]> git.ipfire.org Git - thirdparty/openssl.git/blob - include/openssl/x509v3.h
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
In OpenSSL builds, declare STACK for datatypes ...
[thirdparty/openssl.git] / include / openssl / x509v3.h
1 /*
2 * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #ifndef OPENSSL_X509V3_H
11 # define OPENSSL_X509V3_H
12 # pragma once
13
14 # include <openssl/macros.h>
15 # ifndef OPENSSL_NO_DEPRECATED_3_0
16 # define HEADER_X509V3_H
17 # endif
18
19 # include <openssl/bio.h>
20 # include <openssl/x509.h>
21 # include <openssl/conf.h>
22 # include <openssl/x509v3err.h>
23
24 #ifdef __cplusplus
25 extern "C" {
26 #endif
27
28 DEFINE_OR_DECLARE_STACK_OF(GENERAL_NAME)
29 DEFINE_OR_DECLARE_STACK_OF(X509V3_EXT_METHOD)
30 DEFINE_OR_DECLARE_STACK_OF(GENERAL_NAMES)
31 DEFINE_OR_DECLARE_STACK_OF(ACCESS_DESCRIPTION)
32 DEFINE_OR_DECLARE_STACK_OF(DIST_POINT)
33 DEFINE_OR_DECLARE_STACK_OF(SXNETID)
34 DEFINE_OR_DECLARE_STACK_OF(POLICYQUALINFO)
35 DEFINE_OR_DECLARE_STACK_OF(POLICYINFO)
36 DEFINE_OR_DECLARE_STACK_OF(POLICY_MAPPING)
37 DEFINE_OR_DECLARE_STACK_OF(GENERAL_SUBTREE)
38 DEFINE_OR_DECLARE_STACK_OF(X509_PURPOSE)
39 DEFINE_OR_DECLARE_STACK_OF(X509_POLICY_NODE)
40 DEFINE_OR_DECLARE_STACK_OF(ASIdOrRange)
41 DEFINE_OR_DECLARE_STACK_OF(IPAddressOrRange)
42 DEFINE_OR_DECLARE_STACK_OF(IPAddressFamily)
43 DEFINE_OR_DECLARE_STACK_OF(ASN1_STRING)
44 DEFINE_OR_DECLARE_STACK_OF(ADMISSIONS)
45 DEFINE_OR_DECLARE_STACK_OF(PROFESSION_INFO)
46
47 /* Forward reference */
48 struct v3_ext_method;
49 struct v3_ext_ctx;
50
51 /* Useful typedefs */
52
53 typedef void *(*X509V3_EXT_NEW)(void);
54 typedef void (*X509V3_EXT_FREE) (void *);
55 typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long);
56 typedef int (*X509V3_EXT_I2D) (const void *, unsigned char **);
57 typedef STACK_OF(CONF_VALUE) *
58 (*X509V3_EXT_I2V) (const struct v3_ext_method *method, void *ext,
59 STACK_OF(CONF_VALUE) *extlist);
60 typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method,
61 struct v3_ext_ctx *ctx,
62 STACK_OF(CONF_VALUE) *values);
63 typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method,
64 void *ext);
65 typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method,
66 struct v3_ext_ctx *ctx, const char *str);
67 typedef int (*X509V3_EXT_I2R) (const struct v3_ext_method *method, void *ext,
68 BIO *out, int indent);
69 typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method,
70 struct v3_ext_ctx *ctx, const char *str);
71
72 /* V3 extension structure */
73
74 struct v3_ext_method {
75 int ext_nid;
76 int ext_flags;
77 /* If this is set the following four fields are ignored */
78 ASN1_ITEM_EXP *it;
79 /* Old style ASN1 calls */
80 X509V3_EXT_NEW ext_new;
81 X509V3_EXT_FREE ext_free;
82 X509V3_EXT_D2I d2i;
83 X509V3_EXT_I2D i2d;
84 /* The following pair is used for string extensions */
85 X509V3_EXT_I2S i2s;
86 X509V3_EXT_S2I s2i;
87 /* The following pair is used for multi-valued extensions */
88 X509V3_EXT_I2V i2v;
89 X509V3_EXT_V2I v2i;
90 /* The following are used for raw extensions */
91 X509V3_EXT_I2R i2r;
92 X509V3_EXT_R2I r2i;
93 void *usr_data; /* Any extension specific data */
94 };
95
96 typedef struct X509V3_CONF_METHOD_st {
97 char *(*get_string) (void *db, const char *section, const char *value);
98 STACK_OF(CONF_VALUE) *(*get_section) (void *db, const char *section);
99 void (*free_string) (void *db, char *string);
100 void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section);
101 } X509V3_CONF_METHOD;
102
103 /* Context specific info */
104 struct v3_ext_ctx {
105 # define CTX_TEST 0x1
106 # define X509V3_CTX_REPLACE 0x2
107 int flags;
108 X509 *issuer_cert;
109 X509 *subject_cert;
110 X509_REQ *subject_req;
111 X509_CRL *crl;
112 X509V3_CONF_METHOD *db_meth;
113 void *db;
114 /* Maybe more here */
115 };
116
117 typedef struct v3_ext_method X509V3_EXT_METHOD;
118
119 /* ext_flags values */
120 # define X509V3_EXT_DYNAMIC 0x1
121 # define X509V3_EXT_CTX_DEP 0x2
122 # define X509V3_EXT_MULTILINE 0x4
123
124 typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
125
126 typedef struct BASIC_CONSTRAINTS_st {
127 int ca;
128 ASN1_INTEGER *pathlen;
129 } BASIC_CONSTRAINTS;
130
131 typedef struct PKEY_USAGE_PERIOD_st {
132 ASN1_GENERALIZEDTIME *notBefore;
133 ASN1_GENERALIZEDTIME *notAfter;
134 } PKEY_USAGE_PERIOD;
135
136 typedef struct otherName_st {
137 ASN1_OBJECT *type_id;
138 ASN1_TYPE *value;
139 } OTHERNAME;
140
141 typedef struct EDIPartyName_st {
142 ASN1_STRING *nameAssigner;
143 ASN1_STRING *partyName;
144 } EDIPARTYNAME;
145
146 typedef struct GENERAL_NAME_st {
147 # define GEN_OTHERNAME 0
148 # define GEN_EMAIL 1
149 # define GEN_DNS 2
150 # define GEN_X400 3
151 # define GEN_DIRNAME 4
152 # define GEN_EDIPARTY 5
153 # define GEN_URI 6
154 # define GEN_IPADD 7
155 # define GEN_RID 8
156 int type;
157 union {
158 char *ptr;
159 OTHERNAME *otherName; /* otherName */
160 ASN1_IA5STRING *rfc822Name;
161 ASN1_IA5STRING *dNSName;
162 ASN1_TYPE *x400Address;
163 X509_NAME *directoryName;
164 EDIPARTYNAME *ediPartyName;
165 ASN1_IA5STRING *uniformResourceIdentifier;
166 ASN1_OCTET_STRING *iPAddress;
167 ASN1_OBJECT *registeredID;
168 /* Old names */
169 ASN1_OCTET_STRING *ip; /* iPAddress */
170 X509_NAME *dirn; /* dirn */
171 ASN1_IA5STRING *ia5; /* rfc822Name, dNSName,
172 * uniformResourceIdentifier */
173 ASN1_OBJECT *rid; /* registeredID */
174 ASN1_TYPE *other; /* x400Address */
175 } d;
176 } GENERAL_NAME;
177
178 typedef struct ACCESS_DESCRIPTION_st {
179 ASN1_OBJECT *method;
180 GENERAL_NAME *location;
181 } ACCESS_DESCRIPTION;
182
183 typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
184
185 typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
186
187 typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE;
188
189 typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
190
191 typedef struct DIST_POINT_NAME_st {
192 int type;
193 union {
194 GENERAL_NAMES *fullname;
195 STACK_OF(X509_NAME_ENTRY) *relativename;
196 } name;
197 /* If relativename then this contains the full distribution point name */
198 X509_NAME *dpname;
199 } DIST_POINT_NAME;
200 /* All existing reasons */
201 # define CRLDP_ALL_REASONS 0x807f
202
203 # define CRL_REASON_NONE -1
204 # define CRL_REASON_UNSPECIFIED 0
205 # define CRL_REASON_KEY_COMPROMISE 1
206 # define CRL_REASON_CA_COMPROMISE 2
207 # define CRL_REASON_AFFILIATION_CHANGED 3
208 # define CRL_REASON_SUPERSEDED 4
209 # define CRL_REASON_CESSATION_OF_OPERATION 5
210 # define CRL_REASON_CERTIFICATE_HOLD 6
211 # define CRL_REASON_REMOVE_FROM_CRL 8
212 # define CRL_REASON_PRIVILEGE_WITHDRAWN 9
213 # define CRL_REASON_AA_COMPROMISE 10
214
215 struct DIST_POINT_st {
216 DIST_POINT_NAME *distpoint;
217 ASN1_BIT_STRING *reasons;
218 GENERAL_NAMES *CRLissuer;
219 int dp_reasons;
220 };
221
222 typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
223
224 struct AUTHORITY_KEYID_st {
225 ASN1_OCTET_STRING *keyid;
226 GENERAL_NAMES *issuer;
227 ASN1_INTEGER *serial;
228 };
229
230 /* Strong extranet structures */
231
232 typedef struct SXNET_ID_st {
233 ASN1_INTEGER *zone;
234 ASN1_OCTET_STRING *user;
235 } SXNETID;
236
237 typedef struct SXNET_st {
238 ASN1_INTEGER *version;
239 STACK_OF(SXNETID) *ids;
240 } SXNET;
241
242 typedef struct ISSUER_SIGN_TOOL_st {
243 ASN1_UTF8STRING *signTool;
244 ASN1_UTF8STRING *cATool;
245 ASN1_UTF8STRING *signToolCert;
246 ASN1_UTF8STRING *cAToolCert;
247 } ISSUER_SIGN_TOOL;
248
249 typedef struct NOTICEREF_st {
250 ASN1_STRING *organization;
251 STACK_OF(ASN1_INTEGER) *noticenos;
252 } NOTICEREF;
253
254 typedef struct USERNOTICE_st {
255 NOTICEREF *noticeref;
256 ASN1_STRING *exptext;
257 } USERNOTICE;
258
259 typedef struct POLICYQUALINFO_st {
260 ASN1_OBJECT *pqualid;
261 union {
262 ASN1_IA5STRING *cpsuri;
263 USERNOTICE *usernotice;
264 ASN1_TYPE *other;
265 } d;
266 } POLICYQUALINFO;
267
268 typedef struct POLICYINFO_st {
269 ASN1_OBJECT *policyid;
270 STACK_OF(POLICYQUALINFO) *qualifiers;
271 } POLICYINFO;
272
273 typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
274
275 typedef struct POLICY_MAPPING_st {
276 ASN1_OBJECT *issuerDomainPolicy;
277 ASN1_OBJECT *subjectDomainPolicy;
278 } POLICY_MAPPING;
279
280 typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;
281
282 typedef struct GENERAL_SUBTREE_st {
283 GENERAL_NAME *base;
284 ASN1_INTEGER *minimum;
285 ASN1_INTEGER *maximum;
286 } GENERAL_SUBTREE;
287
288 struct NAME_CONSTRAINTS_st {
289 STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
290 STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
291 };
292
293 typedef struct POLICY_CONSTRAINTS_st {
294 ASN1_INTEGER *requireExplicitPolicy;
295 ASN1_INTEGER *inhibitPolicyMapping;
296 } POLICY_CONSTRAINTS;
297
298 /* Proxy certificate structures, see RFC 3820 */
299 typedef struct PROXY_POLICY_st {
300 ASN1_OBJECT *policyLanguage;
301 ASN1_OCTET_STRING *policy;
302 } PROXY_POLICY;
303
304 typedef struct PROXY_CERT_INFO_EXTENSION_st {
305 ASN1_INTEGER *pcPathLengthConstraint;
306 PROXY_POLICY *proxyPolicy;
307 } PROXY_CERT_INFO_EXTENSION;
308
309 DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)
310 DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
311
312 struct ISSUING_DIST_POINT_st {
313 DIST_POINT_NAME *distpoint;
314 int onlyuser;
315 int onlyCA;
316 ASN1_BIT_STRING *onlysomereasons;
317 int indirectCRL;
318 int onlyattr;
319 };
320
321 /* Values in idp_flags field */
322 /* IDP present */
323 # define IDP_PRESENT 0x1
324 /* IDP values inconsistent */
325 # define IDP_INVALID 0x2
326 /* onlyuser true */
327 # define IDP_ONLYUSER 0x4
328 /* onlyCA true */
329 # define IDP_ONLYCA 0x8
330 /* onlyattr true */
331 # define IDP_ONLYATTR 0x10
332 /* indirectCRL true */
333 # define IDP_INDIRECT 0x20
334 /* onlysomereasons present */
335 # define IDP_REASONS 0x40
336
337 # define X509V3_conf_err(val) ERR_add_error_data(6, \
338 "section:", (val)->section, \
339 ",name:", (val)->name, ",value:", (val)->value)
340
341 # define X509V3_set_ctx_test(ctx) \
342 X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
343 # define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
344
345 # define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
346 0,0,0,0, \
347 0,0, \
348 (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
349 (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
350 NULL, NULL, \
351 table}
352
353 # define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
354 0,0,0,0, \
355 (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
356 (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
357 0,0,0,0, \
358 NULL}
359
360 # define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
361
362 /* X509_PURPOSE stuff */
363
364 # define EXFLAG_BCONS 0x1
365 # define EXFLAG_KUSAGE 0x2
366 # define EXFLAG_XKUSAGE 0x4
367 # define EXFLAG_NSCERT 0x8
368
369 # define EXFLAG_CA 0x10
370 /* Really self issued not necessarily self signed */
371 # define EXFLAG_SI 0x20
372 # define EXFLAG_V1 0x40
373 # define EXFLAG_INVALID 0x80
374 /* EXFLAG_SET is set to indicate that some values have been precomputed */
375 # define EXFLAG_SET 0x100
376 # define EXFLAG_CRITICAL 0x200
377 # define EXFLAG_PROXY 0x400
378
379 # define EXFLAG_INVALID_POLICY 0x800
380 # define EXFLAG_FRESHEST 0x1000
381 /* Self signed */
382 # define EXFLAG_SS 0x2000
383
384 # define KU_DIGITAL_SIGNATURE 0x0080
385 # define KU_NON_REPUDIATION 0x0040
386 # define KU_KEY_ENCIPHERMENT 0x0020
387 # define KU_DATA_ENCIPHERMENT 0x0010
388 # define KU_KEY_AGREEMENT 0x0008
389 # define KU_KEY_CERT_SIGN 0x0004
390 # define KU_CRL_SIGN 0x0002
391 # define KU_ENCIPHER_ONLY 0x0001
392 # define KU_DECIPHER_ONLY 0x8000
393
394 # define NS_SSL_CLIENT 0x80
395 # define NS_SSL_SERVER 0x40
396 # define NS_SMIME 0x20
397 # define NS_OBJSIGN 0x10
398 # define NS_SSL_CA 0x04
399 # define NS_SMIME_CA 0x02
400 # define NS_OBJSIGN_CA 0x01
401 # define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
402
403 # define XKU_SSL_SERVER 0x1
404 # define XKU_SSL_CLIENT 0x2
405 # define XKU_SMIME 0x4
406 # define XKU_CODE_SIGN 0x8
407 # define XKU_SGC 0x10
408 # define XKU_OCSP_SIGN 0x20
409 # define XKU_TIMESTAMP 0x40
410 # define XKU_DVCS 0x80
411 # define XKU_ANYEKU 0x100
412
413 # define X509_PURPOSE_DYNAMIC 0x1
414 # define X509_PURPOSE_DYNAMIC_NAME 0x2
415
416 typedef struct x509_purpose_st {
417 int purpose;
418 int trust; /* Default trust ID */
419 int flags;
420 int (*check_purpose) (const struct x509_purpose_st *, const X509 *, int);
421 char *name;
422 char *sname;
423 void *usr_data;
424 } X509_PURPOSE;
425
426 # define X509_PURPOSE_SSL_CLIENT 1
427 # define X509_PURPOSE_SSL_SERVER 2
428 # define X509_PURPOSE_NS_SSL_SERVER 3
429 # define X509_PURPOSE_SMIME_SIGN 4
430 # define X509_PURPOSE_SMIME_ENCRYPT 5
431 # define X509_PURPOSE_CRL_SIGN 6
432 # define X509_PURPOSE_ANY 7
433 # define X509_PURPOSE_OCSP_HELPER 8
434 # define X509_PURPOSE_TIMESTAMP_SIGN 9
435
436 # define X509_PURPOSE_MIN 1
437 # define X509_PURPOSE_MAX 9
438
439 /* Flags for X509V3_EXT_print() */
440
441 # define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
442 /* Return error for unknown extensions */
443 # define X509V3_EXT_DEFAULT 0
444 /* Print error for unknown extensions */
445 # define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
446 /* ASN1 parse unknown extensions */
447 # define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
448 /* BIO_dump unknown extensions */
449 # define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
450
451 /* Flags for X509V3_add1_i2d */
452
453 # define X509V3_ADD_OP_MASK 0xfL
454 # define X509V3_ADD_DEFAULT 0L
455 # define X509V3_ADD_APPEND 1L
456 # define X509V3_ADD_REPLACE 2L
457 # define X509V3_ADD_REPLACE_EXISTING 3L
458 # define X509V3_ADD_KEEP_EXISTING 4L
459 # define X509V3_ADD_DELETE 5L
460 # define X509V3_ADD_SILENT 0x10
461
462 DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
463
464 DECLARE_ASN1_FUNCTIONS(SXNET)
465 DECLARE_ASN1_FUNCTIONS(SXNETID)
466
467 DECLARE_ASN1_FUNCTIONS(ISSUER_SIGN_TOOL)
468
469 int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen);
470 int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
471 int userlen);
472 int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user,
473 int userlen);
474
475 ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone);
476 ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
477 ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
478
479 DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
480
481 DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
482
483 DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
484 DECLARE_ASN1_DUP_FUNCTION(GENERAL_NAME)
485 int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b);
486
487 ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
488 X509V3_CTX *ctx,
489 STACK_OF(CONF_VALUE) *nval);
490 STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
491 ASN1_BIT_STRING *bits,
492 STACK_OF(CONF_VALUE) *extlist);
493 char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
494 ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
495 X509V3_CTX *ctx, const char *str);
496
497 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
498 GENERAL_NAME *gen,
499 STACK_OF(CONF_VALUE) *ret);
500 int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
501
502 DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
503
504 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
505 GENERAL_NAMES *gen,
506 STACK_OF(CONF_VALUE) *extlist);
507 GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
508 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
509
510 DECLARE_ASN1_FUNCTIONS(OTHERNAME)
511 DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
512 int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b);
513 void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value);
514 void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype);
515 int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
516 ASN1_OBJECT *oid, ASN1_TYPE *value);
517 int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen,
518 ASN1_OBJECT **poid, ASN1_TYPE **pvalue);
519
520 char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
521 const ASN1_OCTET_STRING *ia5);
522 ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
523 X509V3_CTX *ctx, const char *str);
524
525 DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
526 int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a);
527
528 DECLARE_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE)
529
530 DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
531 DECLARE_ASN1_FUNCTIONS(POLICYINFO)
532 DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)
533 DECLARE_ASN1_FUNCTIONS(USERNOTICE)
534 DECLARE_ASN1_FUNCTIONS(NOTICEREF)
535
536 DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
537 DECLARE_ASN1_FUNCTIONS(DIST_POINT)
538 DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
539 DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
540
541 int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, const X509_NAME *iname);
542
543 int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc);
544 int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc);
545
546 DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
547 DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
548
549 DECLARE_ASN1_ITEM(POLICY_MAPPING)
550 DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
551 DECLARE_ASN1_ITEM(POLICY_MAPPINGS)
552
553 DECLARE_ASN1_ITEM(GENERAL_SUBTREE)
554 DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
555
556 DECLARE_ASN1_ITEM(NAME_CONSTRAINTS)
557 DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
558
559 DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
560 DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
561
562 GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
563 const X509V3_EXT_METHOD *method,
564 X509V3_CTX *ctx, int gen_type,
565 const char *value, int is_nc);
566
567 # ifdef OPENSSL_CONF_H
568 GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method,
569 X509V3_CTX *ctx, CONF_VALUE *cnf);
570 GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
571 const X509V3_EXT_METHOD *method,
572 X509V3_CTX *ctx, CONF_VALUE *cnf,
573 int is_nc);
574
575 int X509v3_cache_extensions(X509 *x, OPENSSL_CTX *libctx, const char *propq);
576
577 void X509V3_conf_free(CONF_VALUE *val);
578
579 X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
580 const char *value);
581 X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
582 const char *value);
583 int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
584 STACK_OF(X509_EXTENSION) **sk);
585 int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
586 X509 *cert);
587 int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
588 X509_REQ *req);
589 int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
590 X509_CRL *crl);
591
592 X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
593 X509V3_CTX *ctx, int ext_nid,
594 const char *value);
595 X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
596 const char *name, const char *value);
597 int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
598 const char *section, X509 *cert);
599 int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
600 const char *section, X509_REQ *req);
601 int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
602 const char *section, X509_CRL *crl);
603
604 int X509V3_add_value_bool_nf(const char *name, int asn1_bool,
605 STACK_OF(CONF_VALUE) **extlist);
606 int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool);
607 int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint);
608 void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
609 void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash);
610 # endif
611
612 char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section);
613 STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section);
614 void X509V3_string_free(X509V3_CTX *ctx, char *str);
615 void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
616 void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
617 X509_REQ *req, X509_CRL *crl, int flags);
618
619 int X509V3_add_value(const char *name, const char *value,
620 STACK_OF(CONF_VALUE) **extlist);
621 int X509V3_add_value_uchar(const char *name, const unsigned char *value,
622 STACK_OF(CONF_VALUE) **extlist);
623 int X509V3_add_value_bool(const char *name, int asn1_bool,
624 STACK_OF(CONF_VALUE) **extlist);
625 int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint,
626 STACK_OF(CONF_VALUE) **extlist);
627 char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint);
628 ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value);
629 char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint);
630 char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth,
631 const ASN1_ENUMERATED *aint);
632 int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
633 int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
634 int X509V3_EXT_add_alias(int nid_to, int nid_from);
635 void X509V3_EXT_cleanup(void);
636
637 const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
638 const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
639 int X509V3_add_standard_extensions(void);
640 STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
641 void *X509V3_EXT_d2i(X509_EXTENSION *ext);
642 void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
643 int *idx);
644
645 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
646 int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
647 int crit, unsigned long flags);
648
649 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
650 /* The new declarations are in crypto.h, but the old ones were here. */
651 # define hex_to_string OPENSSL_buf2hexstr
652 # define string_to_hex OPENSSL_hexstr2buf
653 #endif
654
655 void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
656 int ml);
657 int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
658 int indent);
659 #ifndef OPENSSL_NO_STDIO
660 int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
661 #endif
662 int X509V3_extensions_print(BIO *out, const char *title,
663 const STACK_OF(X509_EXTENSION) *exts,
664 unsigned long flag, int indent);
665
666 int X509_check_ca(X509 *x);
667 int X509_check_purpose(X509 *x, int id, int ca);
668 int X509_supported_extension(X509_EXTENSION *ex);
669 int X509_PURPOSE_set(int *p, int purpose);
670 int X509_check_issued(X509 *issuer, X509 *subject);
671 int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
672 void X509_set_proxy_flag(X509 *x);
673 void X509_set_proxy_pathlen(X509 *x, long l);
674 long X509_get_proxy_pathlen(X509 *x);
675
676 uint32_t X509_get_extension_flags(X509 *x);
677 uint32_t X509_get_key_usage(X509 *x);
678 uint32_t X509_get_extended_key_usage(X509 *x);
679 const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
680 const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x);
681 const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x);
682 const ASN1_INTEGER *X509_get0_authority_serial(X509 *x);
683
684 int X509_PURPOSE_get_count(void);
685 X509_PURPOSE *X509_PURPOSE_get0(int idx);
686 int X509_PURPOSE_get_by_sname(const char *sname);
687 int X509_PURPOSE_get_by_id(int id);
688 int X509_PURPOSE_add(int id, int trust, int flags,
689 int (*ck) (const X509_PURPOSE *, const X509 *, int),
690 const char *name, const char *sname, void *arg);
691 char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp);
692 char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp);
693 int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);
694 void X509_PURPOSE_cleanup(void);
695 int X509_PURPOSE_get_id(const X509_PURPOSE *);
696
697 STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
698 STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
699 void X509_email_free(STACK_OF(OPENSSL_STRING) *sk);
700 STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
701 /* Flags for X509_check_* functions */
702
703 /*
704 * Always check subject name for host match even if subject alt names present
705 */
706 # define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1
707 /* Disable wildcard matching for dnsName fields and common name. */
708 # define X509_CHECK_FLAG_NO_WILDCARDS 0x2
709 /* Wildcards must not match a partial label. */
710 # define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4
711 /* Allow (non-partial) wildcards to match multiple labels. */
712 # define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8
713 /* Constraint verifier subdomain patterns to match a single labels. */
714 # define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10
715 /* Never check the subject CN */
716 # define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20
717 /*
718 * Match reference identifiers starting with "." to any sub-domain.
719 * This is a non-public flag, turned on implicitly when the subject
720 * reference identity is a DNS name.
721 */
722 # define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000
723
724 int X509_check_host(X509 *x, const char *chk, size_t chklen,
725 unsigned int flags, char **peername);
726 int X509_check_email(X509 *x, const char *chk, size_t chklen,
727 unsigned int flags);
728 int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
729 unsigned int flags);
730 int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags);
731
732 ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
733 ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
734 int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
735 unsigned long chtype);
736
737 void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
738
739 #ifndef OPENSSL_NO_RFC3779
740 typedef struct ASRange_st {
741 ASN1_INTEGER *min, *max;
742 } ASRange;
743
744 # define ASIdOrRange_id 0
745 # define ASIdOrRange_range 1
746
747 typedef struct ASIdOrRange_st {
748 int type;
749 union {
750 ASN1_INTEGER *id;
751 ASRange *range;
752 } u;
753 } ASIdOrRange;
754
755 typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
756
757 # define ASIdentifierChoice_inherit 0
758 # define ASIdentifierChoice_asIdsOrRanges 1
759
760 typedef struct ASIdentifierChoice_st {
761 int type;
762 union {
763 ASN1_NULL *inherit;
764 ASIdOrRanges *asIdsOrRanges;
765 } u;
766 } ASIdentifierChoice;
767
768 typedef struct ASIdentifiers_st {
769 ASIdentifierChoice *asnum, *rdi;
770 } ASIdentifiers;
771
772 DECLARE_ASN1_FUNCTIONS(ASRange)
773 DECLARE_ASN1_FUNCTIONS(ASIdOrRange)
774 DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice)
775 DECLARE_ASN1_FUNCTIONS(ASIdentifiers)
776
777 typedef struct IPAddressRange_st {
778 ASN1_BIT_STRING *min, *max;
779 } IPAddressRange;
780
781 # define IPAddressOrRange_addressPrefix 0
782 # define IPAddressOrRange_addressRange 1
783
784 typedef struct IPAddressOrRange_st {
785 int type;
786 union {
787 ASN1_BIT_STRING *addressPrefix;
788 IPAddressRange *addressRange;
789 } u;
790 } IPAddressOrRange;
791
792 typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
793
794 # define IPAddressChoice_inherit 0
795 # define IPAddressChoice_addressesOrRanges 1
796
797 typedef struct IPAddressChoice_st {
798 int type;
799 union {
800 ASN1_NULL *inherit;
801 IPAddressOrRanges *addressesOrRanges;
802 } u;
803 } IPAddressChoice;
804
805 typedef struct IPAddressFamily_st {
806 ASN1_OCTET_STRING *addressFamily;
807 IPAddressChoice *ipAddressChoice;
808 } IPAddressFamily;
809
810 typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
811
812 DECLARE_ASN1_FUNCTIONS(IPAddressRange)
813 DECLARE_ASN1_FUNCTIONS(IPAddressOrRange)
814 DECLARE_ASN1_FUNCTIONS(IPAddressChoice)
815 DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
816
817 /*
818 * API tag for elements of the ASIdentifer SEQUENCE.
819 */
820 # define V3_ASID_ASNUM 0
821 # define V3_ASID_RDI 1
822
823 /*
824 * AFI values, assigned by IANA. It'd be nice to make the AFI
825 * handling code totally generic, but there are too many little things
826 * that would need to be defined for other address families for it to
827 * be worth the trouble.
828 */
829 # define IANA_AFI_IPV4 1
830 # define IANA_AFI_IPV6 2
831
832 /*
833 * Utilities to construct and extract values from RFC3779 extensions,
834 * since some of the encodings (particularly for IP address prefixes
835 * and ranges) are a bit tedious to work with directly.
836 */
837 int X509v3_asid_add_inherit(ASIdentifiers *asid, int which);
838 int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
839 ASN1_INTEGER *min, ASN1_INTEGER *max);
840 int X509v3_addr_add_inherit(IPAddrBlocks *addr,
841 const unsigned afi, const unsigned *safi);
842 int X509v3_addr_add_prefix(IPAddrBlocks *addr,
843 const unsigned afi, const unsigned *safi,
844 unsigned char *a, const int prefixlen);
845 int X509v3_addr_add_range(IPAddrBlocks *addr,
846 const unsigned afi, const unsigned *safi,
847 unsigned char *min, unsigned char *max);
848 unsigned X509v3_addr_get_afi(const IPAddressFamily *f);
849 int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
850 unsigned char *min, unsigned char *max,
851 const int length);
852
853 /*
854 * Canonical forms.
855 */
856 int X509v3_asid_is_canonical(ASIdentifiers *asid);
857 int X509v3_addr_is_canonical(IPAddrBlocks *addr);
858 int X509v3_asid_canonize(ASIdentifiers *asid);
859 int X509v3_addr_canonize(IPAddrBlocks *addr);
860
861 /*
862 * Tests for inheritance and containment.
863 */
864 int X509v3_asid_inherits(ASIdentifiers *asid);
865 int X509v3_addr_inherits(IPAddrBlocks *addr);
866 int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b);
867 int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);
868
869 /*
870 * Check whether RFC 3779 extensions nest properly in chains.
871 */
872 int X509v3_asid_validate_path(X509_STORE_CTX *);
873 int X509v3_addr_validate_path(X509_STORE_CTX *);
874 int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain,
875 ASIdentifiers *ext,
876 int allow_inheritance);
877 int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain,
878 IPAddrBlocks *ext, int allow_inheritance);
879
880 #endif /* OPENSSL_NO_RFC3779 */
881
882
883 /*
884 * Admission Syntax
885 */
886 typedef struct NamingAuthority_st NAMING_AUTHORITY;
887 typedef struct ProfessionInfo_st PROFESSION_INFO;
888 typedef struct Admissions_st ADMISSIONS;
889 typedef struct AdmissionSyntax_st ADMISSION_SYNTAX;
890 DECLARE_ASN1_FUNCTIONS(NAMING_AUTHORITY)
891 DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO)
892 DECLARE_ASN1_FUNCTIONS(ADMISSIONS)
893 DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX)
894 typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS;
895
896 const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId(
897 const NAMING_AUTHORITY *n);
898 const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL(
899 const NAMING_AUTHORITY *n);
900 const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText(
901 const NAMING_AUTHORITY *n);
902 void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n,
903 ASN1_OBJECT* namingAuthorityId);
904 void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n,
905 ASN1_IA5STRING* namingAuthorityUrl);
906 void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n,
907 ASN1_STRING* namingAuthorityText);
908
909 const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority(
910 const ADMISSION_SYNTAX *as);
911 void ADMISSION_SYNTAX_set0_admissionAuthority(
912 ADMISSION_SYNTAX *as, GENERAL_NAME *aa);
913 const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions(
914 const ADMISSION_SYNTAX *as);
915 void ADMISSION_SYNTAX_set0_contentsOfAdmissions(
916 ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a);
917 const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a);
918 void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa);
919 const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a);
920 void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na);
921 const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a);
922 void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi);
923 const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo(
924 const PROFESSION_INFO *pi);
925 void PROFESSION_INFO_set0_addProfessionInfo(
926 PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos);
927 const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority(
928 const PROFESSION_INFO *pi);
929 void PROFESSION_INFO_set0_namingAuthority(
930 PROFESSION_INFO *pi, NAMING_AUTHORITY *na);
931 const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems(
932 const PROFESSION_INFO *pi);
933 void PROFESSION_INFO_set0_professionItems(
934 PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as);
935 const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs(
936 const PROFESSION_INFO *pi);
937 void PROFESSION_INFO_set0_professionOIDs(
938 PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po);
939 const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber(
940 const PROFESSION_INFO *pi);
941 void PROFESSION_INFO_set0_registrationNumber(
942 PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn);
943
944 # ifdef __cplusplus
945 }
946 # endif
947 #endif
A mirror of the official openssl repository