VirtualBox

source: vbox/trunk/src/libs/openssl-3.1.7/include/openssl/x509v3.h.in@ 108351

最後變更 在這個檔案從108351是 104078,由 vboxsync 提交於 12 月 前

openssl-3.1.5: Applied and adjusted our OpenSSL changes to 3.1.4. bugref:10638
檔案大小: 34.4 KB
 
1/*
2 * {- join("\n * ", @autowarntext) -}
3 *
4 * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
5 *
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
10 */
11
12{-
13use OpenSSL::stackhash qw(generate_stack_macros);
14-}
15
16#ifndef OPENSSL_X509V3_H
17# define OPENSSL_X509V3_H
18# pragma once
19
20# include <openssl/macros.h>
21# ifndef OPENSSL_NO_DEPRECATED_3_0
22# define HEADER_X509V3_H
23# endif
24
25# include <openssl/bio.h>
26# include <openssl/x509.h>
27# include <openssl/conf.h>
28# include <openssl/x509v3err.h>
29# ifndef OPENSSL_NO_STDIO
30# include <stdio.h>
31# endif
32
33#ifdef __cplusplus
34extern "C" {
35#endif
36
37/* Forward reference */
38struct v3_ext_method;
39struct v3_ext_ctx;
40
41/* Useful typedefs */
42
43typedef void *(*X509V3_EXT_NEW)(void);
44typedef void (*X509V3_EXT_FREE) (void *);
45typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long);
46typedef int (*X509V3_EXT_I2D) (const void *, unsigned char **);
47typedef STACK_OF(CONF_VALUE) *
48 (*X509V3_EXT_I2V) (const struct v3_ext_method *method, void *ext,
49 STACK_OF(CONF_VALUE) *extlist);
50typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method,
51 struct v3_ext_ctx *ctx,
52 STACK_OF(CONF_VALUE) *values);
53typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method,
54 void *ext);
55typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method,
56 struct v3_ext_ctx *ctx, const char *str);
57typedef int (*X509V3_EXT_I2R) (const struct v3_ext_method *method, void *ext,
58 BIO *out, int indent);
59typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method,
60 struct v3_ext_ctx *ctx, const char *str);
61
62/* V3 extension structure */
63
64struct v3_ext_method {
65 int ext_nid;
66 int ext_flags;
67/* If this is set the following four fields are ignored */
68 ASN1_ITEM_EXP *it;
69/* Old style ASN1 calls */
70 X509V3_EXT_NEW ext_new;
71 X509V3_EXT_FREE ext_free;
72 X509V3_EXT_D2I d2i;
73 X509V3_EXT_I2D i2d;
74/* The following pair is used for string extensions */
75 X509V3_EXT_I2S i2s;
76 X509V3_EXT_S2I s2i;
77/* The following pair is used for multi-valued extensions */
78 X509V3_EXT_I2V i2v;
79 X509V3_EXT_V2I v2i;
80/* The following are used for raw extensions */
81 X509V3_EXT_I2R i2r;
82 X509V3_EXT_R2I r2i;
83 void *usr_data; /* Any extension specific data */
84};
85
86typedef struct X509V3_CONF_METHOD_st {
87 char *(*get_string) (void *db, const char *section, const char *value);
88 STACK_OF(CONF_VALUE) *(*get_section) (void *db, const char *section);
89 void (*free_string) (void *db, char *string);
90 void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section);
91} X509V3_CONF_METHOD;
92
93/* Context specific info for producing X509 v3 extensions*/
94struct v3_ext_ctx {
95# define X509V3_CTX_TEST 0x1
96# ifndef OPENSSL_NO_DEPRECATED_3_0
97# define CTX_TEST X509V3_CTX_TEST
98# endif
99# define X509V3_CTX_REPLACE 0x2
100 int flags;
101 X509 *issuer_cert;
102 X509 *subject_cert;
103 X509_REQ *subject_req;
104 X509_CRL *crl;
105 X509V3_CONF_METHOD *db_meth;
106 void *db;
107 EVP_PKEY *issuer_pkey;
108/* Maybe more here */
109};
110
111typedef struct v3_ext_method X509V3_EXT_METHOD;
112
113{-
114 generate_stack_macros("X509V3_EXT_METHOD");
115-}
116
117/* ext_flags values */
118# define X509V3_EXT_DYNAMIC 0x1
119# define X509V3_EXT_CTX_DEP 0x2
120# define X509V3_EXT_MULTILINE 0x4
121
122typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
123
124typedef struct BASIC_CONSTRAINTS_st {
125 int ca;
126 ASN1_INTEGER *pathlen;
127} BASIC_CONSTRAINTS;
128
129typedef struct PKEY_USAGE_PERIOD_st {
130 ASN1_GENERALIZEDTIME *notBefore;
131 ASN1_GENERALIZEDTIME *notAfter;
132} PKEY_USAGE_PERIOD;
133
134typedef struct otherName_st {
135 ASN1_OBJECT *type_id;
136 ASN1_TYPE *value;
137} OTHERNAME;
138
139typedef struct EDIPartyName_st {
140 ASN1_STRING *nameAssigner;
141 ASN1_STRING *partyName;
142} EDIPARTYNAME;
143
144typedef struct GENERAL_NAME_st {
145# define GEN_OTHERNAME 0
146# define GEN_EMAIL 1
147# define GEN_DNS 2
148# define GEN_X400 3
149# define GEN_DIRNAME 4
150# define GEN_EDIPARTY 5
151# define GEN_URI 6
152# define GEN_IPADD 7
153# define GEN_RID 8
154 int type;
155 union {
156 char *ptr;
157 OTHERNAME *otherName; /* otherName */
158 ASN1_IA5STRING *rfc822Name;
159 ASN1_IA5STRING *dNSName;
160 ASN1_STRING *x400Address;
161 X509_NAME *directoryName;
162 EDIPARTYNAME *ediPartyName;
163 ASN1_IA5STRING *uniformResourceIdentifier;
164 ASN1_OCTET_STRING *iPAddress;
165 ASN1_OBJECT *registeredID;
166 /* Old names */
167 ASN1_OCTET_STRING *ip; /* iPAddress */
168 X509_NAME *dirn; /* dirn */
169 ASN1_IA5STRING *ia5; /* rfc822Name, dNSName,
170 * uniformResourceIdentifier */
171 ASN1_OBJECT *rid; /* registeredID */
172 ASN1_TYPE *other; /* x400Address */
173 } d;
174} GENERAL_NAME;
175
176typedef struct ACCESS_DESCRIPTION_st {
177 ASN1_OBJECT *method;
178 GENERAL_NAME *location;
179} ACCESS_DESCRIPTION;
180
181{-
182 generate_stack_macros("ACCESS_DESCRIPTION")
183 .generate_stack_macros("GENERAL_NAME");
184-}
185
186typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
187typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
188typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE;
189typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
190
191{-
192 generate_stack_macros("GENERAL_NAMES");
193-}
194
195typedef struct DIST_POINT_NAME_st {
196 int type;
197 union {
198 GENERAL_NAMES *fullname;
199 STACK_OF(X509_NAME_ENTRY) *relativename;
200 } name;
201/* If relativename then this contains the full distribution point name */
202 X509_NAME *dpname;
203} DIST_POINT_NAME;
204/* All existing reasons */
205# define CRLDP_ALL_REASONS 0x807f
206
207# define CRL_REASON_NONE -1
208# define CRL_REASON_UNSPECIFIED 0
209# define CRL_REASON_KEY_COMPROMISE 1
210# define CRL_REASON_CA_COMPROMISE 2
211# define CRL_REASON_AFFILIATION_CHANGED 3
212# define CRL_REASON_SUPERSEDED 4
213# define CRL_REASON_CESSATION_OF_OPERATION 5
214# define CRL_REASON_CERTIFICATE_HOLD 6
215# define CRL_REASON_REMOVE_FROM_CRL 8
216# define CRL_REASON_PRIVILEGE_WITHDRAWN 9
217# define CRL_REASON_AA_COMPROMISE 10
218
219struct DIST_POINT_st {
220 DIST_POINT_NAME *distpoint;
221 ASN1_BIT_STRING *reasons;
222 GENERAL_NAMES *CRLissuer;
223 int dp_reasons;
224};
225
226{-
227 generate_stack_macros("DIST_POINT");
228-}
229
230typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
231
232struct AUTHORITY_KEYID_st {
233 ASN1_OCTET_STRING *keyid;
234 GENERAL_NAMES *issuer;
235 ASN1_INTEGER *serial;
236};
237
238/* Strong extranet structures */
239
240typedef struct SXNET_ID_st {
241 ASN1_INTEGER *zone;
242 ASN1_OCTET_STRING *user;
243} SXNETID;
244
245{-
246 generate_stack_macros("SXNETID");
247-}
248
249
250typedef struct SXNET_st {
251 ASN1_INTEGER *version;
252 STACK_OF(SXNETID) *ids;
253} SXNET;
254
255typedef struct ISSUER_SIGN_TOOL_st {
256 ASN1_UTF8STRING *signTool;
257 ASN1_UTF8STRING *cATool;
258 ASN1_UTF8STRING *signToolCert;
259 ASN1_UTF8STRING *cAToolCert;
260} ISSUER_SIGN_TOOL;
261
262typedef struct NOTICEREF_st {
263 ASN1_STRING *organization;
264 STACK_OF(ASN1_INTEGER) *noticenos;
265} NOTICEREF;
266
267typedef struct USERNOTICE_st {
268 NOTICEREF *noticeref;
269 ASN1_STRING *exptext;
270} USERNOTICE;
271
272typedef struct POLICYQUALINFO_st {
273 ASN1_OBJECT *pqualid;
274 union {
275 ASN1_IA5STRING *cpsuri;
276 USERNOTICE *usernotice;
277 ASN1_TYPE *other;
278 } d;
279} POLICYQUALINFO;
280
281{-
282 generate_stack_macros("POLICYQUALINFO");
283-}
284
285
286typedef struct POLICYINFO_st {
287 ASN1_OBJECT *policyid;
288 STACK_OF(POLICYQUALINFO) *qualifiers;
289} POLICYINFO;
290
291{-
292 generate_stack_macros("POLICYINFO");
293-}
294
295typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
296
297typedef struct POLICY_MAPPING_st {
298 ASN1_OBJECT *issuerDomainPolicy;
299 ASN1_OBJECT *subjectDomainPolicy;
300} POLICY_MAPPING;
301
302{-
303 generate_stack_macros("POLICY_MAPPING");
304-}
305
306typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;
307
308typedef struct GENERAL_SUBTREE_st {
309 GENERAL_NAME *base;
310 ASN1_INTEGER *minimum;
311 ASN1_INTEGER *maximum;
312} GENERAL_SUBTREE;
313
314{-
315 generate_stack_macros("GENERAL_SUBTREE");
316-}
317
318struct NAME_CONSTRAINTS_st {
319 STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
320 STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
321};
322
323typedef struct POLICY_CONSTRAINTS_st {
324 ASN1_INTEGER *requireExplicitPolicy;
325 ASN1_INTEGER *inhibitPolicyMapping;
326} POLICY_CONSTRAINTS;
327
328/* Proxy certificate structures, see RFC 3820 */
329typedef struct PROXY_POLICY_st {
330 ASN1_OBJECT *policyLanguage;
331 ASN1_OCTET_STRING *policy;
332} PROXY_POLICY;
333
334typedef struct PROXY_CERT_INFO_EXTENSION_st {
335 ASN1_INTEGER *pcPathLengthConstraint;
336 PROXY_POLICY *proxyPolicy;
337} PROXY_CERT_INFO_EXTENSION;
338
339DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)
340DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
341
342struct ISSUING_DIST_POINT_st {
343 DIST_POINT_NAME *distpoint;
344 int onlyuser;
345 int onlyCA;
346 ASN1_BIT_STRING *onlysomereasons;
347 int indirectCRL;
348 int onlyattr;
349};
350
351/* Values in idp_flags field */
352/* IDP present */
353# define IDP_PRESENT 0x1
354/* IDP values inconsistent */
355# define IDP_INVALID 0x2
356/* onlyuser true */
357# define IDP_ONLYUSER 0x4
358/* onlyCA true */
359# define IDP_ONLYCA 0x8
360/* onlyattr true */
361# define IDP_ONLYATTR 0x10
362/* indirectCRL true */
363# define IDP_INDIRECT 0x20
364/* onlysomereasons present */
365# define IDP_REASONS 0x40
366
367# define X509V3_conf_err(val) ERR_add_error_data(6, \
368 "section:", (val)->section, \
369 ",name:", (val)->name, ",value:", (val)->value)
370
371# define X509V3_set_ctx_test(ctx) \
372 X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, X509V3_CTX_TEST)
373# define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
374
375# define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
376 0,0,0,0, \
377 0,0, \
378 (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
379 (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
380 NULL, NULL, \
381 table}
382
383# define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
384 0,0,0,0, \
385 (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
386 (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
387 0,0,0,0, \
388 NULL}
389
390#define EXT_UTF8STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_UTF8STRING), \
391 0,0,0,0, \
392 (X509V3_EXT_I2S)i2s_ASN1_UTF8STRING, \
393 (X509V3_EXT_S2I)s2i_ASN1_UTF8STRING, \
394 0,0,0,0, \
395 NULL}
396
397# define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
398
399/* X509_PURPOSE stuff */
400
401# define EXFLAG_BCONS 0x1
402# define EXFLAG_KUSAGE 0x2
403# define EXFLAG_XKUSAGE 0x4
404# define EXFLAG_NSCERT 0x8
405
406# define EXFLAG_CA 0x10
407# define EXFLAG_SI 0x20 /* self-issued, maybe not self-signed */
408# define EXFLAG_V1 0x40
409# define EXFLAG_INVALID 0x80
410/* EXFLAG_SET is set to indicate that some values have been precomputed */
411# define EXFLAG_SET 0x100
412# define EXFLAG_CRITICAL 0x200
413# define EXFLAG_PROXY 0x400
414
415# define EXFLAG_INVALID_POLICY 0x800
416# define EXFLAG_FRESHEST 0x1000
417# define EXFLAG_SS 0x2000 /* cert is apparently self-signed */
418
419# define EXFLAG_BCONS_CRITICAL 0x10000
420# define EXFLAG_AKID_CRITICAL 0x20000
421# define EXFLAG_SKID_CRITICAL 0x40000
422# define EXFLAG_SAN_CRITICAL 0x80000
423# define EXFLAG_NO_FINGERPRINT 0x100000
424
425# define KU_DIGITAL_SIGNATURE 0x0080
426# define KU_NON_REPUDIATION 0x0040
427# define KU_KEY_ENCIPHERMENT 0x0020
428# define KU_DATA_ENCIPHERMENT 0x0010
429# define KU_KEY_AGREEMENT 0x0008
430# define KU_KEY_CERT_SIGN 0x0004
431# define KU_CRL_SIGN 0x0002
432# define KU_ENCIPHER_ONLY 0x0001
433# define KU_DECIPHER_ONLY 0x8000
434
435# define NS_SSL_CLIENT 0x80
436# define NS_SSL_SERVER 0x40
437# define NS_SMIME 0x20
438# define NS_OBJSIGN 0x10
439# define NS_SSL_CA 0x04
440# define NS_SMIME_CA 0x02
441# define NS_OBJSIGN_CA 0x01
442# define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
443
444# define XKU_SSL_SERVER 0x1
445# define XKU_SSL_CLIENT 0x2
446# define XKU_SMIME 0x4
447# define XKU_CODE_SIGN 0x8
448# define XKU_SGC 0x10 /* Netscape or MS Server-Gated Crypto */
449# define XKU_OCSP_SIGN 0x20
450# define XKU_TIMESTAMP 0x40
451# define XKU_DVCS 0x80
452# define XKU_ANYEKU 0x100
453
454# define X509_PURPOSE_DYNAMIC 0x1
455# define X509_PURPOSE_DYNAMIC_NAME 0x2
456
457typedef struct x509_purpose_st {
458 int purpose;
459 int trust; /* Default trust ID */
460 int flags;
461 int (*check_purpose) (const struct x509_purpose_st *, const X509 *, int);
462 char *name;
463 char *sname;
464 void *usr_data;
465} X509_PURPOSE;
466
467{-
468 generate_stack_macros("X509_PURPOSE");
469-}
470
471
472# define X509_PURPOSE_SSL_CLIENT 1
473# define X509_PURPOSE_SSL_SERVER 2
474# define X509_PURPOSE_NS_SSL_SERVER 3
475# define X509_PURPOSE_SMIME_SIGN 4
476# define X509_PURPOSE_SMIME_ENCRYPT 5
477# define X509_PURPOSE_CRL_SIGN 6
478# define X509_PURPOSE_ANY 7
479# define X509_PURPOSE_OCSP_HELPER 8
480# define X509_PURPOSE_TIMESTAMP_SIGN 9
481
482# define X509_PURPOSE_MIN 1
483# define X509_PURPOSE_MAX 9
484
485/* Flags for X509V3_EXT_print() */
486
487# define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
488/* Return error for unknown extensions */
489# define X509V3_EXT_DEFAULT 0
490/* Print error for unknown extensions */
491# define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
492/* ASN1 parse unknown extensions */
493# define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
494/* BIO_dump unknown extensions */
495# define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
496
497/* Flags for X509V3_add1_i2d */
498
499# define X509V3_ADD_OP_MASK 0xfL
500# define X509V3_ADD_DEFAULT 0L
501# define X509V3_ADD_APPEND 1L
502# define X509V3_ADD_REPLACE 2L
503# define X509V3_ADD_REPLACE_EXISTING 3L
504# define X509V3_ADD_KEEP_EXISTING 4L
505# define X509V3_ADD_DELETE 5L
506# define X509V3_ADD_SILENT 0x10
507
508DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
509
510DECLARE_ASN1_FUNCTIONS(SXNET)
511DECLARE_ASN1_FUNCTIONS(SXNETID)
512
513DECLARE_ASN1_FUNCTIONS(ISSUER_SIGN_TOOL)
514
515int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen);
516int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
517 int userlen);
518int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user,
519 int userlen);
520
521ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone);
522ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
523ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
524
525DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
526
527DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
528
529DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
530DECLARE_ASN1_DUP_FUNCTION(GENERAL_NAME)
531int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b);
532
533ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
534 X509V3_CTX *ctx,
535 STACK_OF(CONF_VALUE) *nval);
536STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
537 ASN1_BIT_STRING *bits,
538 STACK_OF(CONF_VALUE) *extlist);
539char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
540ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
541 X509V3_CTX *ctx, const char *str);
542char *i2s_ASN1_UTF8STRING(X509V3_EXT_METHOD *method, ASN1_UTF8STRING *utf8);
543ASN1_UTF8STRING *s2i_ASN1_UTF8STRING(X509V3_EXT_METHOD *method,
544 X509V3_CTX *ctx, const char *str);
545
546STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
547 GENERAL_NAME *gen,
548 STACK_OF(CONF_VALUE) *ret);
549int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
550
551DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
552
553STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
554 GENERAL_NAMES *gen,
555 STACK_OF(CONF_VALUE) *extlist);
556GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
557 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
558
559DECLARE_ASN1_FUNCTIONS(OTHERNAME)
560DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
561int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b);
562void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value);
563void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype);
564int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
565 ASN1_OBJECT *oid, ASN1_TYPE *value);
566int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen,
567 ASN1_OBJECT **poid, ASN1_TYPE **pvalue);
568
569char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
570 const ASN1_OCTET_STRING *ia5);
571ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
572 X509V3_CTX *ctx, const char *str);
573
574DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
575int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a);
576
577DECLARE_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE)
578
579DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
580DECLARE_ASN1_FUNCTIONS(POLICYINFO)
581DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)
582DECLARE_ASN1_FUNCTIONS(USERNOTICE)
583DECLARE_ASN1_FUNCTIONS(NOTICEREF)
584
585DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
586DECLARE_ASN1_FUNCTIONS(DIST_POINT)
587DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
588DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
589
590int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, const X509_NAME *iname);
591
592int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc);
593int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc);
594
595DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
596DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
597
598DECLARE_ASN1_ITEM(POLICY_MAPPING)
599DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
600DECLARE_ASN1_ITEM(POLICY_MAPPINGS)
601
602DECLARE_ASN1_ITEM(GENERAL_SUBTREE)
603DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
604
605DECLARE_ASN1_ITEM(NAME_CONSTRAINTS)
606DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
607
608DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
609DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
610
611GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
612 const X509V3_EXT_METHOD *method,
613 X509V3_CTX *ctx, int gen_type,
614 const char *value, int is_nc);
615
616# ifdef OPENSSL_CONF_H
617GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method,
618 X509V3_CTX *ctx, CONF_VALUE *cnf);
619GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
620 const X509V3_EXT_METHOD *method,
621 X509V3_CTX *ctx, CONF_VALUE *cnf,
622 int is_nc);
623
624void X509V3_conf_free(CONF_VALUE *val);
625
626X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
627 const char *value);
628X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
629 const char *value);
630int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
631 STACK_OF(X509_EXTENSION) **sk);
632int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
633 X509 *cert);
634int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
635 X509_REQ *req);
636int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
637 X509_CRL *crl);
638
639X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
640 X509V3_CTX *ctx, int ext_nid,
641 const char *value);
642X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
643 const char *name, const char *value);
644int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
645 const char *section, X509 *cert);
646int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
647 const char *section, X509_REQ *req);
648int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
649 const char *section, X509_CRL *crl);
650
651int X509V3_add_value_bool_nf(const char *name, int asn1_bool,
652 STACK_OF(CONF_VALUE) **extlist);
653int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool);
654int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint);
655void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
656void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash);
657# endif
658
659char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section);
660STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section);
661void X509V3_string_free(X509V3_CTX *ctx, char *str);
662void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
663void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
664 X509_REQ *req, X509_CRL *crl, int flags);
665/* For API backward compatibility, this is separate from X509V3_set_ctx(): */
666int X509V3_set_issuer_pkey(X509V3_CTX *ctx, EVP_PKEY *pkey);
667
668int X509V3_add_value(const char *name, const char *value,
669 STACK_OF(CONF_VALUE) **extlist);
670int X509V3_add_value_uchar(const char *name, const unsigned char *value,
671 STACK_OF(CONF_VALUE) **extlist);
672int X509V3_add_value_bool(const char *name, int asn1_bool,
673 STACK_OF(CONF_VALUE) **extlist);
674int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint,
675 STACK_OF(CONF_VALUE) **extlist);
676char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint);
677ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value);
678char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint);
679char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth,
680 const ASN1_ENUMERATED *aint);
681int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
682int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
683int X509V3_EXT_add_alias(int nid_to, int nid_from);
684void X509V3_EXT_cleanup(void);
685
686const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
687const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
688int X509V3_add_standard_extensions(void);
689STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
690void *X509V3_EXT_d2i(X509_EXTENSION *ext);
691void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
692 int *idx);
693
694X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
695int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
696 int crit, unsigned long flags);
697
698#ifndef OPENSSL_NO_DEPRECATED_1_1_0
699/* The new declarations are in crypto.h, but the old ones were here. */
700# define hex_to_string OPENSSL_buf2hexstr
701# define string_to_hex OPENSSL_hexstr2buf
702#endif
703
704void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
705 int ml);
706int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
707 int indent);
708#ifndef OPENSSL_NO_STDIO
709int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
710#endif
711int X509V3_extensions_print(BIO *out, const char *title,
712 const STACK_OF(X509_EXTENSION) *exts,
713 unsigned long flag, int indent);
714
715int X509_check_ca(X509 *x);
716int X509_check_purpose(X509 *x, int id, int ca);
717int X509_supported_extension(X509_EXTENSION *ex);
718int X509_PURPOSE_set(int *p, int purpose);
719int X509_check_issued(X509 *issuer, X509 *subject);
720int X509_check_akid(const X509 *issuer, const AUTHORITY_KEYID *akid);
721void X509_set_proxy_flag(X509 *x);
722void X509_set_proxy_pathlen(X509 *x, long l);
723long X509_get_proxy_pathlen(X509 *x);
724
725uint32_t X509_get_extension_flags(X509 *x);
726uint32_t X509_get_key_usage(X509 *x);
727uint32_t X509_get_extended_key_usage(X509 *x);
728const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
729const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x);
730const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x);
731const ASN1_INTEGER *X509_get0_authority_serial(X509 *x);
732
733int X509_PURPOSE_get_count(void);
734X509_PURPOSE *X509_PURPOSE_get0(int idx);
735int X509_PURPOSE_get_by_sname(const char *sname);
736int X509_PURPOSE_get_by_id(int id);
737int X509_PURPOSE_add(int id, int trust, int flags,
738 int (*ck) (const X509_PURPOSE *, const X509 *, int),
739 const char *name, const char *sname, void *arg);
740char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp);
741char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp);
742int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);
743void X509_PURPOSE_cleanup(void);
744int X509_PURPOSE_get_id(const X509_PURPOSE *);
745
746STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
747STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
748void X509_email_free(STACK_OF(OPENSSL_STRING) *sk);
749STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
750/* Flags for X509_check_* functions */
751
752/*
753 * Always check subject name for host match even if subject alt names present
754 */
755# define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1
756/* Disable wildcard matching for dnsName fields and common name. */
757# define X509_CHECK_FLAG_NO_WILDCARDS 0x2
758/* Wildcards must not match a partial label. */
759# define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4
760/* Allow (non-partial) wildcards to match multiple labels. */
761# define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8
762/* Constraint verifier subdomain patterns to match a single labels. */
763# define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10
764/* Never check the subject CN */
765# define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20
766/*
767 * Match reference identifiers starting with "." to any sub-domain.
768 * This is a non-public flag, turned on implicitly when the subject
769 * reference identity is a DNS name.
770 */
771# define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000
772
773int X509_check_host(X509 *x, const char *chk, size_t chklen,
774 unsigned int flags, char **peername);
775int X509_check_email(X509 *x, const char *chk, size_t chklen,
776 unsigned int flags);
777int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
778 unsigned int flags);
779int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags);
780
781ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
782ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
783int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
784 unsigned long chtype);
785
786void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
787{-
788 generate_stack_macros("X509_POLICY_NODE");
789-}
790
791
792#ifndef OPENSSL_NO_RFC3779
793typedef struct ASRange_st {
794 ASN1_INTEGER *min, *max;
795} ASRange;
796
797# define ASIdOrRange_id 0
798# define ASIdOrRange_range 1
799
800typedef struct ASIdOrRange_st {
801 int type;
802 union {
803 ASN1_INTEGER *id;
804 ASRange *range;
805 } u;
806} ASIdOrRange;
807
808{-
809 generate_stack_macros("ASIdOrRange");
810-}
811
812typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
813
814# define ASIdentifierChoice_inherit 0
815# define ASIdentifierChoice_asIdsOrRanges 1
816
817typedef struct ASIdentifierChoice_st {
818 int type;
819 union {
820 ASN1_NULL *inherit;
821 ASIdOrRanges *asIdsOrRanges;
822 } u;
823} ASIdentifierChoice;
824
825typedef struct ASIdentifiers_st {
826 ASIdentifierChoice *asnum, *rdi;
827} ASIdentifiers;
828
829DECLARE_ASN1_FUNCTIONS(ASRange)
830DECLARE_ASN1_FUNCTIONS(ASIdOrRange)
831DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice)
832DECLARE_ASN1_FUNCTIONS(ASIdentifiers)
833
834typedef struct IPAddressRange_st {
835 ASN1_BIT_STRING *min, *max;
836} IPAddressRange;
837
838# define IPAddressOrRange_addressPrefix 0
839# define IPAddressOrRange_addressRange 1
840
841typedef struct IPAddressOrRange_st {
842 int type;
843 union {
844 ASN1_BIT_STRING *addressPrefix;
845 IPAddressRange *addressRange;
846 } u;
847} IPAddressOrRange;
848
849{-
850 generate_stack_macros("IPAddressOrRange");
851-}
852
853typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
854
855# define IPAddressChoice_inherit 0
856# define IPAddressChoice_addressesOrRanges 1
857
858typedef struct IPAddressChoice_st {
859 int type;
860 union {
861 ASN1_NULL *inherit;
862 IPAddressOrRanges *addressesOrRanges;
863 } u;
864} IPAddressChoice;
865
866typedef struct IPAddressFamily_st {
867 ASN1_OCTET_STRING *addressFamily;
868 IPAddressChoice *ipAddressChoice;
869} IPAddressFamily;
870
871{-
872 generate_stack_macros("IPAddressFamily");
873-}
874
875
876typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
877
878DECLARE_ASN1_FUNCTIONS(IPAddressRange)
879DECLARE_ASN1_FUNCTIONS(IPAddressOrRange)
880DECLARE_ASN1_FUNCTIONS(IPAddressChoice)
881DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
882
883/*
884 * API tag for elements of the ASIdentifer SEQUENCE.
885 */
886# define V3_ASID_ASNUM 0
887# define V3_ASID_RDI 1
888
889/*
890 * AFI values, assigned by IANA. It'd be nice to make the AFI
891 * handling code totally generic, but there are too many little things
892 * that would need to be defined for other address families for it to
893 * be worth the trouble.
894 */
895# define IANA_AFI_IPV4 1
896# define IANA_AFI_IPV6 2
897
898/*
899 * Utilities to construct and extract values from RFC3779 extensions,
900 * since some of the encodings (particularly for IP address prefixes
901 * and ranges) are a bit tedious to work with directly.
902 */
903int X509v3_asid_add_inherit(ASIdentifiers *asid, int which);
904int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
905 ASN1_INTEGER *min, ASN1_INTEGER *max);
906int X509v3_addr_add_inherit(IPAddrBlocks *addr,
907 const unsigned afi, const unsigned *safi);
908int X509v3_addr_add_prefix(IPAddrBlocks *addr,
909 const unsigned afi, const unsigned *safi,
910 unsigned char *a, const int prefixlen);
911int X509v3_addr_add_range(IPAddrBlocks *addr,
912 const unsigned afi, const unsigned *safi,
913 unsigned char *min, unsigned char *max);
914unsigned X509v3_addr_get_afi(const IPAddressFamily *f);
915int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
916 unsigned char *min, unsigned char *max,
917 const int length);
918
919/*
920 * Canonical forms.
921 */
922int X509v3_asid_is_canonical(ASIdentifiers *asid);
923int X509v3_addr_is_canonical(IPAddrBlocks *addr);
924int X509v3_asid_canonize(ASIdentifiers *asid);
925int X509v3_addr_canonize(IPAddrBlocks *addr);
926
927/*
928 * Tests for inheritance and containment.
929 */
930int X509v3_asid_inherits(ASIdentifiers *asid);
931int X509v3_addr_inherits(IPAddrBlocks *addr);
932int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b);
933int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);
934
935/*
936 * Check whether RFC 3779 extensions nest properly in chains.
937 */
938int X509v3_asid_validate_path(X509_STORE_CTX *);
939int X509v3_addr_validate_path(X509_STORE_CTX *);
940int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain,
941 ASIdentifiers *ext,
942 int allow_inheritance);
943int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain,
944 IPAddrBlocks *ext, int allow_inheritance);
945
946#endif /* OPENSSL_NO_RFC3779 */
947
948{-
949 generate_stack_macros("ASN1_STRING");
950-}
951
952/*
953 * Admission Syntax
954 */
955typedef struct NamingAuthority_st NAMING_AUTHORITY;
956typedef struct ProfessionInfo_st PROFESSION_INFO;
957typedef struct Admissions_st ADMISSIONS;
958typedef struct AdmissionSyntax_st ADMISSION_SYNTAX;
959DECLARE_ASN1_FUNCTIONS(NAMING_AUTHORITY)
960DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO)
961DECLARE_ASN1_FUNCTIONS(ADMISSIONS)
962DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX)
963{-
964 generate_stack_macros("PROFESSION_INFO")
965 .generate_stack_macros("ADMISSIONS");
966-}
967typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS;
968
969const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId(
970 const NAMING_AUTHORITY *n);
971const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL(
972 const NAMING_AUTHORITY *n);
973const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText(
974 const NAMING_AUTHORITY *n);
975void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n,
976 ASN1_OBJECT* namingAuthorityId);
977void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n,
978 ASN1_IA5STRING* namingAuthorityUrl);
979void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n,
980 ASN1_STRING* namingAuthorityText);
981
982const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority(
983 const ADMISSION_SYNTAX *as);
984void ADMISSION_SYNTAX_set0_admissionAuthority(
985 ADMISSION_SYNTAX *as, GENERAL_NAME *aa);
986const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions(
987 const ADMISSION_SYNTAX *as);
988void ADMISSION_SYNTAX_set0_contentsOfAdmissions(
989 ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a);
990const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a);
991void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa);
992const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a);
993void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na);
994const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a);
995void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi);
996const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo(
997 const PROFESSION_INFO *pi);
998void PROFESSION_INFO_set0_addProfessionInfo(
999 PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos);
1000const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority(
1001 const PROFESSION_INFO *pi);
1002void PROFESSION_INFO_set0_namingAuthority(
1003 PROFESSION_INFO *pi, NAMING_AUTHORITY *na);
1004const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems(
1005 const PROFESSION_INFO *pi);
1006void PROFESSION_INFO_set0_professionItems(
1007 PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as);
1008const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs(
1009 const PROFESSION_INFO *pi);
1010void PROFESSION_INFO_set0_professionOIDs(
1011 PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po);
1012const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber(
1013 const PROFESSION_INFO *pi);
1014void PROFESSION_INFO_set0_registrationNumber(
1015 PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn);
1016
1017# ifdef __cplusplus
1018}
1019# endif
1020#endif
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette