22	* "This product includes software developed by the OpenSSL Project
23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24	*
25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26	* endorse or promote products derived from this software without
27	* prior written permission. For written permission, please contact
28	* licensing@OpenSSL.org.
29	*
30	* 5. Products derived from this software may not be called "OpenSSL"
31	* nor may "OpenSSL" appear in their names without prior written
32	* permission of the OpenSSL Project.
33	*
34	* 6. Redistributions of any form whatsoever must retain the following
35	* acknowledgment:
36	* "This product includes software developed by the OpenSSL Project
37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38	*
39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	* OF THE POSSIBILITY OF SUCH DAMAGE.
51	* ====================================================================
52	*
53	* This product includes cryptographic software written by Eric Young
54	* (eay@cryptsoft.com). This product includes software written by Tim
55	* Hudson (tjh@cryptsoft.com).
56	*
57	*/
58
59	#ifndef HEADER_X509_LOCAL_H
60	#define HEADER_X509_LOCAL_H
61
62	#include <openssl/x509v3.h>
63
64	#include "bytestring.h"
65
66	__BEGIN_HIDDEN_DECLS
67
68	#define TS_HASH_EVP EVP_sha1()
69	#define TS_HASH_LEN SHA_DIGEST_LENGTH
70
71	#define X509_CERT_HASH_EVP EVP_sha512()
72	#define X509_CERT_HASH_LEN SHA512_DIGEST_LENGTH
73	#define X509_CRL_HASH_EVP EVP_sha512()
74	#define X509_CRL_HASH_LEN SHA512_DIGEST_LENGTH
75
76	#define X509_TRUST_ACCEPT_ALL -1
77
78	/* check_trust return codes */
79	#define X509_TRUST_TRUSTED 1
80	#define X509_TRUST_REJECTED 2
81	#define X509_TRUST_UNTRUSTED 3
82
83	int X509_check_trust(X509 *x, int id, int flags);
84
85	struct X509_val_st {
86	ASN1_TIME *notBefore;
87	ASN1_TIME *notAfter;
88	} /* X509_VAL */;
89
90	struct X509_pubkey_st {
91	X509_ALGOR *algor;
92	ASN1_BIT_STRING *public_key;
93	EVP_PKEY *pkey;
94	};
95
96	struct X509_sig_st {
97	X509_ALGOR *algor;
98	ASN1_OCTET_STRING *digest;
99	} /* X509_SIG */;
100
101	struct X509_name_entry_st {
102	ASN1_OBJECT *object;
103	ASN1_STRING *value;
104	int set;
105	int size; /* temp variable */
106	} /* X509_NAME_ENTRY */;
107
108	/* we always keep X509_NAMEs in 2 forms. */
109	struct X509_name_st {
110	STACK_OF(X509_NAME_ENTRY) *entries;
111	int modified; /* true if 'bytes' needs to be built */
112	#ifndef OPENSSL_NO_BUFFER
113	BUF_MEM *bytes;
114	#else
115	char *bytes;
116	#endif
117	/* unsigned long hash; Keep the hash around for lookups */
118	unsigned char *canon_enc;
119	int canon_enclen;
120	} /* X509_NAME */;
121
122	struct X509_extension_st {
123	ASN1_OBJECT *object;
124	ASN1_BOOLEAN critical;
125	ASN1_OCTET_STRING *value;
126	} /* X509_EXTENSION */;
127
128	struct x509_attributes_st {
129	ASN1_OBJECT *object;
130	STACK_OF(ASN1_TYPE) *set;
131	} /* X509_ATTRIBUTE */;
132
133	struct X509_req_info_st {
134	ASN1_ENCODING enc;
135	ASN1_INTEGER *version;
136	X509_NAME *subject;
137	X509_PUBKEY *pubkey;
138	/* d=2 hl=2 l= 0 cons: cont: 00 */
139	STACK_OF(X509_ATTRIBUTE) attributes; / [ 0 ] */
140	} /* X509_REQ_INFO */;
141
142	struct X509_req_st {
143	X509_REQ_INFO *req_info;
144	X509_ALGOR *sig_alg;
145	ASN1_BIT_STRING *signature;
146	int references;
147	} /* X509_REQ */;
148
149	/*
150	* This stuff is certificate "auxiliary info" it contains details which are
151	* useful in certificate stores and databases. When used this is tagged onto
152	* the end of the certificate itself.
153	*/
154	typedef struct x509_cert_aux_st {
155	STACK_OF(ASN1_OBJECT) trust; / trusted uses */
156	STACK_OF(ASN1_OBJECT) reject; / rejected uses */
157	ASN1_UTF8STRING alias; / "friendly name" */
158	ASN1_OCTET_STRING keyid; / key id of private key */
159	STACK_OF(X509_ALGOR) other; / other unspecified info */
160	} X509_CERT_AUX;
161
162	X509_CERT_AUX *X509_CERT_AUX_new(void);
163	void X509_CERT_AUX_free(X509_CERT_AUX *a);
164	X509_CERT_AUX d2i_X509_CERT_AUX(X509_CERT_AUX a, const unsigned char *in, long len);
165	int i2d_X509_CERT_AUX(X509_CERT_AUX a, unsigned char *out);
166	extern const ASN1_ITEM X509_CERT_AUX_it;
167	int X509_CERT_AUX_print(BIO bp,X509_CERT_AUX x, int indent);
168
169	struct x509_cinf_st {
170	ASN1_INTEGER version; / [ 0 ] default of v1 */
171	ASN1_INTEGER *serialNumber;
172	X509_ALGOR *signature;
173	X509_NAME *issuer;
174	X509_VAL *validity;
175	X509_NAME *subject;
176	X509_PUBKEY *key;
177	ASN1_BIT_STRING issuerUID; / [ 1 ] optional in v2 */
178	ASN1_BIT_STRING subjectUID; / [ 2 ] optional in v2 */
179	STACK_OF(X509_EXTENSION) extensions; / [ 3 ] optional in v3 */
180	ASN1_ENCODING enc;
181	} /* X509_CINF */;
182
183	struct x509_st {
184	X509_CINF *cert_info;
185	X509_ALGOR *sig_alg;
186	ASN1_BIT_STRING *signature;
187	int references;
188	CRYPTO_EX_DATA ex_data;
189	/* These contain copies of various extension values */
190	long ex_pathlen;
191	unsigned long ex_flags;
192	unsigned long ex_kusage;
193	unsigned long ex_xkusage;
194	unsigned long ex_nscert;
195	ASN1_OCTET_STRING *skid;
196	AUTHORITY_KEYID *akid;
197	STACK_OF(DIST_POINT) *crldp;
198	STACK_OF(GENERAL_NAME) *altname;
199	NAME_CONSTRAINTS *nc;
200	#ifndef OPENSSL_NO_RFC3779
201	STACK_OF(IPAddressFamily) *rfc3779_addr;
202	ASIdentifiers *rfc3779_asid;
203	#endif
204	unsigned char hash[X509_CERT_HASH_LEN];
205	X509_CERT_AUX *aux;
206	} /* X509 */;
207
208	struct x509_revoked_st {
209	ASN1_INTEGER *serialNumber;
210	ASN1_TIME *revocationDate;
211	STACK_OF(X509_EXTENSION) /* optional / extensions;
212	/* Set up if indirect CRL */
213	STACK_OF(GENERAL_NAME) *issuer;
214	/* Revocation reason */
215	int reason;
216	int sequence; /* load sequence */
217	};
218
219	struct X509_crl_info_st {
220	ASN1_INTEGER *version;
221	X509_ALGOR *sig_alg;
222	X509_NAME *issuer;
223	ASN1_TIME *lastUpdate;
224	ASN1_TIME *nextUpdate;
225	STACK_OF(X509_REVOKED) *revoked;
226	STACK_OF(X509_EXTENSION) /* [0] / extensions;
227	ASN1_ENCODING enc;
228	} /* X509_CRL_INFO */;
229
230	struct X509_crl_st {
231	/* actual signature */
232	X509_CRL_INFO *crl;
233	X509_ALGOR *sig_alg;
234	ASN1_BIT_STRING *signature;
235	int references;
236	int flags;
237	/* Copies of various extensions */
238	AUTHORITY_KEYID *akid;
239	ISSUING_DIST_POINT *idp;
240	/* Convenient breakdown of IDP */
241	int idp_flags;
242	int idp_reasons;
243	/* CRL and base CRL numbers for delta processing */
244	ASN1_INTEGER *crl_number;
245	ASN1_INTEGER *base_crl_number;
246	unsigned char hash[X509_CRL_HASH_LEN];
247	STACK_OF(GENERAL_NAMES) *issuers;
248	} /* X509_CRL */;
249
250	struct pkcs8_priv_key_info_st {
251	ASN1_INTEGER *version;
252	X509_ALGOR *pkeyalg;
253	ASN1_OCTET_STRING *pkey;
254	STACK_OF(X509_ATTRIBUTE) *attributes;
255	};
256
257	struct x509_object_st {
258	/* one of the above types */
259	int type;
260	union {
261	X509 *x509;
262	X509_CRL *crl;
263	} data;
264	} /* X509_OBJECT */;
265
266	struct x509_lookup_method_st {
267	const char *name;
268	int (new_item)(X509_LOOKUP ctx);
269	void (free)(X509_LOOKUP ctx);
270	int (ctrl)(X509_LOOKUP ctx, int cmd, const char *argc, long argl,
271	char **ret);
272	int (get_by_subject)(X509_LOOKUP ctx, int type, X509_NAME *name,
273	X509_OBJECT *ret);
274	} /* X509_LOOKUP_METHOD */;
275
276	struct X509_VERIFY_PARAM_st {
277	char *name;
278	time_t check_time; /* Time to use */
279	unsigned long inh_flags; /* Inheritance flags */
280	unsigned long flags; /* Various verify flags */
281	int purpose; /* purpose to check untrusted certificates */
282	int trust; /* trust setting to check */
283	int depth; /* Verify depth */
284	int security_level; /* 'Security level', see SP800-57. */
285	STACK_OF(ASN1_OBJECT) policies; / Permissible policies */
286	STACK_OF(OPENSSL_STRING) hosts; / Set of acceptable names */
287	unsigned int hostflags; /* Flags to control matching features */
288	char peername; / Matching hostname in peer certificate */
289	char email; / If not NULL email address to match */
290	size_t emaillen;
291	unsigned char ip; / If not NULL IP address to match */
292	size_t iplen; /* Length of IP address */
293	int poisoned;
294	} /* X509_VERIFY_PARAM */;
295
296	/*
297	* This is used to hold everything. It is used for all certificate
298	* validation. Once we have a certificate chain, the 'verify'
299	* function is then called to actually check the cert chain.
300	*/
301	struct x509_store_st {
302	/* The following is a cache of trusted certs */
303	STACK_OF(X509_OBJECT) objs; / Cache of all objects */
304
305	/* These are external lookup methods */
306	STACK_OF(X509_LOOKUP) *get_cert_methods;
307
308	X509_VERIFY_PARAM *param;
309
310	/* Callbacks for various operations */
311	int (verify)(X509_STORE_CTX ctx); /* called to verify a certificate */
312	int (verify_cb)(int ok,X509_STORE_CTX ctx); /* error callback */
313	int (check_issued)(X509_STORE_CTX ctx, X509 x, X509 issuer); /* check issued */
314
315	CRYPTO_EX_DATA ex_data;
316	int references;
317	} /* X509_STORE */;
318
319	/* This is the functions plus an instance of the local variables. */
320	struct x509_lookup_st {
321	const X509_LOOKUP_METHOD method; / the functions */
322	void method_data; / method data */
323
324	X509_STORE store_ctx; / who owns us */
325	} /* X509_LOOKUP */;
326
327	/*
328	* This is used when verifying cert chains. Since the gathering of the cert
329	* chain can take some time (and has to be 'retried'), this needs to be kept
330	* and passed around.
331	*/
332	struct x509_store_ctx_st {
333	X509_STORE *store;
334	int current_method; /* used when looking up certs */
335
336	/* The following are set by the caller */
337	X509 cert; / The cert to check */
338	STACK_OF(X509) untrusted; / chain of X509s - untrusted - passed in */
339	STACK_OF(X509) trusted; / trusted stack for use with get_issuer() */
340	STACK_OF(X509_CRL) crls; / set of CRLs passed in */
341
342	X509_VERIFY_PARAM *param;
343
344	/* Callbacks for various operations */
345	int (verify)(X509_STORE_CTX ctx); /* called to verify a certificate */
346	int (verify_cb)(int ok,X509_STORE_CTX ctx); /* error callback */
347	int (get_issuer)(X509 issuer, X509_STORE_CTX ctx, X509 x); / get issuers cert from ctx */
348	int (check_issued)(X509_STORE_CTX ctx, X509 x, X509 issuer); /* check issued */
349
350	/* The following is built up */
351	int valid; /* if 0, rebuild chain */
352	int num_untrusted; /* number of untrusted certs in chain */
353	STACK_OF(X509) chain; / chain of X509s - built up and trusted */
354
355	int explicit_policy; /* Require explicit policy value */
356
357	/* When something goes wrong, this is why */
358	int error_depth;
359	int error;
360	X509 *current_cert;
361	X509 current_issuer; / cert currently being tested as valid issuer */
362	X509_CRL current_crl; / current CRL */
363
364	int current_crl_score; /* score of current CRL */
365	unsigned int current_reasons; /* Reason mask */
366
367	X509_STORE_CTX parent; / For CRL path validation: parent context */
368
369	CRYPTO_EX_DATA ex_data;
370	} /* X509_STORE_CTX */;
371
372	int x509_check_cert_time(X509_STORE_CTX ctx, X509 x, int quiet);
373
374	int name_cmp(const char name, const char cmp);
375
376	int X509_ALGOR_set_evp_md(X509_ALGOR alg, const EVP_MD md);
377	int X509_ALGOR_set0_by_nid(X509_ALGOR *alg, int nid, int parameter_type,
378	void *parameter_value);
379
380	int X509_policy_check(const STACK_OF(X509) *certs,
381	const STACK_OF(ASN1_OBJECT) *user_policies, unsigned long flags,
382	X509 **out_current_cert);
383
384	PBEPARAM *PBEPARAM_new(void);
385	void PBEPARAM_free(PBEPARAM *a);
386	PBEPARAM d2i_PBEPARAM(PBEPARAM a, const unsigned char *in, long len);
387	int i2d_PBEPARAM(PBEPARAM a, unsigned char *out);
388
389	/* Password based encryption V2 structures */
390	typedef struct PBE2PARAM_st {
391	X509_ALGOR *keyfunc;
392	X509_ALGOR *encryption;
393	} PBE2PARAM;
394
395	PBE2PARAM *PBE2PARAM_new(void);
396	void PBE2PARAM_free(PBE2PARAM *a);
397	PBE2PARAM d2i_PBE2PARAM(PBE2PARAM a, const unsigned char *in, long len);
398	int i2d_PBE2PARAM(PBE2PARAM a, unsigned char *out);
399	extern const ASN1_ITEM PBE2PARAM_it;
400
401	typedef struct PBKDF2PARAM_st {
402	/* Usually OCTET STRING but could be anything */
403	ASN1_TYPE *salt;
404	ASN1_INTEGER *iter;
405	ASN1_INTEGER *keylength;
406	X509_ALGOR *prf;
407	} PBKDF2PARAM;
408
409	PBKDF2PARAM *PBKDF2PARAM_new(void);
410	void PBKDF2PARAM_free(PBKDF2PARAM *a);
411	PBKDF2PARAM d2i_PBKDF2PARAM(PBKDF2PARAM a, const unsigned char *in, long len);
412	int i2d_PBKDF2PARAM(PBKDF2PARAM a, unsigned char *out);
413	extern const ASN1_ITEM PBKDF2PARAM_it;
414
415	int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
416	const unsigned char *salt, int saltlen);
417	X509_ALGOR PKCS5_pbe2_set(const EVP_CIPHER cipher, int iter,
418	unsigned char *salt, int saltlen);
419	X509_ALGOR PKCS5_pbe_set(int alg, int iter, const unsigned char salt,
420	int saltlen);
421	X509_ALGOR PKCS5_pbkdf2_set(int iter, unsigned char salt, int saltlen,
422	int prf_nid, int keylen);
423
424	int X509_PURPOSE_get_by_id(int id);
425	int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);
426
427	int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
428	int lastpos);
429	int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
430	const ASN1_OBJECT *obj, int lastpos);
431	STACK_OF(X509_ATTRIBUTE) X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) *x,
432	X509_ATTRIBUTE *attr);
433	STACK_OF(X509_ATTRIBUTE) X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
434	const ASN1_OBJECT obj, int type, const unsigned char bytes, int len);
435	STACK_OF(X509_ATTRIBUTE) X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) *x,
436	int nid, int type, const unsigned char *bytes, int len);
437	STACK_OF(X509_ATTRIBUTE) X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) *x,
438	const char attrname, int type, const unsigned char bytes, int len);
439	void X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) x,
440	const ASN1_OBJECT *obj, int lastpos, int type);
441
442	int X509_NAME_ENTRY_add_cbb(CBB cbb, const X509_NAME_ENTRY ne);
443
444	int X509V3_add_value(const char name, const char value,
445	STACK_OF(CONF_VALUE) **extlist);
446	int X509V3_add_value_uchar(const char name, const unsigned char value,
447	STACK_OF(CONF_VALUE) **extlist);
448	int X509V3_add_value_bool(const char *name, int asn1_bool,
449	STACK_OF(CONF_VALUE) **extlist);
450	int X509V3_add_value_int(const char name, const ASN1_INTEGER aint,
451	STACK_OF(CONF_VALUE) **extlist);
452
453	int X509V3_get_value_bool(const CONF_VALUE value, int asn1_bool);
454	int X509V3_get_value_int(const CONF_VALUE value, ASN1_INTEGER *aint);
455
456	STACK_OF(CONF_VALUE) X509V3_get0_section(X509V3_CTX ctx, const char *section);
457
458	const X509V3_EXT_METHOD *x509v3_ext_method_authority_key_identifier(void);
459	const X509V3_EXT_METHOD *x509v3_ext_method_basic_constraints(void);
460	const X509V3_EXT_METHOD *x509v3_ext_method_certificate_issuer(void);
461	const X509V3_EXT_METHOD *x509v3_ext_method_certificate_policies(void);
462	const X509V3_EXT_METHOD *x509v3_ext_method_crl_distribution_points(void);
463	const X509V3_EXT_METHOD *x509v3_ext_method_crl_number(void);
464	const X509V3_EXT_METHOD *x509v3_ext_method_crl_reason(void);
465	const X509V3_EXT_METHOD *x509v3_ext_method_ct_cert_scts(void);
466	const X509V3_EXT_METHOD *x509v3_ext_method_ct_precert_poison(void);
467	const X509V3_EXT_METHOD *x509v3_ext_method_ct_precert_scts(void);
468	const X509V3_EXT_METHOD *x509v3_ext_method_delta_crl(void);
469	const X509V3_EXT_METHOD *x509v3_ext_method_ext_key_usage(void);
470	const X509V3_EXT_METHOD *x509v3_ext_method_freshest_crl(void);
471	const X509V3_EXT_METHOD *x509v3_ext_method_hold_instruction_code(void);
472	const X509V3_EXT_METHOD *x509v3_ext_method_id_pkix_OCSP_CrlID(void);
473	const X509V3_EXT_METHOD *x509v3_ext_method_id_pkix_OCSP_Nonce(void);
474	const X509V3_EXT_METHOD *x509v3_ext_method_id_pkix_OCSP_acceptableResponses(void);
475	const X509V3_EXT_METHOD *x509v3_ext_method_id_pkix_OCSP_archiveCutoff(void);
476	const X509V3_EXT_METHOD *x509v3_ext_method_id_pkix_OCSP_serviceLocator(void);
477	const X509V3_EXT_METHOD *x509v3_ext_method_info_access(void);
478	const X509V3_EXT_METHOD *x509v3_ext_method_inhibit_any_policy(void);
479	const X509V3_EXT_METHOD *x509v3_ext_method_invalidity_date(void);
480	const X509V3_EXT_METHOD *x509v3_ext_method_issuer_alt_name(void);
481	const X509V3_EXT_METHOD *x509v3_ext_method_issuing_distribution_point(void);
482	const X509V3_EXT_METHOD *x509v3_ext_method_key_usage(void);
483	const X509V3_EXT_METHOD *x509v3_ext_method_name_constraints(void);
484	const X509V3_EXT_METHOD *x509v3_ext_method_netscape_base_url(void);
485	const X509V3_EXT_METHOD *x509v3_ext_method_netscape_ca_policy_url(void);
486	const X509V3_EXT_METHOD *x509v3_ext_method_netscape_ca_revocation_url(void);
487	const X509V3_EXT_METHOD *x509v3_ext_method_netscape_cert_type(void);
488	const X509V3_EXT_METHOD *x509v3_ext_method_netscape_comment(void);
489	const X509V3_EXT_METHOD *x509v3_ext_method_netscape_renewal_url(void);
490	const X509V3_EXT_METHOD *x509v3_ext_method_netscape_revocation_url(void);
491	const X509V3_EXT_METHOD *x509v3_ext_method_netscape_ssl_server_name(void);
492	const X509V3_EXT_METHOD *x509v3_ext_method_policy_constraints(void);
493	const X509V3_EXT_METHOD *x509v3_ext_method_policy_mappings(void);
494	const X509V3_EXT_METHOD *x509v3_ext_method_private_key_usage_period(void);
495	const X509V3_EXT_METHOD *x509v3_ext_method_sbgp_ipAddrBlock(void);
496	const X509V3_EXT_METHOD *x509v3_ext_method_sbgp_autonomousSysNum(void);
497	const X509V3_EXT_METHOD *x509v3_ext_method_sinfo_access(void);
498	const X509V3_EXT_METHOD *x509v3_ext_method_subject_alt_name(void);
499	const X509V3_EXT_METHOD *x509v3_ext_method_subject_key_identifier(void);
500
501	__END_HIDDEN_DECLS
502
503	#endif /* !HEADER_X509_LOCAL_H */