155714Skris/* x509v3.h */ 2280304Sjkim/* 3280304Sjkim * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 4280304Sjkim * 1999. 555714Skris */ 655714Skris/* ==================================================================== 7160814Ssimon * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. 855714Skris * 955714Skris * Redistribution and use in source and binary forms, with or without 1055714Skris * modification, are permitted provided that the following conditions 1155714Skris * are met: 1255714Skris * 1355714Skris * 1. Redistributions of source code must retain the above copyright 14280304Sjkim * notice, this list of conditions and the following disclaimer. 1555714Skris * 1655714Skris * 2. Redistributions in binary form must reproduce the above copyright 1755714Skris * notice, this list of conditions and the following disclaimer in 1855714Skris * the documentation and/or other materials provided with the 1955714Skris * distribution. 2055714Skris * 2155714Skris * 3. All advertising materials mentioning features or use of this 2255714Skris * software must display the following acknowledgment: 2355714Skris * "This product includes software developed by the OpenSSL Project 2455714Skris * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 2555714Skris * 2655714Skris * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 2755714Skris * endorse or promote products derived from this software without 2855714Skris * prior written permission. For written permission, please contact 2955714Skris * licensing@OpenSSL.org. 3055714Skris * 3155714Skris * 5. Products derived from this software may not be called "OpenSSL" 3255714Skris * nor may "OpenSSL" appear in their names without prior written 3355714Skris * permission of the OpenSSL Project. 3455714Skris * 3555714Skris * 6. Redistributions of any form whatsoever must retain the following 3655714Skris * acknowledgment: 3755714Skris * "This product includes software developed by the OpenSSL Project 3855714Skris * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 3955714Skris * 4055714Skris * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 4155714Skris * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4255714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 4355714Skris * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 4455714Skris * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 4555714Skris * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 4655714Skris * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 4755714Skris * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 4955714Skris * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 5055714Skris * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 5155714Skris * OF THE POSSIBILITY OF SUCH DAMAGE. 5255714Skris * ==================================================================== 5355714Skris * 5455714Skris * This product includes cryptographic software written by Eric Young 5555714Skris * (eay@cryptsoft.com). This product includes software written by Tim 5655714Skris * Hudson (tjh@cryptsoft.com). 5755714Skris * 5855714Skris */ 5955714Skris#ifndef HEADER_X509V3_H 60280304Sjkim# define HEADER_X509V3_H 6155714Skris 62280304Sjkim# include <openssl/bio.h> 63280304Sjkim# include <openssl/x509.h> 64280304Sjkim# include <openssl/conf.h> 6568651Skris 6655714Skris#ifdef __cplusplus 6755714Skrisextern "C" { 6855714Skris#endif 6955714Skris 7055714Skris/* Forward reference */ 7155714Skrisstruct v3_ext_method; 7255714Skrisstruct v3_ext_ctx; 7355714Skris 7455714Skris/* Useful typedefs */ 7555714Skris 76280304Sjkimtypedef void *(*X509V3_EXT_NEW)(void); 77280304Sjkimtypedef void (*X509V3_EXT_FREE) (void *); 78280304Sjkimtypedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); 79280304Sjkimtypedef int (*X509V3_EXT_I2D) (void *, unsigned char **); 80238405Sjkimtypedef STACK_OF(CONF_VALUE) * 81280304Sjkim (*X509V3_EXT_I2V) (const struct v3_ext_method *method, void *ext, 82280304Sjkim STACK_OF(CONF_VALUE) *extlist); 83280304Sjkimtypedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method, 84280304Sjkim struct v3_ext_ctx *ctx, 85280304Sjkim STACK_OF(CONF_VALUE) *values); 86280304Sjkimtypedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method, 87280304Sjkim void *ext); 88280304Sjkimtypedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method, 89280304Sjkim struct v3_ext_ctx *ctx, const char *str); 90280304Sjkimtypedef int (*X509V3_EXT_I2R) (const struct v3_ext_method *method, void *ext, 91280304Sjkim BIO *out, int indent); 92280304Sjkimtypedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method, 93280304Sjkim struct v3_ext_ctx *ctx, const char *str); 9455714Skris 9555714Skris/* V3 extension structure */ 9655714Skris 9755714Skrisstruct v3_ext_method { 98280304Sjkim int ext_nid; 99280304Sjkim int ext_flags; 100109998Smarkm/* If this is set the following four fields are ignored */ 101280304Sjkim ASN1_ITEM_EXP *it; 102109998Smarkm/* Old style ASN1 calls */ 103280304Sjkim X509V3_EXT_NEW ext_new; 104280304Sjkim X509V3_EXT_FREE ext_free; 105280304Sjkim X509V3_EXT_D2I d2i; 106280304Sjkim X509V3_EXT_I2D i2d; 10755714Skris/* The following pair is used for string extensions */ 108280304Sjkim X509V3_EXT_I2S i2s; 109280304Sjkim X509V3_EXT_S2I s2i; 11055714Skris/* The following pair is used for multi-valued extensions */ 111280304Sjkim X509V3_EXT_I2V i2v; 112280304Sjkim X509V3_EXT_V2I v2i; 11355714Skris/* The following are used for raw extensions */ 114280304Sjkim X509V3_EXT_I2R i2r; 115280304Sjkim X509V3_EXT_R2I r2i; 116280304Sjkim void *usr_data; /* Any extension specific data */ 11755714Skris}; 11855714Skris 11955714Skristypedef struct X509V3_CONF_METHOD_st { 120280304Sjkim char *(*get_string) (void *db, char *section, char *value); 121280304Sjkim STACK_OF(CONF_VALUE) *(*get_section) (void *db, char *section); 122280304Sjkim void (*free_string) (void *db, char *string); 123280304Sjkim void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section); 12455714Skris} X509V3_CONF_METHOD; 12555714Skris 12655714Skris/* Context specific info */ 12755714Skrisstruct v3_ext_ctx { 128280304Sjkim# define CTX_TEST 0x1 129280304Sjkim int flags; 130280304Sjkim X509 *issuer_cert; 131280304Sjkim X509 *subject_cert; 132280304Sjkim X509_REQ *subject_req; 133280304Sjkim X509_CRL *crl; 134280304Sjkim X509V3_CONF_METHOD *db_meth; 135280304Sjkim void *db; 13655714Skris/* Maybe more here */ 13755714Skris}; 13855714Skris 13955714Skristypedef struct v3_ext_method X509V3_EXT_METHOD; 14055714Skris 14168651SkrisDECLARE_STACK_OF(X509V3_EXT_METHOD) 14268651Skris 14355714Skris/* ext_flags values */ 144280304Sjkim# define X509V3_EXT_DYNAMIC 0x1 145280304Sjkim# define X509V3_EXT_CTX_DEP 0x2 146280304Sjkim# define X509V3_EXT_MULTILINE 0x4 14755714Skris 14855714Skristypedef BIT_STRING_BITNAME ENUMERATED_NAMES; 14955714Skris 15055714Skristypedef struct BASIC_CONSTRAINTS_st { 151280304Sjkim int ca; 152280304Sjkim ASN1_INTEGER *pathlen; 15355714Skris} BASIC_CONSTRAINTS; 15455714Skris 15555714Skristypedef struct PKEY_USAGE_PERIOD_st { 156280304Sjkim ASN1_GENERALIZEDTIME *notBefore; 157280304Sjkim ASN1_GENERALIZEDTIME *notAfter; 15855714Skris} PKEY_USAGE_PERIOD; 15955714Skris 16059191Skristypedef struct otherName_st { 161280304Sjkim ASN1_OBJECT *type_id; 162280304Sjkim ASN1_TYPE *value; 16359191Skris} OTHERNAME; 16459191Skris 165109998Smarkmtypedef struct EDIPartyName_st { 166280304Sjkim ASN1_STRING *nameAssigner; 167280304Sjkim ASN1_STRING *partyName; 168109998Smarkm} EDIPARTYNAME; 169109998Smarkm 17055714Skristypedef struct GENERAL_NAME_st { 171280304Sjkim# define GEN_OTHERNAME 0 172280304Sjkim# define GEN_EMAIL 1 173280304Sjkim# define GEN_DNS 2 174280304Sjkim# define GEN_X400 3 175280304Sjkim# define GEN_DIRNAME 4 176280304Sjkim# define GEN_EDIPARTY 5 177280304Sjkim# define GEN_URI 6 178280304Sjkim# define GEN_IPADD 7 179280304Sjkim# define GEN_RID 8 180280304Sjkim int type; 181280304Sjkim union { 182280304Sjkim char *ptr; 183280304Sjkim OTHERNAME *otherName; /* otherName */ 184280304Sjkim ASN1_IA5STRING *rfc822Name; 185280304Sjkim ASN1_IA5STRING *dNSName; 186280304Sjkim ASN1_TYPE *x400Address; 187280304Sjkim X509_NAME *directoryName; 188280304Sjkim EDIPARTYNAME *ediPartyName; 189280304Sjkim ASN1_IA5STRING *uniformResourceIdentifier; 190280304Sjkim ASN1_OCTET_STRING *iPAddress; 191280304Sjkim ASN1_OBJECT *registeredID; 192280304Sjkim /* Old names */ 193280304Sjkim ASN1_OCTET_STRING *ip; /* iPAddress */ 194280304Sjkim X509_NAME *dirn; /* dirn */ 195280304Sjkim ASN1_IA5STRING *ia5; /* rfc822Name, dNSName, 196280304Sjkim * uniformResourceIdentifier */ 197280304Sjkim ASN1_OBJECT *rid; /* registeredID */ 198280304Sjkim ASN1_TYPE *other; /* x400Address */ 199280304Sjkim } d; 20055714Skris} GENERAL_NAME; 20155714Skris 202109998Smarkmtypedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; 203109998Smarkm 20459191Skristypedef struct ACCESS_DESCRIPTION_st { 205280304Sjkim ASN1_OBJECT *method; 206280304Sjkim GENERAL_NAME *location; 20759191Skris} ACCESS_DESCRIPTION; 20859191Skris 209109998Smarkmtypedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; 210109998Smarkm 211109998Smarkmtypedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; 212109998Smarkm 21355714SkrisDECLARE_STACK_OF(GENERAL_NAME) 21455714SkrisDECLARE_ASN1_SET_OF(GENERAL_NAME) 21555714Skris 21659191SkrisDECLARE_STACK_OF(ACCESS_DESCRIPTION) 21759191SkrisDECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) 21859191Skris 21955714Skristypedef struct DIST_POINT_NAME_st { 220280304Sjkim int type; 221280304Sjkim union { 222280304Sjkim GENERAL_NAMES *fullname; 223280304Sjkim STACK_OF(X509_NAME_ENTRY) *relativename; 224280304Sjkim } name; 225238405Sjkim/* If relativename then this contains the full distribution point name */ 226280304Sjkim X509_NAME *dpname; 22755714Skris} DIST_POINT_NAME; 228238405Sjkim/* All existing reasons */ 229280304Sjkim# define CRLDP_ALL_REASONS 0x807f 23055714Skris 231280304Sjkim# define CRL_REASON_NONE -1 232280304Sjkim# define CRL_REASON_UNSPECIFIED 0 233280304Sjkim# define CRL_REASON_KEY_COMPROMISE 1 234280304Sjkim# define CRL_REASON_CA_COMPROMISE 2 235280304Sjkim# define CRL_REASON_AFFILIATION_CHANGED 3 236280304Sjkim# define CRL_REASON_SUPERSEDED 4 237280304Sjkim# define CRL_REASON_CESSATION_OF_OPERATION 5 238280304Sjkim# define CRL_REASON_CERTIFICATE_HOLD 6 239280304Sjkim# define CRL_REASON_REMOVE_FROM_CRL 8 240280304Sjkim# define CRL_REASON_PRIVILEGE_WITHDRAWN 9 241280304Sjkim# define CRL_REASON_AA_COMPROMISE 10 242238405Sjkim 243238405Sjkimstruct DIST_POINT_st { 244280304Sjkim DIST_POINT_NAME *distpoint; 245280304Sjkim ASN1_BIT_STRING *reasons; 246280304Sjkim GENERAL_NAMES *CRLissuer; 247280304Sjkim int dp_reasons; 248238405Sjkim}; 24955714Skris 250109998Smarkmtypedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; 251109998Smarkm 25255714SkrisDECLARE_STACK_OF(DIST_POINT) 25355714SkrisDECLARE_ASN1_SET_OF(DIST_POINT) 25455714Skris 255238405Sjkimstruct AUTHORITY_KEYID_st { 256280304Sjkim ASN1_OCTET_STRING *keyid; 257280304Sjkim GENERAL_NAMES *issuer; 258280304Sjkim ASN1_INTEGER *serial; 259238405Sjkim}; 26055714Skris 26155714Skris/* Strong extranet structures */ 26255714Skris 26355714Skristypedef struct SXNET_ID_st { 264280304Sjkim ASN1_INTEGER *zone; 265280304Sjkim ASN1_OCTET_STRING *user; 26655714Skris} SXNETID; 26755714Skris 26855714SkrisDECLARE_STACK_OF(SXNETID) 26955714SkrisDECLARE_ASN1_SET_OF(SXNETID) 27055714Skris 27155714Skristypedef struct SXNET_st { 272280304Sjkim ASN1_INTEGER *version; 273280304Sjkim STACK_OF(SXNETID) *ids; 27455714Skris} SXNET; 27555714Skris 27655714Skristypedef struct NOTICEREF_st { 277280304Sjkim ASN1_STRING *organization; 278280304Sjkim STACK_OF(ASN1_INTEGER) *noticenos; 27955714Skris} NOTICEREF; 28055714Skris 28155714Skristypedef struct USERNOTICE_st { 282280304Sjkim NOTICEREF *noticeref; 283280304Sjkim ASN1_STRING *exptext; 28455714Skris} USERNOTICE; 28555714Skris 28655714Skristypedef struct POLICYQUALINFO_st { 287280304Sjkim ASN1_OBJECT *pqualid; 288280304Sjkim union { 289280304Sjkim ASN1_IA5STRING *cpsuri; 290280304Sjkim USERNOTICE *usernotice; 291280304Sjkim ASN1_TYPE *other; 292280304Sjkim } d; 29355714Skris} POLICYQUALINFO; 29455714Skris 29555714SkrisDECLARE_STACK_OF(POLICYQUALINFO) 29655714SkrisDECLARE_ASN1_SET_OF(POLICYQUALINFO) 29755714Skris 29855714Skristypedef struct POLICYINFO_st { 299280304Sjkim ASN1_OBJECT *policyid; 300280304Sjkim STACK_OF(POLICYQUALINFO) *qualifiers; 30155714Skris} POLICYINFO; 30255714Skris 303109998Smarkmtypedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; 304109998Smarkm 30555714SkrisDECLARE_STACK_OF(POLICYINFO) 30655714SkrisDECLARE_ASN1_SET_OF(POLICYINFO) 30755714Skris 308160814Ssimontypedef struct POLICY_MAPPING_st { 309280304Sjkim ASN1_OBJECT *issuerDomainPolicy; 310280304Sjkim ASN1_OBJECT *subjectDomainPolicy; 311160814Ssimon} POLICY_MAPPING; 312160814Ssimon 313160814SsimonDECLARE_STACK_OF(POLICY_MAPPING) 314160814Ssimon 315160814Ssimontypedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; 316160814Ssimon 317160814Ssimontypedef struct GENERAL_SUBTREE_st { 318280304Sjkim GENERAL_NAME *base; 319280304Sjkim ASN1_INTEGER *minimum; 320280304Sjkim ASN1_INTEGER *maximum; 321160814Ssimon} GENERAL_SUBTREE; 322160814Ssimon 323160814SsimonDECLARE_STACK_OF(GENERAL_SUBTREE) 324160814Ssimon 325238405Sjkimstruct NAME_CONSTRAINTS_st { 326280304Sjkim STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; 327280304Sjkim STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; 328238405Sjkim}; 329160814Ssimon 330160814Ssimontypedef struct POLICY_CONSTRAINTS_st { 331280304Sjkim ASN1_INTEGER *requireExplicitPolicy; 332280304Sjkim ASN1_INTEGER *inhibitPolicyMapping; 333160814Ssimon} POLICY_CONSTRAINTS; 334160814Ssimon 335160814Ssimon/* Proxy certificate structures, see RFC 3820 */ 336280304Sjkimtypedef struct PROXY_POLICY_st { 337280304Sjkim ASN1_OBJECT *policyLanguage; 338280304Sjkim ASN1_OCTET_STRING *policy; 339280304Sjkim} PROXY_POLICY; 340160814Ssimon 341280304Sjkimtypedef struct PROXY_CERT_INFO_EXTENSION_st { 342280304Sjkim ASN1_INTEGER *pcPathLengthConstraint; 343280304Sjkim PROXY_POLICY *proxyPolicy; 344280304Sjkim} PROXY_CERT_INFO_EXTENSION; 345160814Ssimon 346160814SsimonDECLARE_ASN1_FUNCTIONS(PROXY_POLICY) 347160814SsimonDECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) 348160814Ssimon 349280304Sjkimstruct ISSUING_DIST_POINT_st { 350280304Sjkim DIST_POINT_NAME *distpoint; 351280304Sjkim int onlyuser; 352280304Sjkim int onlyCA; 353280304Sjkim ASN1_BIT_STRING *onlysomereasons; 354280304Sjkim int indirectCRL; 355280304Sjkim int onlyattr; 356280304Sjkim}; 357160814Ssimon 358238405Sjkim/* Values in idp_flags field */ 359238405Sjkim/* IDP present */ 360280304Sjkim# define IDP_PRESENT 0x1 361238405Sjkim/* IDP values inconsistent */ 362280304Sjkim# define IDP_INVALID 0x2 363238405Sjkim/* onlyuser true */ 364280304Sjkim# define IDP_ONLYUSER 0x4 365238405Sjkim/* onlyCA true */ 366280304Sjkim# define IDP_ONLYCA 0x8 367238405Sjkim/* onlyattr true */ 368280304Sjkim# define IDP_ONLYATTR 0x10 369238405Sjkim/* indirectCRL true */ 370280304Sjkim# define IDP_INDIRECT 0x20 371238405Sjkim/* onlysomereasons present */ 372280304Sjkim# define IDP_REASONS 0x40 373238405Sjkim 374280304Sjkim# define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ 37555714Skris",name:", val->name, ",value:", val->value); 37655714Skris 377280304Sjkim# define X509V3_set_ctx_test(ctx) \ 378280304Sjkim X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) 379280304Sjkim# define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; 38055714Skris 381280304Sjkim# define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ 382280304Sjkim 0,0,0,0, \ 383280304Sjkim 0,0, \ 384280304Sjkim (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ 385280304Sjkim (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ 386280304Sjkim NULL, NULL, \ 387280304Sjkim table} 38855714Skris 389280304Sjkim# define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ 390280304Sjkim 0,0,0,0, \ 391280304Sjkim (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ 392280304Sjkim (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ 393280304Sjkim 0,0,0,0, \ 394280304Sjkim NULL} 39555714Skris 396280304Sjkim# define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} 39755714Skris 39859191Skris/* X509_PURPOSE stuff */ 39959191Skris 400280304Sjkim# define EXFLAG_BCONS 0x1 401280304Sjkim# define EXFLAG_KUSAGE 0x2 402280304Sjkim# define EXFLAG_XKUSAGE 0x4 403280304Sjkim# define EXFLAG_NSCERT 0x8 40459191Skris 405280304Sjkim# define EXFLAG_CA 0x10 406194206Ssimon/* Really self issued not necessarily self signed */ 407280304Sjkim# define EXFLAG_SI 0x20 408280304Sjkim# define EXFLAG_SS 0x20 409280304Sjkim# define EXFLAG_V1 0x40 410280304Sjkim# define EXFLAG_INVALID 0x80 411280304Sjkim# define EXFLAG_SET 0x100 412280304Sjkim# define EXFLAG_CRITICAL 0x200 413280304Sjkim# define EXFLAG_PROXY 0x400 41459191Skris 415280304Sjkim# define EXFLAG_INVALID_POLICY 0x800 416280304Sjkim# define EXFLAG_FRESHEST 0x1000 417160814Ssimon 418280304Sjkim# define KU_DIGITAL_SIGNATURE 0x0080 419280304Sjkim# define KU_NON_REPUDIATION 0x0040 420280304Sjkim# define KU_KEY_ENCIPHERMENT 0x0020 421280304Sjkim# define KU_DATA_ENCIPHERMENT 0x0010 422280304Sjkim# define KU_KEY_AGREEMENT 0x0008 423280304Sjkim# define KU_KEY_CERT_SIGN 0x0004 424280304Sjkim# define KU_CRL_SIGN 0x0002 425280304Sjkim# define KU_ENCIPHER_ONLY 0x0001 426280304Sjkim# define KU_DECIPHER_ONLY 0x8000 42759191Skris 428280304Sjkim# define NS_SSL_CLIENT 0x80 429280304Sjkim# define NS_SSL_SERVER 0x40 430280304Sjkim# define NS_SMIME 0x20 431280304Sjkim# define NS_OBJSIGN 0x10 432280304Sjkim# define NS_SSL_CA 0x04 433280304Sjkim# define NS_SMIME_CA 0x02 434280304Sjkim# define NS_OBJSIGN_CA 0x01 435280304Sjkim# define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) 43659191Skris 437280304Sjkim# define XKU_SSL_SERVER 0x1 438280304Sjkim# define XKU_SSL_CLIENT 0x2 439280304Sjkim# define XKU_SMIME 0x4 440280304Sjkim# define XKU_CODE_SIGN 0x8 441280304Sjkim# define XKU_SGC 0x10 442280304Sjkim# define XKU_OCSP_SIGN 0x20 443280304Sjkim# define XKU_TIMESTAMP 0x40 444280304Sjkim# define XKU_DVCS 0x80 44559191Skris 446280304Sjkim# define X509_PURPOSE_DYNAMIC 0x1 447280304Sjkim# define X509_PURPOSE_DYNAMIC_NAME 0x2 44859191Skris 44959191Skristypedef struct x509_purpose_st { 450280304Sjkim int purpose; 451280304Sjkim int trust; /* Default trust ID */ 452280304Sjkim int flags; 453280304Sjkim int (*check_purpose) (const struct x509_purpose_st *, const X509 *, int); 454280304Sjkim char *name; 455280304Sjkim char *sname; 456280304Sjkim void *usr_data; 45759191Skris} X509_PURPOSE; 45859191Skris 459280304Sjkim# define X509_PURPOSE_SSL_CLIENT 1 460280304Sjkim# define X509_PURPOSE_SSL_SERVER 2 461280304Sjkim# define X509_PURPOSE_NS_SSL_SERVER 3 462280304Sjkim# define X509_PURPOSE_SMIME_SIGN 4 463280304Sjkim# define X509_PURPOSE_SMIME_ENCRYPT 5 464280304Sjkim# define X509_PURPOSE_CRL_SIGN 6 465280304Sjkim# define X509_PURPOSE_ANY 7 466280304Sjkim# define X509_PURPOSE_OCSP_HELPER 8 467280304Sjkim# define X509_PURPOSE_TIMESTAMP_SIGN 9 46859191Skris 469280304Sjkim# define X509_PURPOSE_MIN 1 470280304Sjkim# define X509_PURPOSE_MAX 9 47159191Skris 472109998Smarkm/* Flags for X509V3_EXT_print() */ 47359191Skris 474280304Sjkim# define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) 475109998Smarkm/* Return error for unknown extensions */ 476280304Sjkim# define X509V3_EXT_DEFAULT 0 477109998Smarkm/* Print error for unknown extensions */ 478280304Sjkim# define X509V3_EXT_ERROR_UNKNOWN (1L << 16) 479109998Smarkm/* ASN1 parse unknown extensions */ 480280304Sjkim# define X509V3_EXT_PARSE_UNKNOWN (2L << 16) 481109998Smarkm/* BIO_dump unknown extensions */ 482280304Sjkim# define X509V3_EXT_DUMP_UNKNOWN (3L << 16) 48355714Skris 484109998Smarkm/* Flags for X509V3_add1_i2d */ 48555714Skris 486280304Sjkim# define X509V3_ADD_OP_MASK 0xfL 487280304Sjkim# define X509V3_ADD_DEFAULT 0L 488280304Sjkim# define X509V3_ADD_APPEND 1L 489280304Sjkim# define X509V3_ADD_REPLACE 2L 490280304Sjkim# define X509V3_ADD_REPLACE_EXISTING 3L 491280304Sjkim# define X509V3_ADD_KEEP_EXISTING 4L 492280304Sjkim# define X509V3_ADD_DELETE 5L 493280304Sjkim# define X509V3_ADD_SILENT 0x10 49455714Skris 495109998SmarkmDECLARE_STACK_OF(X509_PURPOSE) 49655714Skris 497109998SmarkmDECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) 498109998Smarkm 499109998SmarkmDECLARE_ASN1_FUNCTIONS(SXNET) 500109998SmarkmDECLARE_ASN1_FUNCTIONS(SXNETID) 501109998Smarkm 502280304Sjkimint SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); 503280304Sjkimint SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, 504280304Sjkim int userlen); 505280304Sjkimint SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, 506280304Sjkim int userlen); 50755714Skris 50855714SkrisASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone); 50955714SkrisASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); 51055714SkrisASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone); 51155714Skris 512109998SmarkmDECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID) 51355714Skris 514109998SmarkmDECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) 51555714Skris 516109998SmarkmDECLARE_ASN1_FUNCTIONS(GENERAL_NAME) 517238405SjkimGENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a); 518238405Sjkimint GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); 519109998Smarkm 520160814SsimonASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, 521280304Sjkim X509V3_CTX *ctx, 522280304Sjkim STACK_OF(CONF_VALUE) *nval); 523160814SsimonSTACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, 524280304Sjkim ASN1_BIT_STRING *bits, 525280304Sjkim STACK_OF(CONF_VALUE) *extlist); 526160814Ssimon 527280304SjkimSTACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, 528280304Sjkim GENERAL_NAME *gen, 529280304Sjkim STACK_OF(CONF_VALUE) *ret); 530109998Smarkmint GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); 531109998Smarkm 532109998SmarkmDECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) 533109998Smarkm 53455714SkrisSTACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, 535280304Sjkim GENERAL_NAMES *gen, 536280304Sjkim STACK_OF(CONF_VALUE) *extlist); 537238405SjkimGENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, 538280304Sjkim X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); 53955714Skris 540109998SmarkmDECLARE_ASN1_FUNCTIONS(OTHERNAME) 541109998SmarkmDECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) 542238405Sjkimint OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b); 543238405Sjkimvoid GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value); 544238405Sjkimvoid *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype); 545238405Sjkimint GENERAL_NAME_set0_othername(GENERAL_NAME *gen, 546280304Sjkim ASN1_OBJECT *oid, ASN1_TYPE *value); 547280304Sjkimint GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, 548280304Sjkim ASN1_OBJECT **poid, ASN1_TYPE **pvalue); 54959191Skris 550280304Sjkimchar *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, 551280304Sjkim ASN1_OCTET_STRING *ia5); 552280304SjkimASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, 553280304Sjkim X509V3_CTX *ctx, char *str); 55455714Skris 555109998SmarkmDECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) 556280304Sjkimint i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a); 55755714Skris 558109998SmarkmDECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) 559109998SmarkmDECLARE_ASN1_FUNCTIONS(POLICYINFO) 560109998SmarkmDECLARE_ASN1_FUNCTIONS(POLICYQUALINFO) 561109998SmarkmDECLARE_ASN1_FUNCTIONS(USERNOTICE) 562109998SmarkmDECLARE_ASN1_FUNCTIONS(NOTICEREF) 56355714Skris 564109998SmarkmDECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS) 565109998SmarkmDECLARE_ASN1_FUNCTIONS(DIST_POINT) 566109998SmarkmDECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) 567238405SjkimDECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT) 56855714Skris 569238405Sjkimint DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname); 570238405Sjkim 571238405Sjkimint NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc); 572238405Sjkim 573109998SmarkmDECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) 574109998SmarkmDECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) 57555714Skris 576160814SsimonDECLARE_ASN1_ITEM(POLICY_MAPPING) 577160814SsimonDECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) 578160814SsimonDECLARE_ASN1_ITEM(POLICY_MAPPINGS) 579160814Ssimon 580160814SsimonDECLARE_ASN1_ITEM(GENERAL_SUBTREE) 581160814SsimonDECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) 582160814Ssimon 583160814SsimonDECLARE_ASN1_ITEM(NAME_CONSTRAINTS) 584160814SsimonDECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) 585160814Ssimon 586160814SsimonDECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) 587160814SsimonDECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) 588160814Ssimon 589238405SjkimGENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, 590280304Sjkim const X509V3_EXT_METHOD *method, 591280304Sjkim X509V3_CTX *ctx, int gen_type, char *value, 592280304Sjkim int is_nc); 593238405Sjkim 594280304Sjkim# ifdef HEADER_CONF_H 595280304SjkimGENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, 596280304Sjkim X509V3_CTX *ctx, CONF_VALUE *cnf); 597238405SjkimGENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, 598280304Sjkim const X509V3_EXT_METHOD *method, 599280304Sjkim X509V3_CTX *ctx, CONF_VALUE *cnf, 600280304Sjkim int is_nc); 60155714Skrisvoid X509V3_conf_free(CONF_VALUE *val); 602109998Smarkm 603280304SjkimX509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, 604280304Sjkim char *value); 605280304SjkimX509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, 606280304Sjkim char *value); 607280304Sjkimint X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, 608280304Sjkim STACK_OF(X509_EXTENSION) **sk); 609280304Sjkimint X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, 610280304Sjkim X509 *cert); 611280304Sjkimint X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, 612280304Sjkim X509_REQ *req); 613280304Sjkimint X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, 614280304Sjkim X509_CRL *crl); 615109998Smarkm 616280304SjkimX509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, 617280304Sjkim X509V3_CTX *ctx, int ext_nid, 618280304Sjkim char *value); 619238405SjkimX509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 620280304Sjkim char *name, char *value); 621238405Sjkimint X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 622280304Sjkim char *section, X509 *cert); 623238405Sjkimint X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 624280304Sjkim char *section, X509_REQ *req); 625238405Sjkimint X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 626280304Sjkim char *section, X509_CRL *crl); 627109998Smarkm 62855714Skrisint X509V3_add_value_bool_nf(char *name, int asn1_bool, 629280304Sjkim STACK_OF(CONF_VALUE) **extlist); 63055714Skrisint X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); 63155714Skrisint X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); 632109998Smarkmvoid X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); 633238405Sjkimvoid X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); 634280304Sjkim# endif 63555714Skris 636280304Sjkimchar *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); 637280304SjkimSTACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section); 63855714Skrisvoid X509V3_string_free(X509V3_CTX *ctx, char *str); 639280304Sjkimvoid X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); 64055714Skrisvoid X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, 641280304Sjkim X509_REQ *req, X509_CRL *crl, int flags); 64255714Skris 64355714Skrisint X509V3_add_value(const char *name, const char *value, 644280304Sjkim STACK_OF(CONF_VALUE) **extlist); 64555714Skrisint X509V3_add_value_uchar(const char *name, const unsigned char *value, 646280304Sjkim STACK_OF(CONF_VALUE) **extlist); 64755714Skrisint X509V3_add_value_bool(const char *name, int asn1_bool, 648280304Sjkim STACK_OF(CONF_VALUE) **extlist); 64955714Skrisint X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, 650280304Sjkim STACK_OF(CONF_VALUE) **extlist); 651280304Sjkimchar *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); 652280304SjkimASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value); 653280304Sjkimchar *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); 654280304Sjkimchar *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, 655280304Sjkim ASN1_ENUMERATED *aint); 65655714Skrisint X509V3_EXT_add(X509V3_EXT_METHOD *ext); 65755714Skrisint X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); 65855714Skrisint X509V3_EXT_add_alias(int nid_to, int nid_from); 65955714Skrisvoid X509V3_EXT_cleanup(void); 66055714Skris 661238405Sjkimconst X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); 662238405Sjkimconst X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); 66355714Skrisint X509V3_add_standard_extensions(void); 664109998SmarkmSTACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); 66555714Skrisvoid *X509V3_EXT_d2i(X509_EXTENSION *ext); 666280304Sjkimvoid *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, 667280304Sjkim int *idx); 66859191Skris 66955714SkrisX509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); 670280304Sjkimint X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, 671280304Sjkim int crit, unsigned long flags); 67255714Skris 673238405Sjkimchar *hex_to_string(const unsigned char *buffer, long len); 674238405Sjkimunsigned char *string_to_hex(const char *str, long *len); 67555714Skrisint name_cmp(const char *name, const char *cmp); 67655714Skris 67755714Skrisvoid X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, 678280304Sjkim int ml); 679280304Sjkimint X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, 680280304Sjkim int indent); 68155714Skrisint X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); 68255714Skris 683280304Sjkimint X509V3_extensions_print(BIO *out, char *title, 684280304Sjkim STACK_OF(X509_EXTENSION) *exts, 685280304Sjkim unsigned long flag, int indent); 686109998Smarkm 687160814Ssimonint X509_check_ca(X509 *x); 68859191Skrisint X509_check_purpose(X509 *x, int id, int ca); 689109998Smarkmint X509_supported_extension(X509_EXTENSION *ex); 690109998Smarkmint X509_PURPOSE_set(int *p, int purpose); 69168651Skrisint X509_check_issued(X509 *issuer, X509 *subject); 692238405Sjkimint X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); 69359191Skrisint X509_PURPOSE_get_count(void); 694280304SjkimX509_PURPOSE *X509_PURPOSE_get0(int idx); 69559191Skrisint X509_PURPOSE_get_by_sname(char *sname); 69659191Skrisint X509_PURPOSE_get_by_id(int id); 69759191Skrisint X509_PURPOSE_add(int id, int trust, int flags, 698280304Sjkim int (*ck) (const X509_PURPOSE *, const X509 *, int), 699280304Sjkim char *name, char *sname, void *arg); 70059191Skrischar *X509_PURPOSE_get0_name(X509_PURPOSE *xp); 70159191Skrischar *X509_PURPOSE_get0_sname(X509_PURPOSE *xp); 70259191Skrisint X509_PURPOSE_get_trust(X509_PURPOSE *xp); 70359191Skrisvoid X509_PURPOSE_cleanup(void); 70459191Skrisint X509_PURPOSE_get_id(X509_PURPOSE *); 70559191Skris 706238405SjkimSTACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); 707238405SjkimSTACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); 708238405Sjkimvoid X509_email_free(STACK_OF(OPENSSL_STRING) *sk); 709238405SjkimSTACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); 71068651Skris 711160814SsimonASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); 712160814SsimonASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); 713167612Ssimonint a2i_ipadd(unsigned char *ipout, const char *ipasc); 714280304Sjkimint X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, 715280304Sjkim unsigned long chtype); 71668651Skris 717160814Ssimonvoid X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); 718238405SjkimDECLARE_STACK_OF(X509_POLICY_NODE) 719160814Ssimon 720280304Sjkim# ifndef OPENSSL_NO_RFC3779 721167612Ssimon 722167612Ssimontypedef struct ASRange_st { 723280304Sjkim ASN1_INTEGER *min, *max; 724167612Ssimon} ASRange; 725167612Ssimon 726280304Sjkim# define ASIdOrRange_id 0 727280304Sjkim# define ASIdOrRange_range 1 728167612Ssimon 729167612Ssimontypedef struct ASIdOrRange_st { 730280304Sjkim int type; 731280304Sjkim union { 732280304Sjkim ASN1_INTEGER *id; 733280304Sjkim ASRange *range; 734280304Sjkim } u; 735167612Ssimon} ASIdOrRange; 736167612Ssimon 737167612Ssimontypedef STACK_OF(ASIdOrRange) ASIdOrRanges; 738167612SsimonDECLARE_STACK_OF(ASIdOrRange) 739167612Ssimon 740280304Sjkim# define ASIdentifierChoice_inherit 0 741280304Sjkim# define ASIdentifierChoice_asIdsOrRanges 1 742167612Ssimon 743167612Ssimontypedef struct ASIdentifierChoice_st { 744280304Sjkim int type; 745280304Sjkim union { 746280304Sjkim ASN1_NULL *inherit; 747280304Sjkim ASIdOrRanges *asIdsOrRanges; 748280304Sjkim } u; 749167612Ssimon} ASIdentifierChoice; 750167612Ssimon 751167612Ssimontypedef struct ASIdentifiers_st { 752280304Sjkim ASIdentifierChoice *asnum, *rdi; 753167612Ssimon} ASIdentifiers; 754167612Ssimon 755167612SsimonDECLARE_ASN1_FUNCTIONS(ASRange) 756167612SsimonDECLARE_ASN1_FUNCTIONS(ASIdOrRange) 757167612SsimonDECLARE_ASN1_FUNCTIONS(ASIdentifierChoice) 758167612SsimonDECLARE_ASN1_FUNCTIONS(ASIdentifiers) 759167612Ssimon 760167612Ssimontypedef struct IPAddressRange_st { 761280304Sjkim ASN1_BIT_STRING *min, *max; 762167612Ssimon} IPAddressRange; 763167612Ssimon 764280304Sjkim# define IPAddressOrRange_addressPrefix 0 765280304Sjkim# define IPAddressOrRange_addressRange 1 766167612Ssimon 767167612Ssimontypedef struct IPAddressOrRange_st { 768280304Sjkim int type; 769280304Sjkim union { 770280304Sjkim ASN1_BIT_STRING *addressPrefix; 771280304Sjkim IPAddressRange *addressRange; 772280304Sjkim } u; 773167612Ssimon} IPAddressOrRange; 774167612Ssimon 775167612Ssimontypedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; 776167612SsimonDECLARE_STACK_OF(IPAddressOrRange) 777167612Ssimon 778280304Sjkim# define IPAddressChoice_inherit 0 779280304Sjkim# define IPAddressChoice_addressesOrRanges 1 780167612Ssimon 781167612Ssimontypedef struct IPAddressChoice_st { 782280304Sjkim int type; 783280304Sjkim union { 784280304Sjkim ASN1_NULL *inherit; 785280304Sjkim IPAddressOrRanges *addressesOrRanges; 786280304Sjkim } u; 787167612Ssimon} IPAddressChoice; 788167612Ssimon 789167612Ssimontypedef struct IPAddressFamily_st { 790280304Sjkim ASN1_OCTET_STRING *addressFamily; 791280304Sjkim IPAddressChoice *ipAddressChoice; 792167612Ssimon} IPAddressFamily; 793167612Ssimon 794167612Ssimontypedef STACK_OF(IPAddressFamily) IPAddrBlocks; 795167612SsimonDECLARE_STACK_OF(IPAddressFamily) 796167612Ssimon 797167612SsimonDECLARE_ASN1_FUNCTIONS(IPAddressRange) 798167612SsimonDECLARE_ASN1_FUNCTIONS(IPAddressOrRange) 799167612SsimonDECLARE_ASN1_FUNCTIONS(IPAddressChoice) 800167612SsimonDECLARE_ASN1_FUNCTIONS(IPAddressFamily) 801167612Ssimon 802167612Ssimon/* 803167612Ssimon * API tag for elements of the ASIdentifer SEQUENCE. 804167612Ssimon */ 805280304Sjkim# define V3_ASID_ASNUM 0 806280304Sjkim# define V3_ASID_RDI 1 807167612Ssimon 808167612Ssimon/* 809167612Ssimon * AFI values, assigned by IANA. It'd be nice to make the AFI 810167612Ssimon * handling code totally generic, but there are too many little things 811167612Ssimon * that would need to be defined for other address families for it to 812167612Ssimon * be worth the trouble. 813167612Ssimon */ 814280304Sjkim# define IANA_AFI_IPV4 1 815280304Sjkim# define IANA_AFI_IPV6 2 816167612Ssimon 817167612Ssimon/* 818167612Ssimon * Utilities to construct and extract values from RFC3779 extensions, 819167612Ssimon * since some of the encodings (particularly for IP address prefixes 820167612Ssimon * and ranges) are a bit tedious to work with directly. 821167612Ssimon */ 822167612Ssimonint v3_asid_add_inherit(ASIdentifiers *asid, int which); 823167612Ssimonint v3_asid_add_id_or_range(ASIdentifiers *asid, int which, 824280304Sjkim ASN1_INTEGER *min, ASN1_INTEGER *max); 825167612Ssimonint v3_addr_add_inherit(IPAddrBlocks *addr, 826280304Sjkim const unsigned afi, const unsigned *safi); 827167612Ssimonint v3_addr_add_prefix(IPAddrBlocks *addr, 828280304Sjkim const unsigned afi, const unsigned *safi, 829280304Sjkim unsigned char *a, const int prefixlen); 830167612Ssimonint v3_addr_add_range(IPAddrBlocks *addr, 831280304Sjkim const unsigned afi, const unsigned *safi, 832280304Sjkim unsigned char *min, unsigned char *max); 833167612Ssimonunsigned v3_addr_get_afi(const IPAddressFamily *f); 834167612Ssimonint v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, 835280304Sjkim unsigned char *min, unsigned char *max, 836280304Sjkim const int length); 837167612Ssimon 838167612Ssimon/* 839167612Ssimon * Canonical forms. 840167612Ssimon */ 841167612Ssimonint v3_asid_is_canonical(ASIdentifiers *asid); 842167612Ssimonint v3_addr_is_canonical(IPAddrBlocks *addr); 843167612Ssimonint v3_asid_canonize(ASIdentifiers *asid); 844167612Ssimonint v3_addr_canonize(IPAddrBlocks *addr); 845167612Ssimon 846167612Ssimon/* 847167612Ssimon * Tests for inheritance and containment. 848167612Ssimon */ 849167612Ssimonint v3_asid_inherits(ASIdentifiers *asid); 850167612Ssimonint v3_addr_inherits(IPAddrBlocks *addr); 851167612Ssimonint v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b); 852167612Ssimonint v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); 853167612Ssimon 854167612Ssimon/* 855167612Ssimon * Check whether RFC 3779 extensions nest properly in chains. 856167612Ssimon */ 857167612Ssimonint v3_asid_validate_path(X509_STORE_CTX *); 858167612Ssimonint v3_addr_validate_path(X509_STORE_CTX *); 859167612Ssimonint v3_asid_validate_resource_set(STACK_OF(X509) *chain, 860280304Sjkim ASIdentifiers *ext, int allow_inheritance); 861167612Ssimonint v3_addr_validate_resource_set(STACK_OF(X509) *chain, 862280304Sjkim IPAddrBlocks *ext, int allow_inheritance); 863167612Ssimon 864280304Sjkim# endif /* OPENSSL_NO_RFC3779 */ 865167612Ssimon 86655714Skris/* BEGIN ERROR CODES */ 867280304Sjkim/* 868280304Sjkim * The following lines are auto generated by the script mkerr.pl. Any changes 86955714Skris * made after this point may be overwritten when the script is next run. 87055714Skris */ 87189837Skrisvoid ERR_load_X509V3_strings(void); 87255714Skris 87355714Skris/* Error codes for the X509V3 functions. */ 87455714Skris 87555714Skris/* Function codes. */ 876280304Sjkim# define X509V3_F_A2I_GENERAL_NAME 164 877280304Sjkim# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161 878280304Sjkim# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162 879280304Sjkim# define X509V3_F_COPY_EMAIL 122 880280304Sjkim# define X509V3_F_COPY_ISSUER 123 881280304Sjkim# define X509V3_F_DO_DIRNAME 144 882280304Sjkim# define X509V3_F_DO_EXT_CONF 124 883280304Sjkim# define X509V3_F_DO_EXT_I2D 135 884280304Sjkim# define X509V3_F_DO_EXT_NCONF 151 885280304Sjkim# define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148 886280304Sjkim# define X509V3_F_GNAMES_FROM_SECTNAME 156 887280304Sjkim# define X509V3_F_HEX_TO_STRING 111 888280304Sjkim# define X509V3_F_I2S_ASN1_ENUMERATED 121 889280304Sjkim# define X509V3_F_I2S_ASN1_IA5STRING 149 890280304Sjkim# define X509V3_F_I2S_ASN1_INTEGER 120 891280304Sjkim# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 892280304Sjkim# define X509V3_F_NOTICE_SECTION 132 893280304Sjkim# define X509V3_F_NREF_NOS 133 894280304Sjkim# define X509V3_F_POLICY_SECTION 131 895280304Sjkim# define X509V3_F_PROCESS_PCI_VALUE 150 896280304Sjkim# define X509V3_F_R2I_CERTPOL 130 897280304Sjkim# define X509V3_F_R2I_PCI 155 898280304Sjkim# define X509V3_F_S2I_ASN1_IA5STRING 100 899280304Sjkim# define X509V3_F_S2I_ASN1_INTEGER 108 900280304Sjkim# define X509V3_F_S2I_ASN1_OCTET_STRING 112 901280304Sjkim# define X509V3_F_S2I_ASN1_SKEY_ID 114 902280304Sjkim# define X509V3_F_S2I_SKEY_ID 115 903280304Sjkim# define X509V3_F_SET_DIST_POINT_NAME 158 904280304Sjkim# define X509V3_F_STRING_TO_HEX 113 905280304Sjkim# define X509V3_F_SXNET_ADD_ID_ASC 125 906280304Sjkim# define X509V3_F_SXNET_ADD_ID_INTEGER 126 907280304Sjkim# define X509V3_F_SXNET_ADD_ID_ULONG 127 908280304Sjkim# define X509V3_F_SXNET_GET_ID_ASC 128 909280304Sjkim# define X509V3_F_SXNET_GET_ID_ULONG 129 910280304Sjkim# define X509V3_F_V2I_ASIDENTIFIERS 163 911280304Sjkim# define X509V3_F_V2I_ASN1_BIT_STRING 101 912280304Sjkim# define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 913280304Sjkim# define X509V3_F_V2I_AUTHORITY_KEYID 119 914280304Sjkim# define X509V3_F_V2I_BASIC_CONSTRAINTS 102 915280304Sjkim# define X509V3_F_V2I_CRLD 134 916280304Sjkim# define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 917280304Sjkim# define X509V3_F_V2I_GENERAL_NAMES 118 918280304Sjkim# define X509V3_F_V2I_GENERAL_NAME_EX 117 919280304Sjkim# define X509V3_F_V2I_IDP 157 920280304Sjkim# define X509V3_F_V2I_IPADDRBLOCKS 159 921280304Sjkim# define X509V3_F_V2I_ISSUER_ALT 153 922280304Sjkim# define X509V3_F_V2I_NAME_CONSTRAINTS 147 923280304Sjkim# define X509V3_F_V2I_POLICY_CONSTRAINTS 146 924280304Sjkim# define X509V3_F_V2I_POLICY_MAPPINGS 145 925280304Sjkim# define X509V3_F_V2I_SUBJECT_ALT 154 926280304Sjkim# define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL 160 927280304Sjkim# define X509V3_F_V3_GENERIC_EXTENSION 116 928280304Sjkim# define X509V3_F_X509V3_ADD1_I2D 140 929280304Sjkim# define X509V3_F_X509V3_ADD_VALUE 105 930280304Sjkim# define X509V3_F_X509V3_EXT_ADD 104 931280304Sjkim# define X509V3_F_X509V3_EXT_ADD_ALIAS 106 932280304Sjkim# define X509V3_F_X509V3_EXT_CONF 107 933280304Sjkim# define X509V3_F_X509V3_EXT_I2D 136 934280304Sjkim# define X509V3_F_X509V3_EXT_NCONF 152 935280304Sjkim# define X509V3_F_X509V3_GET_SECTION 142 936280304Sjkim# define X509V3_F_X509V3_GET_STRING 143 937280304Sjkim# define X509V3_F_X509V3_GET_VALUE_BOOL 110 938280304Sjkim# define X509V3_F_X509V3_PARSE_LIST 109 939280304Sjkim# define X509V3_F_X509_PURPOSE_ADD 137 940280304Sjkim# define X509V3_F_X509_PURPOSE_SET 141 94155714Skris 94255714Skris/* Reason codes. */ 943280304Sjkim# define X509V3_R_BAD_IP_ADDRESS 118 944280304Sjkim# define X509V3_R_BAD_OBJECT 119 945280304Sjkim# define X509V3_R_BN_DEC2BN_ERROR 100 946280304Sjkim# define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 947280304Sjkim# define X509V3_R_DIRNAME_ERROR 149 948280304Sjkim# define X509V3_R_DISTPOINT_ALREADY_SET 160 949280304Sjkim# define X509V3_R_DUPLICATE_ZONE_ID 133 950280304Sjkim# define X509V3_R_ERROR_CONVERTING_ZONE 131 951280304Sjkim# define X509V3_R_ERROR_CREATING_EXTENSION 144 952280304Sjkim# define X509V3_R_ERROR_IN_EXTENSION 128 953280304Sjkim# define X509V3_R_EXPECTED_A_SECTION_NAME 137 954280304Sjkim# define X509V3_R_EXTENSION_EXISTS 145 955280304Sjkim# define X509V3_R_EXTENSION_NAME_ERROR 115 956280304Sjkim# define X509V3_R_EXTENSION_NOT_FOUND 102 957280304Sjkim# define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 958280304Sjkim# define X509V3_R_EXTENSION_VALUE_ERROR 116 959280304Sjkim# define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 960280304Sjkim# define X509V3_R_ILLEGAL_HEX_DIGIT 113 961280304Sjkim# define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 962280304Sjkim# define X509V3_R_INVALID_MULTIPLE_RDNS 161 963280304Sjkim# define X509V3_R_INVALID_ASNUMBER 162 964280304Sjkim# define X509V3_R_INVALID_ASRANGE 163 965280304Sjkim# define X509V3_R_INVALID_BOOLEAN_STRING 104 966280304Sjkim# define X509V3_R_INVALID_EXTENSION_STRING 105 967280304Sjkim# define X509V3_R_INVALID_INHERITANCE 165 968280304Sjkim# define X509V3_R_INVALID_IPADDRESS 166 969280304Sjkim# define X509V3_R_INVALID_NAME 106 970280304Sjkim# define X509V3_R_INVALID_NULL_ARGUMENT 107 971280304Sjkim# define X509V3_R_INVALID_NULL_NAME 108 972280304Sjkim# define X509V3_R_INVALID_NULL_VALUE 109 973280304Sjkim# define X509V3_R_INVALID_NUMBER 140 974280304Sjkim# define X509V3_R_INVALID_NUMBERS 141 975280304Sjkim# define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 976280304Sjkim# define X509V3_R_INVALID_OPTION 138 977280304Sjkim# define X509V3_R_INVALID_POLICY_IDENTIFIER 134 978280304Sjkim# define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 979280304Sjkim# define X509V3_R_INVALID_PURPOSE 146 980280304Sjkim# define X509V3_R_INVALID_SAFI 164 981280304Sjkim# define X509V3_R_INVALID_SECTION 135 982280304Sjkim# define X509V3_R_INVALID_SYNTAX 143 983280304Sjkim# define X509V3_R_ISSUER_DECODE_ERROR 126 984280304Sjkim# define X509V3_R_MISSING_VALUE 124 985280304Sjkim# define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 986280304Sjkim# define X509V3_R_NO_CONFIG_DATABASE 136 987280304Sjkim# define X509V3_R_NO_ISSUER_CERTIFICATE 121 988280304Sjkim# define X509V3_R_NO_ISSUER_DETAILS 127 989280304Sjkim# define X509V3_R_NO_POLICY_IDENTIFIER 139 990280304Sjkim# define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 991280304Sjkim# define X509V3_R_NO_PUBLIC_KEY 114 992280304Sjkim# define X509V3_R_NO_SUBJECT_DETAILS 125 993280304Sjkim# define X509V3_R_ODD_NUMBER_OF_DIGITS 112 994280304Sjkim# define X509V3_R_OPERATION_NOT_DEFINED 148 995280304Sjkim# define X509V3_R_OTHERNAME_ERROR 147 996280304Sjkim# define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155 997280304Sjkim# define X509V3_R_POLICY_PATH_LENGTH 156 998280304Sjkim# define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157 999280304Sjkim# define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158 1000280304Sjkim# define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 1001280304Sjkim# define X509V3_R_SECTION_NOT_FOUND 150 1002280304Sjkim# define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 1003280304Sjkim# define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 1004280304Sjkim# define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 1005280304Sjkim# define X509V3_R_UNKNOWN_EXTENSION 129 1006280304Sjkim# define X509V3_R_UNKNOWN_EXTENSION_NAME 130 1007280304Sjkim# define X509V3_R_UNKNOWN_OPTION 120 1008280304Sjkim# define X509V3_R_UNSUPPORTED_OPTION 117 1009280304Sjkim# define X509V3_R_UNSUPPORTED_TYPE 167 1010280304Sjkim# define X509V3_R_USER_TOO_LONG 132 101155714Skris 101255714Skris#ifdef __cplusplus 101355714Skris} 101455714Skris#endif 101555714Skris#endif 1016