[thirdparty/openssl.git] / crypto / include / internal / x509_int.h

/*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
 * 2015.
 */
/* ====================================================================
 * Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

/* Internal X509 structures and functions: not for application use */

/* Note: unless otherwise stated a field pointer is mandatory and should
 * never be set to NULL: the ASN.1 code and accessors rely on mandatory
 * fields never being NULL.
 */

/*
 * name entry structure, equivalent to AttributeTypeAndValue defined
 * in RFC5280 et al.
 */
struct X509_name_entry_st {
    ASN1_OBJECT *object;        /* AttributeType */
    ASN1_STRING *value;         /* AttributeValue */
    int set;                    /* index of RDNSequence for this entry */
    int size;                   /* temp variable */
};

/* Name from RFC 5280. */
struct X509_name_st {
    STACK_OF(X509_NAME_ENTRY) *entries; /* DN components */
    int modified;               /* true if 'bytes' needs to be built */
    BUF_MEM *bytes;             /* cached encoding: cannot be NULL */
    /* canonical encoding used for rapid Name comparison */
    unsigned char *canon_enc;
    int canon_enclen;
} /* X509_NAME */ ;

/* PKCS#10 certificate request */

struct X509_req_info_st {
    ASN1_ENCODING enc;          /* cached encoding of signed part */
    ASN1_INTEGER *version;      /* version, defaults to v1(0) so can be NULL */
    X509_NAME *subject;         /* certificate request DN */
    X509_PUBKEY *pubkey;        /* public key of request */
    /*
     * Zero or more attributes.
     * NB: although attributes is a mandatory field some broken
     * encodings omit it so this may be NULL in that case.
     */
    STACK_OF(X509_ATTRIBUTE) *attributes;
};

struct X509_req_st {
    X509_REQ_INFO req_info;     /* signed certificate request data */
    X509_ALGOR sig_alg;         /* signature algorithm */
    ASN1_BIT_STRING *signature; /* signature */
    int references;
};

struct X509_crl_info_st {
    ASN1_INTEGER *version;      /* version: defaults to v1(0) so may be NULL */
    X509_ALGOR sig_alg;         /* signagture algorithm */
    X509_NAME *issuer;          /* CRL issuer name */
    ASN1_TIME *lastUpdate;      /* lastUpdate field */
    ASN1_TIME *nextUpdate;      /* nextUpdate field: optional */
    STACK_OF(X509_REVOKED) *revoked; /* revoked entries: optional */
    STACK_OF(X509_EXTENSION) *extensions;   /* extensions: optional */
    ASN1_ENCODING enc;          /* encoding of signed portion of CRL */
};

struct X509_crl_st {
    X509_CRL_INFO crl;          /* signed CRL data */
    X509_ALGOR sig_alg;         /* CRL signature algorithm */
    ASN1_BIT_STRING signature; /* CRL signature */
    int references;
    int flags;
    /*
     * Cached copies of decoded extension values, since extensions
     * are optional any of these can be NULL.
     */
    AUTHORITY_KEYID *akid;
    ISSUING_DIST_POINT *idp;
    /* Convenient breakdown of IDP */
    int idp_flags;
    int idp_reasons;
    /* CRL and base CRL numbers for delta processing */
    ASN1_INTEGER *crl_number;
    ASN1_INTEGER *base_crl_number;
    STACK_OF(GENERAL_NAMES) *issuers;
    /* hash of CRL */
    unsigned char sha1_hash[SHA_DIGEST_LENGTH];
    /* alternative method to handle this CRL */
    const X509_CRL_METHOD *meth;
    void *meth_data;
};

struct x509_revoked_st {
    ASN1_INTEGER serialNumber; /* revoked entry serial number */
    ASN1_TIME *revocationDate;  /* revocation date */
    STACK_OF(X509_EXTENSION) *extensions;   /* CRL entry extensions: optional */
    /* decoded value of CRLissuer extension: set if indirect CRL */
    STACK_OF(GENERAL_NAME) *issuer;
    /* revocation reason: set to CRL_REASON_NONE if reason extension absent */
    int reason;
    /*
     * CRL entries are reordered for faster lookup of serial numbers. This
     * field contains the original load sequence for this entry.
     */
    int sequence;
};

/*
 * This stuff is certificate "auxiliary info": it contains details which are
 * useful in certificate stores and databases. When used this is tagged onto
 * the end of the certificate itself. OpenSSL specific structure not defined
 * in any RFC.
 */

struct x509_cert_aux_st {
    STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
    STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
    ASN1_UTF8STRING *alias;     /* "friendly name" */
    ASN1_OCTET_STRING *keyid;   /* key id of private key */
    STACK_OF(X509_ALGOR) *other; /* other unspecified info */
};

struct x509_cinf_st {
    ASN1_INTEGER *version;      /* [ 0 ] default of v1 */
    ASN1_INTEGER serialNumber;
    X509_ALGOR signature;
    X509_NAME *issuer;
    X509_VAL validity;
    X509_NAME *subject;
    X509_PUBKEY *key;
    ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
    ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
    STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
    ASN1_ENCODING enc;
};

struct x509_st {
    X509_CINF cert_info;
    X509_ALGOR sig_alg;
    ASN1_BIT_STRING signature;
    int references;
    CRYPTO_EX_DATA ex_data;
    /* These contain copies of various extension values */
    long ex_pathlen;
    long ex_pcpathlen;
    uint32_t ex_flags;
    uint32_t ex_kusage;
    uint32_t ex_xkusage;
    uint32_t ex_nscert;
    ASN1_OCTET_STRING *skid;
    AUTHORITY_KEYID *akid;
    X509_POLICY_CACHE *policy_cache;
    STACK_OF(DIST_POINT) *crldp;
    STACK_OF(GENERAL_NAME) *altname;
    NAME_CONSTRAINTS *nc;
#ifndef OPENSSL_NO_RFC3779
    STACK_OF(IPAddressFamily) *rfc3779_addr;
    struct ASIdentifiers_st *rfc3779_asid;
# endif
    unsigned char sha1_hash[SHA_DIGEST_LENGTH];
    X509_CERT_AUX *aux;
} /* X509 */ ;
Commit	Line	Data
2743e38c DSH	1	/*
	2	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
	3	* 2015.
	4	*/
	5	/* ====================================================================
	6	* Copyright (c) 2015 The OpenSSL Project. All rights reserved.
	7	*
	8	* Redistribution and use in source and binary forms, with or without
	9	* modification, are permitted provided that the following conditions
	10	* are met:
	11	*
	12	* 1. Redistributions of source code must retain the above copyright
	13	* notice, this list of conditions and the following disclaimer.
	14	*
	15	* 2. Redistributions in binary form must reproduce the above copyright
	16	* notice, this list of conditions and the following disclaimer in
	17	* the documentation and/or other materials provided with the
	18	* distribution.
	19	*
	20	* 3. All advertising materials mentioning features or use of this
	21	* software must display the following acknowledgment:
	22	* "This product includes software developed by the OpenSSL Project
	23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
	24	*
	25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	26	* endorse or promote products derived from this software without
	27	* prior written permission. For written permission, please contact
	28	* licensing@OpenSSL.org.
	29	*
	30	* 5. Products derived from this software may not be called "OpenSSL"
	31	* nor may "OpenSSL" appear in their names without prior written
	32	* permission of the OpenSSL Project.
	33	*
	34	* 6. Redistributions of any form whatsoever must retain the following
	35	* acknowledgment:
	36	* "This product includes software developed by the OpenSSL Project
	37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
	38	*
	39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	50	* OF THE POSSIBILITY OF SUCH DAMAGE.
	51	* ====================================================================
	52	*
	53	* This product includes cryptographic software written by Eric Young
	54	* (eay@cryptsoft.com). This product includes software written by Tim
	55	* Hudson (tjh@cryptsoft.com).
	56	*
	57	*/
	58
	59	/* Internal X509 structures and functions: not for application use */
	60
40ffdc9c DSH	61	/* Note: unless otherwise stated a field pointer is mandatory and should
	62	* never be set to NULL: the ASN.1 code and accessors rely on mandatory
	63	* fields never being NULL.
	64	*/
	65
	66	/*
	67	* name entry structure, equivalent to AttributeTypeAndValue defined
	68	* in RFC5280 et al.
	69	*/
2743e38c	70	struct X509_name_entry_st {
40ffdc9c DSH	71	ASN1_OBJECT object; / AttributeType */
	72	ASN1_STRING value; / AttributeValue */
	73	int set; /* index of RDNSequence for this entry */
2743e38c DSH	74	int size; /* temp variable */
	75	};
	76
40ffdc9c	77	/* Name from RFC 5280. */
2743e38c	78	struct X509_name_st {
40ffdc9c	79	STACK_OF(X509_NAME_ENTRY) entries; / DN components */
2743e38c	80	int modified; /* true if 'bytes' needs to be built */
40ffdc9c DSH	81	BUF_MEM bytes; / cached encoding: cannot be NULL */
40ffdc9c DSH	82	/* canonical encoding used for rapid Name comparison */
2743e38c DSH	83	unsigned char *canon_enc;
	84	int canon_enclen;
	85	} /* X509_NAME */ ;
bc3686df	86
40ffdc9c	87	/* PKCS#10 certificate request */
124055a9 DSH	88
124055a9 DSH	89	struct X509_req_info_st {
40ffdc9c DSH	90	ASN1_ENCODING enc; /* cached encoding of signed part */
	91	ASN1_INTEGER version; / version, defaults to v1(0) so can be NULL */
	92	X509_NAME subject; / certificate request DN */
	93	X509_PUBKEY pubkey; / public key of request */
	94	/*
	95	* Zero or more attributes.
	96	* NB: although attributes is a mandatory field some broken
	97	* encodings omit it so this may be NULL in that case.
	98	*/
	99	STACK_OF(X509_ATTRIBUTE) *attributes;
124055a9 DSH	100	};
	101
	102	struct X509_req_st {
40ffdc9c DSH	103	X509_REQ_INFO req_info; /* signed certificate request data */
	104	X509_ALGOR sig_alg; /* signature algorithm */
	105	ASN1_BIT_STRING signature; / signature */
124055a9 DSH	106	int references;
124055a9 DSH	107	};
e3e57192 DSH	108
e3e57192 DSH	109	struct X509_crl_info_st {
40ffdc9c DSH	110	ASN1_INTEGER version; / version: defaults to v1(0) so may be NULL */
	111	X509_ALGOR sig_alg; /* signagture algorithm */
	112	X509_NAME issuer; / CRL issuer name */
	113	ASN1_TIME lastUpdate; / lastUpdate field */
	114	ASN1_TIME nextUpdate; / nextUpdate field: optional */
	115	STACK_OF(X509_REVOKED) revoked; / revoked entries: optional */
	116	STACK_OF(X509_EXTENSION) extensions; / extensions: optional */
	117	ASN1_ENCODING enc; /* encoding of signed portion of CRL */
e3e57192 DSH	118	};
	119
	120	struct X509_crl_st {
40ffdc9c DSH	121	X509_CRL_INFO crl; /* signed CRL data */
40ffdc9c DSH	122	X509_ALGOR sig_alg; /* CRL signature algorithm */
34a42e14	123	ASN1_BIT_STRING signature; /* CRL signature */
e3e57192 DSH	124	int references;
e3e57192 DSH	125	int flags;
40ffdc9c DSH	126	/*
	127	* Cached copies of decoded extension values, since extensions
	128	* are optional any of these can be NULL.
	129	*/
e3e57192 DSH	130	AUTHORITY_KEYID *akid;
	131	ISSUING_DIST_POINT *idp;
	132	/* Convenient breakdown of IDP */
	133	int idp_flags;
	134	int idp_reasons;
	135	/* CRL and base CRL numbers for delta processing */
	136	ASN1_INTEGER *crl_number;
	137	ASN1_INTEGER *base_crl_number;
e3e57192	138	STACK_OF(GENERAL_NAMES) *issuers;
40ffdc9c DSH	139	/* hash of CRL */
	140	unsigned char sha1_hash[SHA_DIGEST_LENGTH];
	141	/* alternative method to handle this CRL */
e3e57192 DSH	142	const X509_CRL_METHOD *meth;
	143	void *meth_data;
	144	};
44748efc DSH	145
44748efc DSH	146	struct x509_revoked_st {
34a42e14	147	ASN1_INTEGER serialNumber; /* revoked entry serial number */
40ffdc9c DSH	148	ASN1_TIME revocationDate; / revocation date */
	149	STACK_OF(X509_EXTENSION) extensions; / CRL entry extensions: optional */
	150	/* decoded value of CRLissuer extension: set if indirect CRL */
44748efc	151	STACK_OF(GENERAL_NAME) *issuer;
40ffdc9c	152	/* revocation reason: set to CRL_REASON_NONE if reason extension absent */
44748efc	153	int reason;
40ffdc9c DSH	154	/*
	155	* CRL entries are reordered for faster lookup of serial numbers. This
	156	* field contains the original load sequence for this entry.
	157	*/
	158	int sequence;
	159	};
	160
	161	/*
	162	* This stuff is certificate "auxiliary info": it contains details which are
	163	* useful in certificate stores and databases. When used this is tagged onto
	164	* the end of the certificate itself. OpenSSL specific structure not defined
	165	* in any RFC.
	166	*/
	167
	168	struct x509_cert_aux_st {
	169	STACK_OF(ASN1_OBJECT) trust; / trusted uses */
	170	STACK_OF(ASN1_OBJECT) reject; / rejected uses */
	171	ASN1_UTF8STRING alias; / "friendly name" */
	172	ASN1_OCTET_STRING keyid; / key id of private key */
	173	STACK_OF(X509_ALGOR) other; / other unspecified info */
44748efc	174	};
2c81e476 DSH	175
	176	struct x509_cinf_st {
	177	ASN1_INTEGER version; / [ 0 ] default of v1 */
81e49438	178	ASN1_INTEGER serialNumber;
2c81e476 DSH	179	X509_ALGOR signature;
	180	X509_NAME *issuer;
	181	X509_VAL validity;
	182	X509_NAME *subject;
	183	X509_PUBKEY *key;
	184	ASN1_BIT_STRING issuerUID; / [ 1 ] optional in v2 */
	185	ASN1_BIT_STRING subjectUID; / [ 2 ] optional in v2 */
	186	STACK_OF(X509_EXTENSION) extensions; / [ 3 ] optional in v3 */
	187	ASN1_ENCODING enc;
	188	};
	189
	190	struct x509_st {
	191	X509_CINF cert_info;
	192	X509_ALGOR sig_alg;
81e49438	193	ASN1_BIT_STRING signature;
2c81e476	194	int references;
2c81e476 DSH	195	CRYPTO_EX_DATA ex_data;
	196	/* These contain copies of various extension values */
	197	long ex_pathlen;
	198	long ex_pcpathlen;
	199	uint32_t ex_flags;
	200	uint32_t ex_kusage;
	201	uint32_t ex_xkusage;
	202	uint32_t ex_nscert;
	203	ASN1_OCTET_STRING *skid;
	204	AUTHORITY_KEYID *akid;
	205	X509_POLICY_CACHE *policy_cache;
	206	STACK_OF(DIST_POINT) *crldp;
	207	STACK_OF(GENERAL_NAME) *altname;
	208	NAME_CONSTRAINTS *nc;
	209	#ifndef OPENSSL_NO_RFC3779
	210	STACK_OF(IPAddressFamily) *rfc3779_addr;
	211	struct ASIdentifiers_st *rfc3779_asid;
	212	# endif
	213	unsigned char sha1_hash[SHA_DIGEST_LENGTH];
	214	X509_CERT_AUX *aux;
	215	} /* X509 */ ;