[thirdparty/openssl.git] / crypto / include / internal / x509_int.h

/*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
 * 2015.
 */
/* ====================================================================
 * Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

/* Internal X509 structures and functions: not for application use */

/* Note: unless otherwise stated a field pointer is mandatory and should
 * never be set to NULL: the ASN.1 code and accessors rely on mandatory
 * fields never being NULL.
 */

/*
 * name entry structure, equivalent to AttributeTypeAndValue defined
 * in RFC5280 et al.
 */
struct X509_name_entry_st {
    ASN1_OBJECT *object;        /* AttributeType */
    ASN1_STRING *value;         /* AttributeValue */
    int set;                    /* index of RDNSequence for this entry */
    int size;                   /* temp variable */
};

/* Name from RFC 5280. */
struct X509_name_st {
    STACK_OF(X509_NAME_ENTRY) *entries; /* DN components */
    int modified;               /* true if 'bytes' needs to be built */
    BUF_MEM *bytes;             /* cached encoding: cannot be NULL */
    /* canonical encoding used for rapid Name comparison */
    unsigned char *canon_enc;
    int canon_enclen;
} /* X509_NAME */ ;

/* PKCS#10 certificate request */

struct X509_req_info_st {
    ASN1_ENCODING enc;          /* cached encoding of signed part */
    ASN1_INTEGER *version;      /* version, defaults to v1(0) so can be NULL */
    X509_NAME *subject;         /* certificate request DN */
    X509_PUBKEY *pubkey;        /* public key of request */
    /*
     * Zero or more attributes.
     * NB: although attributes is a mandatory field some broken
     * encodings omit it so this may be NULL in that case.
     */
    STACK_OF(X509_ATTRIBUTE) *attributes;
};

struct X509_req_st {
    X509_REQ_INFO req_info;     /* signed certificate request data */
    X509_ALGOR sig_alg;         /* signature algorithm */
    ASN1_BIT_STRING *signature; /* signature */
    int references;
    CRYPTO_RWLOCK *lock;
};

struct X509_crl_info_st {
    ASN1_INTEGER *version;      /* version: defaults to v1(0) so may be NULL */
    X509_ALGOR sig_alg;         /* signagture algorithm */
    X509_NAME *issuer;          /* CRL issuer name */
    ASN1_TIME *lastUpdate;      /* lastUpdate field */
    ASN1_TIME *nextUpdate;      /* nextUpdate field: optional */
    STACK_OF(X509_REVOKED) *revoked; /* revoked entries: optional */
    STACK_OF(X509_EXTENSION) *extensions;   /* extensions: optional */
    ASN1_ENCODING enc;          /* encoding of signed portion of CRL */
};

struct X509_crl_st {
    X509_CRL_INFO crl;          /* signed CRL data */
    X509_ALGOR sig_alg;         /* CRL signature algorithm */
    ASN1_BIT_STRING signature; /* CRL signature */
    int references;
    int flags;
    /*
     * Cached copies of decoded extension values, since extensions
     * are optional any of these can be NULL.
     */
    AUTHORITY_KEYID *akid;
    ISSUING_DIST_POINT *idp;
    /* Convenient breakdown of IDP */
    int idp_flags;
    int idp_reasons;
    /* CRL and base CRL numbers for delta processing */
    ASN1_INTEGER *crl_number;
    ASN1_INTEGER *base_crl_number;
    STACK_OF(GENERAL_NAMES) *issuers;
    /* hash of CRL */
    unsigned char sha1_hash[SHA_DIGEST_LENGTH];
    /* alternative method to handle this CRL */
    const X509_CRL_METHOD *meth;
    void *meth_data;
    CRYPTO_RWLOCK *lock;
};

struct x509_revoked_st {
    ASN1_INTEGER serialNumber; /* revoked entry serial number */
    ASN1_TIME *revocationDate;  /* revocation date */
    STACK_OF(X509_EXTENSION) *extensions;   /* CRL entry extensions: optional */
    /* decoded value of CRLissuer extension: set if indirect CRL */
    STACK_OF(GENERAL_NAME) *issuer;
    /* revocation reason: set to CRL_REASON_NONE if reason extension absent */
    int reason;
    /*
     * CRL entries are reordered for faster lookup of serial numbers. This
     * field contains the original load sequence for this entry.
     */
    int sequence;
};

/*
 * This stuff is certificate "auxiliary info": it contains details which are
 * useful in certificate stores and databases. When used this is tagged onto
 * the end of the certificate itself. OpenSSL specific structure not defined
 * in any RFC.
 */

struct x509_cert_aux_st {
    STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
    STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
    ASN1_UTF8STRING *alias;     /* "friendly name" */
    ASN1_OCTET_STRING *keyid;   /* key id of private key */
    STACK_OF(X509_ALGOR) *other; /* other unspecified info */
};

struct x509_cinf_st {
    ASN1_INTEGER *version;      /* [ 0 ] default of v1 */
    ASN1_INTEGER serialNumber;
    X509_ALGOR signature;
    X509_NAME *issuer;
    X509_VAL validity;
    X509_NAME *subject;
    X509_PUBKEY *key;
    ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
    ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
    STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
    ASN1_ENCODING enc;
};

struct x509_st {
    X509_CINF cert_info;
    X509_ALGOR sig_alg;
    ASN1_BIT_STRING signature;
    int references;
    CRYPTO_EX_DATA ex_data;
    /* These contain copies of various extension values */
    long ex_pathlen;
    long ex_pcpathlen;
    uint32_t ex_flags;
    uint32_t ex_kusage;
    uint32_t ex_xkusage;
    uint32_t ex_nscert;
    ASN1_OCTET_STRING *skid;
    AUTHORITY_KEYID *akid;
    X509_POLICY_CACHE *policy_cache;
    STACK_OF(DIST_POINT) *crldp;
    STACK_OF(GENERAL_NAME) *altname;
    NAME_CONSTRAINTS *nc;
#ifndef OPENSSL_NO_RFC3779
    STACK_OF(IPAddressFamily) *rfc3779_addr;
    struct ASIdentifiers_st *rfc3779_asid;
# endif
    unsigned char sha1_hash[SHA_DIGEST_LENGTH];
    X509_CERT_AUX *aux;
    CRYPTO_RWLOCK *lock;
} /* X509 */ ;

/* PKCS#8 private key info structure */

struct pkcs8_priv_key_info_st {
    ASN1_INTEGER *version;
    X509_ALGOR *pkeyalg;
    ASN1_OCTET_STRING *pkey;
    STACK_OF(X509_ATTRIBUTE) *attributes;
};

struct X509_sig_st {
    X509_ALGOR *algor;
    ASN1_OCTET_STRING *digest;
};
Commit	Line	Data
2743e38c DSH	1	/*
	2	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
	3	* 2015.
	4	*/
	5	/* ====================================================================
	6	* Copyright (c) 2015 The OpenSSL Project. All rights reserved.
	7	*
	8	* Redistribution and use in source and binary forms, with or without
	9	* modification, are permitted provided that the following conditions
	10	* are met:
	11	*
	12	* 1. Redistributions of source code must retain the above copyright
	13	* notice, this list of conditions and the following disclaimer.
	14	*
	15	* 2. Redistributions in binary form must reproduce the above copyright
	16	* notice, this list of conditions and the following disclaimer in
	17	* the documentation and/or other materials provided with the
	18	* distribution.
	19	*
	20	* 3. All advertising materials mentioning features or use of this
	21	* software must display the following acknowledgment:
	22	* "This product includes software developed by the OpenSSL Project
	23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
	24	*
	25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	26	* endorse or promote products derived from this software without
	27	* prior written permission. For written permission, please contact
	28	* licensing@OpenSSL.org.
	29	*
	30	* 5. Products derived from this software may not be called "OpenSSL"
	31	* nor may "OpenSSL" appear in their names without prior written
	32	* permission of the OpenSSL Project.
	33	*
	34	* 6. Redistributions of any form whatsoever must retain the following
	35	* acknowledgment:
	36	* "This product includes software developed by the OpenSSL Project
	37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
	38	*
	39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	50	* OF THE POSSIBILITY OF SUCH DAMAGE.
	51	* ====================================================================
	52	*
	53	* This product includes cryptographic software written by Eric Young
	54	* (eay@cryptsoft.com). This product includes software written by Tim
	55	* Hudson (tjh@cryptsoft.com).
	56	*
	57	*/
	58
	59	/* Internal X509 structures and functions: not for application use */
	60
40ffdc9c DSH	61	/* Note: unless otherwise stated a field pointer is mandatory and should
	62	* never be set to NULL: the ASN.1 code and accessors rely on mandatory
	63	* fields never being NULL.
	64	*/
	65
	66	/*
	67	* name entry structure, equivalent to AttributeTypeAndValue defined
	68	* in RFC5280 et al.
	69	*/
2743e38c	70	struct X509_name_entry_st {
40ffdc9c DSH	71	ASN1_OBJECT object; / AttributeType */
	72	ASN1_STRING value; / AttributeValue */
	73	int set; /* index of RDNSequence for this entry */
2743e38c DSH	74	int size; /* temp variable */
	75	};
	76
40ffdc9c	77	/* Name from RFC 5280. */
2743e38c	78	struct X509_name_st {
40ffdc9c	79	STACK_OF(X509_NAME_ENTRY) entries; / DN components */
2743e38c	80	int modified; /* true if 'bytes' needs to be built */
40ffdc9c DSH	81	BUF_MEM bytes; / cached encoding: cannot be NULL */
40ffdc9c DSH	82	/* canonical encoding used for rapid Name comparison */
2743e38c DSH	83	unsigned char *canon_enc;
	84	int canon_enclen;
	85	} /* X509_NAME */ ;
bc3686df	86
40ffdc9c	87	/* PKCS#10 certificate request */
124055a9 DSH	88
124055a9 DSH	89	struct X509_req_info_st {
40ffdc9c DSH	90	ASN1_ENCODING enc; /* cached encoding of signed part */
	91	ASN1_INTEGER version; / version, defaults to v1(0) so can be NULL */
	92	X509_NAME subject; / certificate request DN */
	93	X509_PUBKEY pubkey; / public key of request */
	94	/*
	95	* Zero or more attributes.
	96	* NB: although attributes is a mandatory field some broken
	97	* encodings omit it so this may be NULL in that case.
	98	*/
	99	STACK_OF(X509_ATTRIBUTE) *attributes;
124055a9 DSH	100	};
	101
	102	struct X509_req_st {
40ffdc9c DSH	103	X509_REQ_INFO req_info; /* signed certificate request data */
	104	X509_ALGOR sig_alg; /* signature algorithm */
	105	ASN1_BIT_STRING signature; / signature */
124055a9	106	int references;
c001ce33	107	CRYPTO_RWLOCK *lock;
124055a9	108	};
e3e57192 DSH	109
e3e57192 DSH	110	struct X509_crl_info_st {
40ffdc9c	111	ASN1_INTEGER version; / version: defaults to v1(0) so may be NULL */
e771eea6	112	X509_ALGOR sig_alg; /* signagture algorithm */
40ffdc9c DSH	113	X509_NAME issuer; / CRL issuer name */
	114	ASN1_TIME lastUpdate; / lastUpdate field */
	115	ASN1_TIME nextUpdate; / nextUpdate field: optional */
	116	STACK_OF(X509_REVOKED) revoked; / revoked entries: optional */
	117	STACK_OF(X509_EXTENSION) extensions; / extensions: optional */
	118	ASN1_ENCODING enc; /* encoding of signed portion of CRL */
e3e57192 DSH	119	};
	120
	121	struct X509_crl_st {
40ffdc9c DSH	122	X509_CRL_INFO crl; /* signed CRL data */
40ffdc9c DSH	123	X509_ALGOR sig_alg; /* CRL signature algorithm */
34a42e14	124	ASN1_BIT_STRING signature; /* CRL signature */
e3e57192 DSH	125	int references;
e3e57192 DSH	126	int flags;
40ffdc9c DSH	127	/*
	128	* Cached copies of decoded extension values, since extensions
	129	* are optional any of these can be NULL.
	130	*/
e3e57192 DSH	131	AUTHORITY_KEYID *akid;
	132	ISSUING_DIST_POINT *idp;
	133	/* Convenient breakdown of IDP */
	134	int idp_flags;
	135	int idp_reasons;
	136	/* CRL and base CRL numbers for delta processing */
	137	ASN1_INTEGER *crl_number;
	138	ASN1_INTEGER *base_crl_number;
e3e57192	139	STACK_OF(GENERAL_NAMES) *issuers;
40ffdc9c DSH	140	/* hash of CRL */
	141	unsigned char sha1_hash[SHA_DIGEST_LENGTH];
	142	/* alternative method to handle this CRL */
e3e57192 DSH	143	const X509_CRL_METHOD *meth;
e3e57192 DSH	144	void *meth_data;
c001ce33	145	CRYPTO_RWLOCK *lock;
e3e57192	146	};
44748efc DSH	147
44748efc DSH	148	struct x509_revoked_st {
34a42e14	149	ASN1_INTEGER serialNumber; /* revoked entry serial number */
40ffdc9c DSH	150	ASN1_TIME revocationDate; / revocation date */
	151	STACK_OF(X509_EXTENSION) extensions; / CRL entry extensions: optional */
	152	/* decoded value of CRLissuer extension: set if indirect CRL */
44748efc	153	STACK_OF(GENERAL_NAME) *issuer;
40ffdc9c	154	/* revocation reason: set to CRL_REASON_NONE if reason extension absent */
44748efc	155	int reason;
40ffdc9c DSH	156	/*
	157	* CRL entries are reordered for faster lookup of serial numbers. This
	158	* field contains the original load sequence for this entry.
	159	*/
	160	int sequence;
	161	};
	162
	163	/*
	164	* This stuff is certificate "auxiliary info": it contains details which are
	165	* useful in certificate stores and databases. When used this is tagged onto
	166	* the end of the certificate itself. OpenSSL specific structure not defined
	167	* in any RFC.
	168	*/
	169
	170	struct x509_cert_aux_st {
	171	STACK_OF(ASN1_OBJECT) trust; / trusted uses */
	172	STACK_OF(ASN1_OBJECT) reject; / rejected uses */
	173	ASN1_UTF8STRING alias; / "friendly name" */
	174	ASN1_OCTET_STRING keyid; / key id of private key */
	175	STACK_OF(X509_ALGOR) other; / other unspecified info */
44748efc	176	};
2c81e476 DSH	177
	178	struct x509_cinf_st {
	179	ASN1_INTEGER version; / [ 0 ] default of v1 */
81e49438	180	ASN1_INTEGER serialNumber;
2c81e476 DSH	181	X509_ALGOR signature;
	182	X509_NAME *issuer;
	183	X509_VAL validity;
	184	X509_NAME *subject;
	185	X509_PUBKEY *key;
	186	ASN1_BIT_STRING issuerUID; / [ 1 ] optional in v2 */
	187	ASN1_BIT_STRING subjectUID; / [ 2 ] optional in v2 */
	188	STACK_OF(X509_EXTENSION) extensions; / [ 3 ] optional in v3 */
	189	ASN1_ENCODING enc;
	190	};
	191
	192	struct x509_st {
	193	X509_CINF cert_info;
	194	X509_ALGOR sig_alg;
81e49438	195	ASN1_BIT_STRING signature;
2c81e476	196	int references;
2c81e476 DSH	197	CRYPTO_EX_DATA ex_data;
	198	/* These contain copies of various extension values */
	199	long ex_pathlen;
	200	long ex_pcpathlen;
	201	uint32_t ex_flags;
	202	uint32_t ex_kusage;
	203	uint32_t ex_xkusage;
	204	uint32_t ex_nscert;
	205	ASN1_OCTET_STRING *skid;
	206	AUTHORITY_KEYID *akid;
	207	X509_POLICY_CACHE *policy_cache;
	208	STACK_OF(DIST_POINT) *crldp;
	209	STACK_OF(GENERAL_NAME) *altname;
	210	NAME_CONSTRAINTS *nc;
	211	#ifndef OPENSSL_NO_RFC3779
	212	STACK_OF(IPAddressFamily) *rfc3779_addr;
	213	struct ASIdentifiers_st *rfc3779_asid;
	214	# endif
	215	unsigned char sha1_hash[SHA_DIGEST_LENGTH];
	216	X509_CERT_AUX *aux;
c001ce33	217	CRYPTO_RWLOCK *lock;
2c81e476	218	} /* X509 */ ;
54dbf423 DSH	219
	220	/* PKCS#8 private key info structure */
	221
	222	struct pkcs8_priv_key_info_st {
	223	ASN1_INTEGER *version;
	224	X509_ALGOR *pkeyalg;
	225	ASN1_OCTET_STRING *pkey;
	226	STACK_OF(X509_ATTRIBUTE) *attributes;
	227	};
a6eb1ce6 DSH	228
	229	struct X509_sig_st {
	230	X509_ALGOR *algor;
	231	ASN1_OCTET_STRING *digest;
	232	};