x509v3.h 38 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101
  1. /* $OpenBSD: x509v3.h,v 1.29 2024/03/02 10:43:52 tb Exp $ */
  2. /* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL
  3. * project 1999.
  4. */
  5. /* ====================================================================
  6. * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
  7. *
  8. * Redistribution and use in source and binary forms, with or without
  9. * modification, are permitted provided that the following conditions
  10. * are met:
  11. *
  12. * 1. Redistributions of source code must retain the above copyright
  13. * notice, this list of conditions and the following disclaimer.
  14. *
  15. * 2. Redistributions in binary form must reproduce the above copyright
  16. * notice, this list of conditions and the following disclaimer in
  17. * the documentation and/or other materials provided with the
  18. * distribution.
  19. *
  20. * 3. All advertising materials mentioning features or use of this
  21. * software must display the following acknowledgment:
  22. * "This product includes software developed by the OpenSSL Project
  23. * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  24. *
  25. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  26. * endorse or promote products derived from this software without
  27. * prior written permission. For written permission, please contact
  28. * [email protected].
  29. *
  30. * 5. Products derived from this software may not be called "OpenSSL"
  31. * nor may "OpenSSL" appear in their names without prior written
  32. * permission of the OpenSSL Project.
  33. *
  34. * 6. Redistributions of any form whatsoever must retain the following
  35. * acknowledgment:
  36. * "This product includes software developed by the OpenSSL Project
  37. * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  38. *
  39. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  40. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  41. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  42. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  43. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  44. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  45. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  46. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  47. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  48. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  49. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  50. * OF THE POSSIBILITY OF SUCH DAMAGE.
  51. * ====================================================================
  52. *
  53. * This product includes cryptographic software written by Eric Young
  54. * ([email protected]). This product includes software written by Tim
  55. * Hudson ([email protected]).
  56. *
  57. */
  58. #ifndef HEADER_X509V3_H
  59. #define HEADER_X509V3_H
  60. #include <openssl/opensslconf.h>
  61. #include <openssl/bio.h>
  62. #include <openssl/x509.h>
  63. #include <openssl/conf.h>
  64. #ifdef __cplusplus
  65. extern "C" {
  66. #endif
  67. /* Forward reference */
  68. struct v3_ext_method;
  69. struct v3_ext_ctx;
  70. /* Useful typedefs */
  71. typedef void * (*X509V3_EXT_NEW)(void);
  72. typedef void (*X509V3_EXT_FREE)(void *);
  73. typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long);
  74. typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
  75. typedef STACK_OF(CONF_VALUE) *
  76. (*X509V3_EXT_I2V)(const struct v3_ext_method *method, void *ext,
  77. STACK_OF(CONF_VALUE) *extlist);
  78. typedef void * (*X509V3_EXT_V2I)(const struct v3_ext_method *method,
  79. struct v3_ext_ctx *ctx,
  80. STACK_OF(CONF_VALUE) *values);
  81. typedef char * (*X509V3_EXT_I2S)(const struct v3_ext_method *method, void *ext);
  82. typedef void * (*X509V3_EXT_S2I)(const struct v3_ext_method *method,
  83. struct v3_ext_ctx *ctx, const char *str);
  84. typedef int (*X509V3_EXT_I2R)(const struct v3_ext_method *method, void *ext,
  85. BIO *out, int indent);
  86. typedef void * (*X509V3_EXT_R2I)(const struct v3_ext_method *method,
  87. struct v3_ext_ctx *ctx, const char *str);
  88. /* V3 extension structure */
  89. struct v3_ext_method {
  90. int ext_nid;
  91. int ext_flags;
  92. /* If this is set the following four fields are ignored */
  93. ASN1_ITEM_EXP *it;
  94. /* Old style ASN1 calls */
  95. X509V3_EXT_NEW ext_new;
  96. X509V3_EXT_FREE ext_free;
  97. X509V3_EXT_D2I d2i;
  98. X509V3_EXT_I2D i2d;
  99. /* The following pair is used for string extensions */
  100. X509V3_EXT_I2S i2s;
  101. X509V3_EXT_S2I s2i;
  102. /* The following pair is used for multi-valued extensions */
  103. X509V3_EXT_I2V i2v;
  104. X509V3_EXT_V2I v2i;
  105. /* The following are used for raw extensions */
  106. X509V3_EXT_I2R i2r;
  107. X509V3_EXT_R2I r2i;
  108. void *usr_data; /* Any extension specific data */
  109. };
  110. typedef struct X509V3_CONF_METHOD_st {
  111. char *(*get_string)(void *db, const char *section, const char *value);
  112. STACK_OF(CONF_VALUE) *(*get_section)(void *db, const char *section);
  113. void (*free_string)(void *db, char *string);
  114. void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
  115. } X509V3_CONF_METHOD;
  116. /* Context specific info */
  117. struct v3_ext_ctx {
  118. #define CTX_TEST 0x1
  119. int flags;
  120. X509 *issuer_cert;
  121. X509 *subject_cert;
  122. X509_REQ *subject_req;
  123. X509_CRL *crl;
  124. X509V3_CONF_METHOD *db_meth;
  125. void *db;
  126. /* Maybe more here */
  127. };
  128. typedef struct v3_ext_method X509V3_EXT_METHOD;
  129. DECLARE_STACK_OF(X509V3_EXT_METHOD)
  130. /* ext_flags values */
  131. #define X509V3_EXT_DYNAMIC 0x1
  132. #define X509V3_EXT_CTX_DEP 0x2
  133. #define X509V3_EXT_MULTILINE 0x4
  134. typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
  135. typedef struct BASIC_CONSTRAINTS_st {
  136. int ca;
  137. ASN1_INTEGER *pathlen;
  138. } BASIC_CONSTRAINTS;
  139. typedef struct PKEY_USAGE_PERIOD_st {
  140. ASN1_GENERALIZEDTIME *notBefore;
  141. ASN1_GENERALIZEDTIME *notAfter;
  142. } PKEY_USAGE_PERIOD;
  143. typedef struct otherName_st {
  144. ASN1_OBJECT *type_id;
  145. ASN1_TYPE *value;
  146. } OTHERNAME;
  147. typedef struct EDIPartyName_st {
  148. ASN1_STRING *nameAssigner;
  149. ASN1_STRING *partyName;
  150. } EDIPARTYNAME;
  151. typedef struct GENERAL_NAME_st {
  152. #define GEN_OTHERNAME 0
  153. #define GEN_EMAIL 1
  154. #define GEN_DNS 2
  155. #define GEN_X400 3
  156. #define GEN_DIRNAME 4
  157. #define GEN_EDIPARTY 5
  158. #define GEN_URI 6
  159. #define GEN_IPADD 7
  160. #define GEN_RID 8
  161. int type;
  162. union {
  163. char *ptr;
  164. OTHERNAME *otherName; /* otherName */
  165. ASN1_IA5STRING *rfc822Name;
  166. ASN1_IA5STRING *dNSName;
  167. ASN1_STRING *x400Address;
  168. X509_NAME *directoryName;
  169. EDIPARTYNAME *ediPartyName;
  170. ASN1_IA5STRING *uniformResourceIdentifier;
  171. ASN1_OCTET_STRING *iPAddress;
  172. ASN1_OBJECT *registeredID;
  173. /* Old names */
  174. ASN1_OCTET_STRING *ip; /* iPAddress */
  175. X509_NAME *dirn; /* dirn */
  176. ASN1_IA5STRING *ia5; /* rfc822Name, dNSName, uniformResourceIdentifier */
  177. ASN1_OBJECT *rid; /* registeredID */
  178. } d;
  179. } GENERAL_NAME;
  180. typedef struct ACCESS_DESCRIPTION_st {
  181. ASN1_OBJECT *method;
  182. GENERAL_NAME *location;
  183. } ACCESS_DESCRIPTION;
  184. typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
  185. typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
  186. DECLARE_STACK_OF(GENERAL_NAME)
  187. typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
  188. DECLARE_STACK_OF(GENERAL_NAMES)
  189. DECLARE_STACK_OF(ACCESS_DESCRIPTION)
  190. typedef struct DIST_POINT_NAME_st {
  191. int type;
  192. union {
  193. GENERAL_NAMES *fullname;
  194. STACK_OF(X509_NAME_ENTRY) *relativename;
  195. } name;
  196. /* If relativename then this contains the full distribution point name */
  197. X509_NAME *dpname;
  198. } DIST_POINT_NAME;
  199. /* All existing reasons */
  200. #define CRLDP_ALL_REASONS 0x807f
  201. #define CRL_REASON_NONE -1
  202. #define CRL_REASON_UNSPECIFIED 0
  203. #define CRL_REASON_KEY_COMPROMISE 1
  204. #define CRL_REASON_CA_COMPROMISE 2
  205. #define CRL_REASON_AFFILIATION_CHANGED 3
  206. #define CRL_REASON_SUPERSEDED 4
  207. #define CRL_REASON_CESSATION_OF_OPERATION 5
  208. #define CRL_REASON_CERTIFICATE_HOLD 6
  209. #define CRL_REASON_REMOVE_FROM_CRL 8
  210. #define CRL_REASON_PRIVILEGE_WITHDRAWN 9
  211. #define CRL_REASON_AA_COMPROMISE 10
  212. struct DIST_POINT_st {
  213. DIST_POINT_NAME *distpoint;
  214. ASN1_BIT_STRING *reasons;
  215. GENERAL_NAMES *CRLissuer;
  216. int dp_reasons;
  217. };
  218. typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
  219. DECLARE_STACK_OF(DIST_POINT)
  220. struct AUTHORITY_KEYID_st {
  221. ASN1_OCTET_STRING *keyid;
  222. GENERAL_NAMES *issuer;
  223. ASN1_INTEGER *serial;
  224. };
  225. typedef struct NOTICEREF_st {
  226. ASN1_STRING *organization;
  227. STACK_OF(ASN1_INTEGER) *noticenos;
  228. } NOTICEREF;
  229. typedef struct USERNOTICE_st {
  230. NOTICEREF *noticeref;
  231. ASN1_STRING *exptext;
  232. } USERNOTICE;
  233. typedef struct POLICYQUALINFO_st {
  234. ASN1_OBJECT *pqualid;
  235. union {
  236. ASN1_IA5STRING *cpsuri;
  237. USERNOTICE *usernotice;
  238. ASN1_TYPE *other;
  239. } d;
  240. } POLICYQUALINFO;
  241. DECLARE_STACK_OF(POLICYQUALINFO)
  242. typedef struct POLICYINFO_st {
  243. ASN1_OBJECT *policyid;
  244. STACK_OF(POLICYQUALINFO) *qualifiers;
  245. } POLICYINFO;
  246. typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
  247. DECLARE_STACK_OF(POLICYINFO)
  248. typedef struct POLICY_MAPPING_st {
  249. ASN1_OBJECT *issuerDomainPolicy;
  250. ASN1_OBJECT *subjectDomainPolicy;
  251. } POLICY_MAPPING;
  252. DECLARE_STACK_OF(POLICY_MAPPING)
  253. typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;
  254. typedef struct GENERAL_SUBTREE_st {
  255. GENERAL_NAME *base;
  256. ASN1_INTEGER *minimum;
  257. ASN1_INTEGER *maximum;
  258. } GENERAL_SUBTREE;
  259. DECLARE_STACK_OF(GENERAL_SUBTREE)
  260. struct NAME_CONSTRAINTS_st {
  261. STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
  262. STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
  263. };
  264. typedef struct POLICY_CONSTRAINTS_st {
  265. ASN1_INTEGER *requireExplicitPolicy;
  266. ASN1_INTEGER *inhibitPolicyMapping;
  267. } POLICY_CONSTRAINTS;
  268. struct ISSUING_DIST_POINT_st {
  269. DIST_POINT_NAME *distpoint;
  270. int onlyuser;
  271. int onlyCA;
  272. ASN1_BIT_STRING *onlysomereasons;
  273. int indirectCRL;
  274. int onlyattr;
  275. };
  276. /* Values in idp_flags field */
  277. /* IDP present */
  278. #define IDP_PRESENT 0x1
  279. /* IDP values inconsistent */
  280. #define IDP_INVALID 0x2
  281. /* onlyuser true */
  282. #define IDP_ONLYUSER 0x4
  283. /* onlyCA true */
  284. #define IDP_ONLYCA 0x8
  285. /* onlyattr true */
  286. #define IDP_ONLYATTR 0x10
  287. /* indirectCRL true */
  288. #define IDP_INDIRECT 0x20
  289. /* onlysomereasons present */
  290. #define IDP_REASONS 0x40
  291. #define X509V3_conf_err(val) ERR_asprintf_error_data( \
  292. "section:%s,name:%s,value:%s", val->section, \
  293. val->name, val->value);
  294. #define X509V3_set_ctx_test(ctx) \
  295. X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
  296. #define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
  297. #define EXT_BITSTRING(nid, table) { nid, 0, &ASN1_BIT_STRING_it, \
  298. 0,0,0,0, \
  299. 0,0, \
  300. (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
  301. (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
  302. NULL, NULL, \
  303. table}
  304. #define EXT_IA5STRING(nid) { nid, 0, &ASN1_IA5STRING_it, \
  305. 0,0,0,0, \
  306. (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
  307. (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
  308. 0,0,0,0, \
  309. NULL}
  310. #define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
  311. /* X509_PURPOSE stuff */
  312. #define EXFLAG_BCONS 0x0001
  313. #define EXFLAG_KUSAGE 0x0002
  314. #define EXFLAG_XKUSAGE 0x0004
  315. #define EXFLAG_NSCERT 0x0008
  316. #define EXFLAG_CA 0x0010
  317. #define EXFLAG_SI 0x0020 /* Self issued. */
  318. #define EXFLAG_V1 0x0040
  319. #define EXFLAG_INVALID 0x0080
  320. #define EXFLAG_SET 0x0100
  321. #define EXFLAG_CRITICAL 0x0200
  322. #if !defined(LIBRESSL_INTERNAL)
  323. #define EXFLAG_PROXY 0x0400
  324. #endif
  325. #define EXFLAG_INVALID_POLICY 0x0800
  326. #define EXFLAG_FRESHEST 0x1000
  327. #define EXFLAG_SS 0x2000 /* Self signed. */
  328. #define KU_DIGITAL_SIGNATURE 0x0080
  329. #define KU_NON_REPUDIATION 0x0040
  330. #define KU_KEY_ENCIPHERMENT 0x0020
  331. #define KU_DATA_ENCIPHERMENT 0x0010
  332. #define KU_KEY_AGREEMENT 0x0008
  333. #define KU_KEY_CERT_SIGN 0x0004
  334. #define KU_CRL_SIGN 0x0002
  335. #define KU_ENCIPHER_ONLY 0x0001
  336. #define KU_DECIPHER_ONLY 0x8000
  337. #define NS_SSL_CLIENT 0x80
  338. #define NS_SSL_SERVER 0x40
  339. #define NS_SMIME 0x20
  340. #define NS_OBJSIGN 0x10
  341. #define NS_SSL_CA 0x04
  342. #define NS_SMIME_CA 0x02
  343. #define NS_OBJSIGN_CA 0x01
  344. #define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
  345. #define XKU_SSL_SERVER 0x1
  346. #define XKU_SSL_CLIENT 0x2
  347. #define XKU_SMIME 0x4
  348. #define XKU_CODE_SIGN 0x8
  349. #define XKU_SGC 0x10
  350. #define XKU_OCSP_SIGN 0x20
  351. #define XKU_TIMESTAMP 0x40
  352. #define XKU_DVCS 0x80
  353. #define XKU_ANYEKU 0x100
  354. #define X509_PURPOSE_DYNAMIC 0x1
  355. #define X509_PURPOSE_DYNAMIC_NAME 0x2
  356. typedef struct x509_purpose_st X509_PURPOSE;
  357. #define X509_PURPOSE_SSL_CLIENT 1
  358. #define X509_PURPOSE_SSL_SERVER 2
  359. #define X509_PURPOSE_NS_SSL_SERVER 3
  360. #define X509_PURPOSE_SMIME_SIGN 4
  361. #define X509_PURPOSE_SMIME_ENCRYPT 5
  362. #define X509_PURPOSE_CRL_SIGN 6
  363. #define X509_PURPOSE_ANY 7
  364. #define X509_PURPOSE_OCSP_HELPER 8
  365. #define X509_PURPOSE_TIMESTAMP_SIGN 9
  366. #define X509_PURPOSE_MIN 1
  367. #define X509_PURPOSE_MAX 9
  368. /* Flags for X509V3_EXT_print() */
  369. #define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
  370. /* Return error for unknown extensions */
  371. #define X509V3_EXT_DEFAULT 0
  372. /* Print error for unknown extensions */
  373. #define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
  374. /* ASN1 parse unknown extensions */
  375. #define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
  376. /* BIO_dump unknown extensions */
  377. #define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
  378. /* Flags for X509V3_add1_i2d */
  379. #define X509V3_ADD_OP_MASK 0xfL
  380. #define X509V3_ADD_DEFAULT 0L
  381. #define X509V3_ADD_APPEND 1L
  382. #define X509V3_ADD_REPLACE 2L
  383. #define X509V3_ADD_REPLACE_EXISTING 3L
  384. #define X509V3_ADD_KEEP_EXISTING 4L
  385. #define X509V3_ADD_DELETE 5L
  386. #define X509V3_ADD_SILENT 0x10
  387. DECLARE_STACK_OF(X509_PURPOSE)
  388. BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void);
  389. void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a);
  390. BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, const unsigned char **in, long len);
  391. int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **out);
  392. extern const ASN1_ITEM BASIC_CONSTRAINTS_it;
  393. AUTHORITY_KEYID *AUTHORITY_KEYID_new(void);
  394. void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a);
  395. AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, const unsigned char **in, long len);
  396. int i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **out);
  397. extern const ASN1_ITEM AUTHORITY_KEYID_it;
  398. PKEY_USAGE_PERIOD *PKEY_USAGE_PERIOD_new(void);
  399. void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a);
  400. PKEY_USAGE_PERIOD *d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a, const unsigned char **in, long len);
  401. int i2d_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD *a, unsigned char **out);
  402. extern const ASN1_ITEM PKEY_USAGE_PERIOD_it;
  403. GENERAL_NAME *GENERAL_NAME_new(void);
  404. void GENERAL_NAME_free(GENERAL_NAME *a);
  405. GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, const unsigned char **in, long len);
  406. int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **out);
  407. extern const ASN1_ITEM GENERAL_NAME_it;
  408. GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a);
  409. int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b);
  410. ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
  411. X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
  412. STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
  413. ASN1_BIT_STRING *bits,
  414. STACK_OF(CONF_VALUE) *extlist);
  415. STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
  416. int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
  417. GENERAL_NAMES *GENERAL_NAMES_new(void);
  418. void GENERAL_NAMES_free(GENERAL_NAMES *a);
  419. GENERAL_NAMES *d2i_GENERAL_NAMES(GENERAL_NAMES **a, const unsigned char **in, long len);
  420. int i2d_GENERAL_NAMES(GENERAL_NAMES *a, unsigned char **out);
  421. extern const ASN1_ITEM GENERAL_NAMES_it;
  422. STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
  423. GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
  424. GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
  425. X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
  426. OTHERNAME *OTHERNAME_new(void);
  427. void OTHERNAME_free(OTHERNAME *a);
  428. OTHERNAME *d2i_OTHERNAME(OTHERNAME **a, const unsigned char **in, long len);
  429. int i2d_OTHERNAME(OTHERNAME *a, unsigned char **out);
  430. extern const ASN1_ITEM OTHERNAME_it;
  431. EDIPARTYNAME *EDIPARTYNAME_new(void);
  432. void EDIPARTYNAME_free(EDIPARTYNAME *a);
  433. EDIPARTYNAME *d2i_EDIPARTYNAME(EDIPARTYNAME **a, const unsigned char **in, long len);
  434. int i2d_EDIPARTYNAME(EDIPARTYNAME *a, unsigned char **out);
  435. extern const ASN1_ITEM EDIPARTYNAME_it;
  436. int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b);
  437. void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value);
  438. void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype);
  439. int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
  440. ASN1_OBJECT *oid, ASN1_TYPE *value);
  441. int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen,
  442. ASN1_OBJECT **poid, ASN1_TYPE **pvalue);
  443. char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
  444. const ASN1_OCTET_STRING *ia5);
  445. ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
  446. X509V3_CTX *ctx, const char *str);
  447. EXTENDED_KEY_USAGE *EXTENDED_KEY_USAGE_new(void);
  448. void EXTENDED_KEY_USAGE_free(EXTENDED_KEY_USAGE *a);
  449. EXTENDED_KEY_USAGE *d2i_EXTENDED_KEY_USAGE(EXTENDED_KEY_USAGE **a, const unsigned char **in, long len);
  450. int i2d_EXTENDED_KEY_USAGE(EXTENDED_KEY_USAGE *a, unsigned char **out);
  451. extern const ASN1_ITEM EXTENDED_KEY_USAGE_it;
  452. int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION* a);
  453. CERTIFICATEPOLICIES *CERTIFICATEPOLICIES_new(void);
  454. void CERTIFICATEPOLICIES_free(CERTIFICATEPOLICIES *a);
  455. CERTIFICATEPOLICIES *d2i_CERTIFICATEPOLICIES(CERTIFICATEPOLICIES **a, const unsigned char **in, long len);
  456. int i2d_CERTIFICATEPOLICIES(CERTIFICATEPOLICIES *a, unsigned char **out);
  457. extern const ASN1_ITEM CERTIFICATEPOLICIES_it;
  458. POLICYINFO *POLICYINFO_new(void);
  459. void POLICYINFO_free(POLICYINFO *a);
  460. POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, const unsigned char **in, long len);
  461. int i2d_POLICYINFO(POLICYINFO *a, unsigned char **out);
  462. extern const ASN1_ITEM POLICYINFO_it;
  463. POLICYQUALINFO *POLICYQUALINFO_new(void);
  464. void POLICYQUALINFO_free(POLICYQUALINFO *a);
  465. POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, const unsigned char **in, long len);
  466. int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **out);
  467. extern const ASN1_ITEM POLICYQUALINFO_it;
  468. USERNOTICE *USERNOTICE_new(void);
  469. void USERNOTICE_free(USERNOTICE *a);
  470. USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, const unsigned char **in, long len);
  471. int i2d_USERNOTICE(USERNOTICE *a, unsigned char **out);
  472. extern const ASN1_ITEM USERNOTICE_it;
  473. NOTICEREF *NOTICEREF_new(void);
  474. void NOTICEREF_free(NOTICEREF *a);
  475. NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, const unsigned char **in, long len);
  476. int i2d_NOTICEREF(NOTICEREF *a, unsigned char **out);
  477. extern const ASN1_ITEM NOTICEREF_it;
  478. CRL_DIST_POINTS *CRL_DIST_POINTS_new(void);
  479. void CRL_DIST_POINTS_free(CRL_DIST_POINTS *a);
  480. CRL_DIST_POINTS *d2i_CRL_DIST_POINTS(CRL_DIST_POINTS **a, const unsigned char **in, long len);
  481. int i2d_CRL_DIST_POINTS(CRL_DIST_POINTS *a, unsigned char **out);
  482. extern const ASN1_ITEM CRL_DIST_POINTS_it;
  483. DIST_POINT *DIST_POINT_new(void);
  484. void DIST_POINT_free(DIST_POINT *a);
  485. DIST_POINT *d2i_DIST_POINT(DIST_POINT **a, const unsigned char **in, long len);
  486. int i2d_DIST_POINT(DIST_POINT *a, unsigned char **out);
  487. extern const ASN1_ITEM DIST_POINT_it;
  488. DIST_POINT_NAME *DIST_POINT_NAME_new(void);
  489. void DIST_POINT_NAME_free(DIST_POINT_NAME *a);
  490. DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, const unsigned char **in, long len);
  491. int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **out);
  492. extern const ASN1_ITEM DIST_POINT_NAME_it;
  493. ISSUING_DIST_POINT *ISSUING_DIST_POINT_new(void);
  494. void ISSUING_DIST_POINT_free(ISSUING_DIST_POINT *a);
  495. ISSUING_DIST_POINT *d2i_ISSUING_DIST_POINT(ISSUING_DIST_POINT **a, const unsigned char **in, long len);
  496. int i2d_ISSUING_DIST_POINT(ISSUING_DIST_POINT *a, unsigned char **out);
  497. extern const ASN1_ITEM ISSUING_DIST_POINT_it;
  498. int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname);
  499. int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc);
  500. ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void);
  501. void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a);
  502. ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, const unsigned char **in, long len);
  503. int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **out);
  504. extern const ASN1_ITEM ACCESS_DESCRIPTION_it;
  505. AUTHORITY_INFO_ACCESS *AUTHORITY_INFO_ACCESS_new(void);
  506. void AUTHORITY_INFO_ACCESS_free(AUTHORITY_INFO_ACCESS *a);
  507. AUTHORITY_INFO_ACCESS *d2i_AUTHORITY_INFO_ACCESS(AUTHORITY_INFO_ACCESS **a, const unsigned char **in, long len);
  508. int i2d_AUTHORITY_INFO_ACCESS(AUTHORITY_INFO_ACCESS *a, unsigned char **out);
  509. extern const ASN1_ITEM AUTHORITY_INFO_ACCESS_it;
  510. extern const ASN1_ITEM POLICY_MAPPING_it;
  511. POLICY_MAPPING *POLICY_MAPPING_new(void);
  512. void POLICY_MAPPING_free(POLICY_MAPPING *a);
  513. extern const ASN1_ITEM POLICY_MAPPINGS_it;
  514. extern const ASN1_ITEM GENERAL_SUBTREE_it;
  515. GENERAL_SUBTREE *GENERAL_SUBTREE_new(void);
  516. void GENERAL_SUBTREE_free(GENERAL_SUBTREE *a);
  517. extern const ASN1_ITEM NAME_CONSTRAINTS_it;
  518. NAME_CONSTRAINTS *NAME_CONSTRAINTS_new(void);
  519. void NAME_CONSTRAINTS_free(NAME_CONSTRAINTS *a);
  520. POLICY_CONSTRAINTS *POLICY_CONSTRAINTS_new(void);
  521. void POLICY_CONSTRAINTS_free(POLICY_CONSTRAINTS *a);
  522. extern const ASN1_ITEM POLICY_CONSTRAINTS_it;
  523. GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
  524. const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
  525. int gen_type, const char *value, int is_nc);
  526. #ifdef HEADER_CONF_H
  527. GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
  528. CONF_VALUE *cnf);
  529. GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
  530. const X509V3_EXT_METHOD *method,
  531. X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
  532. void X509V3_conf_free(CONF_VALUE *val);
  533. X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
  534. const char *value);
  535. X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
  536. const char *value);
  537. int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
  538. STACK_OF(X509_EXTENSION) **sk);
  539. int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
  540. X509 *cert);
  541. int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
  542. X509_REQ *req);
  543. int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
  544. X509_CRL *crl);
  545. X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
  546. int ext_nid, const char *value);
  547. X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
  548. const char *name, const char *value);
  549. int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
  550. const char *section, X509 *cert);
  551. int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
  552. const char *section, X509_REQ *req);
  553. int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
  554. const char *section, X509_CRL *crl);
  555. int X509V3_add_value_bool_nf(const char *name, int asn1_bool,
  556. STACK_OF(CONF_VALUE) **extlist);
  557. int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool);
  558. int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint);
  559. void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
  560. void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash);
  561. #endif
  562. char *X509V3_get_string(X509V3_CTX *ctx, const char *name,
  563. const char *section);
  564. STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section);
  565. void X509V3_string_free(X509V3_CTX *ctx, char *str);
  566. void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
  567. void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
  568. X509_REQ *req, X509_CRL *crl, int flags);
  569. int X509V3_add_value(const char *name, const char *value,
  570. STACK_OF(CONF_VALUE) **extlist);
  571. int X509V3_add_value_uchar(const char *name, const unsigned char *value,
  572. STACK_OF(CONF_VALUE) **extlist);
  573. int X509V3_add_value_bool(const char *name, int asn1_bool,
  574. STACK_OF(CONF_VALUE) **extlist);
  575. int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint,
  576. STACK_OF(CONF_VALUE) **extlist);
  577. char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint);
  578. ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value);
  579. char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint);
  580. char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth,
  581. const ASN1_ENUMERATED *aint);
  582. const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
  583. const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
  584. int X509V3_add_standard_extensions(void);
  585. STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
  586. void *X509V3_EXT_d2i(X509_EXTENSION *ext);
  587. void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
  588. int *idx);
  589. X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
  590. int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);
  591. char *hex_to_string(const unsigned char *buffer, long len);
  592. unsigned char *string_to_hex(const char *str, long *len);
  593. void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
  594. int ml);
  595. int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);
  596. int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
  597. int X509V3_extensions_print(BIO *out, const char *title,
  598. const STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);
  599. int X509_check_ca(X509 *x);
  600. int X509_check_purpose(X509 *x, int id, int ca);
  601. int X509_supported_extension(X509_EXTENSION *ex);
  602. int X509_check_issued(X509 *issuer, X509 *subject);
  603. int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
  604. int X509_PURPOSE_get_count(void);
  605. const X509_PURPOSE *X509_PURPOSE_get0(int idx);
  606. int X509_PURPOSE_get_by_sname(const char *sname);
  607. const char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp);
  608. const char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp);
  609. int X509_PURPOSE_get_id(const X509_PURPOSE *);
  610. uint32_t X509_get_extension_flags(X509 *x);
  611. uint32_t X509_get_key_usage(X509 *x);
  612. uint32_t X509_get_extended_key_usage(X509 *x);
  613. STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
  614. STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
  615. void X509_email_free(STACK_OF(OPENSSL_STRING) *sk);
  616. STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
  617. /* Flags for X509_check_* functions */
  618. /* Always check subject name for host match even if subject alt names present */
  619. #define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1
  620. /* Disable wildcard matching for dnsName fields and common name. */
  621. #define X509_CHECK_FLAG_NO_WILDCARDS 0x2
  622. /* Wildcards must not match a partial label. */
  623. #define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4
  624. /* Allow (non-partial) wildcards to match multiple labels. */
  625. #define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8
  626. /* Constraint verifier subdomain patterns to match a single labels. */
  627. #define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10
  628. /* Disable checking the CN for a hostname, to support modern validation */
  629. #define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20
  630. /*
  631. * Match reference identifiers starting with "." to any sub-domain.
  632. * This is a non-public flag, turned on implicitly when the subject
  633. * reference identity is a DNS name.
  634. */
  635. #define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000
  636. int X509_check_host(X509 *x, const char *chk, size_t chklen,
  637. unsigned int flags, char **peername);
  638. int X509_check_email(X509 *x, const char *chk, size_t chklen,
  639. unsigned int flags);
  640. int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
  641. unsigned int flags);
  642. int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags);
  643. ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
  644. ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
  645. int a2i_ipadd(unsigned char *ipout, const char *ipasc);
  646. int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
  647. unsigned long chtype);
  648. #ifndef OPENSSL_NO_RFC3779
  649. typedef struct ASRange_st {
  650. ASN1_INTEGER *min;
  651. ASN1_INTEGER *max;
  652. } ASRange;
  653. #define ASIdOrRange_id 0
  654. #define ASIdOrRange_range 1
  655. typedef struct ASIdOrRange_st {
  656. int type;
  657. union {
  658. ASN1_INTEGER *id;
  659. ASRange *range;
  660. } u;
  661. } ASIdOrRange;
  662. typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
  663. DECLARE_STACK_OF(ASIdOrRange)
  664. #define ASIdentifierChoice_inherit 0
  665. #define ASIdentifierChoice_asIdsOrRanges 1
  666. typedef struct ASIdentifierChoice_st {
  667. int type;
  668. union {
  669. ASN1_NULL *inherit;
  670. ASIdOrRanges *asIdsOrRanges;
  671. } u;
  672. } ASIdentifierChoice;
  673. typedef struct ASIdentifiers_st {
  674. ASIdentifierChoice *asnum;
  675. ASIdentifierChoice *rdi;
  676. } ASIdentifiers;
  677. ASRange *ASRange_new(void);
  678. void ASRange_free(ASRange *a);
  679. ASRange *d2i_ASRange(ASRange **a, const unsigned char **in, long len);
  680. int i2d_ASRange(ASRange *a, unsigned char **out);
  681. extern const ASN1_ITEM ASRange_it;
  682. ASIdOrRange *ASIdOrRange_new(void);
  683. void ASIdOrRange_free(ASIdOrRange *a);
  684. ASIdOrRange *d2i_ASIdOrRange(ASIdOrRange **a, const unsigned char **in,
  685. long len);
  686. int i2d_ASIdOrRange(ASIdOrRange *a, unsigned char **out);
  687. extern const ASN1_ITEM ASIdOrRange_it;
  688. ASIdentifierChoice *ASIdentifierChoice_new(void);
  689. void ASIdentifierChoice_free(ASIdentifierChoice *a);
  690. ASIdentifierChoice *d2i_ASIdentifierChoice(ASIdentifierChoice **a,
  691. const unsigned char **in, long len);
  692. int i2d_ASIdentifierChoice(ASIdentifierChoice *a, unsigned char **out);
  693. extern const ASN1_ITEM ASIdentifierChoice_it;
  694. ASIdentifiers *ASIdentifiers_new(void);
  695. void ASIdentifiers_free(ASIdentifiers *a);
  696. ASIdentifiers *d2i_ASIdentifiers(ASIdentifiers **a, const unsigned char **in,
  697. long len);
  698. int i2d_ASIdentifiers(ASIdentifiers *a, unsigned char **out);
  699. extern const ASN1_ITEM ASIdentifiers_it;
  700. typedef struct IPAddressRange_st {
  701. ASN1_BIT_STRING *min;
  702. ASN1_BIT_STRING *max;
  703. } IPAddressRange;
  704. #define IPAddressOrRange_addressPrefix 0
  705. #define IPAddressOrRange_addressRange 1
  706. typedef struct IPAddressOrRange_st {
  707. int type;
  708. union {
  709. ASN1_BIT_STRING *addressPrefix;
  710. IPAddressRange *addressRange;
  711. } u;
  712. } IPAddressOrRange;
  713. typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
  714. DECLARE_STACK_OF(IPAddressOrRange)
  715. #define IPAddressChoice_inherit 0
  716. #define IPAddressChoice_addressesOrRanges 1
  717. typedef struct IPAddressChoice_st {
  718. int type;
  719. union {
  720. ASN1_NULL *inherit;
  721. IPAddressOrRanges *addressesOrRanges;
  722. } u;
  723. } IPAddressChoice;
  724. typedef struct IPAddressFamily_st {
  725. ASN1_OCTET_STRING *addressFamily;
  726. IPAddressChoice *ipAddressChoice;
  727. } IPAddressFamily;
  728. typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
  729. DECLARE_STACK_OF(IPAddressFamily)
  730. IPAddressRange *IPAddressRange_new(void);
  731. void IPAddressRange_free(IPAddressRange *a);
  732. IPAddressRange *d2i_IPAddressRange(IPAddressRange **a,
  733. const unsigned char **in, long len);
  734. int i2d_IPAddressRange(IPAddressRange *a, unsigned char **out);
  735. extern const ASN1_ITEM IPAddressRange_it;
  736. IPAddressOrRange *IPAddressOrRange_new(void);
  737. void IPAddressOrRange_free(IPAddressOrRange *a);
  738. IPAddressOrRange *d2i_IPAddressOrRange(IPAddressOrRange **a,
  739. const unsigned char **in, long len);
  740. int i2d_IPAddressOrRange(IPAddressOrRange *a, unsigned char **out);
  741. extern const ASN1_ITEM IPAddressOrRange_it;
  742. IPAddressChoice *IPAddressChoice_new(void);
  743. void IPAddressChoice_free(IPAddressChoice *a);
  744. IPAddressChoice *d2i_IPAddressChoice(IPAddressChoice **a,
  745. const unsigned char **in, long len);
  746. int i2d_IPAddressChoice(IPAddressChoice *a, unsigned char **out);
  747. extern const ASN1_ITEM IPAddressChoice_it;
  748. IPAddressFamily *IPAddressFamily_new(void);
  749. void IPAddressFamily_free(IPAddressFamily *a);
  750. IPAddressFamily *d2i_IPAddressFamily(IPAddressFamily **a,
  751. const unsigned char **in, long len);
  752. int i2d_IPAddressFamily(IPAddressFamily *a, unsigned char **out);
  753. extern const ASN1_ITEM IPAddressFamily_it;
  754. /*
  755. * API tag for elements of the ASIdentifer SEQUENCE.
  756. */
  757. #define V3_ASID_ASNUM 0
  758. #define V3_ASID_RDI 1
  759. /*
  760. * AFI values, assigned by IANA. It'd be nice to make the AFI
  761. * handling code totally generic, but there are too many little things
  762. * that would need to be defined for other address families for it to
  763. * be worth the trouble.
  764. */
  765. #define IANA_AFI_IPV4 1
  766. #define IANA_AFI_IPV6 2
  767. /*
  768. * Utilities to construct and extract values from RFC3779 extensions,
  769. * since some of the encodings (particularly for IP address prefixes
  770. * and ranges) are a bit tedious to work with directly.
  771. */
  772. int X509v3_asid_add_inherit(ASIdentifiers *asid, int which);
  773. int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
  774. ASN1_INTEGER *min, ASN1_INTEGER *max);
  775. int X509v3_addr_add_inherit(IPAddrBlocks *addr, const unsigned afi,
  776. const unsigned *safi);
  777. int X509v3_addr_add_prefix(IPAddrBlocks *addr, const unsigned afi,
  778. const unsigned *safi, unsigned char *a, const int prefixlen);
  779. int X509v3_addr_add_range(IPAddrBlocks *addr, const unsigned afi,
  780. const unsigned *safi, unsigned char *min, unsigned char *max);
  781. unsigned X509v3_addr_get_afi(const IPAddressFamily *f);
  782. int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
  783. unsigned char *min, unsigned char *max, const int length);
  784. /*
  785. * Canonical forms.
  786. */
  787. int X509v3_asid_is_canonical(ASIdentifiers *asid);
  788. int X509v3_addr_is_canonical(IPAddrBlocks *addr);
  789. int X509v3_asid_canonize(ASIdentifiers *asid);
  790. int X509v3_addr_canonize(IPAddrBlocks *addr);
  791. /*
  792. * Tests for inheritance and containment.
  793. */
  794. int X509v3_asid_inherits(ASIdentifiers *asid);
  795. int X509v3_addr_inherits(IPAddrBlocks *addr);
  796. int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b);
  797. int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);
  798. /*
  799. * Check whether RFC 3779 extensions nest properly in chains.
  800. */
  801. int X509v3_asid_validate_path(X509_STORE_CTX *);
  802. int X509v3_addr_validate_path(X509_STORE_CTX *);
  803. int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, ASIdentifiers *ext,
  804. int allow_inheritance);
  805. int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, IPAddrBlocks *ext,
  806. int allow_inheritance);
  807. #endif /* !OPENSSL_NO_RFC3779 */
  808. void ERR_load_X509V3_strings(void);
  809. /* Error codes for the X509V3 functions. */
  810. /* Function codes. */
  811. #define X509V3_F_A2I_GENERAL_NAME 164
  812. #define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161
  813. #define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162
  814. #define X509V3_F_COPY_EMAIL 122
  815. #define X509V3_F_COPY_ISSUER 123
  816. #define X509V3_F_DO_DIRNAME 144
  817. #define X509V3_F_DO_EXT_CONF 124
  818. #define X509V3_F_DO_EXT_I2D 135
  819. #define X509V3_F_DO_EXT_NCONF 151
  820. #define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148
  821. #define X509V3_F_GNAMES_FROM_SECTNAME 156
  822. #define X509V3_F_HEX_TO_STRING 111
  823. #define X509V3_F_I2S_ASN1_ENUMERATED 121
  824. #define X509V3_F_I2S_ASN1_IA5STRING 149
  825. #define X509V3_F_I2S_ASN1_INTEGER 120
  826. #define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138
  827. #define X509V3_F_NOTICE_SECTION 132
  828. #define X509V3_F_NREF_NOS 133
  829. #define X509V3_F_POLICY_SECTION 131
  830. #define X509V3_F_PROCESS_PCI_VALUE 150
  831. #define X509V3_F_R2I_CERTPOL 130
  832. #define X509V3_F_R2I_PCI 155
  833. #define X509V3_F_S2I_ASN1_IA5STRING 100
  834. #define X509V3_F_S2I_ASN1_INTEGER 108
  835. #define X509V3_F_S2I_ASN1_OCTET_STRING 112
  836. #define X509V3_F_S2I_ASN1_SKEY_ID 114
  837. #define X509V3_F_S2I_SKEY_ID 115
  838. #define X509V3_F_SET_DIST_POINT_NAME 158
  839. #define X509V3_F_STRING_TO_HEX 113
  840. #define X509V3_F_SXNET_ADD_ID_ASC 125
  841. #define X509V3_F_SXNET_ADD_ID_INTEGER 126
  842. #define X509V3_F_SXNET_ADD_ID_ULONG 127
  843. #define X509V3_F_SXNET_GET_ID_ASC 128
  844. #define X509V3_F_SXNET_GET_ID_ULONG 129
  845. #define X509V3_F_V2I_ASIDENTIFIERS 163
  846. #define X509V3_F_V2I_ASN1_BIT_STRING 101
  847. #define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139
  848. #define X509V3_F_V2I_AUTHORITY_KEYID 119
  849. #define X509V3_F_V2I_BASIC_CONSTRAINTS 102
  850. #define X509V3_F_V2I_CRLD 134
  851. #define X509V3_F_V2I_EXTENDED_KEY_USAGE 103
  852. #define X509V3_F_V2I_GENERAL_NAMES 118
  853. #define X509V3_F_V2I_GENERAL_NAME_EX 117
  854. #define X509V3_F_V2I_IDP 157
  855. #define X509V3_F_V2I_IPADDRBLOCKS 159
  856. #define X509V3_F_V2I_ISSUER_ALT 153
  857. #define X509V3_F_V2I_NAME_CONSTRAINTS 147
  858. #define X509V3_F_V2I_POLICY_CONSTRAINTS 146
  859. #define X509V3_F_V2I_POLICY_MAPPINGS 145
  860. #define X509V3_F_V2I_SUBJECT_ALT 154
  861. #define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL 160
  862. #define X509V3_F_V3_GENERIC_EXTENSION 116
  863. #define X509V3_F_X509V3_ADD1_I2D 140
  864. #define X509V3_F_X509V3_ADD_VALUE 105
  865. #define X509V3_F_X509V3_EXT_ADD 104
  866. #define X509V3_F_X509V3_EXT_ADD_ALIAS 106
  867. #define X509V3_F_X509V3_EXT_CONF 107
  868. #define X509V3_F_X509V3_EXT_I2D 136
  869. #define X509V3_F_X509V3_EXT_NCONF 152
  870. #define X509V3_F_X509V3_GET_SECTION 142
  871. #define X509V3_F_X509V3_GET_STRING 143
  872. #define X509V3_F_X509V3_GET_VALUE_BOOL 110
  873. #define X509V3_F_X509V3_PARSE_LIST 109
  874. #define X509V3_F_X509_PURPOSE_ADD 137
  875. #define X509V3_F_X509_PURPOSE_SET 141
  876. /* Reason codes. */
  877. #define X509V3_R_BAD_IP_ADDRESS 118
  878. #define X509V3_R_BAD_OBJECT 119
  879. #define X509V3_R_BN_DEC2BN_ERROR 100
  880. #define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101
  881. #define X509V3_R_DIRNAME_ERROR 149
  882. #define X509V3_R_DISTPOINT_ALREADY_SET 160
  883. #define X509V3_R_DUPLICATE_ZONE_ID 133
  884. #define X509V3_R_ERROR_CONVERTING_ZONE 131
  885. #define X509V3_R_ERROR_CREATING_EXTENSION 144
  886. #define X509V3_R_ERROR_IN_EXTENSION 128
  887. #define X509V3_R_EXPECTED_A_SECTION_NAME 137
  888. #define X509V3_R_EXTENSION_EXISTS 145
  889. #define X509V3_R_EXTENSION_NAME_ERROR 115
  890. #define X509V3_R_EXTENSION_NOT_FOUND 102
  891. #define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103
  892. #define X509V3_R_EXTENSION_VALUE_ERROR 116
  893. #define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151
  894. #define X509V3_R_ILLEGAL_HEX_DIGIT 113
  895. #define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152
  896. #define X509V3_R_INVALID_MULTIPLE_RDNS 161
  897. #define X509V3_R_INVALID_ASNUMBER 162
  898. #define X509V3_R_INVALID_ASRANGE 163
  899. #define X509V3_R_INVALID_BOOLEAN_STRING 104
  900. #define X509V3_R_INVALID_EXTENSION_STRING 105
  901. #define X509V3_R_INVALID_INHERITANCE 165
  902. #define X509V3_R_INVALID_IPADDRESS 166
  903. #define X509V3_R_INVALID_NAME 106
  904. #define X509V3_R_INVALID_NULL_ARGUMENT 107
  905. #define X509V3_R_INVALID_NULL_NAME 108
  906. #define X509V3_R_INVALID_NULL_VALUE 109
  907. #define X509V3_R_INVALID_NUMBER 140
  908. #define X509V3_R_INVALID_NUMBERS 141
  909. #define X509V3_R_INVALID_OBJECT_IDENTIFIER 110
  910. #define X509V3_R_INVALID_OPTION 138
  911. #define X509V3_R_INVALID_POLICY_IDENTIFIER 134
  912. #define X509V3_R_INVALID_PROXY_POLICY_SETTING 153
  913. #define X509V3_R_INVALID_PURPOSE 146
  914. #define X509V3_R_INVALID_SAFI 164
  915. #define X509V3_R_INVALID_SECTION 135
  916. #define X509V3_R_INVALID_SYNTAX 143
  917. #define X509V3_R_ISSUER_DECODE_ERROR 126
  918. #define X509V3_R_MISSING_VALUE 124
  919. #define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142
  920. #define X509V3_R_NO_CONFIG_DATABASE 136
  921. #define X509V3_R_NO_ISSUER_CERTIFICATE 121
  922. #define X509V3_R_NO_ISSUER_DETAILS 127
  923. #define X509V3_R_NO_POLICY_IDENTIFIER 139
  924. #define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154
  925. #define X509V3_R_NO_PUBLIC_KEY 114
  926. #define X509V3_R_NO_SUBJECT_DETAILS 125
  927. #define X509V3_R_ODD_NUMBER_OF_DIGITS 112
  928. #define X509V3_R_OPERATION_NOT_DEFINED 148
  929. #define X509V3_R_OTHERNAME_ERROR 147
  930. #define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155
  931. #define X509V3_R_POLICY_PATH_LENGTH 156
  932. #define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157
  933. #define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158
  934. #define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159
  935. #define X509V3_R_SECTION_NOT_FOUND 150
  936. #define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122
  937. #define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123
  938. #define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111
  939. #define X509V3_R_UNKNOWN_EXTENSION 129
  940. #define X509V3_R_UNKNOWN_EXTENSION_NAME 130
  941. #define X509V3_R_UNKNOWN_OPTION 120
  942. #define X509V3_R_UNSUPPORTED_OPTION 117
  943. #define X509V3_R_UNSUPPORTED_TYPE 167
  944. #define X509V3_R_USER_TOO_LONG 132
  945. #ifdef __cplusplus
  946. }
  947. #endif
  948. #endif