1/* 2 * {- join("\n * ", @autowarntext) -} 3 * 4 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 5 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 6 * 7 * Licensed under the Apache License 2.0 (the "License"). You may not use 8 * this file except in compliance with the License. You can obtain a copy 9 * in the file LICENSE in the source distribution or at 10 * https://www.openssl.org/source/license.html 11 */ 12 13{- 14use OpenSSL::stackhash qw(generate_stack_macros); 15-} 16 17#ifndef OPENSSL_X509_H 18# define OPENSSL_X509_H 19# pragma once 20 21# include <openssl/macros.h> 22# ifndef OPENSSL_NO_DEPRECATED_3_0 23# define HEADER_X509_H 24# endif 25 26# include <openssl/e_os2.h> 27# include <openssl/types.h> 28# include <openssl/symhacks.h> 29# include <openssl/buffer.h> 30# include <openssl/evp.h> 31# include <openssl/bio.h> 32# include <openssl/asn1.h> 33# include <openssl/safestack.h> 34# include <openssl/ec.h> 35 36# ifndef OPENSSL_NO_DEPRECATED_1_1_0 37# include <openssl/rsa.h> 38# include <openssl/dsa.h> 39# include <openssl/dh.h> 40# endif 41 42# include <openssl/sha.h> 43# include <openssl/x509err.h> 44# ifndef OPENSSL_NO_STDIO 45# include <stdio.h> 46# endif 47 48#ifdef __cplusplus 49extern "C" { 50#endif 51 52/* Needed stacks for types defined in other headers */ 53{- 54 generate_stack_macros("X509_NAME") 55 .generate_stack_macros("X509") 56 .generate_stack_macros("X509_REVOKED") 57 .generate_stack_macros("X509_CRL"); 58-} 59 60/* Flags for X509_get_signature_info() */ 61/* Signature info is valid */ 62# define X509_SIG_INFO_VALID 0x1 63/* Signature is suitable for TLS use */ 64# define X509_SIG_INFO_TLS 0x2 65 66# define X509_FILETYPE_PEM 1 67# define X509_FILETYPE_ASN1 2 68# define X509_FILETYPE_DEFAULT 3 69 70/*- 71 * <https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3>: 72 * The KeyUsage BITSTRING is treated as a little-endian integer, hence bit `0` 73 * is 0x80, while bit `7` is 0x01 (the LSB of the integer value), bit `8` is 74 * then the MSB of the second octet, or 0x8000. 75 */ 76# define X509v3_KU_DIGITAL_SIGNATURE 0x0080 /* (0) */ 77# define X509v3_KU_NON_REPUDIATION 0x0040 /* (1) */ 78# define X509v3_KU_KEY_ENCIPHERMENT 0x0020 /* (2) */ 79# define X509v3_KU_DATA_ENCIPHERMENT 0x0010 /* (3) */ 80# define X509v3_KU_KEY_AGREEMENT 0x0008 /* (4) */ 81# define X509v3_KU_KEY_CERT_SIGN 0x0004 /* (5) */ 82# define X509v3_KU_CRL_SIGN 0x0002 /* (6) */ 83# define X509v3_KU_ENCIPHER_ONLY 0x0001 /* (7) */ 84# define X509v3_KU_DECIPHER_ONLY 0x8000 /* (8) */ 85# ifndef OPENSSL_NO_DEPRECATED_3_4 86# define X509v3_KU_UNDEF 0xffff /* vestigial, not used */ 87# endif 88 89struct X509_algor_st { 90 ASN1_OBJECT *algorithm; 91 ASN1_TYPE *parameter; 92} /* X509_ALGOR */ ; 93 94typedef STACK_OF(X509_ALGOR) X509_ALGORS; 95 96typedef struct X509_val_st { 97 ASN1_TIME *notBefore; 98 ASN1_TIME *notAfter; 99} X509_VAL; 100 101typedef struct X509_sig_st X509_SIG; 102 103typedef struct X509_name_entry_st X509_NAME_ENTRY; 104 105{- 106 generate_stack_macros("X509_NAME_ENTRY"); 107-} 108 109# define X509_EX_V_NETSCAPE_HACK 0x8000 110# define X509_EX_V_INIT 0x0001 111typedef struct X509_extension_st X509_EXTENSION; 112{- 113 generate_stack_macros("X509_EXTENSION"); 114-} 115typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; 116typedef struct x509_attributes_st X509_ATTRIBUTE; 117{- 118 generate_stack_macros("X509_ATTRIBUTE"); 119-} 120typedef struct X509_req_info_st X509_REQ_INFO; 121typedef struct X509_req_st X509_REQ; 122typedef struct x509_cert_aux_st X509_CERT_AUX; 123typedef struct x509_cinf_st X509_CINF; 124 125/* Flags for X509_print_ex() */ 126 127# define X509_FLAG_COMPAT 0 128# define X509_FLAG_NO_HEADER 1L 129# define X509_FLAG_NO_VERSION (1L << 1) 130# define X509_FLAG_NO_SERIAL (1L << 2) 131# define X509_FLAG_NO_SIGNAME (1L << 3) 132# define X509_FLAG_NO_ISSUER (1L << 4) 133# define X509_FLAG_NO_VALIDITY (1L << 5) 134# define X509_FLAG_NO_SUBJECT (1L << 6) 135# define X509_FLAG_NO_PUBKEY (1L << 7) 136# define X509_FLAG_NO_EXTENSIONS (1L << 8) 137# define X509_FLAG_NO_SIGDUMP (1L << 9) 138# define X509_FLAG_NO_AUX (1L << 10) 139# define X509_FLAG_NO_ATTRIBUTES (1L << 11) 140# define X509_FLAG_NO_IDS (1L << 12) 141# define X509_FLAG_EXTENSIONS_ONLY_KID (1L << 13) 142 143/* Flags specific to X509_NAME_print_ex() */ 144 145/* The field separator information */ 146 147# define XN_FLAG_SEP_MASK (0xf << 16) 148 149# define XN_FLAG_COMPAT 0/* Traditional; use old X509_NAME_print */ 150# define XN_FLAG_SEP_COMMA_PLUS (1 << 16)/* RFC2253 ,+ */ 151# define XN_FLAG_SEP_CPLUS_SPC (2 << 16)/* ,+ spaced: more readable */ 152# define XN_FLAG_SEP_SPLUS_SPC (3 << 16)/* ;+ spaced */ 153# define XN_FLAG_SEP_MULTILINE (4 << 16)/* One line per field */ 154 155# define XN_FLAG_DN_REV (1 << 20)/* Reverse DN order */ 156 157/* How the field name is shown */ 158 159# define XN_FLAG_FN_MASK (0x3 << 21) 160 161# define XN_FLAG_FN_SN 0/* Object short name */ 162# define XN_FLAG_FN_LN (1 << 21)/* Object long name */ 163# define XN_FLAG_FN_OID (2 << 21)/* Always use OIDs */ 164# define XN_FLAG_FN_NONE (3 << 21)/* No field names */ 165 166# define XN_FLAG_SPC_EQ (1 << 23)/* Put spaces round '=' */ 167 168/* 169 * This determines if we dump fields we don't recognise: RFC2253 requires 170 * this. 171 */ 172 173# define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) 174 175# define XN_FLAG_FN_ALIGN (1 << 25)/* Align field names to 20 176 * characters */ 177 178/* Complete set of RFC2253 flags */ 179 180# define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \ 181 XN_FLAG_SEP_COMMA_PLUS | \ 182 XN_FLAG_DN_REV | \ 183 XN_FLAG_FN_SN | \ 184 XN_FLAG_DUMP_UNKNOWN_FIELDS) 185 186/* readable oneline form */ 187 188# define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \ 189 ASN1_STRFLGS_ESC_QUOTE | \ 190 XN_FLAG_SEP_CPLUS_SPC | \ 191 XN_FLAG_SPC_EQ | \ 192 XN_FLAG_FN_SN) 193 194/* readable multiline form */ 195 196# define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \ 197 ASN1_STRFLGS_ESC_MSB | \ 198 XN_FLAG_SEP_MULTILINE | \ 199 XN_FLAG_SPC_EQ | \ 200 XN_FLAG_FN_LN | \ 201 XN_FLAG_FN_ALIGN) 202 203typedef struct X509_crl_info_st X509_CRL_INFO; 204 205typedef struct private_key_st { 206 int version; 207 /* The PKCS#8 data types */ 208 X509_ALGOR *enc_algor; 209 ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */ 210 /* When decrypted, the following will not be NULL */ 211 EVP_PKEY *dec_pkey; 212 /* used to encrypt and decrypt */ 213 int key_length; 214 char *key_data; 215 int key_free; /* true if we should auto free key_data */ 216 /* expanded version of 'enc_algor' */ 217 EVP_CIPHER_INFO cipher; 218} X509_PKEY; 219 220typedef struct X509_info_st { 221 X509 *x509; 222 X509_CRL *crl; 223 X509_PKEY *x_pkey; 224 EVP_CIPHER_INFO enc_cipher; 225 int enc_len; 226 char *enc_data; 227} X509_INFO; 228{- 229 generate_stack_macros("X509_INFO"); 230-} 231 232/* 233 * The next 2 structures and their 8 routines are used to manipulate Netscape's 234 * spki structures - useful if you are writing a CA web page 235 */ 236typedef struct Netscape_spkac_st { 237 X509_PUBKEY *pubkey; 238 ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ 239} NETSCAPE_SPKAC; 240 241typedef struct Netscape_spki_st { 242 NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ 243 X509_ALGOR sig_algor; 244 ASN1_BIT_STRING *signature; 245} NETSCAPE_SPKI; 246 247/* Netscape certificate sequence structure */ 248typedef struct Netscape_certificate_sequence { 249 ASN1_OBJECT *type; 250 STACK_OF(X509) *certs; 251} NETSCAPE_CERT_SEQUENCE; 252 253/*- Unused (and iv length is wrong) 254typedef struct CBCParameter_st 255 { 256 unsigned char iv[8]; 257 } CBC_PARAM; 258*/ 259 260/* Password based encryption structure */ 261 262typedef struct PBEPARAM_st { 263 ASN1_OCTET_STRING *salt; 264 ASN1_INTEGER *iter; 265} PBEPARAM; 266 267/* Password based encryption V2 structures */ 268 269typedef struct PBE2PARAM_st { 270 X509_ALGOR *keyfunc; 271 X509_ALGOR *encryption; 272} PBE2PARAM; 273 274typedef struct PBKDF2PARAM_st { 275/* Usually OCTET STRING but could be anything */ 276 ASN1_TYPE *salt; 277 ASN1_INTEGER *iter; 278 ASN1_INTEGER *keylength; 279 X509_ALGOR *prf; 280} PBKDF2PARAM; 281 282typedef struct { 283 X509_ALGOR *keyDerivationFunc; 284 X509_ALGOR *messageAuthScheme; 285} PBMAC1PARAM; 286 287# ifndef OPENSSL_NO_SCRYPT 288typedef struct SCRYPT_PARAMS_st { 289 ASN1_OCTET_STRING *salt; 290 ASN1_INTEGER *costParameter; 291 ASN1_INTEGER *blockSize; 292 ASN1_INTEGER *parallelizationParameter; 293 ASN1_INTEGER *keyLength; 294} SCRYPT_PARAMS; 295# endif 296 297#ifdef __cplusplus 298} 299#endif 300 301# include <openssl/x509_vfy.h> 302# include <openssl/pkcs7.h> 303 304#ifdef __cplusplus 305extern "C" { 306#endif 307 308# define X509_EXT_PACK_UNKNOWN 1 309# define X509_EXT_PACK_STRING 2 310 311# define X509_extract_key(x) X509_get_pubkey(x)/*****/ 312# define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) 313# define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) 314 315void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); 316X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), 317 int (*crl_free) (X509_CRL *crl), 318 int (*crl_lookup) (X509_CRL *crl, 319 X509_REVOKED **ret, 320 const 321 ASN1_INTEGER *serial, 322 const 323 X509_NAME *issuer), 324 int (*crl_verify) (X509_CRL *crl, 325 EVP_PKEY *pk)); 326void X509_CRL_METHOD_free(X509_CRL_METHOD *m); 327 328void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); 329void *X509_CRL_get_meth_data(X509_CRL *crl); 330 331const char *X509_verify_cert_error_string(long n); 332 333int X509_verify(X509 *a, EVP_PKEY *r); 334int X509_self_signed(X509 *cert, int verify_signature); 335 336int X509_REQ_verify_ex(X509_REQ *a, EVP_PKEY *r, OSSL_LIB_CTX *libctx, 337 const char *propq); 338int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); 339int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); 340int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); 341 342NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len); 343char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x); 344EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x); 345int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); 346 347int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); 348 349int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent); 350int X509_signature_print(BIO *bp, const X509_ALGOR *alg, 351 const ASN1_STRING *sig); 352 353int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); 354int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); 355int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); 356int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); 357int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); 358int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); 359int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); 360 361int X509_pubkey_digest(const X509 *data, const EVP_MD *type, 362 unsigned char *md, unsigned int *len); 363int X509_digest(const X509 *data, const EVP_MD *type, 364 unsigned char *md, unsigned int *len); 365ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert, 366 EVP_MD **md_used, int *md_is_fallback); 367int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, 368 unsigned char *md, unsigned int *len); 369int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, 370 unsigned char *md, unsigned int *len); 371int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, 372 unsigned char *md, unsigned int *len); 373 374X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); 375X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); 376# ifndef OPENSSL_NO_DEPRECATED_3_0 377# include <openssl/http.h> /* OSSL_HTTP_REQ_CTX_nbio_d2i */ 378# define X509_http_nbio(rctx, pcert) \ 379 OSSL_HTTP_REQ_CTX_nbio_d2i(rctx, pcert, ASN1_ITEM_rptr(X509)) 380# define X509_CRL_http_nbio(rctx, pcrl) \ 381 OSSL_HTTP_REQ_CTX_nbio_d2i(rctx, pcrl, ASN1_ITEM_rptr(X509_CRL)) 382# endif 383 384# ifndef OPENSSL_NO_STDIO 385X509 *d2i_X509_fp(FILE *fp, X509 **x509); 386int i2d_X509_fp(FILE *fp, const X509 *x509); 387X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl); 388int i2d_X509_CRL_fp(FILE *fp, const X509_CRL *crl); 389X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req); 390int i2d_X509_REQ_fp(FILE *fp, const X509_REQ *req); 391# ifndef OPENSSL_NO_DEPRECATED_3_0 392OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa); 393OSSL_DEPRECATEDIN_3_0 int i2d_RSAPrivateKey_fp(FILE *fp, const RSA *rsa); 394OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa); 395OSSL_DEPRECATEDIN_3_0 int i2d_RSAPublicKey_fp(FILE *fp, const RSA *rsa); 396OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa); 397OSSL_DEPRECATEDIN_3_0 int i2d_RSA_PUBKEY_fp(FILE *fp, const RSA *rsa); 398# endif 399# ifndef OPENSSL_NO_DEPRECATED_3_0 400# ifndef OPENSSL_NO_DSA 401OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); 402OSSL_DEPRECATEDIN_3_0 int i2d_DSA_PUBKEY_fp(FILE *fp, const DSA *dsa); 403OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); 404OSSL_DEPRECATEDIN_3_0 int i2d_DSAPrivateKey_fp(FILE *fp, const DSA *dsa); 405# endif 406# endif 407# ifndef OPENSSL_NO_DEPRECATED_3_0 408# ifndef OPENSSL_NO_EC 409OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); 410OSSL_DEPRECATEDIN_3_0 int i2d_EC_PUBKEY_fp(FILE *fp, const EC_KEY *eckey); 411OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); 412OSSL_DEPRECATEDIN_3_0 int i2d_ECPrivateKey_fp(FILE *fp, const EC_KEY *eckey); 413# endif /* OPENSSL_NO_EC */ 414# endif /* OPENSSL_NO_DEPRECATED_3_0 */ 415X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8); 416int i2d_PKCS8_fp(FILE *fp, const X509_SIG *p8); 417X509_PUBKEY *d2i_X509_PUBKEY_fp(FILE *fp, X509_PUBKEY **xpk); 418int i2d_X509_PUBKEY_fp(FILE *fp, const X509_PUBKEY *xpk); 419PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, 420 PKCS8_PRIV_KEY_INFO **p8inf); 421int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, const PKCS8_PRIV_KEY_INFO *p8inf); 422int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, const EVP_PKEY *key); 423int i2d_PrivateKey_fp(FILE *fp, const EVP_PKEY *pkey); 424EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, 425 const char *propq); 426EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); 427int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey); 428EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, 429 const char *propq); 430EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); 431# endif 432 433X509 *d2i_X509_bio(BIO *bp, X509 **x509); 434int i2d_X509_bio(BIO *bp, const X509 *x509); 435X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl); 436int i2d_X509_CRL_bio(BIO *bp, const X509_CRL *crl); 437X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req); 438int i2d_X509_REQ_bio(BIO *bp, const X509_REQ *req); 439# ifndef OPENSSL_NO_DEPRECATED_3_0 440OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa); 441OSSL_DEPRECATEDIN_3_0 int i2d_RSAPrivateKey_bio(BIO *bp, const RSA *rsa); 442OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa); 443OSSL_DEPRECATEDIN_3_0 int i2d_RSAPublicKey_bio(BIO *bp, const RSA *rsa); 444OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa); 445OSSL_DEPRECATEDIN_3_0 int i2d_RSA_PUBKEY_bio(BIO *bp, const RSA *rsa); 446# endif 447# ifndef OPENSSL_NO_DEPRECATED_3_0 448# ifndef OPENSSL_NO_DSA 449OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); 450OSSL_DEPRECATEDIN_3_0 int i2d_DSA_PUBKEY_bio(BIO *bp, const DSA *dsa); 451OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); 452OSSL_DEPRECATEDIN_3_0 int i2d_DSAPrivateKey_bio(BIO *bp, const DSA *dsa); 453# endif 454# endif 455 456# ifndef OPENSSL_NO_DEPRECATED_3_0 457# ifndef OPENSSL_NO_EC 458OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); 459OSSL_DEPRECATEDIN_3_0 int i2d_EC_PUBKEY_bio(BIO *bp, const EC_KEY *eckey); 460OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); 461OSSL_DEPRECATEDIN_3_0 int i2d_ECPrivateKey_bio(BIO *bp, const EC_KEY *eckey); 462# endif /* OPENSSL_NO_EC */ 463# endif /* OPENSSL_NO_DEPRECATED_3_0 */ 464 465X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8); 466int i2d_PKCS8_bio(BIO *bp, const X509_SIG *p8); 467X509_PUBKEY *d2i_X509_PUBKEY_bio(BIO *bp, X509_PUBKEY **xpk); 468int i2d_X509_PUBKEY_bio(BIO *bp, const X509_PUBKEY *xpk); 469PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, 470 PKCS8_PRIV_KEY_INFO **p8inf); 471int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, const PKCS8_PRIV_KEY_INFO *p8inf); 472int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, const EVP_PKEY *key); 473int i2d_PrivateKey_bio(BIO *bp, const EVP_PKEY *pkey); 474EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, 475 const char *propq); 476EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); 477int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey); 478EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, 479 const char *propq); 480EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); 481 482DECLARE_ASN1_DUP_FUNCTION(X509) 483DECLARE_ASN1_DUP_FUNCTION(X509_ALGOR) 484DECLARE_ASN1_DUP_FUNCTION(X509_ATTRIBUTE) 485DECLARE_ASN1_DUP_FUNCTION(X509_CRL) 486DECLARE_ASN1_DUP_FUNCTION(X509_EXTENSION) 487DECLARE_ASN1_DUP_FUNCTION(X509_PUBKEY) 488DECLARE_ASN1_DUP_FUNCTION(X509_REQ) 489DECLARE_ASN1_DUP_FUNCTION(X509_REVOKED) 490int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, 491 void *pval); 492void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, 493 const void **ppval, const X509_ALGOR *algor); 494void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); 495int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); 496int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src); 497 498DECLARE_ASN1_DUP_FUNCTION(X509_NAME) 499DECLARE_ASN1_DUP_FUNCTION(X509_NAME_ENTRY) 500 501int X509_cmp_time(const ASN1_TIME *s, time_t *t); 502int X509_cmp_current_time(const ASN1_TIME *s); 503int X509_cmp_timeframe(const X509_VERIFY_PARAM *vpm, 504 const ASN1_TIME *start, const ASN1_TIME *end); 505ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t); 506ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, 507 int offset_day, long offset_sec, time_t *t); 508ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj); 509 510const char *X509_get_default_cert_area(void); 511const char *X509_get_default_cert_dir(void); 512const char *X509_get_default_cert_file(void); 513const char *X509_get_default_cert_dir_env(void); 514const char *X509_get_default_cert_file_env(void); 515const char *X509_get_default_private_dir(void); 516 517X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); 518X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey); 519 520DECLARE_ASN1_FUNCTIONS(X509_ALGOR) 521DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS) 522DECLARE_ASN1_FUNCTIONS(X509_VAL) 523 524DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) 525 526X509_PUBKEY *X509_PUBKEY_new_ex(OSSL_LIB_CTX *libctx, const char *propq); 527int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); 528EVP_PKEY *X509_PUBKEY_get0(const X509_PUBKEY *key); 529EVP_PKEY *X509_PUBKEY_get(const X509_PUBKEY *key); 530int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain); 531long X509_get_pathlen(X509 *x); 532DECLARE_ASN1_ENCODE_FUNCTIONS_only(EVP_PKEY, PUBKEY) 533EVP_PKEY *d2i_PUBKEY_ex(EVP_PKEY **a, const unsigned char **pp, long length, 534 OSSL_LIB_CTX *libctx, const char *propq); 535# ifndef OPENSSL_NO_DEPRECATED_3_0 536DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0,RSA, RSA_PUBKEY) 537# endif 538# ifndef OPENSSL_NO_DEPRECATED_3_0 539# ifndef OPENSSL_NO_DSA 540DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0,DSA, DSA_PUBKEY) 541# endif 542# endif 543# ifndef OPENSSL_NO_DEPRECATED_3_0 544# ifndef OPENSSL_NO_EC 545DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, EC_KEY, EC_PUBKEY) 546# endif 547# endif 548 549DECLARE_ASN1_FUNCTIONS(X509_SIG) 550void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, 551 const ASN1_OCTET_STRING **pdigest); 552void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, 553 ASN1_OCTET_STRING **pdigest); 554 555DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) 556DECLARE_ASN1_FUNCTIONS(X509_REQ) 557X509_REQ *X509_REQ_new_ex(OSSL_LIB_CTX *libctx, const char *propq); 558 559DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE) 560X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); 561 562DECLARE_ASN1_FUNCTIONS(X509_EXTENSION) 563DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) 564 565DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY) 566 567DECLARE_ASN1_FUNCTIONS(X509_NAME) 568 569int X509_NAME_set(X509_NAME **xn, const X509_NAME *name); 570 571DECLARE_ASN1_FUNCTIONS(X509_CINF) 572DECLARE_ASN1_FUNCTIONS(X509) 573X509 *X509_new_ex(OSSL_LIB_CTX *libctx, const char *propq); 574DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) 575 576#define X509_get_ex_new_index(l, p, newf, dupf, freef) \ 577 CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef) 578int X509_set_ex_data(X509 *r, int idx, void *arg); 579void *X509_get_ex_data(const X509 *r, int idx); 580DECLARE_ASN1_ENCODE_FUNCTIONS_only(X509,X509_AUX) 581 582int i2d_re_X509_tbs(X509 *x, unsigned char **pp); 583 584int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, 585 int *secbits, uint32_t *flags); 586void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, 587 int secbits, uint32_t flags); 588 589int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, 590 uint32_t *flags); 591 592void X509_get0_signature(const ASN1_BIT_STRING **psig, 593 const X509_ALGOR **palg, const X509 *x); 594int X509_get_signature_nid(const X509 *x); 595 596void X509_set0_distinguishing_id(X509 *x, ASN1_OCTET_STRING *d_id); 597ASN1_OCTET_STRING *X509_get0_distinguishing_id(X509 *x); 598void X509_REQ_set0_distinguishing_id(X509_REQ *x, ASN1_OCTET_STRING *d_id); 599ASN1_OCTET_STRING *X509_REQ_get0_distinguishing_id(X509_REQ *x); 600 601int X509_alias_set1(X509 *x, const unsigned char *name, int len); 602int X509_keyid_set1(X509 *x, const unsigned char *id, int len); 603unsigned char *X509_alias_get0(X509 *x, int *len); 604unsigned char *X509_keyid_get0(X509 *x, int *len); 605 606DECLARE_ASN1_FUNCTIONS(X509_REVOKED) 607DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO) 608DECLARE_ASN1_FUNCTIONS(X509_CRL) 609X509_CRL *X509_CRL_new_ex(OSSL_LIB_CTX *libctx, const char *propq); 610 611int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); 612int X509_CRL_get0_by_serial(X509_CRL *crl, 613 X509_REVOKED **ret, const ASN1_INTEGER *serial); 614int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); 615 616X509_PKEY *X509_PKEY_new(void); 617void X509_PKEY_free(X509_PKEY *a); 618 619DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) 620DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) 621DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) 622 623X509_INFO *X509_INFO_new(void); 624void X509_INFO_free(X509_INFO *a); 625char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); 626 627#ifndef OPENSSL_NO_DEPRECATED_3_0 628OSSL_DEPRECATEDIN_3_0 629int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, 630 ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey); 631OSSL_DEPRECATEDIN_3_0 632int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, 633 unsigned char *md, unsigned int *len); 634OSSL_DEPRECATEDIN_3_0 635int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, 636 ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, 637 const EVP_MD *type); 638#endif 639int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data, 640 unsigned char *md, unsigned int *len); 641int ASN1_item_verify(const ASN1_ITEM *it, const X509_ALGOR *alg, 642 const ASN1_BIT_STRING *signature, const void *data, 643 EVP_PKEY *pkey); 644int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, 645 const ASN1_BIT_STRING *signature, const void *data, 646 EVP_MD_CTX *ctx); 647int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, 648 ASN1_BIT_STRING *signature, const void *data, 649 EVP_PKEY *pkey, const EVP_MD *md); 650int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, 651 X509_ALGOR *algor2, ASN1_BIT_STRING *signature, 652 const void *data, EVP_MD_CTX *ctx); 653 654#define X509_VERSION_1 0 655#define X509_VERSION_2 1 656#define X509_VERSION_3 2 657 658long X509_get_version(const X509 *x); 659int X509_set_version(X509 *x, long version); 660int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); 661ASN1_INTEGER *X509_get_serialNumber(X509 *x); 662const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); 663int X509_set_issuer_name(X509 *x, const X509_NAME *name); 664X509_NAME *X509_get_issuer_name(const X509 *a); 665int X509_set_subject_name(X509 *x, const X509_NAME *name); 666X509_NAME *X509_get_subject_name(const X509 *a); 667const ASN1_TIME * X509_get0_notBefore(const X509 *x); 668ASN1_TIME *X509_getm_notBefore(const X509 *x); 669int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); 670const ASN1_TIME *X509_get0_notAfter(const X509 *x); 671ASN1_TIME *X509_getm_notAfter(const X509 *x); 672int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); 673int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); 674int X509_up_ref(X509 *x); 675int X509_get_signature_type(const X509 *x); 676 677# ifndef OPENSSL_NO_DEPRECATED_1_1_0 678# define X509_get_notBefore X509_getm_notBefore 679# define X509_get_notAfter X509_getm_notAfter 680# define X509_set_notBefore X509_set1_notBefore 681# define X509_set_notAfter X509_set1_notAfter 682#endif 683 684 685/* 686 * This one is only used so that a binary form can output, as in 687 * i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &buf) 688 */ 689X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x); 690const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); 691void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, 692 const ASN1_BIT_STRING **psuid); 693const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); 694 695EVP_PKEY *X509_get0_pubkey(const X509 *x); 696EVP_PKEY *X509_get_pubkey(X509 *x); 697ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); 698 699#define X509_REQ_VERSION_1 0 700 701long X509_REQ_get_version(const X509_REQ *req); 702int X509_REQ_set_version(X509_REQ *x, long version); 703X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); 704int X509_REQ_set_subject_name(X509_REQ *req, const X509_NAME *name); 705void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, 706 const X509_ALGOR **palg); 707void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig); 708int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg); 709int X509_REQ_get_signature_nid(const X509_REQ *req); 710int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); 711int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); 712EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); 713EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req); 714X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req); 715int X509_REQ_extension_nid(int nid); 716int *X509_REQ_get_extension_nids(void); 717void X509_REQ_set_extension_nids(int *nids); 718STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(OSSL_FUTURE_CONST X509_REQ *req); 719int X509_REQ_add_extensions_nid(X509_REQ *req, 720 const STACK_OF(X509_EXTENSION) *exts, int nid); 721int X509_REQ_add_extensions(X509_REQ *req, const STACK_OF(X509_EXTENSION) *ext); 722int X509_REQ_get_attr_count(const X509_REQ *req); 723int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos); 724int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, 725 int lastpos); 726X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); 727X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); 728int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); 729int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, 730 const ASN1_OBJECT *obj, int type, 731 const unsigned char *bytes, int len); 732int X509_REQ_add1_attr_by_NID(X509_REQ *req, 733 int nid, int type, 734 const unsigned char *bytes, int len); 735int X509_REQ_add1_attr_by_txt(X509_REQ *req, 736 const char *attrname, int type, 737 const unsigned char *bytes, int len); 738 739#define X509_CRL_VERSION_1 0 740#define X509_CRL_VERSION_2 1 741 742int X509_CRL_set_version(X509_CRL *x, long version); 743int X509_CRL_set_issuer_name(X509_CRL *x, const X509_NAME *name); 744int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); 745int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); 746int X509_CRL_sort(X509_CRL *crl); 747int X509_CRL_up_ref(X509_CRL *crl); 748 749# ifndef OPENSSL_NO_DEPRECATED_1_1_0 750# define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate 751# define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate 752#endif 753 754long X509_CRL_get_version(const X509_CRL *crl); 755const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); 756const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); 757#ifndef OPENSSL_NO_DEPRECATED_1_1_0 758OSSL_DEPRECATEDIN_1_1_0 ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl); 759OSSL_DEPRECATEDIN_1_1_0 ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl); 760#endif 761X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); 762const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); 763STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); 764void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, 765 const X509_ALGOR **palg); 766int X509_CRL_get_signature_nid(const X509_CRL *crl); 767int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp); 768 769const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x); 770int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); 771const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x); 772int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); 773const STACK_OF(X509_EXTENSION) * 774X509_REVOKED_get0_extensions(const X509_REVOKED *r); 775 776X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, 777 EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); 778 779int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey); 780 781int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey); 782int X509_chain_check_suiteb(int *perror_depth, 783 X509 *x, STACK_OF(X509) *chain, 784 unsigned long flags); 785int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags); 786void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs); 787STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); 788 789int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); 790unsigned long X509_issuer_and_serial_hash(X509 *a); 791 792int X509_issuer_name_cmp(const X509 *a, const X509 *b); 793unsigned long X509_issuer_name_hash(X509 *a); 794 795int X509_subject_name_cmp(const X509 *a, const X509 *b); 796unsigned long X509_subject_name_hash(X509 *x); 797 798# ifndef OPENSSL_NO_MD5 799unsigned long X509_issuer_name_hash_old(X509 *a); 800unsigned long X509_subject_name_hash_old(X509 *x); 801# endif 802 803# define X509_ADD_FLAG_DEFAULT 0 804# define X509_ADD_FLAG_UP_REF 0x1 805# define X509_ADD_FLAG_PREPEND 0x2 806# define X509_ADD_FLAG_NO_DUP 0x4 807# define X509_ADD_FLAG_NO_SS 0x8 808int X509_add_cert(STACK_OF(X509) *sk, X509 *cert, int flags); 809int X509_add_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, int flags); 810 811int X509_cmp(const X509 *a, const X509 *b); 812int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); 813#ifndef OPENSSL_NO_DEPRECATED_3_0 814# define X509_NAME_hash(x) X509_NAME_hash_ex(x, NULL, NULL, NULL) 815OSSL_DEPRECATEDIN_3_0 int X509_certificate_type(const X509 *x, 816 const EVP_PKEY *pubkey); 817#endif 818unsigned long X509_NAME_hash_ex(const X509_NAME *x, OSSL_LIB_CTX *libctx, 819 const char *propq, int *ok); 820unsigned long X509_NAME_hash_old(const X509_NAME *x); 821 822int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); 823int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); 824int X509_aux_print(BIO *out, X509 *x, int indent); 825# ifndef OPENSSL_NO_STDIO 826int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, 827 unsigned long cflag); 828int X509_print_fp(FILE *bp, X509 *x); 829int X509_CRL_print_fp(FILE *bp, X509_CRL *x); 830int X509_REQ_print_fp(FILE *bp, X509_REQ *req); 831int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, 832 unsigned long flags); 833# endif 834 835int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); 836int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, 837 unsigned long flags); 838int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, 839 unsigned long cflag); 840int X509_print(BIO *bp, X509 *x); 841int X509_ocspid_print(BIO *bp, X509 *x); 842int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag); 843int X509_CRL_print(BIO *bp, X509_CRL *x); 844int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, 845 unsigned long cflag); 846int X509_REQ_print(BIO *bp, X509_REQ *req); 847 848int X509_NAME_entry_count(const X509_NAME *name); 849int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid, 850 char *buf, int len); 851int X509_NAME_get_text_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, 852 char *buf, int len); 853 854/* 855 * NOTE: you should be passing -1, not 0 as lastpos. The functions that use 856 * lastpos, search after that position on. 857 */ 858int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, int lastpos); 859int X509_NAME_get_index_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, 860 int lastpos); 861X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); 862X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); 863int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, 864 int loc, int set); 865int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, 866 const unsigned char *bytes, int len, int loc, 867 int set); 868int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, 869 const unsigned char *bytes, int len, int loc, 870 int set); 871X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, 872 const char *field, int type, 873 const unsigned char *bytes, 874 int len); 875X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, 876 int type, 877 const unsigned char *bytes, 878 int len); 879int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, 880 const unsigned char *bytes, int len, int loc, 881 int set); 882X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, 883 const ASN1_OBJECT *obj, int type, 884 const unsigned char *bytes, 885 int len); 886int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj); 887int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, 888 const unsigned char *bytes, int len); 889ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); 890ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); 891int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne); 892 893int X509_NAME_get0_der(const X509_NAME *nm, const unsigned char **pder, 894 size_t *pderlen); 895 896int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); 897int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, 898 int nid, int lastpos); 899int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, 900 const ASN1_OBJECT *obj, int lastpos); 901int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, 902 int crit, int lastpos); 903X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); 904X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); 905STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, 906 X509_EXTENSION *ex, int loc); 907STACK_OF(X509_EXTENSION) 908 *X509v3_add_extensions(STACK_OF(X509_EXTENSION) **target, 909 const STACK_OF(X509_EXTENSION) *exts); 910 911int X509_get_ext_count(const X509 *x); 912int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); 913int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos); 914int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos); 915X509_EXTENSION *X509_get_ext(const X509 *x, int loc); 916X509_EXTENSION *X509_delete_ext(X509 *x, int loc); 917int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); 918void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); 919int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, 920 unsigned long flags); 921 922int X509_CRL_get_ext_count(const X509_CRL *x); 923int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); 924int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, 925 int lastpos); 926int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); 927X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); 928X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); 929int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); 930void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx); 931int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, 932 unsigned long flags); 933 934int X509_REVOKED_get_ext_count(const X509_REVOKED *x); 935int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos); 936int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, 937 int lastpos); 938int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, 939 int lastpos); 940X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); 941X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); 942int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); 943void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, 944 int *idx); 945int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, 946 unsigned long flags); 947 948X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, 949 int nid, int crit, 950 ASN1_OCTET_STRING *data); 951X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, 952 const ASN1_OBJECT *obj, int crit, 953 ASN1_OCTET_STRING *data); 954int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); 955int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); 956int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); 957ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); 958ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); 959int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); 960 961int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); 962int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, 963 int lastpos); 964int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, 965 const ASN1_OBJECT *obj, int lastpos); 966X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); 967X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); 968STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, 969 X509_ATTRIBUTE *attr); 970STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) 971 **x, const ASN1_OBJECT *obj, 972 int type, 973 const unsigned char *bytes, 974 int len); 975STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) 976 **x, int nid, int type, 977 const unsigned char *bytes, 978 int len); 979STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) 980 **x, const char *attrname, 981 int type, 982 const unsigned char *bytes, 983 int len); 984void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x, 985 const ASN1_OBJECT *obj, int lastpos, int type); 986X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, 987 int atrtype, const void *data, 988 int len); 989X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, 990 const ASN1_OBJECT *obj, 991 int atrtype, const void *data, 992 int len); 993X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, 994 const char *atrname, int type, 995 const unsigned char *bytes, 996 int len); 997int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj); 998int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, 999 const void *data, int len); 1000void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, 1001 void *data); 1002int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr); 1003ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); 1004ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); 1005 1006int EVP_PKEY_get_attr_count(const EVP_PKEY *key); 1007int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos); 1008int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, 1009 int lastpos); 1010X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); 1011X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); 1012int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); 1013int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, 1014 const ASN1_OBJECT *obj, int type, 1015 const unsigned char *bytes, int len); 1016int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, 1017 int nid, int type, 1018 const unsigned char *bytes, int len); 1019int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, 1020 const char *attrname, int type, 1021 const unsigned char *bytes, int len); 1022 1023/* lookup a cert from a X509 STACK */ 1024X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, const X509_NAME *name, 1025 const ASN1_INTEGER *serial); 1026X509 *X509_find_by_subject(STACK_OF(X509) *sk, const X509_NAME *name); 1027 1028DECLARE_ASN1_FUNCTIONS(PBEPARAM) 1029DECLARE_ASN1_FUNCTIONS(PBE2PARAM) 1030DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM) 1031DECLARE_ASN1_FUNCTIONS(PBMAC1PARAM) 1032# ifndef OPENSSL_NO_SCRYPT 1033DECLARE_ASN1_FUNCTIONS(SCRYPT_PARAMS) 1034# endif 1035 1036int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, 1037 const unsigned char *salt, int saltlen); 1038int PKCS5_pbe_set0_algor_ex(X509_ALGOR *algor, int alg, int iter, 1039 const unsigned char *salt, int saltlen, 1040 OSSL_LIB_CTX *libctx); 1041 1042X509_ALGOR *PKCS5_pbe_set(int alg, int iter, 1043 const unsigned char *salt, int saltlen); 1044X509_ALGOR *PKCS5_pbe_set_ex(int alg, int iter, 1045 const unsigned char *salt, int saltlen, 1046 OSSL_LIB_CTX *libctx); 1047 1048X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, 1049 unsigned char *salt, int saltlen); 1050X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, 1051 unsigned char *salt, int saltlen, 1052 unsigned char *aiv, int prf_nid); 1053X509_ALGOR *PKCS5_pbe2_set_iv_ex(const EVP_CIPHER *cipher, int iter, 1054 unsigned char *salt, int saltlen, 1055 unsigned char *aiv, int prf_nid, 1056 OSSL_LIB_CTX *libctx); 1057 1058#ifndef OPENSSL_NO_SCRYPT 1059X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, 1060 const unsigned char *salt, int saltlen, 1061 unsigned char *aiv, uint64_t N, uint64_t r, 1062 uint64_t p); 1063#endif 1064 1065X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, 1066 int prf_nid, int keylen); 1067X509_ALGOR *PKCS5_pbkdf2_set_ex(int iter, unsigned char *salt, int saltlen, 1068 int prf_nid, int keylen, 1069 OSSL_LIB_CTX *libctx); 1070 1071PBKDF2PARAM *PBMAC1_get1_pbkdf2_param(const X509_ALGOR *macalg); 1072/* PKCS#8 utilities */ 1073 1074DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) 1075 1076EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8); 1077EVP_PKEY *EVP_PKCS82PKEY_ex(const PKCS8_PRIV_KEY_INFO *p8, OSSL_LIB_CTX *libctx, 1078 const char *propq); 1079PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey); 1080 1081int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, 1082 int version, int ptype, void *pval, 1083 unsigned char *penc, int penclen); 1084int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, 1085 const unsigned char **pk, int *ppklen, 1086 const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8); 1087 1088const STACK_OF(X509_ATTRIBUTE) * 1089PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8); 1090int PKCS8_pkey_add1_attr(PKCS8_PRIV_KEY_INFO *p8, X509_ATTRIBUTE *attr); 1091int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, 1092 const unsigned char *bytes, int len); 1093int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj, 1094 int type, const unsigned char *bytes, int len); 1095 1096 1097void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub, 1098 unsigned char *penc, int penclen); 1099int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, 1100 int ptype, void *pval, 1101 unsigned char *penc, int penclen); 1102int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, 1103 const unsigned char **pk, int *ppklen, 1104 X509_ALGOR **pa, const X509_PUBKEY *pub); 1105int X509_PUBKEY_eq(const X509_PUBKEY *a, const X509_PUBKEY *b); 1106 1107# ifdef __cplusplus 1108} 1109# endif 1110#endif 1111
