x509.h revision 7c478bd95313f5f23a4c958a745db2134aa03244
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#ifndef HEADER_X509_H
#define HEADER_X509_H
#include <openssl/symhacks.h>
#ifndef OPENSSL_NO_BUFFER
#endif
#ifndef OPENSSL_NO_EVP
#endif
#ifndef OPENSSL_NO_BIO
#endif
#include <openssl/safestack.h>
#ifndef OPENSSL_NO_RSA
#endif
#ifndef OPENSSL_NO_DSA
#endif
#ifndef OPENSSL_NO_DH
#endif
#ifndef OPENSSL_NO_SHA
#endif
#include <openssl/ossl_typ.h>
#ifdef __cplusplus
extern "C" {
#endif
#ifdef OPENSSL_SYS_WIN32
/* Under Win32 this is defined in wincrypt.h */
#endif
#define X509_FILETYPE_PEM 1
#define X509_FILETYPE_ASN1 2
#define X509_FILETYPE_DEFAULT 3
#define X509v3_KU_DIGITAL_SIGNATURE 0x0080
#define X509v3_KU_NON_REPUDIATION 0x0040
#define X509v3_KU_KEY_ENCIPHERMENT 0x0020
#define X509v3_KU_DATA_ENCIPHERMENT 0x0010
#define X509v3_KU_KEY_AGREEMENT 0x0008
#define X509v3_KU_KEY_CERT_SIGN 0x0004
#define X509v3_KU_CRL_SIGN 0x0002
#define X509v3_KU_ENCIPHER_ONLY 0x0001
#define X509v3_KU_DECIPHER_ONLY 0x8000
#define X509v3_KU_UNDEF 0xffff
typedef struct X509_objects_st
{
int nid;
int (*a2i)();
int (*i2a)();
} X509_OBJECTS;
struct X509_algor_st
{
} /* X509_ALGOR */;
typedef struct X509_val_st
{
} X509_VAL;
typedef struct X509_pubkey_st
{
} X509_PUBKEY;
typedef struct X509_sig_st
{
} X509_SIG;
typedef struct X509_name_entry_st
{
int set;
int size; /* temp variable */
/* we always keep X509_NAMEs in 2 forms. */
struct X509_name_st
{
int modified; /* true if 'bytes' needs to be built */
#ifndef OPENSSL_NO_BUFFER
#else
char *bytes;
#endif
unsigned long hash; /* Keep the hash around for lookups */
} /* X509_NAME */;
#define X509_EX_V_NETSCAPE_HACK 0x8000
#define X509_EX_V_INIT 0x0001
typedef struct X509_extension_st
{
/* a sequence of these are used */
typedef struct x509_attributes_st
{
int single; /* 0 for a set, 1 for a single item (which is wrong) */
union {
char *ptr;
} value;
typedef struct X509_req_info_st
{
/* d=2 hl=2 l= 0 cons: cont: 00 */
typedef struct X509_req_st
{
int references;
} X509_REQ;
typedef struct x509_cinf_st
{
} X509_CINF;
/* This stuff is certificate "auxiliary info"
* it contains details which are useful in certificate
* stores and databases. When used this is tagged onto
* the end of the certificate itself
*/
typedef struct x509_cert_aux_st
{
struct x509_st
{
int valid;
int references;
char *name;
/* These contain copies of various extension values */
long ex_pathlen;
unsigned long ex_flags;
unsigned long ex_kusage;
unsigned long ex_xkusage;
unsigned long ex_nscert;
struct AUTHORITY_KEYID_st *akid;
#ifndef OPENSSL_NO_SHA
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
#endif
} /* X509 */;
/* This is used for a table of trust checking functions */
typedef struct x509_trust_st {
int trust;
int flags;
char *name;
int arg1;
void *arg2;
} X509_TRUST;
/* standard trust ids */
#define X509_TRUST_COMPAT 1
#define X509_TRUST_SSL_CLIENT 2
#define X509_TRUST_SSL_SERVER 3
#define X509_TRUST_EMAIL 4
#define X509_TRUST_OBJECT_SIGN 5
#define X509_TRUST_OCSP_SIGN 6
#define X509_TRUST_OCSP_REQUEST 7
/* Keep these up to date! */
#define X509_TRUST_MIN 1
#define X509_TRUST_MAX 7
/* trust_flags values */
#define X509_TRUST_DYNAMIC 1
#define X509_TRUST_DYNAMIC_NAME 2
/* check_trust return codes */
#define X509_TRUST_TRUSTED 1
#define X509_TRUST_REJECTED 2
#define X509_TRUST_UNTRUSTED 3
/* Flags for X509_print_ex() */
#define X509_FLAG_COMPAT 0
#define X509_FLAG_NO_HEADER 1L
/* Flags specific to X509_NAME_print_ex() */
/* The field separator information */
#define XN_FLAG_COMPAT 0 /* Traditional SSLeay: use old X509_NAME_print */
/* How the field name is shown */
#define XN_FLAG_FN_SN 0 /* Object short name */
/* This determines if we dump fields we don't recognise:
* RFC2253 requires this.
*/
/* Complete set of RFC2253 flags */
#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
XN_FLAG_DN_REV | \
XN_FLAG_FN_SN | \
/* readable oneline form */
#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
XN_FLAG_SPC_EQ | \
/* readable multiline form */
#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
XN_FLAG_SPC_EQ | \
XN_FLAG_FN_LN | \
typedef struct X509_revoked_st
{
int sequence; /* load sequence */
} X509_REVOKED;
typedef struct X509_crl_info_st
{
struct X509_crl_st
{
/* actual signature */
int references;
} /* X509_CRL */;
typedef struct private_key_st
{
int version;
/* The PKCS#8 data types */
/* When decrypted, the following will not be NULL */
/* used to encrypt and decrypt */
int key_length;
char *key_data;
int key_free; /* true if we should auto free key_data */
/* expanded version of 'enc_algor' */
int references;
} X509_PKEY;
#ifndef OPENSSL_NO_EVP
typedef struct X509_info_st
{
int enc_len;
char *enc_data;
int references;
} X509_INFO;
#endif
/* The next 2 structures and their 8 routines were sent to me by
* Pat Richard <patr@x509.com> and are used to manipulate
* Netscapes spki structures - useful if you are writing a CA web page
*/
typedef struct Netscape_spkac_st
{
typedef struct Netscape_spki_st
{
/* Netscape certificate sequence structure */
typedef struct Netscape_certificate_sequence
{
/* Unused (and iv length is wrong)
typedef struct CBCParameter_st
{
unsigned char iv[8];
} CBC_PARAM;
*/
/* Password based encryption structure */
typedef struct PBEPARAM_st {
} PBEPARAM;
/* Password based encryption V2 structures */
typedef struct PBE2PARAM_st {
} PBE2PARAM;
typedef struct PBKDF2PARAM_st {
} PBKDF2PARAM;
/* PKCS#8 private key info structure */
typedef struct pkcs8_priv_key_info_st
{
int broken; /* Flag for various broken formats */
#define PKCS8_OK 0
#define PKCS8_NO_OCTET 1
#define PKCS8_EMBEDDED_PARAM 2
#define PKCS8_NS_DB 3
#ifdef __cplusplus
}
#endif
#include <openssl/x509_vfy.h>
#ifdef __cplusplus
extern "C" {
#endif
#ifdef SSLEAY_MACROS
(int (*)())i2d_X509_ATTRIBUTE, \
(char *(*)())d2i_X509_ATTRIBUTE,(char *)xa)
(int (*)())i2d_X509_EXTENSION, \
(char *(*)())d2i_X509_EXTENSION,(char *)ex)
(char *(*)())d2i_X509_CRL,(char *)crl)
(unsigned char **)(crl))
(unsigned char *)crl)
(unsigned char **)(crl))
(unsigned char *)crl)
(unsigned char **)(p7))
(unsigned char *)p7)
(unsigned char **)(p7))
(unsigned char *)p7)
(char *(*)())d2i_X509_REQ,(char *)req)
(unsigned char **)(req))
(unsigned char *)req)
(unsigned char **)(req))
(unsigned char *)req)
(char *(*)())d2i_RSAPublicKey,(char *)rsa)
(char *(*)())d2i_RSAPrivateKey,(char *)rsa)
(unsigned char **)(rsa))
(unsigned char *)rsa)
(unsigned char **)(rsa))
(unsigned char *)rsa)
(unsigned char **)(rsa))
(unsigned char *)rsa)
(unsigned char **)(rsa))
(unsigned char *)rsa)
(unsigned char **)(dsa))
(unsigned char *)dsa)
(unsigned char **)(dsa))
(unsigned char *)dsa)
(char *(*)())d2i_X509_ALGOR,(char *)xn)
(char *(*)())d2i_X509_NAME,(char *)xn)
(int (*)())i2d_X509_NAME_ENTRY, \
(char *(*)())d2i_X509_NAME_ENTRY,\
(char *)ne)
#ifndef PKCS7_ISSUER_AND_SERIAL_digest
#endif
#endif
#define X509_EXT_PACK_UNKNOWN 1
#define X509_EXT_PACK_STRING 2
/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
#define X509_name_cmp(a,b) X509_NAME_cmp((a),(b))
/* This one is only used so that a binary form can output, as in
* i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
const char *X509_verify_cert_error_string(long n);
#ifndef SSLEAY_MACROS
#ifndef OPENSSL_NO_EVP
char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
#endif
#ifndef OPENSSL_NO_FP_API
#ifndef OPENSSL_NO_RSA
#endif
#ifndef OPENSSL_NO_DSA
#endif
#endif
#ifndef OPENSSL_NO_BIO
#ifndef OPENSSL_NO_RSA
#endif
#ifndef OPENSSL_NO_DSA
#endif
#endif
#endif /* !SSLEAY_MACROS */
int X509_cmp_current_time(ASN1_TIME *s);
const char * X509_get_default_cert_area(void );
const char * X509_get_default_cert_dir(void );
const char * X509_get_default_cert_file(void );
const char * X509_get_default_cert_dir_env(void );
const char * X509_get_default_cert_file_env(void );
const char * X509_get_default_private_dir(void );
long length);
#ifndef OPENSSL_NO_RSA
long length);
#endif
#ifndef OPENSSL_NO_DSA
long length);
#endif
int X509_TRUST_set(int *t, int trust);
void X509_trust_clear(X509 *x);
void X509_reject_clear(X509 *x);
X509_PKEY * X509_PKEY_new(void );
void X509_PKEY_free(X509_PKEY *a);
#ifndef OPENSSL_NO_EVP
X509_INFO * X509_INFO_new(void);
void X509_INFO_free(X509_INFO *a);
#endif
int X509_REQ_extension_nid(int nid);
int * X509_REQ_get_extension_nids(void);
void X509_REQ_set_extension_nids(int *nids);
int nid);
int lastpos);
int lastpos);
unsigned long X509_issuer_and_serial_hash(X509 *a);
unsigned long X509_issuer_name_hash(X509 *a);
unsigned long X509_subject_name_hash(X509 *x);
unsigned long X509_NAME_hash(X509_NAME *x);
#ifndef OPENSSL_NO_FP_API
#endif
#ifndef OPENSSL_NO_BIO
#endif
/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use
* lastpos, search after that position on. */
int lastpos);
int len);
ASN1_OBJECT *obj);
int X509_get_ext_count(X509 *x);
unsigned long flags);
int X509_CRL_get_ext_count(X509_CRL *x);
unsigned long flags);
int X509_REVOKED_get_ext_count(X509_REVOKED *x);
unsigned long flags);
int lastpos);
int lastpos);
/* lookup a cert from a X509 STACK */
/* PKCS#8 utilities */
int X509_TRUST_get_count(void);
int X509_TRUST_get_by_id(int id);
void X509_TRUST_cleanup(void);
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_X509_strings(void);
/* Error codes for the X509 functions. */
/* Function codes. */
#define X509_F_ADD_CERT_DIR 100
#define X509_F_BY_FILE_CTRL 101
#define X509_F_DIR_CTRL 102
#define X509_F_GET_CERT_BY_SUBJECT 103
#define X509_F_NETSCAPE_SPKI_B64_DECODE 129
#define X509_F_NETSCAPE_SPKI_B64_ENCODE 130
#define X509_F_X509V3_ADD_EXT 104
#define X509_F_X509_ADD_ATTR 135
#define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136
#define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137
#define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140
#define X509_F_X509_ATTRIBUTE_GET0_DATA 139
#define X509_F_X509_ATTRIBUTE_SET1_DATA 138
#define X509_F_X509_CHECK_PRIVATE_KEY 128
#define X509_F_X509_EXTENSION_CREATE_BY_NID 108
#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109
#define X509_F_X509_GET_PUBKEY_PARAMETERS 110
#define X509_F_X509_LOAD_CERT_CRL_FILE 132
#define X509_F_X509_LOAD_CERT_FILE 111
#define X509_F_X509_LOAD_CRL_FILE 112
#define X509_F_X509_NAME_ADD_ENTRY 113
#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114
#define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131
#define X509_F_X509_NAME_ENTRY_SET_OBJECT 115
#define X509_F_X509_NAME_ONELINE 116
#define X509_F_X509_NAME_PRINT 117
#define X509_F_X509_PRINT_FP 118
#define X509_F_X509_PUBKEY_GET 119
#define X509_F_X509_PUBKEY_SET 120
#define X509_F_X509_REQ_PRINT 121
#define X509_F_X509_REQ_PRINT_FP 122
#define X509_F_X509_REQ_TO_X509 123
#define X509_F_X509_STORE_ADD_CERT 124
#define X509_F_X509_STORE_ADD_CRL 125
#define X509_F_X509_STORE_CTX_INIT 143
#define X509_F_X509_STORE_CTX_NEW 142
#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134
#define X509_F_X509_TO_X509_REQ 126
#define X509_F_X509_TRUST_ADD 133
#define X509_F_X509_TRUST_SET 141
#define X509_F_X509_VERIFY_CERT 127
/* Reason codes. */
#define X509_R_BAD_X509_FILETYPE 100
#define X509_R_BASE64_DECODE_ERROR 118
#define X509_R_CANT_CHECK_DH_KEY 114
#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
#define X509_R_ERR_ASN1_LIB 102
#define X509_R_INVALID_DIRECTORY 113
#define X509_R_INVALID_FIELD_NAME 119
#define X509_R_INVALID_TRUST 123
#define X509_R_KEY_TYPE_MISMATCH 115
#define X509_R_KEY_VALUES_MISMATCH 116
#define X509_R_LOADING_CERT_DIR 103
#define X509_R_LOADING_DEFAULTS 104
#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
#define X509_R_SHOULD_RETRY 106
#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107
#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108
#define X509_R_UNKNOWN_KEY_TYPE 117
#define X509_R_UNKNOWN_NID 109
#define X509_R_UNKNOWN_PURPOSE_ID 121
#define X509_R_UNKNOWN_TRUST_ID 120
#define X509_R_UNSUPPORTED_ALGORITHM 111
#define X509_R_WRONG_LOOKUP_TYPE 112
#define X509_R_WRONG_TYPE 122
#ifdef __cplusplus
}
#endif
#endif