1 /* $OpenBSD: x509v3.h,v 1.15 2022/07/12 14:42:50 kn Exp $ */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3  * project 1999.
4  */
5 /* ====================================================================
6  * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in
17  *    the documentation and/or other materials provided with the
18  *    distribution.
19  *
20  * 3. All advertising materials mentioning features or use of this
21  *    software must display the following acknowledgment:
22  *    "This product includes software developed by the OpenSSL Project
23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24  *
25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26  *    endorse or promote products derived from this software without
27  *    prior written permission. For written permission, please contact
28  *    licensing@OpenSSL.org.
29  *
30  * 5. Products derived from this software may not be called "OpenSSL"
31  *    nor may "OpenSSL" appear in their names without prior written
32  *    permission of the OpenSSL Project.
33  *
34  * 6. Redistributions of any form whatsoever must retain the following
35  *    acknowledgment:
36  *    "This product includes software developed by the OpenSSL Project
37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38  *
39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50  * OF THE POSSIBILITY OF SUCH DAMAGE.
51  * ====================================================================
52  *
53  * This product includes cryptographic software written by Eric Young
54  * (eay@cryptsoft.com).  This product includes software written by Tim
55  * Hudson (tjh@cryptsoft.com).
56  *
57  */
58 #ifndef HEADER_X509V3_H
59 #define HEADER_X509V3_H
60 
61 #include <openssl/opensslconf.h>
62 
63 #include <openssl/bio.h>
64 #include <openssl/x509.h>
65 #include <openssl/conf.h>
66 
67 #ifdef __cplusplus
68 extern "C" {
69 #endif
70 
71 /* Forward reference */
72 struct v3_ext_method;
73 struct v3_ext_ctx;
74 
75 /* Useful typedefs */
76 
77 typedef void * (*X509V3_EXT_NEW)(void);
78 typedef void (*X509V3_EXT_FREE)(void *);
79 typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long);
80 typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
81 typedef STACK_OF(CONF_VALUE) *
82   (*X509V3_EXT_I2V)(const struct v3_ext_method *method, void *ext,
83 		    STACK_OF(CONF_VALUE) *extlist);
84 typedef void * (*X509V3_EXT_V2I)(const struct v3_ext_method *method,
85 				 struct v3_ext_ctx *ctx,
86 				 STACK_OF(CONF_VALUE) *values);
87 typedef char * (*X509V3_EXT_I2S)(const struct v3_ext_method *method, void *ext);
88 typedef void * (*X509V3_EXT_S2I)(const struct v3_ext_method *method,
89 				 struct v3_ext_ctx *ctx, const char *str);
90 typedef int (*X509V3_EXT_I2R)(const struct v3_ext_method *method, void *ext,
91 			      BIO *out, int indent);
92 typedef void * (*X509V3_EXT_R2I)(const struct v3_ext_method *method,
93 				 struct v3_ext_ctx *ctx, const char *str);
94 
95 /* V3 extension structure */
96 
97 struct v3_ext_method {
98 int ext_nid;
99 int ext_flags;
100 /* If this is set the following four fields are ignored */
101 ASN1_ITEM_EXP *it;
102 /* Old style ASN1 calls */
103 X509V3_EXT_NEW ext_new;
104 X509V3_EXT_FREE ext_free;
105 X509V3_EXT_D2I d2i;
106 X509V3_EXT_I2D i2d;
107 
108 /* The following pair is used for string extensions */
109 X509V3_EXT_I2S i2s;
110 X509V3_EXT_S2I s2i;
111 
112 /* The following pair is used for multi-valued extensions */
113 X509V3_EXT_I2V i2v;
114 X509V3_EXT_V2I v2i;
115 
116 /* The following are used for raw extensions */
117 X509V3_EXT_I2R i2r;
118 X509V3_EXT_R2I r2i;
119 
120 void *usr_data;	/* Any extension specific data */
121 };
122 
123 typedef struct X509V3_CONF_METHOD_st {
124 char *(*get_string)(void *db, const char *section, const char *value);
125 STACK_OF(CONF_VALUE) *(*get_section)(void *db, const char *section);
126 void (*free_string)(void *db, char *string);
127 void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
128 } X509V3_CONF_METHOD;
129 
130 /* Context specific info */
131 struct v3_ext_ctx {
132 #define CTX_TEST 0x1
133 int flags;
134 X509 *issuer_cert;
135 X509 *subject_cert;
136 X509_REQ *subject_req;
137 X509_CRL *crl;
138 X509V3_CONF_METHOD *db_meth;
139 void *db;
140 /* Maybe more here */
141 };
142 
143 typedef struct v3_ext_method X509V3_EXT_METHOD;
144 
145 DECLARE_STACK_OF(X509V3_EXT_METHOD)
146 
147 /* ext_flags values */
148 #define X509V3_EXT_DYNAMIC	0x1
149 #define X509V3_EXT_CTX_DEP	0x2
150 #define X509V3_EXT_MULTILINE	0x4
151 
152 typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
153 
154 typedef struct BASIC_CONSTRAINTS_st {
155 int ca;
156 ASN1_INTEGER *pathlen;
157 } BASIC_CONSTRAINTS;
158 
159 
160 typedef struct PKEY_USAGE_PERIOD_st {
161 ASN1_GENERALIZEDTIME *notBefore;
162 ASN1_GENERALIZEDTIME *notAfter;
163 } PKEY_USAGE_PERIOD;
164 
165 typedef struct otherName_st {
166 ASN1_OBJECT *type_id;
167 ASN1_TYPE *value;
168 } OTHERNAME;
169 
170 typedef struct EDIPartyName_st {
171 	ASN1_STRING *nameAssigner;
172 	ASN1_STRING *partyName;
173 } EDIPARTYNAME;
174 
175 typedef struct GENERAL_NAME_st {
176 
177 #define GEN_OTHERNAME	0
178 #define GEN_EMAIL	1
179 #define GEN_DNS		2
180 #define GEN_X400	3
181 #define GEN_DIRNAME	4
182 #define GEN_EDIPARTY	5
183 #define GEN_URI		6
184 #define GEN_IPADD	7
185 #define GEN_RID		8
186 
187 int type;
188 union {
189 	char *ptr;
190 	OTHERNAME *otherName; /* otherName */
191 	ASN1_IA5STRING *rfc822Name;
192 	ASN1_IA5STRING *dNSName;
193 	ASN1_TYPE *x400Address;
194 	X509_NAME *directoryName;
195 	EDIPARTYNAME *ediPartyName;
196 	ASN1_IA5STRING *uniformResourceIdentifier;
197 	ASN1_OCTET_STRING *iPAddress;
198 	ASN1_OBJECT *registeredID;
199 
200 	/* Old names */
201 	ASN1_OCTET_STRING *ip; /* iPAddress */
202 	X509_NAME *dirn;		/* dirn */
203 	ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */
204 	ASN1_OBJECT *rid; /* registeredID */
205 	ASN1_TYPE *other; /* x400Address */
206 } d;
207 } GENERAL_NAME;
208 
209 typedef struct ACCESS_DESCRIPTION_st {
210 	ASN1_OBJECT *method;
211 	GENERAL_NAME *location;
212 } ACCESS_DESCRIPTION;
213 
214 typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
215 
216 typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
217 
218 DECLARE_STACK_OF(GENERAL_NAME)
219 
220 typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
221 DECLARE_STACK_OF(GENERAL_NAMES)
222 
223 DECLARE_STACK_OF(ACCESS_DESCRIPTION)
224 
225 typedef struct DIST_POINT_NAME_st {
226 int type;
227 union {
228 	GENERAL_NAMES *fullname;
229 	STACK_OF(X509_NAME_ENTRY) *relativename;
230 } name;
231 /* If relativename then this contains the full distribution point name */
232 X509_NAME *dpname;
233 } DIST_POINT_NAME;
234 /* All existing reasons */
235 #define CRLDP_ALL_REASONS	0x807f
236 
237 #define CRL_REASON_NONE				-1
238 #define CRL_REASON_UNSPECIFIED			0
239 #define CRL_REASON_KEY_COMPROMISE		1
240 #define CRL_REASON_CA_COMPROMISE		2
241 #define CRL_REASON_AFFILIATION_CHANGED		3
242 #define CRL_REASON_SUPERSEDED			4
243 #define CRL_REASON_CESSATION_OF_OPERATION	5
244 #define CRL_REASON_CERTIFICATE_HOLD		6
245 #define CRL_REASON_REMOVE_FROM_CRL		8
246 #define CRL_REASON_PRIVILEGE_WITHDRAWN		9
247 #define CRL_REASON_AA_COMPROMISE		10
248 
249 struct DIST_POINT_st {
250 DIST_POINT_NAME	*distpoint;
251 ASN1_BIT_STRING *reasons;
252 GENERAL_NAMES *CRLissuer;
253 int dp_reasons;
254 };
255 
256 typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
257 
258 DECLARE_STACK_OF(DIST_POINT)
259 
260 struct AUTHORITY_KEYID_st {
261 ASN1_OCTET_STRING *keyid;
262 GENERAL_NAMES *issuer;
263 ASN1_INTEGER *serial;
264 };
265 
266 /* Strong extranet structures */
267 
268 typedef struct SXNET_ID_st {
269 	ASN1_INTEGER *zone;
270 	ASN1_OCTET_STRING *user;
271 } SXNETID;
272 
273 DECLARE_STACK_OF(SXNETID)
274 
275 typedef struct SXNET_st {
276 	ASN1_INTEGER *version;
277 	STACK_OF(SXNETID) *ids;
278 } SXNET;
279 
280 typedef struct NOTICEREF_st {
281 	ASN1_STRING *organization;
282 	STACK_OF(ASN1_INTEGER) *noticenos;
283 } NOTICEREF;
284 
285 typedef struct USERNOTICE_st {
286 	NOTICEREF *noticeref;
287 	ASN1_STRING *exptext;
288 } USERNOTICE;
289 
290 typedef struct POLICYQUALINFO_st {
291 	ASN1_OBJECT *pqualid;
292 	union {
293 		ASN1_IA5STRING *cpsuri;
294 		USERNOTICE *usernotice;
295 		ASN1_TYPE *other;
296 	} d;
297 } POLICYQUALINFO;
298 
299 DECLARE_STACK_OF(POLICYQUALINFO)
300 
301 typedef struct POLICYINFO_st {
302 	ASN1_OBJECT *policyid;
303 	STACK_OF(POLICYQUALINFO) *qualifiers;
304 } POLICYINFO;
305 
306 typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
307 
308 DECLARE_STACK_OF(POLICYINFO)
309 
310 typedef struct POLICY_MAPPING_st {
311 	ASN1_OBJECT *issuerDomainPolicy;
312 	ASN1_OBJECT *subjectDomainPolicy;
313 } POLICY_MAPPING;
314 
315 DECLARE_STACK_OF(POLICY_MAPPING)
316 
317 typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;
318 
319 typedef struct GENERAL_SUBTREE_st {
320 	GENERAL_NAME *base;
321 	ASN1_INTEGER *minimum;
322 	ASN1_INTEGER *maximum;
323 } GENERAL_SUBTREE;
324 
325 DECLARE_STACK_OF(GENERAL_SUBTREE)
326 
327 struct NAME_CONSTRAINTS_st {
328 	STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
329 	STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
330 };
331 
332 typedef struct POLICY_CONSTRAINTS_st {
333 	ASN1_INTEGER *requireExplicitPolicy;
334 	ASN1_INTEGER *inhibitPolicyMapping;
335 } POLICY_CONSTRAINTS;
336 
337 /* Proxy certificate structures, see RFC 3820 */
338 typedef struct PROXY_POLICY_st
339 	{
340 	ASN1_OBJECT *policyLanguage;
341 	ASN1_OCTET_STRING *policy;
342 	} PROXY_POLICY;
343 
344 typedef struct PROXY_CERT_INFO_EXTENSION_st
345 	{
346 	ASN1_INTEGER *pcPathLengthConstraint;
347 	PROXY_POLICY *proxyPolicy;
348 	} PROXY_CERT_INFO_EXTENSION;
349 
350 PROXY_POLICY *PROXY_POLICY_new(void);
351 void PROXY_POLICY_free(PROXY_POLICY *a);
352 PROXY_POLICY *d2i_PROXY_POLICY(PROXY_POLICY **a, const unsigned char **in, long len);
353 int i2d_PROXY_POLICY(PROXY_POLICY *a, unsigned char **out);
354 extern const ASN1_ITEM PROXY_POLICY_it;
355 PROXY_CERT_INFO_EXTENSION *PROXY_CERT_INFO_EXTENSION_new(void);
356 void PROXY_CERT_INFO_EXTENSION_free(PROXY_CERT_INFO_EXTENSION *a);
357 PROXY_CERT_INFO_EXTENSION *d2i_PROXY_CERT_INFO_EXTENSION(PROXY_CERT_INFO_EXTENSION **a, const unsigned char **in, long len);
358 int i2d_PROXY_CERT_INFO_EXTENSION(PROXY_CERT_INFO_EXTENSION *a, unsigned char **out);
359 extern const ASN1_ITEM PROXY_CERT_INFO_EXTENSION_it;
360 
361 struct ISSUING_DIST_POINT_st
362 	{
363 	DIST_POINT_NAME *distpoint;
364 	int onlyuser;
365 	int onlyCA;
366 	ASN1_BIT_STRING *onlysomereasons;
367 	int indirectCRL;
368 	int onlyattr;
369 	};
370 
371 /* Values in idp_flags field */
372 /* IDP present */
373 #define	IDP_PRESENT	0x1
374 /* IDP values inconsistent */
375 #define IDP_INVALID	0x2
376 /* onlyuser true */
377 #define	IDP_ONLYUSER	0x4
378 /* onlyCA true */
379 #define	IDP_ONLYCA	0x8
380 /* onlyattr true */
381 #define IDP_ONLYATTR	0x10
382 /* indirectCRL true */
383 #define IDP_INDIRECT	0x20
384 /* onlysomereasons present */
385 #define IDP_REASONS	0x40
386 
387 #define X509V3_conf_err(val) ERR_asprintf_error_data( \
388 			"section:%s,name:%s,value:%s", val->section, \
389 			val->name, val->value);
390 
391 #define X509V3_set_ctx_test(ctx) \
392 			X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
393 #define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
394 
395 #define EXT_BITSTRING(nid, table) { nid, 0, &ASN1_BIT_STRING_it, \
396 			0,0,0,0, \
397 			0,0, \
398 			(X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
399 			(X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
400 			NULL, NULL, \
401 			table}
402 
403 #define EXT_IA5STRING(nid) { nid, 0, &ASN1_IA5STRING_it, \
404 			0,0,0,0, \
405 			(X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
406 			(X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
407 			0,0,0,0, \
408 			NULL}
409 
410 #define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
411 
412 
413 /* X509_PURPOSE stuff */
414 
415 #define EXFLAG_BCONS		0x0001
416 #define EXFLAG_KUSAGE		0x0002
417 #define EXFLAG_XKUSAGE		0x0004
418 #define EXFLAG_NSCERT		0x0008
419 
420 #define EXFLAG_CA		0x0010
421 #define EXFLAG_SI		0x0020  /* Self issued. */
422 #define EXFLAG_V1		0x0040
423 #define EXFLAG_INVALID		0x0080
424 #define EXFLAG_SET		0x0100
425 #define EXFLAG_CRITICAL		0x0200
426 #define EXFLAG_PROXY		0x0400
427 #define EXFLAG_INVALID_POLICY	0x0800
428 #define EXFLAG_FRESHEST		0x1000
429 #define EXFLAG_SS               0x2000	/* Self signed. */
430 
431 #define KU_DIGITAL_SIGNATURE	0x0080
432 #define KU_NON_REPUDIATION	0x0040
433 #define KU_KEY_ENCIPHERMENT	0x0020
434 #define KU_DATA_ENCIPHERMENT	0x0010
435 #define KU_KEY_AGREEMENT	0x0008
436 #define KU_KEY_CERT_SIGN	0x0004
437 #define KU_CRL_SIGN		0x0002
438 #define KU_ENCIPHER_ONLY	0x0001
439 #define KU_DECIPHER_ONLY	0x8000
440 
441 #define NS_SSL_CLIENT		0x80
442 #define NS_SSL_SERVER		0x40
443 #define NS_SMIME		0x20
444 #define NS_OBJSIGN		0x10
445 #define NS_SSL_CA		0x04
446 #define NS_SMIME_CA		0x02
447 #define NS_OBJSIGN_CA		0x01
448 #define NS_ANY_CA		(NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
449 
450 #define XKU_SSL_SERVER		0x1
451 #define XKU_SSL_CLIENT		0x2
452 #define XKU_SMIME		0x4
453 #define XKU_CODE_SIGN		0x8
454 #define XKU_SGC			0x10
455 #define XKU_OCSP_SIGN		0x20
456 #define XKU_TIMESTAMP		0x40
457 #define XKU_DVCS		0x80
458 #define XKU_ANYEKU		0x100
459 
460 #define X509_PURPOSE_DYNAMIC	0x1
461 #define X509_PURPOSE_DYNAMIC_NAME	0x2
462 
463 typedef struct x509_purpose_st {
464 	int purpose;
465 	int trust;		/* Default trust ID */
466 	int flags;
467 	int (*check_purpose)(const struct x509_purpose_st *,
468 				const X509 *, int);
469 	char *name;
470 	char *sname;
471 	void *usr_data;
472 } X509_PURPOSE;
473 
474 #define X509_PURPOSE_SSL_CLIENT		1
475 #define X509_PURPOSE_SSL_SERVER		2
476 #define X509_PURPOSE_NS_SSL_SERVER	3
477 #define X509_PURPOSE_SMIME_SIGN		4
478 #define X509_PURPOSE_SMIME_ENCRYPT	5
479 #define X509_PURPOSE_CRL_SIGN		6
480 #define X509_PURPOSE_ANY		7
481 #define X509_PURPOSE_OCSP_HELPER	8
482 #define X509_PURPOSE_TIMESTAMP_SIGN	9
483 
484 #define X509_PURPOSE_MIN		1
485 #define X509_PURPOSE_MAX		9
486 
487 /* Flags for X509V3_EXT_print() */
488 
489 #define X509V3_EXT_UNKNOWN_MASK		(0xfL << 16)
490 /* Return error for unknown extensions */
491 #define X509V3_EXT_DEFAULT		0
492 /* Print error for unknown extensions */
493 #define X509V3_EXT_ERROR_UNKNOWN	(1L << 16)
494 /* ASN1 parse unknown extensions */
495 #define X509V3_EXT_PARSE_UNKNOWN	(2L << 16)
496 /* BIO_dump unknown extensions */
497 #define X509V3_EXT_DUMP_UNKNOWN		(3L << 16)
498 
499 /* Flags for X509V3_add1_i2d */
500 
501 #define X509V3_ADD_OP_MASK		0xfL
502 #define X509V3_ADD_DEFAULT		0L
503 #define X509V3_ADD_APPEND		1L
504 #define X509V3_ADD_REPLACE		2L
505 #define X509V3_ADD_REPLACE_EXISTING	3L
506 #define X509V3_ADD_KEEP_EXISTING	4L
507 #define X509V3_ADD_DELETE		5L
508 #define X509V3_ADD_SILENT		0x10
509 
510 DECLARE_STACK_OF(X509_PURPOSE)
511 
512 BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void);
513 void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a);
514 BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, const unsigned char **in, long len);
515 int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **out);
516 extern const ASN1_ITEM BASIC_CONSTRAINTS_it;
517 
518 SXNET *SXNET_new(void);
519 void SXNET_free(SXNET *a);
520 SXNET *d2i_SXNET(SXNET **a, const unsigned char **in, long len);
521 int i2d_SXNET(SXNET *a, unsigned char **out);
522 extern const ASN1_ITEM SXNET_it;
523 SXNETID *SXNETID_new(void);
524 void SXNETID_free(SXNETID *a);
525 SXNETID *d2i_SXNETID(SXNETID **a, const unsigned char **in, long len);
526 int i2d_SXNETID(SXNETID *a, unsigned char **out);
527 extern const ASN1_ITEM SXNETID_it;
528 
529 int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user,
530     int userlen);
531 int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
532     int userlen);
533 int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user,
534     int userlen);
535 
536 ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone);
537 ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
538 ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
539 
540 AUTHORITY_KEYID *AUTHORITY_KEYID_new(void);
541 void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a);
542 AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, const unsigned char **in, long len);
543 int i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **out);
544 extern const ASN1_ITEM AUTHORITY_KEYID_it;
545 
546 PKEY_USAGE_PERIOD *PKEY_USAGE_PERIOD_new(void);
547 void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a);
548 PKEY_USAGE_PERIOD *d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a, const unsigned char **in, long len);
549 int i2d_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD *a, unsigned char **out);
550 extern const ASN1_ITEM PKEY_USAGE_PERIOD_it;
551 
552 GENERAL_NAME *GENERAL_NAME_new(void);
553 void GENERAL_NAME_free(GENERAL_NAME *a);
554 GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, const unsigned char **in, long len);
555 int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **out);
556 extern const ASN1_ITEM GENERAL_NAME_it;
557 GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a);
558 int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b);
559 
560 
561 
562 ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
563 				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
564 STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
565 				ASN1_BIT_STRING *bits,
566 				STACK_OF(CONF_VALUE) *extlist);
567 
568 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
569 int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
570 
571 GENERAL_NAMES *GENERAL_NAMES_new(void);
572 void GENERAL_NAMES_free(GENERAL_NAMES *a);
573 GENERAL_NAMES *d2i_GENERAL_NAMES(GENERAL_NAMES **a, const unsigned char **in, long len);
574 int i2d_GENERAL_NAMES(GENERAL_NAMES *a, unsigned char **out);
575 extern const ASN1_ITEM GENERAL_NAMES_it;
576 
577 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
578 		GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
579 GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
580 				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
581 
582 OTHERNAME *OTHERNAME_new(void);
583 void OTHERNAME_free(OTHERNAME *a);
584 OTHERNAME *d2i_OTHERNAME(OTHERNAME **a, const unsigned char **in, long len);
585 int i2d_OTHERNAME(OTHERNAME *a, unsigned char **out);
586 extern const ASN1_ITEM OTHERNAME_it;
587 EDIPARTYNAME *EDIPARTYNAME_new(void);
588 void EDIPARTYNAME_free(EDIPARTYNAME *a);
589 EDIPARTYNAME *d2i_EDIPARTYNAME(EDIPARTYNAME **a, const unsigned char **in, long len);
590 int i2d_EDIPARTYNAME(EDIPARTYNAME *a, unsigned char **out);
591 extern const ASN1_ITEM EDIPARTYNAME_it;
592 int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b);
593 void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value);
594 void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype);
595 int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
596 				ASN1_OBJECT *oid, ASN1_TYPE *value);
597 int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen,
598 				ASN1_OBJECT **poid, ASN1_TYPE **pvalue);
599 
600 char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
601     const ASN1_OCTET_STRING *ia5);
602 ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
603     X509V3_CTX *ctx, const char *str);
604 
605 EXTENDED_KEY_USAGE *EXTENDED_KEY_USAGE_new(void);
606 void EXTENDED_KEY_USAGE_free(EXTENDED_KEY_USAGE *a);
607 EXTENDED_KEY_USAGE *d2i_EXTENDED_KEY_USAGE(EXTENDED_KEY_USAGE **a, const unsigned char **in, long len);
608 int i2d_EXTENDED_KEY_USAGE(EXTENDED_KEY_USAGE *a, unsigned char **out);
609 extern const ASN1_ITEM EXTENDED_KEY_USAGE_it;
610 int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION* a);
611 
612 CERTIFICATEPOLICIES *CERTIFICATEPOLICIES_new(void);
613 void CERTIFICATEPOLICIES_free(CERTIFICATEPOLICIES *a);
614 CERTIFICATEPOLICIES *d2i_CERTIFICATEPOLICIES(CERTIFICATEPOLICIES **a, const unsigned char **in, long len);
615 int i2d_CERTIFICATEPOLICIES(CERTIFICATEPOLICIES *a, unsigned char **out);
616 extern const ASN1_ITEM CERTIFICATEPOLICIES_it;
617 POLICYINFO *POLICYINFO_new(void);
618 void POLICYINFO_free(POLICYINFO *a);
619 POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, const unsigned char **in, long len);
620 int i2d_POLICYINFO(POLICYINFO *a, unsigned char **out);
621 extern const ASN1_ITEM POLICYINFO_it;
622 POLICYQUALINFO *POLICYQUALINFO_new(void);
623 void POLICYQUALINFO_free(POLICYQUALINFO *a);
624 POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, const unsigned char **in, long len);
625 int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **out);
626 extern const ASN1_ITEM POLICYQUALINFO_it;
627 USERNOTICE *USERNOTICE_new(void);
628 void USERNOTICE_free(USERNOTICE *a);
629 USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, const unsigned char **in, long len);
630 int i2d_USERNOTICE(USERNOTICE *a, unsigned char **out);
631 extern const ASN1_ITEM USERNOTICE_it;
632 NOTICEREF *NOTICEREF_new(void);
633 void NOTICEREF_free(NOTICEREF *a);
634 NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, const unsigned char **in, long len);
635 int i2d_NOTICEREF(NOTICEREF *a, unsigned char **out);
636 extern const ASN1_ITEM NOTICEREF_it;
637 
638 CRL_DIST_POINTS *CRL_DIST_POINTS_new(void);
639 void CRL_DIST_POINTS_free(CRL_DIST_POINTS *a);
640 CRL_DIST_POINTS *d2i_CRL_DIST_POINTS(CRL_DIST_POINTS **a, const unsigned char **in, long len);
641 int i2d_CRL_DIST_POINTS(CRL_DIST_POINTS *a, unsigned char **out);
642 extern const ASN1_ITEM CRL_DIST_POINTS_it;
643 DIST_POINT *DIST_POINT_new(void);
644 void DIST_POINT_free(DIST_POINT *a);
645 DIST_POINT *d2i_DIST_POINT(DIST_POINT **a, const unsigned char **in, long len);
646 int i2d_DIST_POINT(DIST_POINT *a, unsigned char **out);
647 extern const ASN1_ITEM DIST_POINT_it;
648 DIST_POINT_NAME *DIST_POINT_NAME_new(void);
649 void DIST_POINT_NAME_free(DIST_POINT_NAME *a);
650 DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, const unsigned char **in, long len);
651 int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **out);
652 extern const ASN1_ITEM DIST_POINT_NAME_it;
653 ISSUING_DIST_POINT *ISSUING_DIST_POINT_new(void);
654 void ISSUING_DIST_POINT_free(ISSUING_DIST_POINT *a);
655 ISSUING_DIST_POINT *d2i_ISSUING_DIST_POINT(ISSUING_DIST_POINT **a, const unsigned char **in, long len);
656 int i2d_ISSUING_DIST_POINT(ISSUING_DIST_POINT *a, unsigned char **out);
657 extern const ASN1_ITEM ISSUING_DIST_POINT_it;
658 
659 int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname);
660 
661 int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc);
662 
663 ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void);
664 void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a);
665 ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, const unsigned char **in, long len);
666 int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **out);
667 extern const ASN1_ITEM ACCESS_DESCRIPTION_it;
668 AUTHORITY_INFO_ACCESS *AUTHORITY_INFO_ACCESS_new(void);
669 void AUTHORITY_INFO_ACCESS_free(AUTHORITY_INFO_ACCESS *a);
670 AUTHORITY_INFO_ACCESS *d2i_AUTHORITY_INFO_ACCESS(AUTHORITY_INFO_ACCESS **a, const unsigned char **in, long len);
671 int i2d_AUTHORITY_INFO_ACCESS(AUTHORITY_INFO_ACCESS *a, unsigned char **out);
672 extern const ASN1_ITEM AUTHORITY_INFO_ACCESS_it;
673 
674 extern const ASN1_ITEM POLICY_MAPPING_it;
675 POLICY_MAPPING *POLICY_MAPPING_new(void);
676 void POLICY_MAPPING_free(POLICY_MAPPING *a);
677 extern const ASN1_ITEM POLICY_MAPPINGS_it;
678 
679 extern const ASN1_ITEM GENERAL_SUBTREE_it;
680 GENERAL_SUBTREE *GENERAL_SUBTREE_new(void);
681 void GENERAL_SUBTREE_free(GENERAL_SUBTREE *a);
682 
683 extern const ASN1_ITEM NAME_CONSTRAINTS_it;
684 NAME_CONSTRAINTS *NAME_CONSTRAINTS_new(void);
685 void NAME_CONSTRAINTS_free(NAME_CONSTRAINTS *a);
686 
687 POLICY_CONSTRAINTS *POLICY_CONSTRAINTS_new(void);
688 void POLICY_CONSTRAINTS_free(POLICY_CONSTRAINTS *a);
689 extern const ASN1_ITEM POLICY_CONSTRAINTS_it;
690 
691 GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
692 			       const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
693 			       int gen_type, const char *value, int is_nc);
694 
695 #ifdef HEADER_CONF_H
696 GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
697 			       CONF_VALUE *cnf);
698 GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
699 				  const X509V3_EXT_METHOD *method,
700 				  X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
701 void X509V3_conf_free(CONF_VALUE *val);
702 
703 X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
704     const char *value);
705 X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
706     const char *value);
707 int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
708     STACK_OF(X509_EXTENSION) **sk);
709 int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
710     X509 *cert);
711 int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
712     X509_REQ *req);
713 int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
714     X509_CRL *crl);
715 
716 X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
717     int ext_nid, const char *value);
718 X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
719     const char *name, const char *value);
720 int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
721     const char *section, X509 *cert);
722 int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
723     const char *section, X509_REQ *req);
724 int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
725     const char *section, X509_CRL *crl);
726 
727 int X509V3_add_value_bool_nf(const char *name, int asn1_bool,
728 			     STACK_OF(CONF_VALUE) **extlist);
729 int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool);
730 int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint);
731 void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
732 void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash);
733 #endif
734 
735 char *X509V3_get_string(X509V3_CTX *ctx, const char *name,
736     const char *section);
737 STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section);
738 void X509V3_string_free(X509V3_CTX *ctx, char *str);
739 void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
740 void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
741 				 X509_REQ *req, X509_CRL *crl, int flags);
742 
743 int X509V3_add_value(const char *name, const char *value,
744 						STACK_OF(CONF_VALUE) **extlist);
745 int X509V3_add_value_uchar(const char *name, const unsigned char *value,
746 						STACK_OF(CONF_VALUE) **extlist);
747 int X509V3_add_value_bool(const char *name, int asn1_bool,
748 						STACK_OF(CONF_VALUE) **extlist);
749 int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint,
750 						STACK_OF(CONF_VALUE) **extlist);
751 char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint);
752 ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value);
753 char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint);
754 char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth,
755     const ASN1_ENUMERATED *aint);
756 int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
757 int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
758 int X509V3_EXT_add_alias(int nid_to, int nid_from);
759 void X509V3_EXT_cleanup(void);
760 
761 const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
762 const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
763 int X509V3_add_standard_extensions(void);
764 STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
765 void *X509V3_EXT_d2i(X509_EXTENSION *ext);
766 void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
767     int *idx);
768 
769 
770 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
771 int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);
772 
773 char *hex_to_string(const unsigned char *buffer, long len);
774 unsigned char *string_to_hex(const char *str, long *len);
775 
776 void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
777 								 int ml);
778 int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);
779 int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
780 
781 int X509V3_extensions_print(BIO *out, const char *title,
782     const STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);
783 
784 int X509_check_ca(X509 *x);
785 int X509_check_purpose(X509 *x, int id, int ca);
786 int X509_supported_extension(X509_EXTENSION *ex);
787 int X509_PURPOSE_set(int *p, int purpose);
788 int X509_check_issued(X509 *issuer, X509 *subject);
789 int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
790 int X509_PURPOSE_get_count(void);
791 X509_PURPOSE * X509_PURPOSE_get0(int idx);
792 int X509_PURPOSE_get_by_sname(const char *sname);
793 int X509_PURPOSE_get_by_id(int id);
794 int X509_PURPOSE_add(int id, int trust, int flags,
795 			int (*ck)(const X509_PURPOSE *, const X509 *, int),
796 			const char *name, const char *sname, void *arg);
797 char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp);
798 char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp);
799 int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);
800 void X509_PURPOSE_cleanup(void);
801 int X509_PURPOSE_get_id(const X509_PURPOSE *);
802 uint32_t X509_get_extension_flags(X509 *x);
803 uint32_t X509_get_key_usage(X509 *x);
804 uint32_t X509_get_extended_key_usage(X509 *x);
805 
806 STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
807 STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
808 void X509_email_free(STACK_OF(OPENSSL_STRING) *sk);
809 STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
810 
811 /* Flags for X509_check_* functions */
812 /* Always check subject name for host match even if subject alt names present */
813 #define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT	0x1
814 /* Disable wildcard matching for dnsName fields and common name. */
815 #define X509_CHECK_FLAG_NO_WILDCARDS	0x2
816 /* Wildcards must not match a partial label. */
817 #define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4
818 /* Allow (non-partial) wildcards to match multiple labels. */
819 #define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8
820 /* Constraint verifier subdomain patterns to match a single labels. */
821 #define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10
822 /* Disable checking the CN for a hostname, to support modern validation */
823 #define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20
824 
825 /*
826  * Match reference identifiers starting with "." to any sub-domain.
827  * This is a non-public flag, turned on implicitly when the subject
828  * reference identity is a DNS name.
829  */
830 #define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000
831 
832 int X509_check_host(X509 *x, const char *chk, size_t chklen,
833     unsigned int flags, char **peername);
834 int X509_check_email(X509 *x, const char *chk, size_t chklen,
835     unsigned int flags);
836 int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
837     unsigned int flags);
838 int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags);
839 
840 ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
841 ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
842 int a2i_ipadd(unsigned char *ipout, const char *ipasc);
843 int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
844 						unsigned long chtype);
845 
846 void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
847 DECLARE_STACK_OF(X509_POLICY_NODE)
848 
849 #ifndef OPENSSL_NO_RFC3779
850 typedef struct ASRange_st {
851 	ASN1_INTEGER *min;
852 	ASN1_INTEGER *max;
853 } ASRange;
854 
855 #define ASIdOrRange_id		0
856 #define ASIdOrRange_range	1
857 
858 typedef struct ASIdOrRange_st {
859 	int type;
860 	union {
861 		ASN1_INTEGER *id;
862 		ASRange *range;
863 	} u;
864 } ASIdOrRange;
865 
866 typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
867 DECLARE_STACK_OF(ASIdOrRange)
868 
869 #define ASIdentifierChoice_inherit		0
870 #define ASIdentifierChoice_asIdsOrRanges	1
871 
872 typedef struct ASIdentifierChoice_st {
873 	int type;
874 	union {
875 		ASN1_NULL *inherit;
876 		ASIdOrRanges *asIdsOrRanges;
877 	} u;
878 } ASIdentifierChoice;
879 
880 typedef struct ASIdentifiers_st {
881 	ASIdentifierChoice *asnum;
882 	ASIdentifierChoice *rdi;
883 } ASIdentifiers;
884 
885 ASRange *ASRange_new(void);
886 void ASRange_free(ASRange *a);
887 ASRange *d2i_ASRange(ASRange **a, const unsigned char **in, long len);
888 int i2d_ASRange(ASRange *a, unsigned char **out);
889 extern const ASN1_ITEM ASRange_it;
890 
891 ASIdOrRange *ASIdOrRange_new(void);
892 void ASIdOrRange_free(ASIdOrRange *a);
893 ASIdOrRange *d2i_ASIdOrRange(ASIdOrRange **a, const unsigned char **in,
894     long len);
895 int i2d_ASIdOrRange(ASIdOrRange *a, unsigned char **out);
896 extern const ASN1_ITEM ASIdOrRange_it;
897 
898 ASIdentifierChoice *ASIdentifierChoice_new(void);
899 void ASIdentifierChoice_free(ASIdentifierChoice *a);
900 ASIdentifierChoice *d2i_ASIdentifierChoice(ASIdentifierChoice **a,
901     const unsigned char **in, long len);
902 int i2d_ASIdentifierChoice(ASIdentifierChoice *a, unsigned char **out);
903 extern const ASN1_ITEM ASIdentifierChoice_it;
904 
905 ASIdentifiers *ASIdentifiers_new(void);
906 void ASIdentifiers_free(ASIdentifiers *a);
907 ASIdentifiers *d2i_ASIdentifiers(ASIdentifiers **a, const unsigned char **in,
908     long len);
909 int i2d_ASIdentifiers(ASIdentifiers *a, unsigned char **out);
910 extern const ASN1_ITEM ASIdentifiers_it;
911 
912 typedef struct IPAddressRange_st {
913 	ASN1_BIT_STRING *min;
914 	ASN1_BIT_STRING *max;
915 } IPAddressRange;
916 
917 #define IPAddressOrRange_addressPrefix	0
918 #define IPAddressOrRange_addressRange	1
919 
920 typedef struct IPAddressOrRange_st {
921 	int type;
922 	union {
923 		ASN1_BIT_STRING *addressPrefix;
924 		IPAddressRange *addressRange;
925 	} u;
926 } IPAddressOrRange;
927 
928 typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
929 DECLARE_STACK_OF(IPAddressOrRange)
930 
931 #define IPAddressChoice_inherit			0
932 #define IPAddressChoice_addressesOrRanges	1
933 
934 typedef struct IPAddressChoice_st {
935 	int type;
936 	union {
937 		ASN1_NULL *inherit;
938 		IPAddressOrRanges *addressesOrRanges;
939 	} u;
940 } IPAddressChoice;
941 
942 typedef struct IPAddressFamily_st {
943 	ASN1_OCTET_STRING *addressFamily;
944 	IPAddressChoice *ipAddressChoice;
945 } IPAddressFamily;
946 
947 typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
948 DECLARE_STACK_OF(IPAddressFamily)
949 
950 IPAddressRange *IPAddressRange_new(void);
951 void IPAddressRange_free(IPAddressRange *a);
952 IPAddressRange *d2i_IPAddressRange(IPAddressRange **a,
953     const unsigned char **in, long len);
954 int i2d_IPAddressRange(IPAddressRange *a, unsigned char **out);
955 extern const ASN1_ITEM IPAddressRange_it;
956 
957 IPAddressOrRange *IPAddressOrRange_new(void);
958 void IPAddressOrRange_free(IPAddressOrRange *a);
959 IPAddressOrRange *d2i_IPAddressOrRange(IPAddressOrRange **a,
960     const unsigned char **in, long len);
961 int i2d_IPAddressOrRange(IPAddressOrRange *a, unsigned char **out);
962 extern const ASN1_ITEM IPAddressOrRange_it;
963 
964 IPAddressChoice *IPAddressChoice_new(void);
965 void IPAddressChoice_free(IPAddressChoice *a);
966 IPAddressChoice *d2i_IPAddressChoice(IPAddressChoice **a,
967     const unsigned char **in, long len);
968 int i2d_IPAddressChoice(IPAddressChoice *a, unsigned char **out);
969 extern const ASN1_ITEM IPAddressChoice_it;
970 
971 IPAddressFamily *IPAddressFamily_new(void);
972 void IPAddressFamily_free(IPAddressFamily *a);
973 IPAddressFamily *d2i_IPAddressFamily(IPAddressFamily **a,
974     const unsigned char **in, long len);
975 int i2d_IPAddressFamily(IPAddressFamily *a, unsigned char **out);
976 extern const ASN1_ITEM IPAddressFamily_it;
977 
978 /*
979  * API tag for elements of the ASIdentifer SEQUENCE.
980  */
981 #define V3_ASID_ASNUM	0
982 #define V3_ASID_RDI	1
983 
984 /*
985  * AFI values, assigned by IANA.  It'd be nice to make the AFI
986  * handling code totally generic, but there are too many little things
987  * that would need to be defined for other address families for it to
988  * be worth the trouble.
989  */
990 #define IANA_AFI_IPV4	1
991 #define IANA_AFI_IPV6	2
992 
993 /*
994  * Utilities to construct and extract values from RFC3779 extensions,
995  * since some of the encodings (particularly for IP address prefixes
996  * and ranges) are a bit tedious to work with directly.
997  */
998 int X509v3_asid_add_inherit(ASIdentifiers *asid, int which);
999 int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
1000     ASN1_INTEGER *min, ASN1_INTEGER *max);
1001 int X509v3_addr_add_inherit(IPAddrBlocks *addr, const unsigned afi,
1002     const unsigned *safi);
1003 int X509v3_addr_add_prefix(IPAddrBlocks *addr, const unsigned afi,
1004     const unsigned *safi, unsigned char *a, const int prefixlen);
1005 int X509v3_addr_add_range(IPAddrBlocks *addr, const unsigned afi,
1006     const unsigned *safi, unsigned char *min, unsigned char *max);
1007 unsigned X509v3_addr_get_afi(const IPAddressFamily *f);
1008 int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
1009     unsigned char *min, unsigned char *max, const int length);
1010 
1011 /*
1012  * Canonical forms.
1013  */
1014 int X509v3_asid_is_canonical(ASIdentifiers *asid);
1015 int X509v3_addr_is_canonical(IPAddrBlocks *addr);
1016 int X509v3_asid_canonize(ASIdentifiers *asid);
1017 int X509v3_addr_canonize(IPAddrBlocks *addr);
1018 
1019 /*
1020  * Tests for inheritance and containment.
1021  */
1022 int X509v3_asid_inherits(ASIdentifiers *asid);
1023 int X509v3_addr_inherits(IPAddrBlocks *addr);
1024 int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b);
1025 int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);
1026 
1027 /*
1028  * Check whether RFC 3779 extensions nest properly in chains.
1029  */
1030 int X509v3_asid_validate_path(X509_STORE_CTX *);
1031 int X509v3_addr_validate_path(X509_STORE_CTX *);
1032 int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, ASIdentifiers *ext,
1033     int allow_inheritance);
1034 int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, IPAddrBlocks *ext,
1035     int allow_inheritance);
1036 
1037 #endif /* !OPENSSL_NO_RFC3779 */
1038 
1039 void ERR_load_X509V3_strings(void);
1040 
1041 /* Error codes for the X509V3 functions. */
1042 
1043 /* Function codes. */
1044 #define X509V3_F_A2I_GENERAL_NAME			 164
1045 #define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE		 161
1046 #define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL	 162
1047 #define X509V3_F_COPY_EMAIL				 122
1048 #define X509V3_F_COPY_ISSUER				 123
1049 #define X509V3_F_DO_DIRNAME				 144
1050 #define X509V3_F_DO_EXT_CONF				 124
1051 #define X509V3_F_DO_EXT_I2D				 135
1052 #define X509V3_F_DO_EXT_NCONF				 151
1053 #define X509V3_F_DO_I2V_NAME_CONSTRAINTS		 148
1054 #define X509V3_F_GNAMES_FROM_SECTNAME			 156
1055 #define X509V3_F_HEX_TO_STRING				 111
1056 #define X509V3_F_I2S_ASN1_ENUMERATED			 121
1057 #define X509V3_F_I2S_ASN1_IA5STRING			 149
1058 #define X509V3_F_I2S_ASN1_INTEGER			 120
1059 #define X509V3_F_I2V_AUTHORITY_INFO_ACCESS		 138
1060 #define X509V3_F_NOTICE_SECTION				 132
1061 #define X509V3_F_NREF_NOS				 133
1062 #define X509V3_F_POLICY_SECTION				 131
1063 #define X509V3_F_PROCESS_PCI_VALUE			 150
1064 #define X509V3_F_R2I_CERTPOL				 130
1065 #define X509V3_F_R2I_PCI				 155
1066 #define X509V3_F_S2I_ASN1_IA5STRING			 100
1067 #define X509V3_F_S2I_ASN1_INTEGER			 108
1068 #define X509V3_F_S2I_ASN1_OCTET_STRING			 112
1069 #define X509V3_F_S2I_ASN1_SKEY_ID			 114
1070 #define X509V3_F_S2I_SKEY_ID				 115
1071 #define X509V3_F_SET_DIST_POINT_NAME			 158
1072 #define X509V3_F_STRING_TO_HEX				 113
1073 #define X509V3_F_SXNET_ADD_ID_ASC			 125
1074 #define X509V3_F_SXNET_ADD_ID_INTEGER			 126
1075 #define X509V3_F_SXNET_ADD_ID_ULONG			 127
1076 #define X509V3_F_SXNET_GET_ID_ASC			 128
1077 #define X509V3_F_SXNET_GET_ID_ULONG			 129
1078 #define X509V3_F_V2I_ASIDENTIFIERS			 163
1079 #define X509V3_F_V2I_ASN1_BIT_STRING			 101
1080 #define X509V3_F_V2I_AUTHORITY_INFO_ACCESS		 139
1081 #define X509V3_F_V2I_AUTHORITY_KEYID			 119
1082 #define X509V3_F_V2I_BASIC_CONSTRAINTS			 102
1083 #define X509V3_F_V2I_CRLD				 134
1084 #define X509V3_F_V2I_EXTENDED_KEY_USAGE			 103
1085 #define X509V3_F_V2I_GENERAL_NAMES			 118
1086 #define X509V3_F_V2I_GENERAL_NAME_EX			 117
1087 #define X509V3_F_V2I_IDP				 157
1088 #define X509V3_F_V2I_IPADDRBLOCKS			 159
1089 #define X509V3_F_V2I_ISSUER_ALT				 153
1090 #define X509V3_F_V2I_NAME_CONSTRAINTS			 147
1091 #define X509V3_F_V2I_POLICY_CONSTRAINTS			 146
1092 #define X509V3_F_V2I_POLICY_MAPPINGS			 145
1093 #define X509V3_F_V2I_SUBJECT_ALT			 154
1094 #define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL		 160
1095 #define X509V3_F_V3_GENERIC_EXTENSION			 116
1096 #define X509V3_F_X509V3_ADD1_I2D			 140
1097 #define X509V3_F_X509V3_ADD_VALUE			 105
1098 #define X509V3_F_X509V3_EXT_ADD				 104
1099 #define X509V3_F_X509V3_EXT_ADD_ALIAS			 106
1100 #define X509V3_F_X509V3_EXT_CONF			 107
1101 #define X509V3_F_X509V3_EXT_I2D				 136
1102 #define X509V3_F_X509V3_EXT_NCONF			 152
1103 #define X509V3_F_X509V3_GET_SECTION			 142
1104 #define X509V3_F_X509V3_GET_STRING			 143
1105 #define X509V3_F_X509V3_GET_VALUE_BOOL			 110
1106 #define X509V3_F_X509V3_PARSE_LIST			 109
1107 #define X509V3_F_X509_PURPOSE_ADD			 137
1108 #define X509V3_F_X509_PURPOSE_SET			 141
1109 
1110 /* Reason codes. */
1111 #define X509V3_R_BAD_IP_ADDRESS				 118
1112 #define X509V3_R_BAD_OBJECT				 119
1113 #define X509V3_R_BN_DEC2BN_ERROR			 100
1114 #define X509V3_R_BN_TO_ASN1_INTEGER_ERROR		 101
1115 #define X509V3_R_DIRNAME_ERROR				 149
1116 #define X509V3_R_DISTPOINT_ALREADY_SET			 160
1117 #define X509V3_R_DUPLICATE_ZONE_ID			 133
1118 #define X509V3_R_ERROR_CONVERTING_ZONE			 131
1119 #define X509V3_R_ERROR_CREATING_EXTENSION		 144
1120 #define X509V3_R_ERROR_IN_EXTENSION			 128
1121 #define X509V3_R_EXPECTED_A_SECTION_NAME		 137
1122 #define X509V3_R_EXTENSION_EXISTS			 145
1123 #define X509V3_R_EXTENSION_NAME_ERROR			 115
1124 #define X509V3_R_EXTENSION_NOT_FOUND			 102
1125 #define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED	 103
1126 #define X509V3_R_EXTENSION_VALUE_ERROR			 116
1127 #define X509V3_R_ILLEGAL_EMPTY_EXTENSION		 151
1128 #define X509V3_R_ILLEGAL_HEX_DIGIT			 113
1129 #define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG		 152
1130 #define X509V3_R_INVALID_MULTIPLE_RDNS			 161
1131 #define X509V3_R_INVALID_ASNUMBER			 162
1132 #define X509V3_R_INVALID_ASRANGE			 163
1133 #define X509V3_R_INVALID_BOOLEAN_STRING			 104
1134 #define X509V3_R_INVALID_EXTENSION_STRING		 105
1135 #define X509V3_R_INVALID_INHERITANCE			 165
1136 #define X509V3_R_INVALID_IPADDRESS			 166
1137 #define X509V3_R_INVALID_NAME				 106
1138 #define X509V3_R_INVALID_NULL_ARGUMENT			 107
1139 #define X509V3_R_INVALID_NULL_NAME			 108
1140 #define X509V3_R_INVALID_NULL_VALUE			 109
1141 #define X509V3_R_INVALID_NUMBER				 140
1142 #define X509V3_R_INVALID_NUMBERS			 141
1143 #define X509V3_R_INVALID_OBJECT_IDENTIFIER		 110
1144 #define X509V3_R_INVALID_OPTION				 138
1145 #define X509V3_R_INVALID_POLICY_IDENTIFIER		 134
1146 #define X509V3_R_INVALID_PROXY_POLICY_SETTING		 153
1147 #define X509V3_R_INVALID_PURPOSE			 146
1148 #define X509V3_R_INVALID_SAFI				 164
1149 #define X509V3_R_INVALID_SECTION			 135
1150 #define X509V3_R_INVALID_SYNTAX				 143
1151 #define X509V3_R_ISSUER_DECODE_ERROR			 126
1152 #define X509V3_R_MISSING_VALUE				 124
1153 #define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS		 142
1154 #define X509V3_R_NO_CONFIG_DATABASE			 136
1155 #define X509V3_R_NO_ISSUER_CERTIFICATE			 121
1156 #define X509V3_R_NO_ISSUER_DETAILS			 127
1157 #define X509V3_R_NO_POLICY_IDENTIFIER			 139
1158 #define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED	 154
1159 #define X509V3_R_NO_PUBLIC_KEY				 114
1160 #define X509V3_R_NO_SUBJECT_DETAILS			 125
1161 #define X509V3_R_ODD_NUMBER_OF_DIGITS			 112
1162 #define X509V3_R_OPERATION_NOT_DEFINED			 148
1163 #define X509V3_R_OTHERNAME_ERROR			 147
1164 #define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED	 155
1165 #define X509V3_R_POLICY_PATH_LENGTH			 156
1166 #define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED	 157
1167 #define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED	 158
1168 #define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159
1169 #define X509V3_R_SECTION_NOT_FOUND			 150
1170 #define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS		 122
1171 #define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID		 123
1172 #define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT		 111
1173 #define X509V3_R_UNKNOWN_EXTENSION			 129
1174 #define X509V3_R_UNKNOWN_EXTENSION_NAME			 130
1175 #define X509V3_R_UNKNOWN_OPTION				 120
1176 #define X509V3_R_UNSUPPORTED_OPTION			 117
1177 #define X509V3_R_UNSUPPORTED_TYPE			 167
1178 #define X509V3_R_USER_TOO_LONG				 132
1179 
1180 #ifdef  __cplusplus
1181 }
1182 #endif
1183 #endif
1184