x509.h 47 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124
  1. /*
  2. * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* ====================================================================
  10. * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  11. * ECDH support in OpenSSL originally developed by
  12. * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  13. */
  14. #ifndef HEADER_X509_H
  15. # define HEADER_X509_H
  16. # include <openssl/e_os2.h>
  17. # include <openssl/ossl_typ.h>
  18. # include <openssl/symhacks.h>
  19. # include <openssl/buffer.h>
  20. # include <openssl/evp.h>
  21. # include <openssl/bio.h>
  22. # include <openssl/stack.h>
  23. # include <openssl/asn1.h>
  24. # include <openssl/safestack.h>
  25. # include <openssl/ec.h>
  26. # if OPENSSL_API_COMPAT < 0x10100000L
  27. # include <openssl/rsa.h>
  28. # include <openssl/dsa.h>
  29. # include <openssl/dh.h>
  30. # endif
  31. # include <openssl/sha.h>
  32. #ifdef __cplusplus
  33. extern "C" {
  34. #endif
  35. # define X509_FILETYPE_PEM 1
  36. # define X509_FILETYPE_ASN1 2
  37. # define X509_FILETYPE_DEFAULT 3
  38. # define X509v3_KU_DIGITAL_SIGNATURE 0x0080
  39. # define X509v3_KU_NON_REPUDIATION 0x0040
  40. # define X509v3_KU_KEY_ENCIPHERMENT 0x0020
  41. # define X509v3_KU_DATA_ENCIPHERMENT 0x0010
  42. # define X509v3_KU_KEY_AGREEMENT 0x0008
  43. # define X509v3_KU_KEY_CERT_SIGN 0x0004
  44. # define X509v3_KU_CRL_SIGN 0x0002
  45. # define X509v3_KU_ENCIPHER_ONLY 0x0001
  46. # define X509v3_KU_DECIPHER_ONLY 0x8000
  47. # define X509v3_KU_UNDEF 0xffff
  48. struct X509_algor_st {
  49. ASN1_OBJECT *algorithm;
  50. ASN1_TYPE *parameter;
  51. } /* X509_ALGOR */ ;
  52. typedef STACK_OF(X509_ALGOR) X509_ALGORS;
  53. typedef struct X509_val_st {
  54. ASN1_TIME *notBefore;
  55. ASN1_TIME *notAfter;
  56. } X509_VAL;
  57. typedef struct X509_sig_st X509_SIG;
  58. typedef struct X509_name_entry_st X509_NAME_ENTRY;
  59. DEFINE_STACK_OF(X509_NAME_ENTRY)
  60. DEFINE_STACK_OF(X509_NAME)
  61. # define X509_EX_V_NETSCAPE_HACK 0x8000
  62. # define X509_EX_V_INIT 0x0001
  63. typedef struct X509_extension_st X509_EXTENSION;
  64. typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
  65. DEFINE_STACK_OF(X509_EXTENSION)
  66. typedef struct x509_attributes_st X509_ATTRIBUTE;
  67. DEFINE_STACK_OF(X509_ATTRIBUTE)
  68. typedef struct X509_req_info_st X509_REQ_INFO;
  69. typedef struct X509_req_st X509_REQ;
  70. typedef struct x509_cert_aux_st X509_CERT_AUX;
  71. typedef struct x509_cinf_st X509_CINF;
  72. DEFINE_STACK_OF(X509)
  73. /* This is used for a table of trust checking functions */
  74. typedef struct x509_trust_st {
  75. int trust;
  76. int flags;
  77. int (*check_trust) (struct x509_trust_st *, X509 *, int);
  78. char *name;
  79. int arg1;
  80. void *arg2;
  81. } X509_TRUST;
  82. DEFINE_STACK_OF(X509_TRUST)
  83. /* standard trust ids */
  84. # define X509_TRUST_DEFAULT 0 /* Only valid in purpose settings */
  85. # define X509_TRUST_COMPAT 1
  86. # define X509_TRUST_SSL_CLIENT 2
  87. # define X509_TRUST_SSL_SERVER 3
  88. # define X509_TRUST_EMAIL 4
  89. # define X509_TRUST_OBJECT_SIGN 5
  90. # define X509_TRUST_OCSP_SIGN 6
  91. # define X509_TRUST_OCSP_REQUEST 7
  92. # define X509_TRUST_TSA 8
  93. /* Keep these up to date! */
  94. # define X509_TRUST_MIN 1
  95. # define X509_TRUST_MAX 8
  96. /* trust_flags values */
  97. # define X509_TRUST_DYNAMIC (1U << 0)
  98. # define X509_TRUST_DYNAMIC_NAME (1U << 1)
  99. /* No compat trust if self-signed, preempts "DO_SS" */
  100. # define X509_TRUST_NO_SS_COMPAT (1U << 2)
  101. /* Compat trust if no explicit accepted trust EKUs */
  102. # define X509_TRUST_DO_SS_COMPAT (1U << 3)
  103. /* Accept "anyEKU" as a wildcard trust OID */
  104. # define X509_TRUST_OK_ANY_EKU (1U << 4)
  105. /* check_trust return codes */
  106. # define X509_TRUST_TRUSTED 1
  107. # define X509_TRUST_REJECTED 2
  108. # define X509_TRUST_UNTRUSTED 3
  109. /* Flags for X509_print_ex() */
  110. # define X509_FLAG_COMPAT 0
  111. # define X509_FLAG_NO_HEADER 1L
  112. # define X509_FLAG_NO_VERSION (1L << 1)
  113. # define X509_FLAG_NO_SERIAL (1L << 2)
  114. # define X509_FLAG_NO_SIGNAME (1L << 3)
  115. # define X509_FLAG_NO_ISSUER (1L << 4)
  116. # define X509_FLAG_NO_VALIDITY (1L << 5)
  117. # define X509_FLAG_NO_SUBJECT (1L << 6)
  118. # define X509_FLAG_NO_PUBKEY (1L << 7)
  119. # define X509_FLAG_NO_EXTENSIONS (1L << 8)
  120. # define X509_FLAG_NO_SIGDUMP (1L << 9)
  121. # define X509_FLAG_NO_AUX (1L << 10)
  122. # define X509_FLAG_NO_ATTRIBUTES (1L << 11)
  123. # define X509_FLAG_NO_IDS (1L << 12)
  124. /* Flags specific to X509_NAME_print_ex() */
  125. /* The field separator information */
  126. # define XN_FLAG_SEP_MASK (0xf << 16)
  127. # define XN_FLAG_COMPAT 0/* Traditional; use old X509_NAME_print */
  128. # define XN_FLAG_SEP_COMMA_PLUS (1 << 16)/* RFC2253 ,+ */
  129. # define XN_FLAG_SEP_CPLUS_SPC (2 << 16)/* ,+ spaced: more readable */
  130. # define XN_FLAG_SEP_SPLUS_SPC (3 << 16)/* ;+ spaced */
  131. # define XN_FLAG_SEP_MULTILINE (4 << 16)/* One line per field */
  132. # define XN_FLAG_DN_REV (1 << 20)/* Reverse DN order */
  133. /* How the field name is shown */
  134. # define XN_FLAG_FN_MASK (0x3 << 21)
  135. # define XN_FLAG_FN_SN 0/* Object short name */
  136. # define XN_FLAG_FN_LN (1 << 21)/* Object long name */
  137. # define XN_FLAG_FN_OID (2 << 21)/* Always use OIDs */
  138. # define XN_FLAG_FN_NONE (3 << 21)/* No field names */
  139. # define XN_FLAG_SPC_EQ (1 << 23)/* Put spaces round '=' */
  140. /*
  141. * This determines if we dump fields we don't recognise: RFC2253 requires
  142. * this.
  143. */
  144. # define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
  145. # define XN_FLAG_FN_ALIGN (1 << 25)/* Align field names to 20
  146. * characters */
  147. /* Complete set of RFC2253 flags */
  148. # define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
  149. XN_FLAG_SEP_COMMA_PLUS | \
  150. XN_FLAG_DN_REV | \
  151. XN_FLAG_FN_SN | \
  152. XN_FLAG_DUMP_UNKNOWN_FIELDS)
  153. /* readable oneline form */
  154. # define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
  155. ASN1_STRFLGS_ESC_QUOTE | \
  156. XN_FLAG_SEP_CPLUS_SPC | \
  157. XN_FLAG_SPC_EQ | \
  158. XN_FLAG_FN_SN)
  159. /* readable multiline form */
  160. # define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
  161. ASN1_STRFLGS_ESC_MSB | \
  162. XN_FLAG_SEP_MULTILINE | \
  163. XN_FLAG_SPC_EQ | \
  164. XN_FLAG_FN_LN | \
  165. XN_FLAG_FN_ALIGN)
  166. DEFINE_STACK_OF(X509_REVOKED)
  167. typedef struct X509_crl_info_st X509_CRL_INFO;
  168. DEFINE_STACK_OF(X509_CRL)
  169. typedef struct private_key_st {
  170. int version;
  171. /* The PKCS#8 data types */
  172. X509_ALGOR *enc_algor;
  173. ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */
  174. /* When decrypted, the following will not be NULL */
  175. EVP_PKEY *dec_pkey;
  176. /* used to encrypt and decrypt */
  177. int key_length;
  178. char *key_data;
  179. int key_free; /* true if we should auto free key_data */
  180. /* expanded version of 'enc_algor' */
  181. EVP_CIPHER_INFO cipher;
  182. } X509_PKEY;
  183. typedef struct X509_info_st {
  184. X509 *x509;
  185. X509_CRL *crl;
  186. X509_PKEY *x_pkey;
  187. EVP_CIPHER_INFO enc_cipher;
  188. int enc_len;
  189. char *enc_data;
  190. } X509_INFO;
  191. DEFINE_STACK_OF(X509_INFO)
  192. /*
  193. * The next 2 structures and their 8 routines were sent to me by Pat Richard
  194. * <patr@x509.com> and are used to manipulate Netscapes spki structures -
  195. * useful if you are writing a CA web page
  196. */
  197. typedef struct Netscape_spkac_st {
  198. X509_PUBKEY *pubkey;
  199. ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */
  200. } NETSCAPE_SPKAC;
  201. typedef struct Netscape_spki_st {
  202. NETSCAPE_SPKAC *spkac; /* signed public key and challenge */
  203. X509_ALGOR sig_algor;
  204. ASN1_BIT_STRING *signature;
  205. } NETSCAPE_SPKI;
  206. /* Netscape certificate sequence structure */
  207. typedef struct Netscape_certificate_sequence {
  208. ASN1_OBJECT *type;
  209. STACK_OF(X509) *certs;
  210. } NETSCAPE_CERT_SEQUENCE;
  211. /*- Unused (and iv length is wrong)
  212. typedef struct CBCParameter_st
  213. {
  214. unsigned char iv[8];
  215. } CBC_PARAM;
  216. */
  217. /* Password based encryption structure */
  218. typedef struct PBEPARAM_st {
  219. ASN1_OCTET_STRING *salt;
  220. ASN1_INTEGER *iter;
  221. } PBEPARAM;
  222. /* Password based encryption V2 structures */
  223. typedef struct PBE2PARAM_st {
  224. X509_ALGOR *keyfunc;
  225. X509_ALGOR *encryption;
  226. } PBE2PARAM;
  227. typedef struct PBKDF2PARAM_st {
  228. /* Usually OCTET STRING but could be anything */
  229. ASN1_TYPE *salt;
  230. ASN1_INTEGER *iter;
  231. ASN1_INTEGER *keylength;
  232. X509_ALGOR *prf;
  233. } PBKDF2PARAM;
  234. #ifdef __cplusplus
  235. }
  236. #endif
  237. # include <openssl/x509_vfy.h>
  238. # include <openssl/pkcs7.h>
  239. #ifdef __cplusplus
  240. extern "C" {
  241. #endif
  242. # define X509_EXT_PACK_UNKNOWN 1
  243. # define X509_EXT_PACK_STRING 2
  244. # define X509_extract_key(x) X509_get_pubkey(x)/*****/
  245. # define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
  246. # define X509_name_cmp(a,b) X509_NAME_cmp((a),(b))
  247. void X509_CRL_set_default_method(const X509_CRL_METHOD *meth);
  248. X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl),
  249. int (*crl_free) (X509_CRL *crl),
  250. int (*crl_lookup) (X509_CRL *crl,
  251. X509_REVOKED **ret,
  252. ASN1_INTEGER *ser,
  253. X509_NAME *issuer),
  254. int (*crl_verify) (X509_CRL *crl,
  255. EVP_PKEY *pk));
  256. void X509_CRL_METHOD_free(X509_CRL_METHOD *m);
  257. void X509_CRL_set_meth_data(X509_CRL *crl, void *dat);
  258. void *X509_CRL_get_meth_data(X509_CRL *crl);
  259. const char *X509_verify_cert_error_string(long n);
  260. int X509_verify(X509 *a, EVP_PKEY *r);
  261. int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
  262. int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
  263. int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
  264. NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len);
  265. char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
  266. EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
  267. int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
  268. int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
  269. int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent);
  270. int X509_signature_print(BIO *bp, const X509_ALGOR *alg,
  271. const ASN1_STRING *sig);
  272. int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
  273. int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx);
  274. # ifndef OPENSSL_NO_OCSP
  275. int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert);
  276. # endif
  277. int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
  278. int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx);
  279. int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
  280. int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx);
  281. # ifndef OPENSSL_NO_OCSP
  282. int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl);
  283. # endif
  284. int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
  285. int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
  286. unsigned char *md, unsigned int *len);
  287. int X509_digest(const X509 *data, const EVP_MD *type,
  288. unsigned char *md, unsigned int *len);
  289. int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
  290. unsigned char *md, unsigned int *len);
  291. int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
  292. unsigned char *md, unsigned int *len);
  293. int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
  294. unsigned char *md, unsigned int *len);
  295. # ifndef OPENSSL_NO_STDIO
  296. X509 *d2i_X509_fp(FILE *fp, X509 **x509);
  297. int i2d_X509_fp(FILE *fp, X509 *x509);
  298. X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl);
  299. int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl);
  300. X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req);
  301. int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req);
  302. # ifndef OPENSSL_NO_RSA
  303. RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa);
  304. int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa);
  305. RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa);
  306. int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa);
  307. RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa);
  308. int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa);
  309. # endif
  310. # ifndef OPENSSL_NO_DSA
  311. DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
  312. int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
  313. DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
  314. int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
  315. # endif
  316. # ifndef OPENSSL_NO_EC
  317. EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
  318. int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey);
  319. EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
  320. int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey);
  321. # endif
  322. X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8);
  323. int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8);
  324. PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
  325. PKCS8_PRIV_KEY_INFO **p8inf);
  326. int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf);
  327. int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
  328. int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
  329. EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
  330. int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
  331. EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
  332. # endif
  333. X509 *d2i_X509_bio(BIO *bp, X509 **x509);
  334. int i2d_X509_bio(BIO *bp, X509 *x509);
  335. X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl);
  336. int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl);
  337. X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req);
  338. int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req);
  339. # ifndef OPENSSL_NO_RSA
  340. RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa);
  341. int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa);
  342. RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa);
  343. int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa);
  344. RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa);
  345. int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa);
  346. # endif
  347. # ifndef OPENSSL_NO_DSA
  348. DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
  349. int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
  350. DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
  351. int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
  352. # endif
  353. # ifndef OPENSSL_NO_EC
  354. EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
  355. int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey);
  356. EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
  357. int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey);
  358. # endif
  359. X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8);
  360. int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8);
  361. PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
  362. PKCS8_PRIV_KEY_INFO **p8inf);
  363. int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf);
  364. int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
  365. int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
  366. EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
  367. int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
  368. EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
  369. X509 *X509_dup(X509 *x509);
  370. X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
  371. X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
  372. X509_CRL *X509_CRL_dup(X509_CRL *crl);
  373. X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev);
  374. X509_REQ *X509_REQ_dup(X509_REQ *req);
  375. X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
  376. int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype,
  377. void *pval);
  378. void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype,
  379. const void **ppval, const X509_ALGOR *algor);
  380. void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
  381. int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
  382. X509_NAME *X509_NAME_dup(X509_NAME *xn);
  383. X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
  384. int X509_cmp_time(const ASN1_TIME *s, time_t *t);
  385. int X509_cmp_current_time(const ASN1_TIME *s);
  386. ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
  387. ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s,
  388. int offset_day, long offset_sec, time_t *t);
  389. ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj);
  390. const char *X509_get_default_cert_area(void);
  391. const char *X509_get_default_cert_dir(void);
  392. const char *X509_get_default_cert_file(void);
  393. const char *X509_get_default_cert_dir_env(void);
  394. const char *X509_get_default_cert_file_env(void);
  395. const char *X509_get_default_private_dir(void);
  396. X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
  397. X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey);
  398. DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
  399. DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS)
  400. DECLARE_ASN1_FUNCTIONS(X509_VAL)
  401. DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
  402. int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
  403. EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key);
  404. EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
  405. int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain);
  406. long X509_get_pathlen(X509 *x);
  407. int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp);
  408. EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length);
  409. # ifndef OPENSSL_NO_RSA
  410. int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
  411. RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length);
  412. # endif
  413. # ifndef OPENSSL_NO_DSA
  414. int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp);
  415. DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length);
  416. # endif
  417. # ifndef OPENSSL_NO_EC
  418. int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp);
  419. EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length);
  420. # endif
  421. DECLARE_ASN1_FUNCTIONS(X509_SIG)
  422. void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
  423. const ASN1_OCTET_STRING **pdigest);
  424. void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
  425. ASN1_OCTET_STRING **pdigest);
  426. DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
  427. DECLARE_ASN1_FUNCTIONS(X509_REQ)
  428. DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
  429. X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
  430. DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
  431. DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
  432. DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
  433. DECLARE_ASN1_FUNCTIONS(X509_NAME)
  434. int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
  435. DECLARE_ASN1_FUNCTIONS(X509_CINF)
  436. DECLARE_ASN1_FUNCTIONS(X509)
  437. DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
  438. #define X509_get_ex_new_index(l, p, newf, dupf, freef) \
  439. CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef)
  440. int X509_set_ex_data(X509 *r, int idx, void *arg);
  441. void *X509_get_ex_data(X509 *r, int idx);
  442. int i2d_X509_AUX(X509 *a, unsigned char **pp);
  443. X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length);
  444. int i2d_re_X509_tbs(X509 *x, unsigned char **pp);
  445. void X509_get0_signature(const ASN1_BIT_STRING **psig,
  446. const X509_ALGOR **palg, const X509 *x);
  447. int X509_get_signature_nid(const X509 *x);
  448. int X509_trusted(const X509 *x);
  449. int X509_alias_set1(X509 *x, const unsigned char *name, int len);
  450. int X509_keyid_set1(X509 *x, const unsigned char *id, int len);
  451. unsigned char *X509_alias_get0(X509 *x, int *len);
  452. unsigned char *X509_keyid_get0(X509 *x, int *len);
  453. int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *,
  454. int);
  455. int X509_TRUST_set(int *t, int trust);
  456. int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj);
  457. int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj);
  458. void X509_trust_clear(X509 *x);
  459. void X509_reject_clear(X509 *x);
  460. STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x);
  461. STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x);
  462. DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
  463. DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
  464. DECLARE_ASN1_FUNCTIONS(X509_CRL)
  465. int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
  466. int X509_CRL_get0_by_serial(X509_CRL *crl,
  467. X509_REVOKED **ret, ASN1_INTEGER *serial);
  468. int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);
  469. X509_PKEY *X509_PKEY_new(void);
  470. void X509_PKEY_free(X509_PKEY *a);
  471. DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
  472. DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
  473. DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
  474. X509_INFO *X509_INFO_new(void);
  475. void X509_INFO_free(X509_INFO *a);
  476. char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size);
  477. int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1,
  478. ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey);
  479. int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
  480. unsigned char *md, unsigned int *len);
  481. int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1,
  482. X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
  483. char *data, EVP_PKEY *pkey, const EVP_MD *type);
  484. int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data,
  485. unsigned char *md, unsigned int *len);
  486. int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
  487. ASN1_BIT_STRING *signature, void *data, EVP_PKEY *pkey);
  488. int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
  489. X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data,
  490. EVP_PKEY *pkey, const EVP_MD *type);
  491. int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
  492. X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
  493. void *asn, EVP_MD_CTX *ctx);
  494. long X509_get_version(const X509 *x);
  495. int X509_set_version(X509 *x, long version);
  496. int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
  497. ASN1_INTEGER *X509_get_serialNumber(X509 *x);
  498. const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x);
  499. int X509_set_issuer_name(X509 *x, X509_NAME *name);
  500. X509_NAME *X509_get_issuer_name(const X509 *a);
  501. int X509_set_subject_name(X509 *x, X509_NAME *name);
  502. X509_NAME *X509_get_subject_name(const X509 *a);
  503. const ASN1_TIME * X509_get0_notBefore(const X509 *x);
  504. ASN1_TIME *X509_getm_notBefore(const X509 *x);
  505. int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
  506. const ASN1_TIME *X509_get0_notAfter(const X509 *x);
  507. ASN1_TIME *X509_getm_notAfter(const X509 *x);
  508. int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);
  509. int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
  510. int X509_up_ref(X509 *x);
  511. int X509_get_signature_type(const X509 *x);
  512. # if OPENSSL_API_COMPAT < 0x10100000L
  513. # define X509_get_notBefore X509_getm_notBefore
  514. # define X509_get_notAfter X509_getm_notAfter
  515. # define X509_set_notBefore X509_set1_notBefore
  516. # define X509_set_notAfter X509_set1_notAfter
  517. #endif
  518. /*
  519. * This one is only used so that a binary form can output, as in
  520. * i2d_X509_NAME(X509_get_X509_PUBKEY(x), &buf)
  521. */
  522. X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x);
  523. const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
  524. void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
  525. const ASN1_BIT_STRING **psuid);
  526. const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
  527. EVP_PKEY *X509_get0_pubkey(const X509 *x);
  528. EVP_PKEY *X509_get_pubkey(X509 *x);
  529. ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
  530. int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey);
  531. long X509_REQ_get_version(const X509_REQ *req);
  532. int X509_REQ_set_version(X509_REQ *x, long version);
  533. X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
  534. int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
  535. void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
  536. const X509_ALGOR **palg);
  537. int X509_REQ_get_signature_nid(const X509_REQ *req);
  538. int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
  539. int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
  540. EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
  541. EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
  542. X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
  543. int X509_REQ_extension_nid(int nid);
  544. int *X509_REQ_get_extension_nids(void);
  545. void X509_REQ_set_extension_nids(int *nids);
  546. STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
  547. int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
  548. int nid);
  549. int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
  550. int X509_REQ_get_attr_count(const X509_REQ *req);
  551. int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos);
  552. int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj,
  553. int lastpos);
  554. X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
  555. X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
  556. int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
  557. int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
  558. const ASN1_OBJECT *obj, int type,
  559. const unsigned char *bytes, int len);
  560. int X509_REQ_add1_attr_by_NID(X509_REQ *req,
  561. int nid, int type,
  562. const unsigned char *bytes, int len);
  563. int X509_REQ_add1_attr_by_txt(X509_REQ *req,
  564. const char *attrname, int type,
  565. const unsigned char *bytes, int len);
  566. int X509_CRL_set_version(X509_CRL *x, long version);
  567. int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
  568. int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
  569. int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
  570. int X509_CRL_sort(X509_CRL *crl);
  571. int X509_CRL_up_ref(X509_CRL *crl);
  572. # if OPENSSL_API_COMPAT < 0x10100000L
  573. # define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
  574. # define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
  575. #endif
  576. long X509_CRL_get_version(const X509_CRL *crl);
  577. const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
  578. const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
  579. DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl))
  580. DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl))
  581. X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
  582. const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl);
  583. STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
  584. void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
  585. const X509_ALGOR **palg);
  586. int X509_CRL_get_signature_nid(const X509_CRL *crl);
  587. int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp);
  588. const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x);
  589. int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
  590. const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x);
  591. int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
  592. const STACK_OF(X509_EXTENSION) *
  593. X509_REVOKED_get0_extensions(const X509_REVOKED *r);
  594. X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
  595. EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
  596. int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
  597. int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
  598. int X509_chain_check_suiteb(int *perror_depth,
  599. X509 *x, STACK_OF(X509) *chain,
  600. unsigned long flags);
  601. int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
  602. STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
  603. int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
  604. unsigned long X509_issuer_and_serial_hash(X509 *a);
  605. int X509_issuer_name_cmp(const X509 *a, const X509 *b);
  606. unsigned long X509_issuer_name_hash(X509 *a);
  607. int X509_subject_name_cmp(const X509 *a, const X509 *b);
  608. unsigned long X509_subject_name_hash(X509 *x);
  609. # ifndef OPENSSL_NO_MD5
  610. unsigned long X509_issuer_name_hash_old(X509 *a);
  611. unsigned long X509_subject_name_hash_old(X509 *x);
  612. # endif
  613. int X509_cmp(const X509 *a, const X509 *b);
  614. int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
  615. unsigned long X509_NAME_hash(X509_NAME *x);
  616. unsigned long X509_NAME_hash_old(X509_NAME *x);
  617. int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
  618. int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
  619. int X509_aux_print(BIO *out, X509 *x, int indent);
  620. # ifndef OPENSSL_NO_STDIO
  621. int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag,
  622. unsigned long cflag);
  623. int X509_print_fp(FILE *bp, X509 *x);
  624. int X509_CRL_print_fp(FILE *bp, X509_CRL *x);
  625. int X509_REQ_print_fp(FILE *bp, X509_REQ *req);
  626. int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent,
  627. unsigned long flags);
  628. # endif
  629. int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase);
  630. int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
  631. unsigned long flags);
  632. int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag,
  633. unsigned long cflag);
  634. int X509_print(BIO *bp, X509 *x);
  635. int X509_ocspid_print(BIO *bp, X509 *x);
  636. int X509_CRL_print(BIO *bp, X509_CRL *x);
  637. int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag,
  638. unsigned long cflag);
  639. int X509_REQ_print(BIO *bp, X509_REQ *req);
  640. int X509_NAME_entry_count(const X509_NAME *name);
  641. int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len);
  642. int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj,
  643. char *buf, int len);
  644. /*
  645. * NOTE: you should be passing -1, not 0 as lastpos. The functions that use
  646. * lastpos, search after that position on.
  647. */
  648. int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos);
  649. int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj,
  650. int lastpos);
  651. X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc);
  652. X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
  653. int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne,
  654. int loc, int set);
  655. int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type,
  656. const unsigned char *bytes, int len, int loc,
  657. int set);
  658. int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
  659. const unsigned char *bytes, int len, int loc,
  660. int set);
  661. X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
  662. const char *field, int type,
  663. const unsigned char *bytes,
  664. int len);
  665. X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
  666. int type,
  667. const unsigned char *bytes,
  668. int len);
  669. int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
  670. const unsigned char *bytes, int len, int loc,
  671. int set);
  672. X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
  673. const ASN1_OBJECT *obj, int type,
  674. const unsigned char *bytes,
  675. int len);
  676. int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj);
  677. int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
  678. const unsigned char *bytes, int len);
  679. ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne);
  680. ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
  681. int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne);
  682. int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder,
  683. size_t *pderlen);
  684. int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
  685. int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
  686. int nid, int lastpos);
  687. int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
  688. const ASN1_OBJECT *obj, int lastpos);
  689. int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
  690. int crit, int lastpos);
  691. X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
  692. X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
  693. STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
  694. X509_EXTENSION *ex, int loc);
  695. int X509_get_ext_count(const X509 *x);
  696. int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
  697. int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos);
  698. int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos);
  699. X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
  700. X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
  701. int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
  702. void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
  703. int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
  704. unsigned long flags);
  705. int X509_CRL_get_ext_count(const X509_CRL *x);
  706. int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos);
  707. int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj,
  708. int lastpos);
  709. int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos);
  710. X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
  711. X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
  712. int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
  713. void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx);
  714. int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
  715. unsigned long flags);
  716. int X509_REVOKED_get_ext_count(const X509_REVOKED *x);
  717. int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos);
  718. int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj,
  719. int lastpos);
  720. int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit,
  721. int lastpos);
  722. X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc);
  723. X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
  724. int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
  725. void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit,
  726. int *idx);
  727. int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
  728. unsigned long flags);
  729. X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
  730. int nid, int crit,
  731. ASN1_OCTET_STRING *data);
  732. X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
  733. const ASN1_OBJECT *obj, int crit,
  734. ASN1_OCTET_STRING *data);
  735. int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj);
  736. int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
  737. int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data);
  738. ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
  739. ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
  740. int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
  741. int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
  742. int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
  743. int lastpos);
  744. int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
  745. const ASN1_OBJECT *obj, int lastpos);
  746. X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
  747. X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
  748. STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
  749. X509_ATTRIBUTE *attr);
  750. STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE)
  751. **x, const ASN1_OBJECT *obj,
  752. int type,
  753. const unsigned char *bytes,
  754. int len);
  755. STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE)
  756. **x, int nid, int type,
  757. const unsigned char *bytes,
  758. int len);
  759. STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE)
  760. **x, const char *attrname,
  761. int type,
  762. const unsigned char *bytes,
  763. int len);
  764. void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
  765. const ASN1_OBJECT *obj, int lastpos, int type);
  766. X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
  767. int atrtype, const void *data,
  768. int len);
  769. X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
  770. const ASN1_OBJECT *obj,
  771. int atrtype, const void *data,
  772. int len);
  773. X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
  774. const char *atrname, int type,
  775. const unsigned char *bytes,
  776. int len);
  777. int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);
  778. int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
  779. const void *data, int len);
  780. void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype,
  781. void *data);
  782. int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr);
  783. ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
  784. ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
  785. int EVP_PKEY_get_attr_count(const EVP_PKEY *key);
  786. int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos);
  787. int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj,
  788. int lastpos);
  789. X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc);
  790. X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc);
  791. int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr);
  792. int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
  793. const ASN1_OBJECT *obj, int type,
  794. const unsigned char *bytes, int len);
  795. int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
  796. int nid, int type,
  797. const unsigned char *bytes, int len);
  798. int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
  799. const char *attrname, int type,
  800. const unsigned char *bytes, int len);
  801. int X509_verify_cert(X509_STORE_CTX *ctx);
  802. /* lookup a cert from a X509 STACK */
  803. X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
  804. ASN1_INTEGER *serial);
  805. X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name);
  806. DECLARE_ASN1_FUNCTIONS(PBEPARAM)
  807. DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
  808. DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
  809. int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
  810. const unsigned char *salt, int saltlen);
  811. X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
  812. const unsigned char *salt, int saltlen);
  813. X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
  814. unsigned char *salt, int saltlen);
  815. X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
  816. unsigned char *salt, int saltlen,
  817. unsigned char *aiv, int prf_nid);
  818. #ifndef OPENSSL_NO_SCRYPT
  819. X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
  820. const unsigned char *salt, int saltlen,
  821. unsigned char *aiv, uint64_t N, uint64_t r,
  822. uint64_t p);
  823. #endif
  824. X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
  825. int prf_nid, int keylen);
  826. /* PKCS#8 utilities */
  827. DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
  828. EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8);
  829. PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
  830. int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
  831. int version, int ptype, void *pval,
  832. unsigned char *penc, int penclen);
  833. int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg,
  834. const unsigned char **pk, int *ppklen,
  835. const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8);
  836. const STACK_OF(X509_ATTRIBUTE) *
  837. PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8);
  838. int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,
  839. const unsigned char *bytes, int len);
  840. int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
  841. int ptype, void *pval,
  842. unsigned char *penc, int penclen);
  843. int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
  844. const unsigned char **pk, int *ppklen,
  845. X509_ALGOR **pa, X509_PUBKEY *pub);
  846. int X509_check_trust(X509 *x, int id, int flags);
  847. int X509_TRUST_get_count(void);
  848. X509_TRUST *X509_TRUST_get0(int idx);
  849. int X509_TRUST_get_by_id(int id);
  850. int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
  851. const char *name, int arg1, void *arg2);
  852. void X509_TRUST_cleanup(void);
  853. int X509_TRUST_get_flags(const X509_TRUST *xp);
  854. char *X509_TRUST_get0_name(const X509_TRUST *xp);
  855. int X509_TRUST_get_trust(const X509_TRUST *xp);
  856. /* BEGIN ERROR CODES */
  857. /*
  858. * The following lines are auto generated by the script mkerr.pl. Any changes
  859. * made after this point may be overwritten when the script is next run.
  860. */
  861. int ERR_load_X509_strings(void);
  862. /* Error codes for the X509 functions. */
  863. /* Function codes. */
  864. # define X509_F_ADD_CERT_DIR 100
  865. # define X509_F_BUILD_CHAIN 106
  866. # define X509_F_BY_FILE_CTRL 101
  867. # define X509_F_CHECK_NAME_CONSTRAINTS 149
  868. # define X509_F_CHECK_POLICY 145
  869. # define X509_F_DANE_I2D 107
  870. # define X509_F_DIR_CTRL 102
  871. # define X509_F_GET_CERT_BY_SUBJECT 103
  872. # define X509_F_NETSCAPE_SPKI_B64_DECODE 129
  873. # define X509_F_NETSCAPE_SPKI_B64_ENCODE 130
  874. # define X509_F_X509AT_ADD1_ATTR 135
  875. # define X509_F_X509V3_ADD_EXT 104
  876. # define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136
  877. # define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137
  878. # define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140
  879. # define X509_F_X509_ATTRIBUTE_GET0_DATA 139
  880. # define X509_F_X509_ATTRIBUTE_SET1_DATA 138
  881. # define X509_F_X509_CHECK_PRIVATE_KEY 128
  882. # define X509_F_X509_CRL_DIFF 105
  883. # define X509_F_X509_CRL_PRINT_FP 147
  884. # define X509_F_X509_EXTENSION_CREATE_BY_NID 108
  885. # define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109
  886. # define X509_F_X509_GET_PUBKEY_PARAMETERS 110
  887. # define X509_F_X509_LOAD_CERT_CRL_FILE 132
  888. # define X509_F_X509_LOAD_CERT_FILE 111
  889. # define X509_F_X509_LOAD_CRL_FILE 112
  890. # define X509_F_X509_NAME_ADD_ENTRY 113
  891. # define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114
  892. # define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131
  893. # define X509_F_X509_NAME_ENTRY_SET_OBJECT 115
  894. # define X509_F_X509_NAME_ONELINE 116
  895. # define X509_F_X509_NAME_PRINT 117
  896. # define X509_F_X509_OBJECT_NEW 150
  897. # define X509_F_X509_PRINT_EX_FP 118
  898. # define X509_F_X509_PUBKEY_DECODE 148
  899. # define X509_F_X509_PUBKEY_GET0 119
  900. # define X509_F_X509_PUBKEY_SET 120
  901. # define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144
  902. # define X509_F_X509_REQ_PRINT_EX 121
  903. # define X509_F_X509_REQ_PRINT_FP 122
  904. # define X509_F_X509_REQ_TO_X509 123
  905. # define X509_F_X509_STORE_ADD_CERT 124
  906. # define X509_F_X509_STORE_ADD_CRL 125
  907. # define X509_F_X509_STORE_CTX_GET1_ISSUER 146
  908. # define X509_F_X509_STORE_CTX_INIT 143
  909. # define X509_F_X509_STORE_CTX_NEW 142
  910. # define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134
  911. # define X509_F_X509_TO_X509_REQ 126
  912. # define X509_F_X509_TRUST_ADD 133
  913. # define X509_F_X509_TRUST_SET 141
  914. # define X509_F_X509_VERIFY_CERT 127
  915. /* Reason codes. */
  916. # define X509_R_AKID_MISMATCH 110
  917. # define X509_R_BAD_SELECTOR 133
  918. # define X509_R_BAD_X509_FILETYPE 100
  919. # define X509_R_BASE64_DECODE_ERROR 118
  920. # define X509_R_CANT_CHECK_DH_KEY 114
  921. # define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
  922. # define X509_R_CRL_ALREADY_DELTA 127
  923. # define X509_R_CRL_VERIFY_FAILURE 131
  924. # define X509_R_IDP_MISMATCH 128
  925. # define X509_R_INVALID_DIRECTORY 113
  926. # define X509_R_INVALID_FIELD_NAME 119
  927. # define X509_R_INVALID_TRUST 123
  928. # define X509_R_ISSUER_MISMATCH 129
  929. # define X509_R_KEY_TYPE_MISMATCH 115
  930. # define X509_R_KEY_VALUES_MISMATCH 116
  931. # define X509_R_LOADING_CERT_DIR 103
  932. # define X509_R_LOADING_DEFAULTS 104
  933. # define X509_R_METHOD_NOT_SUPPORTED 124
  934. # define X509_R_NAME_TOO_LONG 134
  935. # define X509_R_NEWER_CRL_NOT_NEWER 132
  936. # define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
  937. # define X509_R_NO_CRL_NUMBER 130
  938. # define X509_R_PUBLIC_KEY_DECODE_ERROR 125
  939. # define X509_R_PUBLIC_KEY_ENCODE_ERROR 126
  940. # define X509_R_SHOULD_RETRY 106
  941. # define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107
  942. # define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108
  943. # define X509_R_UNKNOWN_KEY_TYPE 117
  944. # define X509_R_UNKNOWN_NID 109
  945. # define X509_R_UNKNOWN_PURPOSE_ID 121
  946. # define X509_R_UNKNOWN_TRUST_ID 120
  947. # define X509_R_UNSUPPORTED_ALGORITHM 111
  948. # define X509_R_WRONG_LOOKUP_TYPE 112
  949. # define X509_R_WRONG_TYPE 122
  950. # ifdef __cplusplus
  951. }
  952. # endif
  953. #endif