]>
Commit | Line | Data |
---|---|---|
0f113f3e | 1 | /* |
6738bf14 | 2 | * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. |
9aeaf1b4 | 3 | * |
48f4ad77 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
21dcbebc RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
58964a49 | 8 | */ |
21dcbebc | 9 | |
ae4186b0 DMSP |
10 | #ifndef OPENSSL_X509V3_H |
11 | # define OPENSSL_X509V3_H | |
d86167ec DMSP |
12 | # pragma once |
13 | ||
14 | # include <openssl/macros.h> | |
936c2b9e | 15 | # ifndef OPENSSL_NO_DEPRECATED_3_0 |
d86167ec DMSP |
16 | # define HEADER_X509V3_H |
17 | # endif | |
9aeaf1b4 | 18 | |
0f113f3e MC |
19 | # include <openssl/bio.h> |
20 | # include <openssl/x509.h> | |
21 | # include <openssl/conf.h> | |
52df25cf | 22 | # include <openssl/x509v3err.h> |
9aeaf1b4 | 23 | |
82271cee RL |
24 | #ifdef __cplusplus |
25 | extern "C" { | |
26 | #endif | |
27 | ||
9aeaf1b4 DSH |
28 | /* Forward reference */ |
29 | struct v3_ext_method; | |
30 | struct v3_ext_ctx; | |
31 | ||
32 | /* Useful typedefs */ | |
33 | ||
0f113f3e MC |
34 | typedef void *(*X509V3_EXT_NEW)(void); |
35 | typedef void (*X509V3_EXT_FREE) (void *); | |
36 | typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); | |
9fdcc21f | 37 | typedef int (*X509V3_EXT_I2D) (const void *, unsigned char **); |
babb3798 | 38 | typedef STACK_OF(CONF_VALUE) * |
0f113f3e MC |
39 | (*X509V3_EXT_I2V) (const struct v3_ext_method *method, void *ext, |
40 | STACK_OF(CONF_VALUE) *extlist); | |
41 | typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method, | |
42 | struct v3_ext_ctx *ctx, | |
43 | STACK_OF(CONF_VALUE) *values); | |
44 | typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method, | |
45 | void *ext); | |
46 | typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method, | |
47 | struct v3_ext_ctx *ctx, const char *str); | |
48 | typedef int (*X509V3_EXT_I2R) (const struct v3_ext_method *method, void *ext, | |
49 | BIO *out, int indent); | |
50 | typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method, | |
51 | struct v3_ext_ctx *ctx, const char *str); | |
9aeaf1b4 DSH |
52 | |
53 | /* V3 extension structure */ | |
54 | ||
55 | struct v3_ext_method { | |
0f113f3e MC |
56 | int ext_nid; |
57 | int ext_flags; | |
2aff7727 | 58 | /* If this is set the following four fields are ignored */ |
0f113f3e | 59 | ASN1_ITEM_EXP *it; |
2aff7727 | 60 | /* Old style ASN1 calls */ |
0f113f3e MC |
61 | X509V3_EXT_NEW ext_new; |
62 | X509V3_EXT_FREE ext_free; | |
63 | X509V3_EXT_D2I d2i; | |
64 | X509V3_EXT_I2D i2d; | |
9aeaf1b4 | 65 | /* The following pair is used for string extensions */ |
0f113f3e MC |
66 | X509V3_EXT_I2S i2s; |
67 | X509V3_EXT_S2I s2i; | |
9aeaf1b4 | 68 | /* The following pair is used for multi-valued extensions */ |
0f113f3e MC |
69 | X509V3_EXT_I2V i2v; |
70 | X509V3_EXT_V2I v2i; | |
79a474e8 | 71 | /* The following are used for raw extensions */ |
0f113f3e MC |
72 | X509V3_EXT_I2R i2r; |
73 | X509V3_EXT_R2I r2i; | |
74 | void *usr_data; /* Any extension specific data */ | |
9aeaf1b4 DSH |
75 | }; |
76 | ||
1d48dd00 | 77 | typedef struct X509V3_CONF_METHOD_st { |
34707951 F |
78 | char *(*get_string) (void *db, const char *section, const char *value); |
79 | STACK_OF(CONF_VALUE) *(*get_section) (void *db, const char *section); | |
0f113f3e MC |
80 | void (*free_string) (void *db, char *string); |
81 | void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section); | |
1d48dd00 | 82 | } X509V3_CONF_METHOD; |
175b0942 | 83 | |
9aeaf1b4 | 84 | /* Context specific info */ |
f317aa4c | 85 | struct v3_ext_ctx { |
0f113f3e MC |
86 | # define CTX_TEST 0x1 |
87 | # define X509V3_CTX_REPLACE 0x2 | |
88 | int flags; | |
89 | X509 *issuer_cert; | |
90 | X509 *subject_cert; | |
91 | X509_REQ *subject_req; | |
92 | X509_CRL *crl; | |
93 | X509V3_CONF_METHOD *db_meth; | |
94 | void *db; | |
9aeaf1b4 DSH |
95 | /* Maybe more here */ |
96 | }; | |
97 | ||
98 | typedef struct v3_ext_method X509V3_EXT_METHOD; | |
9aeaf1b4 | 99 | |
85885715 | 100 | DEFINE_STACK_OF(X509V3_EXT_METHOD) |
0d3b0afe | 101 | |
9aeaf1b4 | 102 | /* ext_flags values */ |
0f113f3e MC |
103 | # define X509V3_EXT_DYNAMIC 0x1 |
104 | # define X509V3_EXT_CTX_DEP 0x2 | |
105 | # define X509V3_EXT_MULTILINE 0x4 | |
9aeaf1b4 | 106 | |
c74f1eb9 DSH |
107 | typedef BIT_STRING_BITNAME ENUMERATED_NAMES; |
108 | ||
0490a86d | 109 | typedef struct BASIC_CONSTRAINTS_st { |
0f113f3e MC |
110 | int ca; |
111 | ASN1_INTEGER *pathlen; | |
9aeaf1b4 DSH |
112 | } BASIC_CONSTRAINTS; |
113 | ||
0490a86d | 114 | typedef struct PKEY_USAGE_PERIOD_st { |
0f113f3e MC |
115 | ASN1_GENERALIZEDTIME *notBefore; |
116 | ASN1_GENERALIZEDTIME *notAfter; | |
0be9747b DSH |
117 | } PKEY_USAGE_PERIOD; |
118 | ||
a716d727 | 119 | typedef struct otherName_st { |
0f113f3e MC |
120 | ASN1_OBJECT *type_id; |
121 | ASN1_TYPE *value; | |
a716d727 DSH |
122 | } OTHERNAME; |
123 | ||
9d6b1ce6 | 124 | typedef struct EDIPartyName_st { |
0f113f3e MC |
125 | ASN1_STRING *nameAssigner; |
126 | ASN1_STRING *partyName; | |
9d6b1ce6 DSH |
127 | } EDIPARTYNAME; |
128 | ||
0490a86d | 129 | typedef struct GENERAL_NAME_st { |
0f113f3e MC |
130 | # define GEN_OTHERNAME 0 |
131 | # define GEN_EMAIL 1 | |
132 | # define GEN_DNS 2 | |
133 | # define GEN_X400 3 | |
134 | # define GEN_DIRNAME 4 | |
135 | # define GEN_EDIPARTY 5 | |
136 | # define GEN_URI 6 | |
137 | # define GEN_IPADD 7 | |
138 | # define GEN_RID 8 | |
139 | int type; | |
140 | union { | |
141 | char *ptr; | |
142 | OTHERNAME *otherName; /* otherName */ | |
143 | ASN1_IA5STRING *rfc822Name; | |
144 | ASN1_IA5STRING *dNSName; | |
145 | ASN1_TYPE *x400Address; | |
146 | X509_NAME *directoryName; | |
147 | EDIPARTYNAME *ediPartyName; | |
148 | ASN1_IA5STRING *uniformResourceIdentifier; | |
149 | ASN1_OCTET_STRING *iPAddress; | |
150 | ASN1_OBJECT *registeredID; | |
151 | /* Old names */ | |
152 | ASN1_OCTET_STRING *ip; /* iPAddress */ | |
153 | X509_NAME *dirn; /* dirn */ | |
154 | ASN1_IA5STRING *ia5; /* rfc822Name, dNSName, | |
155 | * uniformResourceIdentifier */ | |
156 | ASN1_OBJECT *rid; /* registeredID */ | |
157 | ASN1_TYPE *other; /* x400Address */ | |
158 | } d; | |
142fcca8 DSH |
159 | } GENERAL_NAME; |
160 | ||
6d3724d3 | 161 | typedef struct ACCESS_DESCRIPTION_st { |
0f113f3e MC |
162 | ASN1_OBJECT *method; |
163 | GENERAL_NAME *location; | |
6d3724d3 DSH |
164 | } ACCESS_DESCRIPTION; |
165 | ||
9d6b1ce6 DSH |
166 | typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; |
167 | ||
168 | typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; | |
169 | ||
ba67253d RS |
170 | typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE; |
171 | ||
85885715 | 172 | DEFINE_STACK_OF(GENERAL_NAME) |
4a640fb6 | 173 | typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; |
85885715 | 174 | DEFINE_STACK_OF(GENERAL_NAMES) |
f5fedc04 | 175 | |
85885715 | 176 | DEFINE_STACK_OF(ACCESS_DESCRIPTION) |
6d3724d3 | 177 | |
d943e372 | 178 | typedef struct DIST_POINT_NAME_st { |
0f113f3e MC |
179 | int type; |
180 | union { | |
181 | GENERAL_NAMES *fullname; | |
182 | STACK_OF(X509_NAME_ENTRY) *relativename; | |
183 | } name; | |
3e727a3b | 184 | /* If relativename then this contains the full distribution point name */ |
0f113f3e | 185 | X509_NAME *dpname; |
d943e372 | 186 | } DIST_POINT_NAME; |
4b96839f | 187 | /* All existing reasons */ |
0f113f3e MC |
188 | # define CRLDP_ALL_REASONS 0x807f |
189 | ||
190 | # define CRL_REASON_NONE -1 | |
191 | # define CRL_REASON_UNSPECIFIED 0 | |
192 | # define CRL_REASON_KEY_COMPROMISE 1 | |
193 | # define CRL_REASON_CA_COMPROMISE 2 | |
194 | # define CRL_REASON_AFFILIATION_CHANGED 3 | |
195 | # define CRL_REASON_SUPERSEDED 4 | |
196 | # define CRL_REASON_CESSATION_OF_OPERATION 5 | |
197 | # define CRL_REASON_CERTIFICATE_HOLD 6 | |
198 | # define CRL_REASON_REMOVE_FROM_CRL 8 | |
199 | # define CRL_REASON_PRIVILEGE_WITHDRAWN 9 | |
200 | # define CRL_REASON_AA_COMPROMISE 10 | |
d43c4497 | 201 | |
edc54021 | 202 | struct DIST_POINT_st { |
0f113f3e MC |
203 | DIST_POINT_NAME *distpoint; |
204 | ASN1_BIT_STRING *reasons; | |
205 | GENERAL_NAMES *CRLissuer; | |
206 | int dp_reasons; | |
edc54021 | 207 | }; |
d943e372 | 208 | |
9d6b1ce6 DSH |
209 | typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; |
210 | ||
85885715 | 211 | DEFINE_STACK_OF(DIST_POINT) |
d943e372 | 212 | |
edc54021 | 213 | struct AUTHORITY_KEYID_st { |
0f113f3e MC |
214 | ASN1_OCTET_STRING *keyid; |
215 | GENERAL_NAMES *issuer; | |
216 | ASN1_INTEGER *serial; | |
edc54021 | 217 | }; |
f5fedc04 | 218 | |
785cdf20 | 219 | /* Strong extranet structures */ |
142fcca8 | 220 | |
0490a86d | 221 | typedef struct SXNET_ID_st { |
0f113f3e MC |
222 | ASN1_INTEGER *zone; |
223 | ASN1_OCTET_STRING *user; | |
785cdf20 | 224 | } SXNETID; |
142fcca8 | 225 | |
85885715 | 226 | DEFINE_STACK_OF(SXNETID) |
cfdcfede BL |
227 | |
228 | typedef struct SXNET_st { | |
0f113f3e MC |
229 | ASN1_INTEGER *version; |
230 | STACK_OF(SXNETID) *ids; | |
cfdcfede BL |
231 | } SXNET; |
232 | ||
71f85280 NM |
233 | typedef struct ISSUER_SIGN_TOOL_st { |
234 | ASN1_UTF8STRING *signTool; | |
235 | ASN1_UTF8STRING *cATool; | |
236 | ASN1_UTF8STRING *signToolCert; | |
237 | ASN1_UTF8STRING *cAToolCert; | |
238 | } ISSUER_SIGN_TOOL; | |
239 | ||
c83e523d | 240 | typedef struct NOTICEREF_st { |
0f113f3e MC |
241 | ASN1_STRING *organization; |
242 | STACK_OF(ASN1_INTEGER) *noticenos; | |
c83e523d DSH |
243 | } NOTICEREF; |
244 | ||
245 | typedef struct USERNOTICE_st { | |
0f113f3e MC |
246 | NOTICEREF *noticeref; |
247 | ASN1_STRING *exptext; | |
c83e523d DSH |
248 | } USERNOTICE; |
249 | ||
250 | typedef struct POLICYQUALINFO_st { | |
0f113f3e MC |
251 | ASN1_OBJECT *pqualid; |
252 | union { | |
253 | ASN1_IA5STRING *cpsuri; | |
254 | USERNOTICE *usernotice; | |
255 | ASN1_TYPE *other; | |
256 | } d; | |
c83e523d DSH |
257 | } POLICYQUALINFO; |
258 | ||
85885715 | 259 | DEFINE_STACK_OF(POLICYQUALINFO) |
c83e523d DSH |
260 | |
261 | typedef struct POLICYINFO_st { | |
0f113f3e MC |
262 | ASN1_OBJECT *policyid; |
263 | STACK_OF(POLICYQUALINFO) *qualifiers; | |
c83e523d DSH |
264 | } POLICYINFO; |
265 | ||
9d6b1ce6 DSH |
266 | typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; |
267 | ||
85885715 | 268 | DEFINE_STACK_OF(POLICYINFO) |
c83e523d | 269 | |
a1d12dae | 270 | typedef struct POLICY_MAPPING_st { |
0f113f3e MC |
271 | ASN1_OBJECT *issuerDomainPolicy; |
272 | ASN1_OBJECT *subjectDomainPolicy; | |
a1d12dae DSH |
273 | } POLICY_MAPPING; |
274 | ||
85885715 | 275 | DEFINE_STACK_OF(POLICY_MAPPING) |
a1d12dae DSH |
276 | |
277 | typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; | |
278 | ||
520b76ff | 279 | typedef struct GENERAL_SUBTREE_st { |
0f113f3e MC |
280 | GENERAL_NAME *base; |
281 | ASN1_INTEGER *minimum; | |
282 | ASN1_INTEGER *maximum; | |
520b76ff DSH |
283 | } GENERAL_SUBTREE; |
284 | ||
85885715 | 285 | DEFINE_STACK_OF(GENERAL_SUBTREE) |
520b76ff | 286 | |
e9746e03 | 287 | struct NAME_CONSTRAINTS_st { |
0f113f3e MC |
288 | STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; |
289 | STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; | |
e9746e03 | 290 | }; |
520b76ff | 291 | |
f80153e2 | 292 | typedef struct POLICY_CONSTRAINTS_st { |
0f113f3e MC |
293 | ASN1_INTEGER *requireExplicitPolicy; |
294 | ASN1_INTEGER *inhibitPolicyMapping; | |
f80153e2 DSH |
295 | } POLICY_CONSTRAINTS; |
296 | ||
6951c23a | 297 | /* Proxy certificate structures, see RFC 3820 */ |
0f113f3e MC |
298 | typedef struct PROXY_POLICY_st { |
299 | ASN1_OBJECT *policyLanguage; | |
300 | ASN1_OCTET_STRING *policy; | |
301 | } PROXY_POLICY; | |
302 | ||
303 | typedef struct PROXY_CERT_INFO_EXTENSION_st { | |
304 | ASN1_INTEGER *pcPathLengthConstraint; | |
305 | PROXY_POLICY *proxyPolicy; | |
306 | } PROXY_CERT_INFO_EXTENSION; | |
6951c23a RL |
307 | |
308 | DECLARE_ASN1_FUNCTIONS(PROXY_POLICY) | |
309 | DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) | |
310 | ||
0f113f3e MC |
311 | struct ISSUING_DIST_POINT_st { |
312 | DIST_POINT_NAME *distpoint; | |
313 | int onlyuser; | |
314 | int onlyCA; | |
315 | ASN1_BIT_STRING *onlysomereasons; | |
316 | int indirectCRL; | |
317 | int onlyattr; | |
318 | }; | |
6951c23a | 319 | |
4d50a2b4 DSH |
320 | /* Values in idp_flags field */ |
321 | /* IDP present */ | |
0f113f3e | 322 | # define IDP_PRESENT 0x1 |
4d50a2b4 | 323 | /* IDP values inconsistent */ |
0f113f3e | 324 | # define IDP_INVALID 0x2 |
4d50a2b4 | 325 | /* onlyuser true */ |
0f113f3e | 326 | # define IDP_ONLYUSER 0x4 |
4d50a2b4 | 327 | /* onlyCA true */ |
0f113f3e | 328 | # define IDP_ONLYCA 0x8 |
4d50a2b4 | 329 | /* onlyattr true */ |
0f113f3e | 330 | # define IDP_ONLYATTR 0x10 |
4d50a2b4 | 331 | /* indirectCRL true */ |
0f113f3e | 332 | # define IDP_INDIRECT 0x20 |
4d50a2b4 | 333 | /* onlysomereasons present */ |
0f113f3e | 334 | # define IDP_REASONS 0x40 |
4d50a2b4 | 335 | |
37659ea4 BE |
336 | # define X509V3_conf_err(val) ERR_add_error_data(6, \ |
337 | "section:", (val)->section, \ | |
338 | ",name:", (val)->name, ",value:", (val)->value) | |
9aeaf1b4 | 339 | |
0f113f3e MC |
340 | # define X509V3_set_ctx_test(ctx) \ |
341 | X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) | |
342 | # define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; | |
41b731f2 | 343 | |
0f113f3e MC |
344 | # define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ |
345 | 0,0,0,0, \ | |
346 | 0,0, \ | |
347 | (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ | |
348 | (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ | |
349 | NULL, NULL, \ | |
350 | table} | |
9aeaf1b4 | 351 | |
0f113f3e MC |
352 | # define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ |
353 | 0,0,0,0, \ | |
354 | (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ | |
355 | (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ | |
356 | 0,0,0,0, \ | |
357 | NULL} | |
9aeaf1b4 | 358 | |
0f113f3e | 359 | # define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} |
673b102c DSH |
360 | |
361 | /* X509_PURPOSE stuff */ | |
362 | ||
0f113f3e MC |
363 | # define EXFLAG_BCONS 0x1 |
364 | # define EXFLAG_KUSAGE 0x2 | |
365 | # define EXFLAG_XKUSAGE 0x4 | |
366 | # define EXFLAG_NSCERT 0x8 | |
673b102c | 367 | |
0f113f3e | 368 | # define EXFLAG_CA 0x10 |
db50661f | 369 | /* Really self issued not necessarily self signed */ |
0f113f3e MC |
370 | # define EXFLAG_SI 0x20 |
371 | # define EXFLAG_V1 0x40 | |
372 | # define EXFLAG_INVALID 0x80 | |
2d60c923 | 373 | /* EXFLAG_SET is set to indicate that some values have been precomputed */ |
0f113f3e MC |
374 | # define EXFLAG_SET 0x100 |
375 | # define EXFLAG_CRITICAL 0x200 | |
376 | # define EXFLAG_PROXY 0x400 | |
377 | ||
378 | # define EXFLAG_INVALID_POLICY 0x800 | |
379 | # define EXFLAG_FRESHEST 0x1000 | |
b1efb716 | 380 | /* Self signed */ |
0f113f3e MC |
381 | # define EXFLAG_SS 0x2000 |
382 | ||
383 | # define KU_DIGITAL_SIGNATURE 0x0080 | |
384 | # define KU_NON_REPUDIATION 0x0040 | |
385 | # define KU_KEY_ENCIPHERMENT 0x0020 | |
386 | # define KU_DATA_ENCIPHERMENT 0x0010 | |
387 | # define KU_KEY_AGREEMENT 0x0008 | |
388 | # define KU_KEY_CERT_SIGN 0x0004 | |
389 | # define KU_CRL_SIGN 0x0002 | |
390 | # define KU_ENCIPHER_ONLY 0x0001 | |
391 | # define KU_DECIPHER_ONLY 0x8000 | |
392 | ||
393 | # define NS_SSL_CLIENT 0x80 | |
394 | # define NS_SSL_SERVER 0x40 | |
395 | # define NS_SMIME 0x20 | |
396 | # define NS_OBJSIGN 0x10 | |
397 | # define NS_SSL_CA 0x04 | |
398 | # define NS_SMIME_CA 0x02 | |
399 | # define NS_OBJSIGN_CA 0x01 | |
400 | # define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) | |
401 | ||
402 | # define XKU_SSL_SERVER 0x1 | |
403 | # define XKU_SSL_CLIENT 0x2 | |
404 | # define XKU_SMIME 0x4 | |
405 | # define XKU_CODE_SIGN 0x8 | |
406 | # define XKU_SGC 0x10 | |
407 | # define XKU_OCSP_SIGN 0x20 | |
408 | # define XKU_TIMESTAMP 0x40 | |
409 | # define XKU_DVCS 0x80 | |
410 | # define XKU_ANYEKU 0x100 | |
411 | ||
412 | # define X509_PURPOSE_DYNAMIC 0x1 | |
413 | # define X509_PURPOSE_DYNAMIC_NAME 0x2 | |
79875776 | 414 | |
673b102c | 415 | typedef struct x509_purpose_st { |
0f113f3e MC |
416 | int purpose; |
417 | int trust; /* Default trust ID */ | |
418 | int flags; | |
419 | int (*check_purpose) (const struct x509_purpose_st *, const X509 *, int); | |
420 | char *name; | |
421 | char *sname; | |
422 | void *usr_data; | |
673b102c DSH |
423 | } X509_PURPOSE; |
424 | ||
0f113f3e MC |
425 | # define X509_PURPOSE_SSL_CLIENT 1 |
426 | # define X509_PURPOSE_SSL_SERVER 2 | |
427 | # define X509_PURPOSE_NS_SSL_SERVER 3 | |
428 | # define X509_PURPOSE_SMIME_SIGN 4 | |
429 | # define X509_PURPOSE_SMIME_ENCRYPT 5 | |
430 | # define X509_PURPOSE_CRL_SIGN 6 | |
431 | # define X509_PURPOSE_ANY 7 | |
432 | # define X509_PURPOSE_OCSP_HELPER 8 | |
433 | # define X509_PURPOSE_TIMESTAMP_SIGN 9 | |
673b102c | 434 | |
0f113f3e MC |
435 | # define X509_PURPOSE_MIN 1 |
436 | # define X509_PURPOSE_MAX 9 | |
dd413410 | 437 | |
8ca533e3 DSH |
438 | /* Flags for X509V3_EXT_print() */ |
439 | ||
0f113f3e | 440 | # define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) |
8ca533e3 | 441 | /* Return error for unknown extensions */ |
0f113f3e | 442 | # define X509V3_EXT_DEFAULT 0 |
8ca533e3 | 443 | /* Print error for unknown extensions */ |
0f113f3e | 444 | # define X509V3_EXT_ERROR_UNKNOWN (1L << 16) |
8ca533e3 | 445 | /* ASN1 parse unknown extensions */ |
0f113f3e | 446 | # define X509V3_EXT_PARSE_UNKNOWN (2L << 16) |
8ca533e3 | 447 | /* BIO_dump unknown extensions */ |
0f113f3e | 448 | # define X509V3_EXT_DUMP_UNKNOWN (3L << 16) |
8ca533e3 | 449 | |
57d2f217 DSH |
450 | /* Flags for X509V3_add1_i2d */ |
451 | ||
0f113f3e MC |
452 | # define X509V3_ADD_OP_MASK 0xfL |
453 | # define X509V3_ADD_DEFAULT 0L | |
454 | # define X509V3_ADD_APPEND 1L | |
455 | # define X509V3_ADD_REPLACE 2L | |
456 | # define X509V3_ADD_REPLACE_EXISTING 3L | |
457 | # define X509V3_ADD_KEEP_EXISTING 4L | |
458 | # define X509V3_ADD_DELETE 5L | |
459 | # define X509V3_ADD_SILENT 0x10 | |
57d2f217 | 460 | |
85885715 | 461 | DEFINE_STACK_OF(X509_PURPOSE) |
673b102c | 462 | |
2aff7727 | 463 | DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) |
9aeaf1b4 | 464 | |
9d6b1ce6 DSH |
465 | DECLARE_ASN1_FUNCTIONS(SXNET) |
466 | DECLARE_ASN1_FUNCTIONS(SXNETID) | |
785cdf20 | 467 | |
71f85280 NM |
468 | DECLARE_ASN1_FUNCTIONS(ISSUER_SIGN_TOOL) |
469 | ||
0aa25a68 F |
470 | int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen); |
471 | int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, | |
0f113f3e | 472 | int userlen); |
0aa25a68 | 473 | int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user, |
0f113f3e | 474 | int userlen); |
28a98809 | 475 | |
0aa25a68 | 476 | ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone); |
28a98809 DSH |
477 | ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); |
478 | ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone); | |
479 | ||
9d6b1ce6 DSH |
480 | DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID) |
481 | ||
482 | DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) | |
483 | ||
484 | DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) | |
9fdcc21f | 485 | DECLARE_ASN1_DUP_FUNCTION(GENERAL_NAME) |
c7235be6 UM |
486 | int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); |
487 | ||
5d6383c8 | 488 | ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, |
0f113f3e MC |
489 | X509V3_CTX *ctx, |
490 | STACK_OF(CONF_VALUE) *nval); | |
5d6383c8 | 491 | STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, |
0f113f3e MC |
492 | ASN1_BIT_STRING *bits, |
493 | STACK_OF(CONF_VALUE) *extlist); | |
494 | char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); | |
6452a139 | 495 | ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, |
13f74c66 | 496 | X509V3_CTX *ctx, const char *str); |
5d6383c8 | 497 | |
0f113f3e MC |
498 | STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, |
499 | GENERAL_NAME *gen, | |
500 | STACK_OF(CONF_VALUE) *ret); | |
2c15d426 | 501 | int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); |
175b0942 | 502 | |
9d6b1ce6 | 503 | DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) |
0be9747b | 504 | |
ba404b5e | 505 | STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, |
0f113f3e MC |
506 | GENERAL_NAMES *gen, |
507 | STACK_OF(CONF_VALUE) *extlist); | |
babb3798 | 508 | GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, |
0f113f3e | 509 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); |
142fcca8 | 510 | |
9d6b1ce6 DSH |
511 | DECLARE_ASN1_FUNCTIONS(OTHERNAME) |
512 | DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) | |
c7235be6 | 513 | int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b); |
a5cdb7d5 | 514 | void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value); |
5435a830 | 515 | void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype); |
a5cdb7d5 | 516 | int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, |
0f113f3e | 517 | ASN1_OBJECT *oid, ASN1_TYPE *value); |
5435a830 | 518 | int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen, |
0f113f3e | 519 | ASN1_OBJECT **poid, ASN1_TYPE **pvalue); |
a716d727 | 520 | |
0f113f3e | 521 | char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, |
bf9d5e48 | 522 | const ASN1_OCTET_STRING *ia5); |
0f113f3e | 523 | ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, |
bf9d5e48 | 524 | X509V3_CTX *ctx, const char *str); |
142fcca8 | 525 | |
9d6b1ce6 | 526 | DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) |
095d2f0f | 527 | int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a); |
6d3724d3 | 528 | |
ba67253d RS |
529 | DECLARE_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE) |
530 | ||
9d6b1ce6 DSH |
531 | DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) |
532 | DECLARE_ASN1_FUNCTIONS(POLICYINFO) | |
533 | DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO) | |
534 | DECLARE_ASN1_FUNCTIONS(USERNOTICE) | |
535 | DECLARE_ASN1_FUNCTIONS(NOTICEREF) | |
6d3724d3 | 536 | |
9d6b1ce6 DSH |
537 | DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS) |
538 | DECLARE_ASN1_FUNCTIONS(DIST_POINT) | |
539 | DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) | |
8eb72175 | 540 | DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT) |
6d3724d3 | 541 | |
8cc86b81 | 542 | int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, const X509_NAME *iname); |
3e727a3b | 543 | |
e9746e03 | 544 | int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc); |
5bd5dcd4 | 545 | int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc); |
e9746e03 | 546 | |
9d6b1ce6 DSH |
547 | DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) |
548 | DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) | |
6d3724d3 | 549 | |
a1d12dae | 550 | DECLARE_ASN1_ITEM(POLICY_MAPPING) |
ea3675b5 | 551 | DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) |
a1d12dae DSH |
552 | DECLARE_ASN1_ITEM(POLICY_MAPPINGS) |
553 | ||
520b76ff DSH |
554 | DECLARE_ASN1_ITEM(GENERAL_SUBTREE) |
555 | DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) | |
556 | ||
557 | DECLARE_ASN1_ITEM(NAME_CONSTRAINTS) | |
558 | DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) | |
559 | ||
f80153e2 DSH |
560 | DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) |
561 | DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) | |
562 | ||
be86c7fc | 563 | GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, |
0f113f3e | 564 | const X509V3_EXT_METHOD *method, |
02e112a8 | 565 | X509V3_CTX *ctx, int gen_type, |
c8f717fe | 566 | const char *value, int is_nc); |
be86c7fc | 567 | |
ae4186b0 | 568 | # ifdef OPENSSL_CONF_H |
0f113f3e MC |
569 | GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, |
570 | X509V3_CTX *ctx, CONF_VALUE *cnf); | |
babb3798 | 571 | GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, |
0f113f3e MC |
572 | const X509V3_EXT_METHOD *method, |
573 | X509V3_CTX *ctx, CONF_VALUE *cnf, | |
574 | int is_nc); | |
9aeaf1b4 | 575 | void X509V3_conf_free(CONF_VALUE *val); |
b7a26e6d | 576 | |
0f113f3e | 577 | X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, |
34707951 F |
578 | const char *value); |
579 | X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, | |
580 | const char *value); | |
581 | int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, | |
0f113f3e | 582 | STACK_OF(X509_EXTENSION) **sk); |
34707951 | 583 | int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, |
0f113f3e | 584 | X509 *cert); |
34707951 | 585 | int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, |
0f113f3e | 586 | X509_REQ *req); |
34707951 | 587 | int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, |
0f113f3e MC |
588 | X509_CRL *crl); |
589 | ||
590 | X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, | |
591 | X509V3_CTX *ctx, int ext_nid, | |
34707951 | 592 | const char *value); |
3c1d6bbc | 593 | X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, |
34707951 | 594 | const char *name, const char *value); |
3c1d6bbc | 595 | int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, |
34707951 | 596 | const char *section, X509 *cert); |
3c1d6bbc | 597 | int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, |
34707951 | 598 | const char *section, X509_REQ *req); |
3c1d6bbc | 599 | int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, |
34707951 | 600 | const char *section, X509_CRL *crl); |
b7a26e6d | 601 | |
c8f717fe | 602 | int X509V3_add_value_bool_nf(const char *name, int asn1_bool, |
0f113f3e | 603 | STACK_OF(CONF_VALUE) **extlist); |
bf9d5e48 F |
604 | int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool); |
605 | int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint); | |
b7a26e6d | 606 | void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); |
3c1d6bbc | 607 | void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); |
0f113f3e | 608 | # endif |
9aeaf1b4 | 609 | |
c8f717fe F |
610 | char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section); |
611 | STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section); | |
41b731f2 | 612 | void X509V3_string_free(X509V3_CTX *ctx, char *str); |
0f113f3e | 613 | void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); |
1d48dd00 | 614 | void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, |
0f113f3e | 615 | X509_REQ *req, X509_CRL *crl, int flags); |
1d48dd00 | 616 | |
ba404b5e | 617 | int X509V3_add_value(const char *name, const char *value, |
0f113f3e | 618 | STACK_OF(CONF_VALUE) **extlist); |
61f5b6f3 | 619 | int X509V3_add_value_uchar(const char *name, const unsigned char *value, |
0f113f3e | 620 | STACK_OF(CONF_VALUE) **extlist); |
ba404b5e | 621 | int X509V3_add_value_bool(const char *name, int asn1_bool, |
0f113f3e | 622 | STACK_OF(CONF_VALUE) **extlist); |
bf9d5e48 | 623 | int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, |
0f113f3e | 624 | STACK_OF(CONF_VALUE) **extlist); |
a6a283b3 | 625 | char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint); |
2b91da96 | 626 | ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value); |
bf9d5e48 | 627 | char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint); |
0f113f3e | 628 | char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, |
bf9d5e48 | 629 | const ASN1_ENUMERATED *aint); |
9aeaf1b4 | 630 | int X509V3_EXT_add(X509V3_EXT_METHOD *ext); |
397f7038 | 631 | int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); |
9aeaf1b4 DSH |
632 | int X509V3_EXT_add_alias(int nid_to, int nid_from); |
633 | void X509V3_EXT_cleanup(void); | |
634 | ||
babb3798 BL |
635 | const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); |
636 | const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); | |
9aeaf1b4 | 637 | int X509V3_add_standard_extensions(void); |
535d79da | 638 | STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); |
f5fedc04 | 639 | void *X509V3_EXT_d2i(X509_EXTENSION *ext); |
84de54b9 | 640 | void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, |
0f113f3e | 641 | int *idx); |
57d2f217 | 642 | |
c8b41850 | 643 | X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); |
0f113f3e MC |
644 | int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, |
645 | int crit, unsigned long flags); | |
9aeaf1b4 | 646 | |
00db8c60 | 647 | #ifndef OPENSSL_NO_DEPRECATED_1_1_0 |
14f051a0 RS |
648 | /* The new declarations are in crypto.h, but the old ones were here. */ |
649 | # define hex_to_string OPENSSL_buf2hexstr | |
650 | # define string_to_hex OPENSSL_hexstr2buf | |
651 | #endif | |
175b0942 | 652 | |
ba404b5e | 653 | void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, |
0f113f3e MC |
654 | int ml); |
655 | int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, | |
656 | int indent); | |
984d6c60 | 657 | #ifndef OPENSSL_NO_STDIO |
785cdf20 | 658 | int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); |
984d6c60 | 659 | #endif |
5e6089f0 MC |
660 | int X509V3_extensions_print(BIO *out, const char *title, |
661 | const STACK_OF(X509_EXTENSION) *exts, | |
0f113f3e | 662 | unsigned long flag, int indent); |
2c15d426 | 663 | |
30b415b0 | 664 | int X509_check_ca(X509 *x); |
673b102c | 665 | int X509_check_purpose(X509 *x, int id, int ca); |
f1558bb4 | 666 | int X509_supported_extension(X509_EXTENSION *ex); |
926a56bf | 667 | int X509_PURPOSE_set(int *p, int purpose); |
2f043896 | 668 | int X509_check_issued(X509 *issuer, X509 *subject); |
bc7535bc | 669 | int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); |
9961cb77 | 670 | void X509_set_proxy_flag(X509 *x); |
fe0169b0 RL |
671 | void X509_set_proxy_pathlen(X509 *x, long l); |
672 | long X509_get_proxy_pathlen(X509 *x); | |
063f1f0c DSH |
673 | |
674 | uint32_t X509_get_extension_flags(X509 *x); | |
675 | uint32_t X509_get_key_usage(X509 *x); | |
676 | uint32_t X509_get_extended_key_usage(X509 *x); | |
d19a50c9 | 677 | const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); |
b383aa20 | 678 | const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); |
afdec13d DMSP |
679 | const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); |
680 | const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); | |
063f1f0c | 681 | |
d4cec6a1 | 682 | int X509_PURPOSE_get_count(void); |
0f113f3e | 683 | X509_PURPOSE *X509_PURPOSE_get0(int idx); |
c8f717fe | 684 | int X509_PURPOSE_get_by_sname(const char *sname); |
d4cec6a1 | 685 | int X509_PURPOSE_get_by_id(int id); |
dd413410 | 686 | int X509_PURPOSE_add(int id, int trust, int flags, |
0f113f3e | 687 | int (*ck) (const X509_PURPOSE *, const X509 *, int), |
c8f717fe F |
688 | const char *name, const char *sname, void *arg); |
689 | char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp); | |
690 | char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); | |
691 | int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); | |
79875776 | 692 | void X509_PURPOSE_cleanup(void); |
c8f717fe | 693 | int X509_PURPOSE_get_id(const X509_PURPOSE *); |
673b102c | 694 | |
c869da88 DSH |
695 | STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); |
696 | STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); | |
697 | void X509_email_free(STACK_OF(OPENSSL_STRING) *sk); | |
698 | STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); | |
a70da5b3 DSH |
699 | /* Flags for X509_check_* functions */ |
700 | ||
0f113f3e MC |
701 | /* |
702 | * Always check subject name for host match even if subject alt names present | |
703 | */ | |
704 | # define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1 | |
397a8e74 | 705 | /* Disable wildcard matching for dnsName fields and common name. */ |
0f113f3e | 706 | # define X509_CHECK_FLAG_NO_WILDCARDS 0x2 |
397a8e74 | 707 | /* Wildcards must not match a partial label. */ |
0f113f3e | 708 | # define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4 |
397a8e74 | 709 | /* Allow (non-partial) wildcards to match multiple labels. */ |
0f113f3e | 710 | # define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 |
a09e4d24 | 711 | /* Constraint verifier subdomain patterns to match a single labels. */ |
0f113f3e | 712 | # define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 |
dd60efea VD |
713 | /* Never check the subject CN */ |
714 | # define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20 | |
a09e4d24 VD |
715 | /* |
716 | * Match reference identifiers starting with "." to any sub-domain. | |
717 | * This is a non-public flag, turned on implicitly when the subject | |
718 | * reference identity is a DNS name. | |
719 | */ | |
0f113f3e | 720 | # define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000 |
a70da5b3 | 721 | |
297c67fc | 722 | int X509_check_host(X509 *x, const char *chk, size_t chklen, |
0f113f3e | 723 | unsigned int flags, char **peername); |
297c67fc | 724 | int X509_check_email(X509 *x, const char *chk, size_t chklen, |
0f113f3e | 725 | unsigned int flags); |
a70da5b3 | 726 | int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, |
0f113f3e | 727 | unsigned int flags); |
a70da5b3 | 728 | int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags); |
a91dedca | 729 | |
4e5d3a7f | 730 | ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); |
520b76ff | 731 | ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); |
a7b1eed5 | 732 | int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, |
0f113f3e | 733 | unsigned long chtype); |
a91dedca | 734 | |
ecf13991 | 735 | void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); |
85885715 | 736 | DEFINE_STACK_OF(X509_POLICY_NODE) |
ecf13991 | 737 | |
47bbaa5b | 738 | #ifndef OPENSSL_NO_RFC3779 |
96ea4ae9 | 739 | typedef struct ASRange_st { |
0f113f3e | 740 | ASN1_INTEGER *min, *max; |
96ea4ae9 BL |
741 | } ASRange; |
742 | ||
c73ad690 RS |
743 | # define ASIdOrRange_id 0 |
744 | # define ASIdOrRange_range 1 | |
96ea4ae9 BL |
745 | |
746 | typedef struct ASIdOrRange_st { | |
0f113f3e MC |
747 | int type; |
748 | union { | |
749 | ASN1_INTEGER *id; | |
750 | ASRange *range; | |
751 | } u; | |
96ea4ae9 BL |
752 | } ASIdOrRange; |
753 | ||
754 | typedef STACK_OF(ASIdOrRange) ASIdOrRanges; | |
85885715 | 755 | DEFINE_STACK_OF(ASIdOrRange) |
96ea4ae9 | 756 | |
c73ad690 RS |
757 | # define ASIdentifierChoice_inherit 0 |
758 | # define ASIdentifierChoice_asIdsOrRanges 1 | |
96ea4ae9 BL |
759 | |
760 | typedef struct ASIdentifierChoice_st { | |
0f113f3e MC |
761 | int type; |
762 | union { | |
763 | ASN1_NULL *inherit; | |
764 | ASIdOrRanges *asIdsOrRanges; | |
765 | } u; | |
96ea4ae9 BL |
766 | } ASIdentifierChoice; |
767 | ||
768 | typedef struct ASIdentifiers_st { | |
0f113f3e | 769 | ASIdentifierChoice *asnum, *rdi; |
96ea4ae9 BL |
770 | } ASIdentifiers; |
771 | ||
772 | DECLARE_ASN1_FUNCTIONS(ASRange) | |
773 | DECLARE_ASN1_FUNCTIONS(ASIdOrRange) | |
774 | DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice) | |
775 | DECLARE_ASN1_FUNCTIONS(ASIdentifiers) | |
776 | ||
96ea4ae9 | 777 | typedef struct IPAddressRange_st { |
0f113f3e | 778 | ASN1_BIT_STRING *min, *max; |
96ea4ae9 BL |
779 | } IPAddressRange; |
780 | ||
c73ad690 RS |
781 | # define IPAddressOrRange_addressPrefix 0 |
782 | # define IPAddressOrRange_addressRange 1 | |
96ea4ae9 BL |
783 | |
784 | typedef struct IPAddressOrRange_st { | |
0f113f3e MC |
785 | int type; |
786 | union { | |
787 | ASN1_BIT_STRING *addressPrefix; | |
788 | IPAddressRange *addressRange; | |
789 | } u; | |
96ea4ae9 BL |
790 | } IPAddressOrRange; |
791 | ||
792 | typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; | |
85885715 | 793 | DEFINE_STACK_OF(IPAddressOrRange) |
96ea4ae9 | 794 | |
c73ad690 RS |
795 | # define IPAddressChoice_inherit 0 |
796 | # define IPAddressChoice_addressesOrRanges 1 | |
96ea4ae9 BL |
797 | |
798 | typedef struct IPAddressChoice_st { | |
0f113f3e MC |
799 | int type; |
800 | union { | |
801 | ASN1_NULL *inherit; | |
802 | IPAddressOrRanges *addressesOrRanges; | |
803 | } u; | |
96ea4ae9 BL |
804 | } IPAddressChoice; |
805 | ||
806 | typedef struct IPAddressFamily_st { | |
0f113f3e MC |
807 | ASN1_OCTET_STRING *addressFamily; |
808 | IPAddressChoice *ipAddressChoice; | |
96ea4ae9 BL |
809 | } IPAddressFamily; |
810 | ||
811 | typedef STACK_OF(IPAddressFamily) IPAddrBlocks; | |
85885715 | 812 | DEFINE_STACK_OF(IPAddressFamily) |
96ea4ae9 BL |
813 | |
814 | DECLARE_ASN1_FUNCTIONS(IPAddressRange) | |
815 | DECLARE_ASN1_FUNCTIONS(IPAddressOrRange) | |
816 | DECLARE_ASN1_FUNCTIONS(IPAddressChoice) | |
817 | DECLARE_ASN1_FUNCTIONS(IPAddressFamily) | |
818 | ||
819 | /* | |
820 | * API tag for elements of the ASIdentifer SEQUENCE. | |
821 | */ | |
c73ad690 RS |
822 | # define V3_ASID_ASNUM 0 |
823 | # define V3_ASID_RDI 1 | |
96ea4ae9 BL |
824 | |
825 | /* | |
826 | * AFI values, assigned by IANA. It'd be nice to make the AFI | |
827 | * handling code totally generic, but there are too many little things | |
828 | * that would need to be defined for other address families for it to | |
829 | * be worth the trouble. | |
830 | */ | |
c73ad690 RS |
831 | # define IANA_AFI_IPV4 1 |
832 | # define IANA_AFI_IPV6 2 | |
96ea4ae9 BL |
833 | |
834 | /* | |
835 | * Utilities to construct and extract values from RFC3779 extensions, | |
836 | * since some of the encodings (particularly for IP address prefixes | |
837 | * and ranges) are a bit tedious to work with directly. | |
838 | */ | |
9021a5df RS |
839 | int X509v3_asid_add_inherit(ASIdentifiers *asid, int which); |
840 | int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which, | |
841 | ASN1_INTEGER *min, ASN1_INTEGER *max); | |
842 | int X509v3_addr_add_inherit(IPAddrBlocks *addr, | |
843 | const unsigned afi, const unsigned *safi); | |
844 | int X509v3_addr_add_prefix(IPAddrBlocks *addr, | |
845 | const unsigned afi, const unsigned *safi, | |
846 | unsigned char *a, const int prefixlen); | |
847 | int X509v3_addr_add_range(IPAddrBlocks *addr, | |
848 | const unsigned afi, const unsigned *safi, | |
849 | unsigned char *min, unsigned char *max); | |
850 | unsigned X509v3_addr_get_afi(const IPAddressFamily *f); | |
851 | int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, | |
852 | unsigned char *min, unsigned char *max, | |
853 | const int length); | |
96ea4ae9 BL |
854 | |
855 | /* | |
856 | * Canonical forms. | |
857 | */ | |
9021a5df RS |
858 | int X509v3_asid_is_canonical(ASIdentifiers *asid); |
859 | int X509v3_addr_is_canonical(IPAddrBlocks *addr); | |
860 | int X509v3_asid_canonize(ASIdentifiers *asid); | |
861 | int X509v3_addr_canonize(IPAddrBlocks *addr); | |
96ea4ae9 BL |
862 | |
863 | /* | |
864 | * Tests for inheritance and containment. | |
865 | */ | |
9021a5df RS |
866 | int X509v3_asid_inherits(ASIdentifiers *asid); |
867 | int X509v3_addr_inherits(IPAddrBlocks *addr); | |
868 | int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b); | |
869 | int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); | |
96ea4ae9 BL |
870 | |
871 | /* | |
872 | * Check whether RFC 3779 extensions nest properly in chains. | |
873 | */ | |
9021a5df RS |
874 | int X509v3_asid_validate_path(X509_STORE_CTX *); |
875 | int X509v3_addr_validate_path(X509_STORE_CTX *); | |
876 | int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, | |
877 | ASIdentifiers *ext, | |
878 | int allow_inheritance); | |
879 | int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, | |
880 | IPAddrBlocks *ext, int allow_inheritance); | |
96ea4ae9 | 881 | |
47bbaa5b | 882 | #endif /* OPENSSL_NO_RFC3779 */ |
9021a5df | 883 | |
fa743582 RS |
884 | DEFINE_STACK_OF(ASN1_STRING) |
885 | ||
886 | /* | |
887 | * Admission Syntax | |
888 | */ | |
889 | typedef struct NamingAuthority_st NAMING_AUTHORITY; | |
890 | typedef struct ProfessionInfo_st PROFESSION_INFO; | |
891 | typedef struct Admissions_st ADMISSIONS; | |
892 | typedef struct AdmissionSyntax_st ADMISSION_SYNTAX; | |
893 | DECLARE_ASN1_FUNCTIONS(NAMING_AUTHORITY) | |
894 | DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO) | |
895 | DECLARE_ASN1_FUNCTIONS(ADMISSIONS) | |
896 | DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX) | |
897 | DEFINE_STACK_OF(ADMISSIONS) | |
898 | DEFINE_STACK_OF(PROFESSION_INFO) | |
899 | typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS; | |
900 | ||
901 | const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId( | |
902 | const NAMING_AUTHORITY *n); | |
903 | const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL( | |
904 | const NAMING_AUTHORITY *n); | |
905 | const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( | |
906 | const NAMING_AUTHORITY *n); | |
907 | void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, | |
908 | ASN1_OBJECT* namingAuthorityId); | |
909 | void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, | |
910 | ASN1_IA5STRING* namingAuthorityUrl); | |
911 | void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, | |
912 | ASN1_STRING* namingAuthorityText); | |
913 | ||
914 | const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority( | |
915 | const ADMISSION_SYNTAX *as); | |
916 | void ADMISSION_SYNTAX_set0_admissionAuthority( | |
917 | ADMISSION_SYNTAX *as, GENERAL_NAME *aa); | |
918 | const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions( | |
919 | const ADMISSION_SYNTAX *as); | |
920 | void ADMISSION_SYNTAX_set0_contentsOfAdmissions( | |
921 | ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a); | |
922 | const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a); | |
923 | void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa); | |
924 | const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a); | |
925 | void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na); | |
926 | const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a); | |
927 | void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi); | |
928 | const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo( | |
929 | const PROFESSION_INFO *pi); | |
930 | void PROFESSION_INFO_set0_addProfessionInfo( | |
931 | PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos); | |
932 | const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority( | |
933 | const PROFESSION_INFO *pi); | |
934 | void PROFESSION_INFO_set0_namingAuthority( | |
935 | PROFESSION_INFO *pi, NAMING_AUTHORITY *na); | |
936 | const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems( | |
937 | const PROFESSION_INFO *pi); | |
938 | void PROFESSION_INFO_set0_professionItems( | |
939 | PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as); | |
940 | const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs( | |
941 | const PROFESSION_INFO *pi); | |
942 | void PROFESSION_INFO_set0_professionOIDs( | |
943 | PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po); | |
944 | const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber( | |
945 | const PROFESSION_INFO *pi); | |
946 | void PROFESSION_INFO_set0_registrationNumber( | |
947 | PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn); | |
948 | ||
0cd0a820 | 949 | # ifdef __cplusplus |
9aeaf1b4 | 950 | } |
0cd0a820 | 951 | # endif |
9aeaf1b4 | 952 | #endif |