Line data Source code
1 : /*
2 : * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
3 : * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 : *
5 : * Licensed under the OpenSSL license (the "License"). You may not use
6 : * this file except in compliance with the License. You can obtain a copy
7 : * in the file LICENSE in the source distribution or at
8 : * https://www.openssl.org/source/license.html
9 : */
10 :
11 : #ifndef HEADER_X509_H
12 : # define HEADER_X509_H
13 :
14 : # include <openssl/e_os2.h>
15 : # include <openssl/ossl_typ.h>
16 : # include <openssl/symhacks.h>
17 : # include <openssl/buffer.h>
18 : # include <openssl/evp.h>
19 : # include <openssl/bio.h>
20 : # include <openssl/asn1.h>
21 : # include <openssl/safestack.h>
22 : # include <openssl/ec.h>
23 :
24 : # if OPENSSL_API_COMPAT < 0x10100000L
25 : # include <openssl/rsa.h>
26 : # include <openssl/dsa.h>
27 : # include <openssl/dh.h>
28 : # endif
29 :
30 : # include <openssl/sha.h>
31 : # include <openssl/x509err.h>
32 :
33 : #ifdef __cplusplus
34 : extern "C" {
35 : #endif
36 :
37 :
38 : /* Flags for X509_get_signature_info() */
39 : /* Signature info is valid */
40 : # define X509_SIG_INFO_VALID 0x1
41 : /* Signature is suitable for TLS use */
42 : # define X509_SIG_INFO_TLS 0x2
43 :
44 : # define X509_FILETYPE_PEM 1
45 : # define X509_FILETYPE_ASN1 2
46 : # define X509_FILETYPE_DEFAULT 3
47 :
48 : # define X509v3_KU_DIGITAL_SIGNATURE 0x0080
49 : # define X509v3_KU_NON_REPUDIATION 0x0040
50 : # define X509v3_KU_KEY_ENCIPHERMENT 0x0020
51 : # define X509v3_KU_DATA_ENCIPHERMENT 0x0010
52 : # define X509v3_KU_KEY_AGREEMENT 0x0008
53 : # define X509v3_KU_KEY_CERT_SIGN 0x0004
54 : # define X509v3_KU_CRL_SIGN 0x0002
55 : # define X509v3_KU_ENCIPHER_ONLY 0x0001
56 : # define X509v3_KU_DECIPHER_ONLY 0x8000
57 : # define X509v3_KU_UNDEF 0xffff
58 :
59 : struct X509_algor_st {
60 : ASN1_OBJECT *algorithm;
61 : ASN1_TYPE *parameter;
62 : } /* X509_ALGOR */ ;
63 :
64 : typedef STACK_OF(X509_ALGOR) X509_ALGORS;
65 :
66 : typedef struct X509_val_st {
67 : ASN1_TIME *notBefore;
68 : ASN1_TIME *notAfter;
69 : } X509_VAL;
70 :
71 : typedef struct X509_sig_st X509_SIG;
72 :
73 : typedef struct X509_name_entry_st X509_NAME_ENTRY;
74 :
75 : DEFINE_STACK_OF(X509_NAME_ENTRY)
76 :
77 : DEFINE_STACK_OF(X509_NAME)
78 :
79 : # define X509_EX_V_NETSCAPE_HACK 0x8000
80 : # define X509_EX_V_INIT 0x0001
81 : typedef struct X509_extension_st X509_EXTENSION;
82 :
83 : typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
84 :
85 : DEFINE_STACK_OF(X509_EXTENSION)
86 :
87 : typedef struct x509_attributes_st X509_ATTRIBUTE;
88 :
89 : DEFINE_STACK_OF(X509_ATTRIBUTE)
90 :
91 : typedef struct X509_req_info_st X509_REQ_INFO;
92 :
93 : typedef struct X509_req_st X509_REQ;
94 :
95 : typedef struct x509_cert_aux_st X509_CERT_AUX;
96 :
97 : typedef struct x509_cinf_st X509_CINF;
98 :
99 : DEFINE_STACK_OF(X509)
100 :
101 : /* This is used for a table of trust checking functions */
102 :
103 : typedef struct x509_trust_st {
104 : int trust;
105 : int flags;
106 : int (*check_trust) (struct x509_trust_st *, X509 *, int);
107 : char *name;
108 : int arg1;
109 : void *arg2;
110 : } X509_TRUST;
111 :
112 : DEFINE_STACK_OF(X509_TRUST)
113 :
114 : /* standard trust ids */
115 :
116 : # define X509_TRUST_DEFAULT 0 /* Only valid in purpose settings */
117 :
118 : # define X509_TRUST_COMPAT 1
119 : # define X509_TRUST_SSL_CLIENT 2
120 : # define X509_TRUST_SSL_SERVER 3
121 : # define X509_TRUST_EMAIL 4
122 : # define X509_TRUST_OBJECT_SIGN 5
123 : # define X509_TRUST_OCSP_SIGN 6
124 : # define X509_TRUST_OCSP_REQUEST 7
125 : # define X509_TRUST_TSA 8
126 :
127 : /* Keep these up to date! */
128 : # define X509_TRUST_MIN 1
129 : # define X509_TRUST_MAX 8
130 :
131 : /* trust_flags values */
132 : # define X509_TRUST_DYNAMIC (1U << 0)
133 : # define X509_TRUST_DYNAMIC_NAME (1U << 1)
134 : /* No compat trust if self-signed, preempts "DO_SS" */
135 : # define X509_TRUST_NO_SS_COMPAT (1U << 2)
136 : /* Compat trust if no explicit accepted trust EKUs */
137 : # define X509_TRUST_DO_SS_COMPAT (1U << 3)
138 : /* Accept "anyEKU" as a wildcard trust OID */
139 : # define X509_TRUST_OK_ANY_EKU (1U << 4)
140 :
141 : /* check_trust return codes */
142 :
143 : # define X509_TRUST_TRUSTED 1
144 : # define X509_TRUST_REJECTED 2
145 : # define X509_TRUST_UNTRUSTED 3
146 :
147 : /* Flags for X509_print_ex() */
148 :
149 : # define X509_FLAG_COMPAT 0
150 : # define X509_FLAG_NO_HEADER 1L
151 : # define X509_FLAG_NO_VERSION (1L << 1)
152 : # define X509_FLAG_NO_SERIAL (1L << 2)
153 : # define X509_FLAG_NO_SIGNAME (1L << 3)
154 : # define X509_FLAG_NO_ISSUER (1L << 4)
155 : # define X509_FLAG_NO_VALIDITY (1L << 5)
156 : # define X509_FLAG_NO_SUBJECT (1L << 6)
157 : # define X509_FLAG_NO_PUBKEY (1L << 7)
158 : # define X509_FLAG_NO_EXTENSIONS (1L << 8)
159 : # define X509_FLAG_NO_SIGDUMP (1L << 9)
160 : # define X509_FLAG_NO_AUX (1L << 10)
161 : # define X509_FLAG_NO_ATTRIBUTES (1L << 11)
162 : # define X509_FLAG_NO_IDS (1L << 12)
163 :
164 : /* Flags specific to X509_NAME_print_ex() */
165 :
166 : /* The field separator information */
167 :
168 : # define XN_FLAG_SEP_MASK (0xf << 16)
169 :
170 : # define XN_FLAG_COMPAT 0/* Traditional; use old X509_NAME_print */
171 : # define XN_FLAG_SEP_COMMA_PLUS (1 << 16)/* RFC2253 ,+ */
172 : # define XN_FLAG_SEP_CPLUS_SPC (2 << 16)/* ,+ spaced: more readable */
173 : # define XN_FLAG_SEP_SPLUS_SPC (3 << 16)/* ;+ spaced */
174 : # define XN_FLAG_SEP_MULTILINE (4 << 16)/* One line per field */
175 :
176 : # define XN_FLAG_DN_REV (1 << 20)/* Reverse DN order */
177 :
178 : /* How the field name is shown */
179 :
180 : # define XN_FLAG_FN_MASK (0x3 << 21)
181 :
182 : # define XN_FLAG_FN_SN 0/* Object short name */
183 : # define XN_FLAG_FN_LN (1 << 21)/* Object long name */
184 : # define XN_FLAG_FN_OID (2 << 21)/* Always use OIDs */
185 : # define XN_FLAG_FN_NONE (3 << 21)/* No field names */
186 :
187 : # define XN_FLAG_SPC_EQ (1 << 23)/* Put spaces round '=' */
188 :
189 : /*
190 : * This determines if we dump fields we don't recognise: RFC2253 requires
191 : * this.
192 : */
193 :
194 : # define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
195 :
196 : # define XN_FLAG_FN_ALIGN (1 << 25)/* Align field names to 20
197 : * characters */
198 :
199 : /* Complete set of RFC2253 flags */
200 :
201 : # define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
202 : XN_FLAG_SEP_COMMA_PLUS | \
203 : XN_FLAG_DN_REV | \
204 : XN_FLAG_FN_SN | \
205 : XN_FLAG_DUMP_UNKNOWN_FIELDS)
206 :
207 : /* readable oneline form */
208 :
209 : # define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
210 : ASN1_STRFLGS_ESC_QUOTE | \
211 : XN_FLAG_SEP_CPLUS_SPC | \
212 : XN_FLAG_SPC_EQ | \
213 : XN_FLAG_FN_SN)
214 :
215 : /* readable multiline form */
216 :
217 : # define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
218 : ASN1_STRFLGS_ESC_MSB | \
219 : XN_FLAG_SEP_MULTILINE | \
220 : XN_FLAG_SPC_EQ | \
221 : XN_FLAG_FN_LN | \
222 : XN_FLAG_FN_ALIGN)
223 :
224 : DEFINE_STACK_OF(X509_REVOKED)
225 :
226 : typedef struct X509_crl_info_st X509_CRL_INFO;
227 :
228 : DEFINE_STACK_OF(X509_CRL)
229 :
230 : typedef struct private_key_st {
231 : int version;
232 : /* The PKCS#8 data types */
233 : X509_ALGOR *enc_algor;
234 : ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */
235 : /* When decrypted, the following will not be NULL */
236 : EVP_PKEY *dec_pkey;
237 : /* used to encrypt and decrypt */
238 : int key_length;
239 : char *key_data;
240 : int key_free; /* true if we should auto free key_data */
241 : /* expanded version of 'enc_algor' */
242 : EVP_CIPHER_INFO cipher;
243 : } X509_PKEY;
244 :
245 : typedef struct X509_info_st {
246 : X509 *x509;
247 : X509_CRL *crl;
248 : X509_PKEY *x_pkey;
249 : EVP_CIPHER_INFO enc_cipher;
250 : int enc_len;
251 : char *enc_data;
252 : } X509_INFO;
253 :
254 : DEFINE_STACK_OF(X509_INFO)
255 :
256 : /*
257 : * The next 2 structures and their 8 routines are used to manipulate Netscape's
258 : * spki structures - useful if you are writing a CA web page
259 : */
260 : typedef struct Netscape_spkac_st {
261 : X509_PUBKEY *pubkey;
262 : ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */
263 : } NETSCAPE_SPKAC;
264 :
265 : typedef struct Netscape_spki_st {
266 : NETSCAPE_SPKAC *spkac; /* signed public key and challenge */
267 : X509_ALGOR sig_algor;
268 : ASN1_BIT_STRING *signature;
269 : } NETSCAPE_SPKI;
270 :
271 : /* Netscape certificate sequence structure */
272 : typedef struct Netscape_certificate_sequence {
273 : ASN1_OBJECT *type;
274 : STACK_OF(X509) *certs;
275 : } NETSCAPE_CERT_SEQUENCE;
276 :
277 : /*- Unused (and iv length is wrong)
278 : typedef struct CBCParameter_st
279 : {
280 : unsigned char iv[8];
281 : } CBC_PARAM;
282 : */
283 :
284 : /* Password based encryption structure */
285 :
286 : typedef struct PBEPARAM_st {
287 : ASN1_OCTET_STRING *salt;
288 : ASN1_INTEGER *iter;
289 : } PBEPARAM;
290 :
291 : /* Password based encryption V2 structures */
292 :
293 : typedef struct PBE2PARAM_st {
294 : X509_ALGOR *keyfunc;
295 : X509_ALGOR *encryption;
296 : } PBE2PARAM;
297 :
298 : typedef struct PBKDF2PARAM_st {
299 : /* Usually OCTET STRING but could be anything */
300 : ASN1_TYPE *salt;
301 : ASN1_INTEGER *iter;
302 : ASN1_INTEGER *keylength;
303 : X509_ALGOR *prf;
304 : } PBKDF2PARAM;
305 :
306 : #ifndef OPENSSL_NO_SCRYPT
307 : typedef struct SCRYPT_PARAMS_st {
308 : ASN1_OCTET_STRING *salt;
309 : ASN1_INTEGER *costParameter;
310 : ASN1_INTEGER *blockSize;
311 : ASN1_INTEGER *parallelizationParameter;
312 : ASN1_INTEGER *keyLength;
313 : } SCRYPT_PARAMS;
314 : #endif
315 :
316 : #ifdef __cplusplus
317 : }
318 : #endif
319 :
320 : # include <openssl/x509_vfy.h>
321 : # include <openssl/pkcs7.h>
322 :
323 : #ifdef __cplusplus
324 : extern "C" {
325 : #endif
326 :
327 : # define X509_EXT_PACK_UNKNOWN 1
328 : # define X509_EXT_PACK_STRING 2
329 :
330 : # define X509_extract_key(x) X509_get_pubkey(x)/*****/
331 : # define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
332 : # define X509_name_cmp(a,b) X509_NAME_cmp((a),(b))
333 :
334 : void X509_CRL_set_default_method(const X509_CRL_METHOD *meth);
335 : X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl),
336 : int (*crl_free) (X509_CRL *crl),
337 : int (*crl_lookup) (X509_CRL *crl,
338 : X509_REVOKED **ret,
339 : ASN1_INTEGER *ser,
340 : X509_NAME *issuer),
341 : int (*crl_verify) (X509_CRL *crl,
342 : EVP_PKEY *pk));
343 : void X509_CRL_METHOD_free(X509_CRL_METHOD *m);
344 :
345 : void X509_CRL_set_meth_data(X509_CRL *crl, void *dat);
346 : void *X509_CRL_get_meth_data(X509_CRL *crl);
347 :
348 : const char *X509_verify_cert_error_string(long n);
349 :
350 : int X509_verify(X509 *a, EVP_PKEY *r);
351 :
352 : int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
353 : int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
354 : int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
355 :
356 : NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len);
357 : char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
358 : EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
359 : int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
360 :
361 : int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
362 :
363 : int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent);
364 : int X509_signature_print(BIO *bp, const X509_ALGOR *alg,
365 : const ASN1_STRING *sig);
366 :
367 : int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
368 : int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx);
369 : # ifndef OPENSSL_NO_OCSP
370 : int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert);
371 : # endif
372 : int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
373 : int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx);
374 : int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
375 : int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx);
376 : # ifndef OPENSSL_NO_OCSP
377 : int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl);
378 : # endif
379 : int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
380 :
381 : int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
382 : unsigned char *md, unsigned int *len);
383 : int X509_digest(const X509 *data, const EVP_MD *type,
384 : unsigned char *md, unsigned int *len);
385 : int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
386 : unsigned char *md, unsigned int *len);
387 : int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
388 : unsigned char *md, unsigned int *len);
389 : int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
390 : unsigned char *md, unsigned int *len);
391 :
392 : # ifndef OPENSSL_NO_STDIO
393 : X509 *d2i_X509_fp(FILE *fp, X509 **x509);
394 : int i2d_X509_fp(FILE *fp, X509 *x509);
395 : X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl);
396 : int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl);
397 : X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req);
398 : int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req);
399 : # ifndef OPENSSL_NO_RSA
400 : RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa);
401 : int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa);
402 : RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa);
403 : int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa);
404 : RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa);
405 : int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa);
406 : # endif
407 : # ifndef OPENSSL_NO_DSA
408 : DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
409 : int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
410 : DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
411 : int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
412 : # endif
413 : # ifndef OPENSSL_NO_EC
414 : EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
415 : int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey);
416 : EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
417 : int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey);
418 : # endif
419 : X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8);
420 : int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8);
421 : PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
422 : PKCS8_PRIV_KEY_INFO **p8inf);
423 : int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf);
424 : int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
425 : int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
426 : EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
427 : int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
428 : EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
429 : # endif
430 :
431 : X509 *d2i_X509_bio(BIO *bp, X509 **x509);
432 : int i2d_X509_bio(BIO *bp, X509 *x509);
433 : X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl);
434 : int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl);
435 : X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req);
436 : int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req);
437 : # ifndef OPENSSL_NO_RSA
438 : RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa);
439 : int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa);
440 : RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa);
441 : int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa);
442 : RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa);
443 : int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa);
444 : # endif
445 : # ifndef OPENSSL_NO_DSA
446 : DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
447 : int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
448 : DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
449 : int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
450 : # endif
451 : # ifndef OPENSSL_NO_EC
452 : EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
453 : int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey);
454 : EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
455 : int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey);
456 : # endif
457 : X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8);
458 : int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8);
459 : PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
460 : PKCS8_PRIV_KEY_INFO **p8inf);
461 : int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf);
462 : int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
463 : int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
464 : EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
465 : int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
466 : EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
467 :
468 : X509 *X509_dup(X509 *x509);
469 : X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
470 : X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
471 : X509_CRL *X509_CRL_dup(X509_CRL *crl);
472 : X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev);
473 : X509_REQ *X509_REQ_dup(X509_REQ *req);
474 : X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
475 : int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype,
476 : void *pval);
477 : void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype,
478 : const void **ppval, const X509_ALGOR *algor);
479 : void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
480 : int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
481 : int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src);
482 :
483 : X509_NAME *X509_NAME_dup(X509_NAME *xn);
484 : X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
485 :
486 : int X509_cmp_time(const ASN1_TIME *s, time_t *t);
487 : int X509_cmp_current_time(const ASN1_TIME *s);
488 : ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
489 : ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s,
490 : int offset_day, long offset_sec, time_t *t);
491 : ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj);
492 :
493 : const char *X509_get_default_cert_area(void);
494 : const char *X509_get_default_cert_dir(void);
495 : const char *X509_get_default_cert_file(void);
496 : const char *X509_get_default_cert_dir_env(void);
497 : const char *X509_get_default_cert_file_env(void);
498 : const char *X509_get_default_private_dir(void);
499 :
500 : X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
501 : X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey);
502 :
503 : DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
504 : DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS)
505 : DECLARE_ASN1_FUNCTIONS(X509_VAL)
506 :
507 : DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
508 :
509 : int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
510 : EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key);
511 : EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
512 : int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain);
513 : long X509_get_pathlen(X509 *x);
514 : int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp);
515 : EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length);
516 : # ifndef OPENSSL_NO_RSA
517 : int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
518 : RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length);
519 : # endif
520 : # ifndef OPENSSL_NO_DSA
521 : int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp);
522 : DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length);
523 : # endif
524 : # ifndef OPENSSL_NO_EC
525 : int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp);
526 : EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length);
527 : # endif
528 :
529 : DECLARE_ASN1_FUNCTIONS(X509_SIG)
530 : void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
531 : const ASN1_OCTET_STRING **pdigest);
532 : void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
533 : ASN1_OCTET_STRING **pdigest);
534 :
535 : DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
536 : DECLARE_ASN1_FUNCTIONS(X509_REQ)
537 :
538 : DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
539 : X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
540 :
541 : DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
542 : DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
543 :
544 : DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
545 :
546 : DECLARE_ASN1_FUNCTIONS(X509_NAME)
547 :
548 : int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
549 :
550 : DECLARE_ASN1_FUNCTIONS(X509_CINF)
551 :
552 : DECLARE_ASN1_FUNCTIONS(X509)
553 : DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
554 :
555 : #define X509_get_ex_new_index(l, p, newf, dupf, freef) \
556 : CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef)
557 : int X509_set_ex_data(X509 *r, int idx, void *arg);
558 : void *X509_get_ex_data(X509 *r, int idx);
559 : int i2d_X509_AUX(X509 *a, unsigned char **pp);
560 : X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length);
561 :
562 : int i2d_re_X509_tbs(X509 *x, unsigned char **pp);
563 :
564 : int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
565 : int *secbits, uint32_t *flags);
566 : void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
567 : int secbits, uint32_t flags);
568 :
569 : int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
570 : uint32_t *flags);
571 :
572 : void X509_get0_signature(const ASN1_BIT_STRING **psig,
573 : const X509_ALGOR **palg, const X509 *x);
574 : int X509_get_signature_nid(const X509 *x);
575 :
576 : int X509_trusted(const X509 *x);
577 : int X509_alias_set1(X509 *x, const unsigned char *name, int len);
578 : int X509_keyid_set1(X509 *x, const unsigned char *id, int len);
579 : unsigned char *X509_alias_get0(X509 *x, int *len);
580 : unsigned char *X509_keyid_get0(X509 *x, int *len);
581 : int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *,
582 : int);
583 : int X509_TRUST_set(int *t, int trust);
584 : int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj);
585 : int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj);
586 : void X509_trust_clear(X509 *x);
587 : void X509_reject_clear(X509 *x);
588 :
589 : STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x);
590 : STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x);
591 :
592 : DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
593 : DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
594 : DECLARE_ASN1_FUNCTIONS(X509_CRL)
595 :
596 : int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
597 : int X509_CRL_get0_by_serial(X509_CRL *crl,
598 : X509_REVOKED **ret, ASN1_INTEGER *serial);
599 : int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);
600 :
601 : X509_PKEY *X509_PKEY_new(void);
602 : void X509_PKEY_free(X509_PKEY *a);
603 :
604 : DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
605 : DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
606 : DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
607 :
608 : X509_INFO *X509_INFO_new(void);
609 : void X509_INFO_free(X509_INFO *a);
610 : char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size);
611 :
612 : int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1,
613 : ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey);
614 :
615 : int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
616 : unsigned char *md, unsigned int *len);
617 :
618 : int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1,
619 : X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
620 : char *data, EVP_PKEY *pkey, const EVP_MD *type);
621 :
622 : int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data,
623 : unsigned char *md, unsigned int *len);
624 :
625 : int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
626 : ASN1_BIT_STRING *signature, void *data, EVP_PKEY *pkey);
627 :
628 : int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
629 : X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data,
630 : EVP_PKEY *pkey, const EVP_MD *type);
631 : int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
632 : X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
633 : void *asn, EVP_MD_CTX *ctx);
634 :
635 : long X509_get_version(const X509 *x);
636 : int X509_set_version(X509 *x, long version);
637 : int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
638 : ASN1_INTEGER *X509_get_serialNumber(X509 *x);
639 : const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x);
640 : int X509_set_issuer_name(X509 *x, X509_NAME *name);
641 : X509_NAME *X509_get_issuer_name(const X509 *a);
642 : int X509_set_subject_name(X509 *x, X509_NAME *name);
643 : X509_NAME *X509_get_subject_name(const X509 *a);
644 : const ASN1_TIME * X509_get0_notBefore(const X509 *x);
645 : ASN1_TIME *X509_getm_notBefore(const X509 *x);
646 : int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
647 : const ASN1_TIME *X509_get0_notAfter(const X509 *x);
648 : ASN1_TIME *X509_getm_notAfter(const X509 *x);
649 : int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);
650 : int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
651 : int X509_up_ref(X509 *x);
652 : int X509_get_signature_type(const X509 *x);
653 :
654 : # if OPENSSL_API_COMPAT < 0x10100000L
655 : # define X509_get_notBefore X509_getm_notBefore
656 : # define X509_get_notAfter X509_getm_notAfter
657 : # define X509_set_notBefore X509_set1_notBefore
658 : # define X509_set_notAfter X509_set1_notAfter
659 : #endif
660 :
661 :
662 : /*
663 : * This one is only used so that a binary form can output, as in
664 : * i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &buf)
665 : */
666 : X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x);
667 : const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
668 : void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
669 : const ASN1_BIT_STRING **psuid);
670 : const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
671 :
672 : EVP_PKEY *X509_get0_pubkey(const X509 *x);
673 : EVP_PKEY *X509_get_pubkey(X509 *x);
674 : ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
675 : int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey);
676 :
677 : long X509_REQ_get_version(const X509_REQ *req);
678 : int X509_REQ_set_version(X509_REQ *x, long version);
679 : X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
680 : int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
681 : void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
682 : const X509_ALGOR **palg);
683 : void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig);
684 : int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg);
685 : int X509_REQ_get_signature_nid(const X509_REQ *req);
686 : int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
687 : int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
688 : EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
689 : EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
690 : X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
691 : int X509_REQ_extension_nid(int nid);
692 : int *X509_REQ_get_extension_nids(void);
693 : void X509_REQ_set_extension_nids(int *nids);
694 : STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
695 : int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
696 : int nid);
697 : int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
698 : int X509_REQ_get_attr_count(const X509_REQ *req);
699 : int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos);
700 : int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj,
701 : int lastpos);
702 : X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
703 : X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
704 : int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
705 : int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
706 : const ASN1_OBJECT *obj, int type,
707 : const unsigned char *bytes, int len);
708 : int X509_REQ_add1_attr_by_NID(X509_REQ *req,
709 : int nid, int type,
710 : const unsigned char *bytes, int len);
711 : int X509_REQ_add1_attr_by_txt(X509_REQ *req,
712 : const char *attrname, int type,
713 : const unsigned char *bytes, int len);
714 :
715 : int X509_CRL_set_version(X509_CRL *x, long version);
716 : int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
717 : int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
718 : int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
719 : int X509_CRL_sort(X509_CRL *crl);
720 : int X509_CRL_up_ref(X509_CRL *crl);
721 :
722 : # if OPENSSL_API_COMPAT < 0x10100000L
723 : # define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
724 : # define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
725 : #endif
726 :
727 : long X509_CRL_get_version(const X509_CRL *crl);
728 : const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
729 : const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
730 : DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl))
731 : DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl))
732 : X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
733 : const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl);
734 : STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
735 : void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
736 : const X509_ALGOR **palg);
737 : int X509_CRL_get_signature_nid(const X509_CRL *crl);
738 : int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp);
739 :
740 : const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x);
741 : int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
742 : const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x);
743 : int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
744 : const STACK_OF(X509_EXTENSION) *
745 : X509_REVOKED_get0_extensions(const X509_REVOKED *r);
746 :
747 : X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
748 : EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
749 :
750 : int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
751 :
752 : int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
753 : int X509_chain_check_suiteb(int *perror_depth,
754 : X509 *x, STACK_OF(X509) *chain,
755 : unsigned long flags);
756 : int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
757 : STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
758 :
759 : int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
760 : unsigned long X509_issuer_and_serial_hash(X509 *a);
761 :
762 : int X509_issuer_name_cmp(const X509 *a, const X509 *b);
763 : unsigned long X509_issuer_name_hash(X509 *a);
764 :
765 : int X509_subject_name_cmp(const X509 *a, const X509 *b);
766 : unsigned long X509_subject_name_hash(X509 *x);
767 :
768 : # ifndef OPENSSL_NO_MD5
769 : unsigned long X509_issuer_name_hash_old(X509 *a);
770 : unsigned long X509_subject_name_hash_old(X509 *x);
771 : # endif
772 :
773 : int X509_cmp(const X509 *a, const X509 *b);
774 : int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
775 : unsigned long X509_NAME_hash(X509_NAME *x);
776 : unsigned long X509_NAME_hash_old(X509_NAME *x);
777 :
778 : int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
779 : int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
780 : int X509_aux_print(BIO *out, X509 *x, int indent);
781 : # ifndef OPENSSL_NO_STDIO
782 : int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag,
783 : unsigned long cflag);
784 : int X509_print_fp(FILE *bp, X509 *x);
785 : int X509_CRL_print_fp(FILE *bp, X509_CRL *x);
786 : int X509_REQ_print_fp(FILE *bp, X509_REQ *req);
787 : int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent,
788 : unsigned long flags);
789 : # endif
790 :
791 : int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase);
792 : int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
793 : unsigned long flags);
794 : int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag,
795 : unsigned long cflag);
796 : int X509_print(BIO *bp, X509 *x);
797 : int X509_ocspid_print(BIO *bp, X509 *x);
798 : int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag);
799 : int X509_CRL_print(BIO *bp, X509_CRL *x);
800 : int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag,
801 : unsigned long cflag);
802 : int X509_REQ_print(BIO *bp, X509_REQ *req);
803 :
804 : int X509_NAME_entry_count(const X509_NAME *name);
805 : int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len);
806 : int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj,
807 : char *buf, int len);
808 :
809 : /*
810 : * NOTE: you should be passing -1, not 0 as lastpos. The functions that use
811 : * lastpos, search after that position on.
812 : */
813 : int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos);
814 : int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj,
815 : int lastpos);
816 : X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc);
817 : X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
818 : int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne,
819 : int loc, int set);
820 : int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type,
821 : const unsigned char *bytes, int len, int loc,
822 : int set);
823 : int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
824 : const unsigned char *bytes, int len, int loc,
825 : int set);
826 : X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
827 : const char *field, int type,
828 : const unsigned char *bytes,
829 : int len);
830 : X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
831 : int type,
832 : const unsigned char *bytes,
833 : int len);
834 12 : int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
835 : const unsigned char *bytes, int len, int loc,
836 : int set);
837 : X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
838 : const ASN1_OBJECT *obj, int type,
839 : const unsigned char *bytes,
840 : int len);
841 : int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj);
842 : int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
843 : const unsigned char *bytes, int len);
844 : ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne);
845 : ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
846 : int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne);
847 :
848 : int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder,
849 : size_t *pderlen);
850 :
851 : int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
852 : int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
853 : int nid, int lastpos);
854 : int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
855 : const ASN1_OBJECT *obj, int lastpos);
856 : int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
857 : int crit, int lastpos);
858 : X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
859 : X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
860 : STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
861 : X509_EXTENSION *ex, int loc);
862 :
863 : int X509_get_ext_count(const X509 *x);
864 : int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
865 : int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos);
866 : int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos);
867 : X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
868 : X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
869 : int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
870 : void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
871 : int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
872 : unsigned long flags);
873 :
874 : int X509_CRL_get_ext_count(const X509_CRL *x);
875 : int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos);
876 : int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj,
877 : int lastpos);
878 : int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos);
879 : X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
880 : X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
881 : int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
882 : void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx);
883 : int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
884 : unsigned long flags);
885 :
886 : int X509_REVOKED_get_ext_count(const X509_REVOKED *x);
887 : int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos);
888 : int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj,
889 : int lastpos);
890 : int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit,
891 : int lastpos);
892 : X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc);
893 : X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
894 : int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
895 : void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit,
896 : int *idx);
897 : int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
898 : unsigned long flags);
899 :
900 : X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
901 : int nid, int crit,
902 : ASN1_OCTET_STRING *data);
903 : X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
904 : const ASN1_OBJECT *obj, int crit,
905 : ASN1_OCTET_STRING *data);
906 : int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj);
907 : int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
908 : int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data);
909 : ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
910 : ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
911 : int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
912 :
913 : int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
914 : int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
915 : int lastpos);
916 : int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
917 : const ASN1_OBJECT *obj, int lastpos);
918 : X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
919 : X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
920 : STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
921 : X509_ATTRIBUTE *attr);
922 : STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE)
923 : **x, const ASN1_OBJECT *obj,
924 : int type,
925 : const unsigned char *bytes,
926 : int len);
927 : STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE)
928 : **x, int nid, int type,
929 : const unsigned char *bytes,
930 : int len);
931 : STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE)
932 : **x, const char *attrname,
933 : int type,
934 : const unsigned char *bytes,
935 : int len);
936 : void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x,
937 : const ASN1_OBJECT *obj, int lastpos, int type);
938 : X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
939 : int atrtype, const void *data,
940 : int len);
941 : X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
942 : const ASN1_OBJECT *obj,
943 : int atrtype, const void *data,
944 : int len);
945 : X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
946 : const char *atrname, int type,
947 : const unsigned char *bytes,
948 : int len);
949 : int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);
950 : int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
951 : const void *data, int len);
952 : void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype,
953 : void *data);
954 : int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr);
955 : ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
956 : ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
957 :
958 : int EVP_PKEY_get_attr_count(const EVP_PKEY *key);
959 : int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos);
960 : int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj,
961 : int lastpos);
962 : X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc);
963 : X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc);
964 : int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr);
965 : int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
966 : const ASN1_OBJECT *obj, int type,
967 : const unsigned char *bytes, int len);
968 : int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
969 : int nid, int type,
970 : const unsigned char *bytes, int len);
971 : int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
972 : const char *attrname, int type,
973 : const unsigned char *bytes, int len);
974 :
975 : int X509_verify_cert(X509_STORE_CTX *ctx);
976 :
977 : /* lookup a cert from a X509 STACK */
978 : X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
979 : ASN1_INTEGER *serial);
980 : X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name);
981 :
982 : DECLARE_ASN1_FUNCTIONS(PBEPARAM)
983 : DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
984 : DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
985 : #ifndef OPENSSL_NO_SCRYPT
986 : DECLARE_ASN1_FUNCTIONS(SCRYPT_PARAMS)
987 : #endif
988 :
989 : int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
990 : const unsigned char *salt, int saltlen);
991 :
992 : X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
993 : const unsigned char *salt, int saltlen);
994 : X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
995 : unsigned char *salt, int saltlen);
996 : X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
997 : unsigned char *salt, int saltlen,
998 : unsigned char *aiv, int prf_nid);
999 :
1000 : #ifndef OPENSSL_NO_SCRYPT
1001 : X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
1002 : const unsigned char *salt, int saltlen,
1003 : unsigned char *aiv, uint64_t N, uint64_t r,
1004 : uint64_t p);
1005 : #endif
1006 :
1007 : X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
1008 : int prf_nid, int keylen);
1009 :
1010 : /* PKCS#8 utilities */
1011 :
1012 : DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
1013 :
1014 : EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8);
1015 : PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
1016 :
1017 : int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
1018 : int version, int ptype, void *pval,
1019 : unsigned char *penc, int penclen);
1020 : int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg,
1021 : const unsigned char **pk, int *ppklen,
1022 : const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8);
1023 :
1024 : const STACK_OF(X509_ATTRIBUTE) *
1025 : PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8);
1026 : int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,
1027 : const unsigned char *bytes, int len);
1028 :
1029 : int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
1030 : int ptype, void *pval,
1031 : unsigned char *penc, int penclen);
1032 : int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
1033 : const unsigned char **pk, int *ppklen,
1034 : X509_ALGOR **pa, X509_PUBKEY *pub);
1035 :
1036 : int X509_check_trust(X509 *x, int id, int flags);
1037 : int X509_TRUST_get_count(void);
1038 : X509_TRUST *X509_TRUST_get0(int idx);
1039 : int X509_TRUST_get_by_id(int id);
1040 : int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
1041 : const char *name, int arg1, void *arg2);
1042 : void X509_TRUST_cleanup(void);
1043 : int X509_TRUST_get_flags(const X509_TRUST *xp);
1044 : char *X509_TRUST_get0_name(const X509_TRUST *xp);
1045 : int X509_TRUST_get_trust(const X509_TRUST *xp);
1046 :
1047 : # ifdef __cplusplus
1048 : }
1049 : # endif
1050 : #endif
|