]>
Commit | Line | Data |
---|---|---|
0f113f3e | 1 | /* |
6738bf14 | 2 | * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. |
9aeaf1b4 | 3 | * |
48f4ad77 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
21dcbebc RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
58964a49 | 8 | */ |
21dcbebc | 9 | |
ae4186b0 DMSP |
10 | #ifndef OPENSSL_X509V3_H |
11 | # define OPENSSL_X509V3_H | |
d86167ec DMSP |
12 | # pragma once |
13 | ||
14 | # include <openssl/macros.h> | |
936c2b9e | 15 | # ifndef OPENSSL_NO_DEPRECATED_3_0 |
d86167ec DMSP |
16 | # define HEADER_X509V3_H |
17 | # endif | |
9aeaf1b4 | 18 | |
0f113f3e MC |
19 | # include <openssl/bio.h> |
20 | # include <openssl/x509.h> | |
21 | # include <openssl/conf.h> | |
52df25cf | 22 | # include <openssl/x509v3err.h> |
9aeaf1b4 | 23 | |
82271cee RL |
24 | #ifdef __cplusplus |
25 | extern "C" { | |
26 | #endif | |
27 | ||
9aeaf1b4 DSH |
28 | /* Forward reference */ |
29 | struct v3_ext_method; | |
30 | struct v3_ext_ctx; | |
31 | ||
32 | /* Useful typedefs */ | |
33 | ||
0f113f3e MC |
34 | typedef void *(*X509V3_EXT_NEW)(void); |
35 | typedef void (*X509V3_EXT_FREE) (void *); | |
36 | typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); | |
9fdcc21f | 37 | typedef int (*X509V3_EXT_I2D) (const void *, unsigned char **); |
babb3798 | 38 | typedef STACK_OF(CONF_VALUE) * |
0f113f3e MC |
39 | (*X509V3_EXT_I2V) (const struct v3_ext_method *method, void *ext, |
40 | STACK_OF(CONF_VALUE) *extlist); | |
41 | typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method, | |
42 | struct v3_ext_ctx *ctx, | |
43 | STACK_OF(CONF_VALUE) *values); | |
44 | typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method, | |
45 | void *ext); | |
46 | typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method, | |
47 | struct v3_ext_ctx *ctx, const char *str); | |
48 | typedef int (*X509V3_EXT_I2R) (const struct v3_ext_method *method, void *ext, | |
49 | BIO *out, int indent); | |
50 | typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method, | |
51 | struct v3_ext_ctx *ctx, const char *str); | |
9aeaf1b4 DSH |
52 | |
53 | /* V3 extension structure */ | |
54 | ||
55 | struct v3_ext_method { | |
0f113f3e MC |
56 | int ext_nid; |
57 | int ext_flags; | |
2aff7727 | 58 | /* If this is set the following four fields are ignored */ |
0f113f3e | 59 | ASN1_ITEM_EXP *it; |
2aff7727 | 60 | /* Old style ASN1 calls */ |
0f113f3e MC |
61 | X509V3_EXT_NEW ext_new; |
62 | X509V3_EXT_FREE ext_free; | |
63 | X509V3_EXT_D2I d2i; | |
64 | X509V3_EXT_I2D i2d; | |
9aeaf1b4 | 65 | /* The following pair is used for string extensions */ |
0f113f3e MC |
66 | X509V3_EXT_I2S i2s; |
67 | X509V3_EXT_S2I s2i; | |
9aeaf1b4 | 68 | /* The following pair is used for multi-valued extensions */ |
0f113f3e MC |
69 | X509V3_EXT_I2V i2v; |
70 | X509V3_EXT_V2I v2i; | |
79a474e8 | 71 | /* The following are used for raw extensions */ |
0f113f3e MC |
72 | X509V3_EXT_I2R i2r; |
73 | X509V3_EXT_R2I r2i; | |
74 | void *usr_data; /* Any extension specific data */ | |
9aeaf1b4 DSH |
75 | }; |
76 | ||
1d48dd00 | 77 | typedef struct X509V3_CONF_METHOD_st { |
34707951 F |
78 | char *(*get_string) (void *db, const char *section, const char *value); |
79 | STACK_OF(CONF_VALUE) *(*get_section) (void *db, const char *section); | |
0f113f3e MC |
80 | void (*free_string) (void *db, char *string); |
81 | void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section); | |
1d48dd00 | 82 | } X509V3_CONF_METHOD; |
175b0942 | 83 | |
9aeaf1b4 | 84 | /* Context specific info */ |
f317aa4c | 85 | struct v3_ext_ctx { |
0f113f3e MC |
86 | # define CTX_TEST 0x1 |
87 | # define X509V3_CTX_REPLACE 0x2 | |
88 | int flags; | |
89 | X509 *issuer_cert; | |
90 | X509 *subject_cert; | |
91 | X509_REQ *subject_req; | |
92 | X509_CRL *crl; | |
93 | X509V3_CONF_METHOD *db_meth; | |
94 | void *db; | |
9aeaf1b4 DSH |
95 | /* Maybe more here */ |
96 | }; | |
97 | ||
98 | typedef struct v3_ext_method X509V3_EXT_METHOD; | |
9aeaf1b4 | 99 | |
85885715 | 100 | DEFINE_STACK_OF(X509V3_EXT_METHOD) |
0d3b0afe | 101 | |
9aeaf1b4 | 102 | /* ext_flags values */ |
0f113f3e MC |
103 | # define X509V3_EXT_DYNAMIC 0x1 |
104 | # define X509V3_EXT_CTX_DEP 0x2 | |
105 | # define X509V3_EXT_MULTILINE 0x4 | |
9aeaf1b4 | 106 | |
c74f1eb9 DSH |
107 | typedef BIT_STRING_BITNAME ENUMERATED_NAMES; |
108 | ||
0490a86d | 109 | typedef struct BASIC_CONSTRAINTS_st { |
0f113f3e MC |
110 | int ca; |
111 | ASN1_INTEGER *pathlen; | |
9aeaf1b4 DSH |
112 | } BASIC_CONSTRAINTS; |
113 | ||
0490a86d | 114 | typedef struct PKEY_USAGE_PERIOD_st { |
0f113f3e MC |
115 | ASN1_GENERALIZEDTIME *notBefore; |
116 | ASN1_GENERALIZEDTIME *notAfter; | |
0be9747b DSH |
117 | } PKEY_USAGE_PERIOD; |
118 | ||
a716d727 | 119 | typedef struct otherName_st { |
0f113f3e MC |
120 | ASN1_OBJECT *type_id; |
121 | ASN1_TYPE *value; | |
a716d727 DSH |
122 | } OTHERNAME; |
123 | ||
9d6b1ce6 | 124 | typedef struct EDIPartyName_st { |
0f113f3e MC |
125 | ASN1_STRING *nameAssigner; |
126 | ASN1_STRING *partyName; | |
9d6b1ce6 DSH |
127 | } EDIPARTYNAME; |
128 | ||
0490a86d | 129 | typedef struct GENERAL_NAME_st { |
0f113f3e MC |
130 | # define GEN_OTHERNAME 0 |
131 | # define GEN_EMAIL 1 | |
132 | # define GEN_DNS 2 | |
133 | # define GEN_X400 3 | |
134 | # define GEN_DIRNAME 4 | |
135 | # define GEN_EDIPARTY 5 | |
136 | # define GEN_URI 6 | |
137 | # define GEN_IPADD 7 | |
138 | # define GEN_RID 8 | |
139 | int type; | |
140 | union { | |
141 | char *ptr; | |
142 | OTHERNAME *otherName; /* otherName */ | |
143 | ASN1_IA5STRING *rfc822Name; | |
144 | ASN1_IA5STRING *dNSName; | |
145 | ASN1_TYPE *x400Address; | |
146 | X509_NAME *directoryName; | |
147 | EDIPARTYNAME *ediPartyName; | |
148 | ASN1_IA5STRING *uniformResourceIdentifier; | |
149 | ASN1_OCTET_STRING *iPAddress; | |
150 | ASN1_OBJECT *registeredID; | |
151 | /* Old names */ | |
152 | ASN1_OCTET_STRING *ip; /* iPAddress */ | |
153 | X509_NAME *dirn; /* dirn */ | |
154 | ASN1_IA5STRING *ia5; /* rfc822Name, dNSName, | |
155 | * uniformResourceIdentifier */ | |
156 | ASN1_OBJECT *rid; /* registeredID */ | |
157 | ASN1_TYPE *other; /* x400Address */ | |
158 | } d; | |
142fcca8 DSH |
159 | } GENERAL_NAME; |
160 | ||
6d3724d3 | 161 | typedef struct ACCESS_DESCRIPTION_st { |
0f113f3e MC |
162 | ASN1_OBJECT *method; |
163 | GENERAL_NAME *location; | |
6d3724d3 DSH |
164 | } ACCESS_DESCRIPTION; |
165 | ||
9d6b1ce6 DSH |
166 | typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; |
167 | ||
168 | typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; | |
169 | ||
ba67253d RS |
170 | typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE; |
171 | ||
85885715 | 172 | DEFINE_STACK_OF(GENERAL_NAME) |
4a640fb6 | 173 | typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; |
85885715 | 174 | DEFINE_STACK_OF(GENERAL_NAMES) |
f5fedc04 | 175 | |
85885715 | 176 | DEFINE_STACK_OF(ACCESS_DESCRIPTION) |
6d3724d3 | 177 | |
d943e372 | 178 | typedef struct DIST_POINT_NAME_st { |
0f113f3e MC |
179 | int type; |
180 | union { | |
181 | GENERAL_NAMES *fullname; | |
182 | STACK_OF(X509_NAME_ENTRY) *relativename; | |
183 | } name; | |
3e727a3b | 184 | /* If relativename then this contains the full distribution point name */ |
0f113f3e | 185 | X509_NAME *dpname; |
d943e372 | 186 | } DIST_POINT_NAME; |
4b96839f | 187 | /* All existing reasons */ |
0f113f3e MC |
188 | # define CRLDP_ALL_REASONS 0x807f |
189 | ||
190 | # define CRL_REASON_NONE -1 | |
191 | # define CRL_REASON_UNSPECIFIED 0 | |
192 | # define CRL_REASON_KEY_COMPROMISE 1 | |
193 | # define CRL_REASON_CA_COMPROMISE 2 | |
194 | # define CRL_REASON_AFFILIATION_CHANGED 3 | |
195 | # define CRL_REASON_SUPERSEDED 4 | |
196 | # define CRL_REASON_CESSATION_OF_OPERATION 5 | |
197 | # define CRL_REASON_CERTIFICATE_HOLD 6 | |
198 | # define CRL_REASON_REMOVE_FROM_CRL 8 | |
199 | # define CRL_REASON_PRIVILEGE_WITHDRAWN 9 | |
200 | # define CRL_REASON_AA_COMPROMISE 10 | |
d43c4497 | 201 | |
edc54021 | 202 | struct DIST_POINT_st { |
0f113f3e MC |
203 | DIST_POINT_NAME *distpoint; |
204 | ASN1_BIT_STRING *reasons; | |
205 | GENERAL_NAMES *CRLissuer; | |
206 | int dp_reasons; | |
edc54021 | 207 | }; |
d943e372 | 208 | |
9d6b1ce6 DSH |
209 | typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; |
210 | ||
85885715 | 211 | DEFINE_STACK_OF(DIST_POINT) |
d943e372 | 212 | |
edc54021 | 213 | struct AUTHORITY_KEYID_st { |
0f113f3e MC |
214 | ASN1_OCTET_STRING *keyid; |
215 | GENERAL_NAMES *issuer; | |
216 | ASN1_INTEGER *serial; | |
edc54021 | 217 | }; |
f5fedc04 | 218 | |
785cdf20 | 219 | /* Strong extranet structures */ |
142fcca8 | 220 | |
0490a86d | 221 | typedef struct SXNET_ID_st { |
0f113f3e MC |
222 | ASN1_INTEGER *zone; |
223 | ASN1_OCTET_STRING *user; | |
785cdf20 | 224 | } SXNETID; |
142fcca8 | 225 | |
85885715 | 226 | DEFINE_STACK_OF(SXNETID) |
cfdcfede BL |
227 | |
228 | typedef struct SXNET_st { | |
0f113f3e MC |
229 | ASN1_INTEGER *version; |
230 | STACK_OF(SXNETID) *ids; | |
cfdcfede BL |
231 | } SXNET; |
232 | ||
c83e523d | 233 | typedef struct NOTICEREF_st { |
0f113f3e MC |
234 | ASN1_STRING *organization; |
235 | STACK_OF(ASN1_INTEGER) *noticenos; | |
c83e523d DSH |
236 | } NOTICEREF; |
237 | ||
238 | typedef struct USERNOTICE_st { | |
0f113f3e MC |
239 | NOTICEREF *noticeref; |
240 | ASN1_STRING *exptext; | |
c83e523d DSH |
241 | } USERNOTICE; |
242 | ||
243 | typedef struct POLICYQUALINFO_st { | |
0f113f3e MC |
244 | ASN1_OBJECT *pqualid; |
245 | union { | |
246 | ASN1_IA5STRING *cpsuri; | |
247 | USERNOTICE *usernotice; | |
248 | ASN1_TYPE *other; | |
249 | } d; | |
c83e523d DSH |
250 | } POLICYQUALINFO; |
251 | ||
85885715 | 252 | DEFINE_STACK_OF(POLICYQUALINFO) |
c83e523d DSH |
253 | |
254 | typedef struct POLICYINFO_st { | |
0f113f3e MC |
255 | ASN1_OBJECT *policyid; |
256 | STACK_OF(POLICYQUALINFO) *qualifiers; | |
c83e523d DSH |
257 | } POLICYINFO; |
258 | ||
9d6b1ce6 DSH |
259 | typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; |
260 | ||
85885715 | 261 | DEFINE_STACK_OF(POLICYINFO) |
c83e523d | 262 | |
a1d12dae | 263 | typedef struct POLICY_MAPPING_st { |
0f113f3e MC |
264 | ASN1_OBJECT *issuerDomainPolicy; |
265 | ASN1_OBJECT *subjectDomainPolicy; | |
a1d12dae DSH |
266 | } POLICY_MAPPING; |
267 | ||
85885715 | 268 | DEFINE_STACK_OF(POLICY_MAPPING) |
a1d12dae DSH |
269 | |
270 | typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; | |
271 | ||
520b76ff | 272 | typedef struct GENERAL_SUBTREE_st { |
0f113f3e MC |
273 | GENERAL_NAME *base; |
274 | ASN1_INTEGER *minimum; | |
275 | ASN1_INTEGER *maximum; | |
520b76ff DSH |
276 | } GENERAL_SUBTREE; |
277 | ||
85885715 | 278 | DEFINE_STACK_OF(GENERAL_SUBTREE) |
520b76ff | 279 | |
e9746e03 | 280 | struct NAME_CONSTRAINTS_st { |
0f113f3e MC |
281 | STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; |
282 | STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; | |
e9746e03 | 283 | }; |
520b76ff | 284 | |
f80153e2 | 285 | typedef struct POLICY_CONSTRAINTS_st { |
0f113f3e MC |
286 | ASN1_INTEGER *requireExplicitPolicy; |
287 | ASN1_INTEGER *inhibitPolicyMapping; | |
f80153e2 DSH |
288 | } POLICY_CONSTRAINTS; |
289 | ||
6951c23a | 290 | /* Proxy certificate structures, see RFC 3820 */ |
0f113f3e MC |
291 | typedef struct PROXY_POLICY_st { |
292 | ASN1_OBJECT *policyLanguage; | |
293 | ASN1_OCTET_STRING *policy; | |
294 | } PROXY_POLICY; | |
295 | ||
296 | typedef struct PROXY_CERT_INFO_EXTENSION_st { | |
297 | ASN1_INTEGER *pcPathLengthConstraint; | |
298 | PROXY_POLICY *proxyPolicy; | |
299 | } PROXY_CERT_INFO_EXTENSION; | |
6951c23a RL |
300 | |
301 | DECLARE_ASN1_FUNCTIONS(PROXY_POLICY) | |
302 | DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) | |
303 | ||
0f113f3e MC |
304 | struct ISSUING_DIST_POINT_st { |
305 | DIST_POINT_NAME *distpoint; | |
306 | int onlyuser; | |
307 | int onlyCA; | |
308 | ASN1_BIT_STRING *onlysomereasons; | |
309 | int indirectCRL; | |
310 | int onlyattr; | |
311 | }; | |
6951c23a | 312 | |
4d50a2b4 DSH |
313 | /* Values in idp_flags field */ |
314 | /* IDP present */ | |
0f113f3e | 315 | # define IDP_PRESENT 0x1 |
4d50a2b4 | 316 | /* IDP values inconsistent */ |
0f113f3e | 317 | # define IDP_INVALID 0x2 |
4d50a2b4 | 318 | /* onlyuser true */ |
0f113f3e | 319 | # define IDP_ONLYUSER 0x4 |
4d50a2b4 | 320 | /* onlyCA true */ |
0f113f3e | 321 | # define IDP_ONLYCA 0x8 |
4d50a2b4 | 322 | /* onlyattr true */ |
0f113f3e | 323 | # define IDP_ONLYATTR 0x10 |
4d50a2b4 | 324 | /* indirectCRL true */ |
0f113f3e | 325 | # define IDP_INDIRECT 0x20 |
4d50a2b4 | 326 | /* onlysomereasons present */ |
0f113f3e | 327 | # define IDP_REASONS 0x40 |
4d50a2b4 | 328 | |
37659ea4 BE |
329 | # define X509V3_conf_err(val) ERR_add_error_data(6, \ |
330 | "section:", (val)->section, \ | |
331 | ",name:", (val)->name, ",value:", (val)->value) | |
9aeaf1b4 | 332 | |
0f113f3e MC |
333 | # define X509V3_set_ctx_test(ctx) \ |
334 | X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) | |
335 | # define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; | |
41b731f2 | 336 | |
0f113f3e MC |
337 | # define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ |
338 | 0,0,0,0, \ | |
339 | 0,0, \ | |
340 | (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ | |
341 | (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ | |
342 | NULL, NULL, \ | |
343 | table} | |
9aeaf1b4 | 344 | |
0f113f3e MC |
345 | # define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ |
346 | 0,0,0,0, \ | |
347 | (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ | |
348 | (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ | |
349 | 0,0,0,0, \ | |
350 | NULL} | |
9aeaf1b4 | 351 | |
0f113f3e | 352 | # define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} |
673b102c DSH |
353 | |
354 | /* X509_PURPOSE stuff */ | |
355 | ||
0f113f3e MC |
356 | # define EXFLAG_BCONS 0x1 |
357 | # define EXFLAG_KUSAGE 0x2 | |
358 | # define EXFLAG_XKUSAGE 0x4 | |
359 | # define EXFLAG_NSCERT 0x8 | |
673b102c | 360 | |
0f113f3e | 361 | # define EXFLAG_CA 0x10 |
db50661f | 362 | /* Really self issued not necessarily self signed */ |
0f113f3e MC |
363 | # define EXFLAG_SI 0x20 |
364 | # define EXFLAG_V1 0x40 | |
365 | # define EXFLAG_INVALID 0x80 | |
2d60c923 | 366 | /* EXFLAG_SET is set to indicate that some values have been precomputed */ |
0f113f3e MC |
367 | # define EXFLAG_SET 0x100 |
368 | # define EXFLAG_CRITICAL 0x200 | |
369 | # define EXFLAG_PROXY 0x400 | |
370 | ||
371 | # define EXFLAG_INVALID_POLICY 0x800 | |
372 | # define EXFLAG_FRESHEST 0x1000 | |
b1efb716 | 373 | /* Self signed */ |
0f113f3e MC |
374 | # define EXFLAG_SS 0x2000 |
375 | ||
376 | # define KU_DIGITAL_SIGNATURE 0x0080 | |
377 | # define KU_NON_REPUDIATION 0x0040 | |
378 | # define KU_KEY_ENCIPHERMENT 0x0020 | |
379 | # define KU_DATA_ENCIPHERMENT 0x0010 | |
380 | # define KU_KEY_AGREEMENT 0x0008 | |
381 | # define KU_KEY_CERT_SIGN 0x0004 | |
382 | # define KU_CRL_SIGN 0x0002 | |
383 | # define KU_ENCIPHER_ONLY 0x0001 | |
384 | # define KU_DECIPHER_ONLY 0x8000 | |
385 | ||
386 | # define NS_SSL_CLIENT 0x80 | |
387 | # define NS_SSL_SERVER 0x40 | |
388 | # define NS_SMIME 0x20 | |
389 | # define NS_OBJSIGN 0x10 | |
390 | # define NS_SSL_CA 0x04 | |
391 | # define NS_SMIME_CA 0x02 | |
392 | # define NS_OBJSIGN_CA 0x01 | |
393 | # define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) | |
394 | ||
395 | # define XKU_SSL_SERVER 0x1 | |
396 | # define XKU_SSL_CLIENT 0x2 | |
397 | # define XKU_SMIME 0x4 | |
398 | # define XKU_CODE_SIGN 0x8 | |
399 | # define XKU_SGC 0x10 | |
400 | # define XKU_OCSP_SIGN 0x20 | |
401 | # define XKU_TIMESTAMP 0x40 | |
402 | # define XKU_DVCS 0x80 | |
403 | # define XKU_ANYEKU 0x100 | |
404 | ||
405 | # define X509_PURPOSE_DYNAMIC 0x1 | |
406 | # define X509_PURPOSE_DYNAMIC_NAME 0x2 | |
79875776 | 407 | |
673b102c | 408 | typedef struct x509_purpose_st { |
0f113f3e MC |
409 | int purpose; |
410 | int trust; /* Default trust ID */ | |
411 | int flags; | |
412 | int (*check_purpose) (const struct x509_purpose_st *, const X509 *, int); | |
413 | char *name; | |
414 | char *sname; | |
415 | void *usr_data; | |
673b102c DSH |
416 | } X509_PURPOSE; |
417 | ||
0f113f3e MC |
418 | # define X509_PURPOSE_SSL_CLIENT 1 |
419 | # define X509_PURPOSE_SSL_SERVER 2 | |
420 | # define X509_PURPOSE_NS_SSL_SERVER 3 | |
421 | # define X509_PURPOSE_SMIME_SIGN 4 | |
422 | # define X509_PURPOSE_SMIME_ENCRYPT 5 | |
423 | # define X509_PURPOSE_CRL_SIGN 6 | |
424 | # define X509_PURPOSE_ANY 7 | |
425 | # define X509_PURPOSE_OCSP_HELPER 8 | |
426 | # define X509_PURPOSE_TIMESTAMP_SIGN 9 | |
673b102c | 427 | |
0f113f3e MC |
428 | # define X509_PURPOSE_MIN 1 |
429 | # define X509_PURPOSE_MAX 9 | |
dd413410 | 430 | |
8ca533e3 DSH |
431 | /* Flags for X509V3_EXT_print() */ |
432 | ||
0f113f3e | 433 | # define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) |
8ca533e3 | 434 | /* Return error for unknown extensions */ |
0f113f3e | 435 | # define X509V3_EXT_DEFAULT 0 |
8ca533e3 | 436 | /* Print error for unknown extensions */ |
0f113f3e | 437 | # define X509V3_EXT_ERROR_UNKNOWN (1L << 16) |
8ca533e3 | 438 | /* ASN1 parse unknown extensions */ |
0f113f3e | 439 | # define X509V3_EXT_PARSE_UNKNOWN (2L << 16) |
8ca533e3 | 440 | /* BIO_dump unknown extensions */ |
0f113f3e | 441 | # define X509V3_EXT_DUMP_UNKNOWN (3L << 16) |
8ca533e3 | 442 | |
57d2f217 DSH |
443 | /* Flags for X509V3_add1_i2d */ |
444 | ||
0f113f3e MC |
445 | # define X509V3_ADD_OP_MASK 0xfL |
446 | # define X509V3_ADD_DEFAULT 0L | |
447 | # define X509V3_ADD_APPEND 1L | |
448 | # define X509V3_ADD_REPLACE 2L | |
449 | # define X509V3_ADD_REPLACE_EXISTING 3L | |
450 | # define X509V3_ADD_KEEP_EXISTING 4L | |
451 | # define X509V3_ADD_DELETE 5L | |
452 | # define X509V3_ADD_SILENT 0x10 | |
57d2f217 | 453 | |
85885715 | 454 | DEFINE_STACK_OF(X509_PURPOSE) |
673b102c | 455 | |
2aff7727 | 456 | DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) |
9aeaf1b4 | 457 | |
9d6b1ce6 DSH |
458 | DECLARE_ASN1_FUNCTIONS(SXNET) |
459 | DECLARE_ASN1_FUNCTIONS(SXNETID) | |
785cdf20 | 460 | |
0aa25a68 F |
461 | int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen); |
462 | int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, | |
0f113f3e | 463 | int userlen); |
0aa25a68 | 464 | int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user, |
0f113f3e | 465 | int userlen); |
28a98809 | 466 | |
0aa25a68 | 467 | ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone); |
28a98809 DSH |
468 | ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); |
469 | ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone); | |
470 | ||
9d6b1ce6 DSH |
471 | DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID) |
472 | ||
473 | DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) | |
474 | ||
475 | DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) | |
9fdcc21f | 476 | DECLARE_ASN1_DUP_FUNCTION(GENERAL_NAME) |
c7235be6 UM |
477 | int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); |
478 | ||
5d6383c8 | 479 | ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, |
0f113f3e MC |
480 | X509V3_CTX *ctx, |
481 | STACK_OF(CONF_VALUE) *nval); | |
5d6383c8 | 482 | STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, |
0f113f3e MC |
483 | ASN1_BIT_STRING *bits, |
484 | STACK_OF(CONF_VALUE) *extlist); | |
485 | char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); | |
6452a139 | 486 | ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, |
13f74c66 | 487 | X509V3_CTX *ctx, const char *str); |
5d6383c8 | 488 | |
0f113f3e MC |
489 | STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, |
490 | GENERAL_NAME *gen, | |
491 | STACK_OF(CONF_VALUE) *ret); | |
2c15d426 | 492 | int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); |
175b0942 | 493 | |
9d6b1ce6 | 494 | DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) |
0be9747b | 495 | |
ba404b5e | 496 | STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, |
0f113f3e MC |
497 | GENERAL_NAMES *gen, |
498 | STACK_OF(CONF_VALUE) *extlist); | |
babb3798 | 499 | GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, |
0f113f3e | 500 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); |
142fcca8 | 501 | |
9d6b1ce6 DSH |
502 | DECLARE_ASN1_FUNCTIONS(OTHERNAME) |
503 | DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) | |
c7235be6 | 504 | int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b); |
a5cdb7d5 | 505 | void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value); |
5435a830 | 506 | void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype); |
a5cdb7d5 | 507 | int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, |
0f113f3e | 508 | ASN1_OBJECT *oid, ASN1_TYPE *value); |
5435a830 | 509 | int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen, |
0f113f3e | 510 | ASN1_OBJECT **poid, ASN1_TYPE **pvalue); |
a716d727 | 511 | |
0f113f3e | 512 | char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, |
bf9d5e48 | 513 | const ASN1_OCTET_STRING *ia5); |
0f113f3e | 514 | ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, |
bf9d5e48 | 515 | X509V3_CTX *ctx, const char *str); |
142fcca8 | 516 | |
9d6b1ce6 | 517 | DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) |
095d2f0f | 518 | int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a); |
6d3724d3 | 519 | |
ba67253d RS |
520 | DECLARE_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE) |
521 | ||
9d6b1ce6 DSH |
522 | DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) |
523 | DECLARE_ASN1_FUNCTIONS(POLICYINFO) | |
524 | DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO) | |
525 | DECLARE_ASN1_FUNCTIONS(USERNOTICE) | |
526 | DECLARE_ASN1_FUNCTIONS(NOTICEREF) | |
6d3724d3 | 527 | |
9d6b1ce6 DSH |
528 | DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS) |
529 | DECLARE_ASN1_FUNCTIONS(DIST_POINT) | |
530 | DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) | |
8eb72175 | 531 | DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT) |
6d3724d3 | 532 | |
3e727a3b DSH |
533 | int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname); |
534 | ||
e9746e03 | 535 | int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc); |
5bd5dcd4 | 536 | int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc); |
e9746e03 | 537 | |
9d6b1ce6 DSH |
538 | DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) |
539 | DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) | |
6d3724d3 | 540 | |
a1d12dae | 541 | DECLARE_ASN1_ITEM(POLICY_MAPPING) |
ea3675b5 | 542 | DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) |
a1d12dae DSH |
543 | DECLARE_ASN1_ITEM(POLICY_MAPPINGS) |
544 | ||
520b76ff DSH |
545 | DECLARE_ASN1_ITEM(GENERAL_SUBTREE) |
546 | DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) | |
547 | ||
548 | DECLARE_ASN1_ITEM(NAME_CONSTRAINTS) | |
549 | DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) | |
550 | ||
f80153e2 DSH |
551 | DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) |
552 | DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) | |
553 | ||
be86c7fc | 554 | GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, |
0f113f3e | 555 | const X509V3_EXT_METHOD *method, |
02e112a8 | 556 | X509V3_CTX *ctx, int gen_type, |
c8f717fe | 557 | const char *value, int is_nc); |
be86c7fc | 558 | |
ae4186b0 | 559 | # ifdef OPENSSL_CONF_H |
0f113f3e MC |
560 | GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, |
561 | X509V3_CTX *ctx, CONF_VALUE *cnf); | |
babb3798 | 562 | GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, |
0f113f3e MC |
563 | const X509V3_EXT_METHOD *method, |
564 | X509V3_CTX *ctx, CONF_VALUE *cnf, | |
565 | int is_nc); | |
9aeaf1b4 | 566 | void X509V3_conf_free(CONF_VALUE *val); |
b7a26e6d | 567 | |
0f113f3e | 568 | X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, |
34707951 F |
569 | const char *value); |
570 | X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, | |
571 | const char *value); | |
572 | int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, | |
0f113f3e | 573 | STACK_OF(X509_EXTENSION) **sk); |
34707951 | 574 | int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, |
0f113f3e | 575 | X509 *cert); |
34707951 | 576 | int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, |
0f113f3e | 577 | X509_REQ *req); |
34707951 | 578 | int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, |
0f113f3e MC |
579 | X509_CRL *crl); |
580 | ||
581 | X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, | |
582 | X509V3_CTX *ctx, int ext_nid, | |
34707951 | 583 | const char *value); |
3c1d6bbc | 584 | X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, |
34707951 | 585 | const char *name, const char *value); |
3c1d6bbc | 586 | int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, |
34707951 | 587 | const char *section, X509 *cert); |
3c1d6bbc | 588 | int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, |
34707951 | 589 | const char *section, X509_REQ *req); |
3c1d6bbc | 590 | int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, |
34707951 | 591 | const char *section, X509_CRL *crl); |
b7a26e6d | 592 | |
c8f717fe | 593 | int X509V3_add_value_bool_nf(const char *name, int asn1_bool, |
0f113f3e | 594 | STACK_OF(CONF_VALUE) **extlist); |
bf9d5e48 F |
595 | int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool); |
596 | int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint); | |
b7a26e6d | 597 | void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); |
3c1d6bbc | 598 | void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); |
0f113f3e | 599 | # endif |
9aeaf1b4 | 600 | |
c8f717fe F |
601 | char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section); |
602 | STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section); | |
41b731f2 | 603 | void X509V3_string_free(X509V3_CTX *ctx, char *str); |
0f113f3e | 604 | void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); |
1d48dd00 | 605 | void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, |
0f113f3e | 606 | X509_REQ *req, X509_CRL *crl, int flags); |
1d48dd00 | 607 | |
ba404b5e | 608 | int X509V3_add_value(const char *name, const char *value, |
0f113f3e | 609 | STACK_OF(CONF_VALUE) **extlist); |
61f5b6f3 | 610 | int X509V3_add_value_uchar(const char *name, const unsigned char *value, |
0f113f3e | 611 | STACK_OF(CONF_VALUE) **extlist); |
ba404b5e | 612 | int X509V3_add_value_bool(const char *name, int asn1_bool, |
0f113f3e | 613 | STACK_OF(CONF_VALUE) **extlist); |
bf9d5e48 | 614 | int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, |
0f113f3e | 615 | STACK_OF(CONF_VALUE) **extlist); |
a6a283b3 | 616 | char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint); |
2b91da96 | 617 | ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value); |
bf9d5e48 | 618 | char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint); |
0f113f3e | 619 | char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, |
bf9d5e48 | 620 | const ASN1_ENUMERATED *aint); |
9aeaf1b4 | 621 | int X509V3_EXT_add(X509V3_EXT_METHOD *ext); |
397f7038 | 622 | int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); |
9aeaf1b4 DSH |
623 | int X509V3_EXT_add_alias(int nid_to, int nid_from); |
624 | void X509V3_EXT_cleanup(void); | |
625 | ||
babb3798 BL |
626 | const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); |
627 | const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); | |
9aeaf1b4 | 628 | int X509V3_add_standard_extensions(void); |
535d79da | 629 | STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); |
f5fedc04 | 630 | void *X509V3_EXT_d2i(X509_EXTENSION *ext); |
84de54b9 | 631 | void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, |
0f113f3e | 632 | int *idx); |
57d2f217 | 633 | |
c8b41850 | 634 | X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); |
0f113f3e MC |
635 | int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, |
636 | int crit, unsigned long flags); | |
9aeaf1b4 | 637 | |
00db8c60 | 638 | #ifndef OPENSSL_NO_DEPRECATED_1_1_0 |
14f051a0 RS |
639 | /* The new declarations are in crypto.h, but the old ones were here. */ |
640 | # define hex_to_string OPENSSL_buf2hexstr | |
641 | # define string_to_hex OPENSSL_hexstr2buf | |
642 | #endif | |
175b0942 | 643 | |
ba404b5e | 644 | void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, |
0f113f3e MC |
645 | int ml); |
646 | int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, | |
647 | int indent); | |
984d6c60 | 648 | #ifndef OPENSSL_NO_STDIO |
785cdf20 | 649 | int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); |
984d6c60 | 650 | #endif |
5e6089f0 MC |
651 | int X509V3_extensions_print(BIO *out, const char *title, |
652 | const STACK_OF(X509_EXTENSION) *exts, | |
0f113f3e | 653 | unsigned long flag, int indent); |
2c15d426 | 654 | |
30b415b0 | 655 | int X509_check_ca(X509 *x); |
673b102c | 656 | int X509_check_purpose(X509 *x, int id, int ca); |
f1558bb4 | 657 | int X509_supported_extension(X509_EXTENSION *ex); |
926a56bf | 658 | int X509_PURPOSE_set(int *p, int purpose); |
2f043896 | 659 | int X509_check_issued(X509 *issuer, X509 *subject); |
bc7535bc | 660 | int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); |
9961cb77 | 661 | void X509_set_proxy_flag(X509 *x); |
fe0169b0 RL |
662 | void X509_set_proxy_pathlen(X509 *x, long l); |
663 | long X509_get_proxy_pathlen(X509 *x); | |
063f1f0c DSH |
664 | |
665 | uint32_t X509_get_extension_flags(X509 *x); | |
666 | uint32_t X509_get_key_usage(X509 *x); | |
667 | uint32_t X509_get_extended_key_usage(X509 *x); | |
d19a50c9 | 668 | const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); |
b383aa20 | 669 | const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); |
afdec13d DMSP |
670 | const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); |
671 | const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); | |
063f1f0c | 672 | |
d4cec6a1 | 673 | int X509_PURPOSE_get_count(void); |
0f113f3e | 674 | X509_PURPOSE *X509_PURPOSE_get0(int idx); |
c8f717fe | 675 | int X509_PURPOSE_get_by_sname(const char *sname); |
d4cec6a1 | 676 | int X509_PURPOSE_get_by_id(int id); |
dd413410 | 677 | int X509_PURPOSE_add(int id, int trust, int flags, |
0f113f3e | 678 | int (*ck) (const X509_PURPOSE *, const X509 *, int), |
c8f717fe F |
679 | const char *name, const char *sname, void *arg); |
680 | char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp); | |
681 | char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); | |
682 | int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); | |
79875776 | 683 | void X509_PURPOSE_cleanup(void); |
c8f717fe | 684 | int X509_PURPOSE_get_id(const X509_PURPOSE *); |
673b102c | 685 | |
c869da88 DSH |
686 | STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); |
687 | STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); | |
688 | void X509_email_free(STACK_OF(OPENSSL_STRING) *sk); | |
689 | STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); | |
a70da5b3 DSH |
690 | /* Flags for X509_check_* functions */ |
691 | ||
0f113f3e MC |
692 | /* |
693 | * Always check subject name for host match even if subject alt names present | |
694 | */ | |
695 | # define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1 | |
397a8e74 | 696 | /* Disable wildcard matching for dnsName fields and common name. */ |
0f113f3e | 697 | # define X509_CHECK_FLAG_NO_WILDCARDS 0x2 |
397a8e74 | 698 | /* Wildcards must not match a partial label. */ |
0f113f3e | 699 | # define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4 |
397a8e74 | 700 | /* Allow (non-partial) wildcards to match multiple labels. */ |
0f113f3e | 701 | # define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 |
a09e4d24 | 702 | /* Constraint verifier subdomain patterns to match a single labels. */ |
0f113f3e | 703 | # define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 |
dd60efea VD |
704 | /* Never check the subject CN */ |
705 | # define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20 | |
a09e4d24 VD |
706 | /* |
707 | * Match reference identifiers starting with "." to any sub-domain. | |
708 | * This is a non-public flag, turned on implicitly when the subject | |
709 | * reference identity is a DNS name. | |
710 | */ | |
0f113f3e | 711 | # define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000 |
a70da5b3 | 712 | |
297c67fc | 713 | int X509_check_host(X509 *x, const char *chk, size_t chklen, |
0f113f3e | 714 | unsigned int flags, char **peername); |
297c67fc | 715 | int X509_check_email(X509 *x, const char *chk, size_t chklen, |
0f113f3e | 716 | unsigned int flags); |
a70da5b3 | 717 | int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, |
0f113f3e | 718 | unsigned int flags); |
a70da5b3 | 719 | int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags); |
a91dedca | 720 | |
4e5d3a7f | 721 | ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); |
520b76ff | 722 | ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); |
a7b1eed5 | 723 | int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, |
0f113f3e | 724 | unsigned long chtype); |
a91dedca | 725 | |
ecf13991 | 726 | void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); |
85885715 | 727 | DEFINE_STACK_OF(X509_POLICY_NODE) |
ecf13991 | 728 | |
47bbaa5b | 729 | #ifndef OPENSSL_NO_RFC3779 |
96ea4ae9 | 730 | typedef struct ASRange_st { |
0f113f3e | 731 | ASN1_INTEGER *min, *max; |
96ea4ae9 BL |
732 | } ASRange; |
733 | ||
c73ad690 RS |
734 | # define ASIdOrRange_id 0 |
735 | # define ASIdOrRange_range 1 | |
96ea4ae9 BL |
736 | |
737 | typedef struct ASIdOrRange_st { | |
0f113f3e MC |
738 | int type; |
739 | union { | |
740 | ASN1_INTEGER *id; | |
741 | ASRange *range; | |
742 | } u; | |
96ea4ae9 BL |
743 | } ASIdOrRange; |
744 | ||
745 | typedef STACK_OF(ASIdOrRange) ASIdOrRanges; | |
85885715 | 746 | DEFINE_STACK_OF(ASIdOrRange) |
96ea4ae9 | 747 | |
c73ad690 RS |
748 | # define ASIdentifierChoice_inherit 0 |
749 | # define ASIdentifierChoice_asIdsOrRanges 1 | |
96ea4ae9 BL |
750 | |
751 | typedef struct ASIdentifierChoice_st { | |
0f113f3e MC |
752 | int type; |
753 | union { | |
754 | ASN1_NULL *inherit; | |
755 | ASIdOrRanges *asIdsOrRanges; | |
756 | } u; | |
96ea4ae9 BL |
757 | } ASIdentifierChoice; |
758 | ||
759 | typedef struct ASIdentifiers_st { | |
0f113f3e | 760 | ASIdentifierChoice *asnum, *rdi; |
96ea4ae9 BL |
761 | } ASIdentifiers; |
762 | ||
763 | DECLARE_ASN1_FUNCTIONS(ASRange) | |
764 | DECLARE_ASN1_FUNCTIONS(ASIdOrRange) | |
765 | DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice) | |
766 | DECLARE_ASN1_FUNCTIONS(ASIdentifiers) | |
767 | ||
96ea4ae9 | 768 | typedef struct IPAddressRange_st { |
0f113f3e | 769 | ASN1_BIT_STRING *min, *max; |
96ea4ae9 BL |
770 | } IPAddressRange; |
771 | ||
c73ad690 RS |
772 | # define IPAddressOrRange_addressPrefix 0 |
773 | # define IPAddressOrRange_addressRange 1 | |
96ea4ae9 BL |
774 | |
775 | typedef struct IPAddressOrRange_st { | |
0f113f3e MC |
776 | int type; |
777 | union { | |
778 | ASN1_BIT_STRING *addressPrefix; | |
779 | IPAddressRange *addressRange; | |
780 | } u; | |
96ea4ae9 BL |
781 | } IPAddressOrRange; |
782 | ||
783 | typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; | |
85885715 | 784 | DEFINE_STACK_OF(IPAddressOrRange) |
96ea4ae9 | 785 | |
c73ad690 RS |
786 | # define IPAddressChoice_inherit 0 |
787 | # define IPAddressChoice_addressesOrRanges 1 | |
96ea4ae9 BL |
788 | |
789 | typedef struct IPAddressChoice_st { | |
0f113f3e MC |
790 | int type; |
791 | union { | |
792 | ASN1_NULL *inherit; | |
793 | IPAddressOrRanges *addressesOrRanges; | |
794 | } u; | |
96ea4ae9 BL |
795 | } IPAddressChoice; |
796 | ||
797 | typedef struct IPAddressFamily_st { | |
0f113f3e MC |
798 | ASN1_OCTET_STRING *addressFamily; |
799 | IPAddressChoice *ipAddressChoice; | |
96ea4ae9 BL |
800 | } IPAddressFamily; |
801 | ||
802 | typedef STACK_OF(IPAddressFamily) IPAddrBlocks; | |
85885715 | 803 | DEFINE_STACK_OF(IPAddressFamily) |
96ea4ae9 BL |
804 | |
805 | DECLARE_ASN1_FUNCTIONS(IPAddressRange) | |
806 | DECLARE_ASN1_FUNCTIONS(IPAddressOrRange) | |
807 | DECLARE_ASN1_FUNCTIONS(IPAddressChoice) | |
808 | DECLARE_ASN1_FUNCTIONS(IPAddressFamily) | |
809 | ||
810 | /* | |
811 | * API tag for elements of the ASIdentifer SEQUENCE. | |
812 | */ | |
c73ad690 RS |
813 | # define V3_ASID_ASNUM 0 |
814 | # define V3_ASID_RDI 1 | |
96ea4ae9 BL |
815 | |
816 | /* | |
817 | * AFI values, assigned by IANA. It'd be nice to make the AFI | |
818 | * handling code totally generic, but there are too many little things | |
819 | * that would need to be defined for other address families for it to | |
820 | * be worth the trouble. | |
821 | */ | |
c73ad690 RS |
822 | # define IANA_AFI_IPV4 1 |
823 | # define IANA_AFI_IPV6 2 | |
96ea4ae9 BL |
824 | |
825 | /* | |
826 | * Utilities to construct and extract values from RFC3779 extensions, | |
827 | * since some of the encodings (particularly for IP address prefixes | |
828 | * and ranges) are a bit tedious to work with directly. | |
829 | */ | |
9021a5df RS |
830 | int X509v3_asid_add_inherit(ASIdentifiers *asid, int which); |
831 | int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which, | |
832 | ASN1_INTEGER *min, ASN1_INTEGER *max); | |
833 | int X509v3_addr_add_inherit(IPAddrBlocks *addr, | |
834 | const unsigned afi, const unsigned *safi); | |
835 | int X509v3_addr_add_prefix(IPAddrBlocks *addr, | |
836 | const unsigned afi, const unsigned *safi, | |
837 | unsigned char *a, const int prefixlen); | |
838 | int X509v3_addr_add_range(IPAddrBlocks *addr, | |
839 | const unsigned afi, const unsigned *safi, | |
840 | unsigned char *min, unsigned char *max); | |
841 | unsigned X509v3_addr_get_afi(const IPAddressFamily *f); | |
842 | int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, | |
843 | unsigned char *min, unsigned char *max, | |
844 | const int length); | |
96ea4ae9 BL |
845 | |
846 | /* | |
847 | * Canonical forms. | |
848 | */ | |
9021a5df RS |
849 | int X509v3_asid_is_canonical(ASIdentifiers *asid); |
850 | int X509v3_addr_is_canonical(IPAddrBlocks *addr); | |
851 | int X509v3_asid_canonize(ASIdentifiers *asid); | |
852 | int X509v3_addr_canonize(IPAddrBlocks *addr); | |
96ea4ae9 BL |
853 | |
854 | /* | |
855 | * Tests for inheritance and containment. | |
856 | */ | |
9021a5df RS |
857 | int X509v3_asid_inherits(ASIdentifiers *asid); |
858 | int X509v3_addr_inherits(IPAddrBlocks *addr); | |
859 | int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b); | |
860 | int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); | |
96ea4ae9 BL |
861 | |
862 | /* | |
863 | * Check whether RFC 3779 extensions nest properly in chains. | |
864 | */ | |
9021a5df RS |
865 | int X509v3_asid_validate_path(X509_STORE_CTX *); |
866 | int X509v3_addr_validate_path(X509_STORE_CTX *); | |
867 | int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, | |
868 | ASIdentifiers *ext, | |
869 | int allow_inheritance); | |
870 | int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, | |
871 | IPAddrBlocks *ext, int allow_inheritance); | |
96ea4ae9 | 872 | |
47bbaa5b | 873 | #endif /* OPENSSL_NO_RFC3779 */ |
9021a5df | 874 | |
fa743582 RS |
875 | DEFINE_STACK_OF(ASN1_STRING) |
876 | ||
877 | /* | |
878 | * Admission Syntax | |
879 | */ | |
880 | typedef struct NamingAuthority_st NAMING_AUTHORITY; | |
881 | typedef struct ProfessionInfo_st PROFESSION_INFO; | |
882 | typedef struct Admissions_st ADMISSIONS; | |
883 | typedef struct AdmissionSyntax_st ADMISSION_SYNTAX; | |
884 | DECLARE_ASN1_FUNCTIONS(NAMING_AUTHORITY) | |
885 | DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO) | |
886 | DECLARE_ASN1_FUNCTIONS(ADMISSIONS) | |
887 | DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX) | |
888 | DEFINE_STACK_OF(ADMISSIONS) | |
889 | DEFINE_STACK_OF(PROFESSION_INFO) | |
890 | typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS; | |
891 | ||
892 | const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId( | |
893 | const NAMING_AUTHORITY *n); | |
894 | const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL( | |
895 | const NAMING_AUTHORITY *n); | |
896 | const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( | |
897 | const NAMING_AUTHORITY *n); | |
898 | void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, | |
899 | ASN1_OBJECT* namingAuthorityId); | |
900 | void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, | |
901 | ASN1_IA5STRING* namingAuthorityUrl); | |
902 | void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, | |
903 | ASN1_STRING* namingAuthorityText); | |
904 | ||
905 | const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority( | |
906 | const ADMISSION_SYNTAX *as); | |
907 | void ADMISSION_SYNTAX_set0_admissionAuthority( | |
908 | ADMISSION_SYNTAX *as, GENERAL_NAME *aa); | |
909 | const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions( | |
910 | const ADMISSION_SYNTAX *as); | |
911 | void ADMISSION_SYNTAX_set0_contentsOfAdmissions( | |
912 | ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a); | |
913 | const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a); | |
914 | void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa); | |
915 | const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a); | |
916 | void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na); | |
917 | const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a); | |
918 | void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi); | |
919 | const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo( | |
920 | const PROFESSION_INFO *pi); | |
921 | void PROFESSION_INFO_set0_addProfessionInfo( | |
922 | PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos); | |
923 | const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority( | |
924 | const PROFESSION_INFO *pi); | |
925 | void PROFESSION_INFO_set0_namingAuthority( | |
926 | PROFESSION_INFO *pi, NAMING_AUTHORITY *na); | |
927 | const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems( | |
928 | const PROFESSION_INFO *pi); | |
929 | void PROFESSION_INFO_set0_professionItems( | |
930 | PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as); | |
931 | const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs( | |
932 | const PROFESSION_INFO *pi); | |
933 | void PROFESSION_INFO_set0_professionOIDs( | |
934 | PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po); | |
935 | const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber( | |
936 | const PROFESSION_INFO *pi); | |
937 | void PROFESSION_INFO_set0_registrationNumber( | |
938 | PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn); | |
939 | ||
0cd0a820 | 940 | # ifdef __cplusplus |
9aeaf1b4 | 941 | } |
0cd0a820 | 942 | # endif |
9aeaf1b4 | 943 | #endif |