1/* 2 * {- join("\n * ", @autowarntext) -} 3 * 4 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. 5 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 6 * 7 * Licensed under the Apache License 2.0 (the "License"). You may not use 8 * this file except in compliance with the License. You can obtain a copy 9 * in the file LICENSE in the source distribution or at 10 * https://www.openssl.org/source/license.html 11 */ 12 13{- 14use OpenSSL::stackhash qw(generate_stack_macros); 15-} 16 17#ifndef OPENSSL_X509_H 18# define OPENSSL_X509_H 19# pragma once 20 21# include <openssl/macros.h> 22# ifndef OPENSSL_NO_DEPRECATED_3_0 23# define HEADER_X509_H 24# endif 25 26# include <openssl/e_os2.h> 27# include <openssl/types.h> 28# include <openssl/symhacks.h> 29# include <openssl/buffer.h> 30# include <openssl/evp.h> 31# include <openssl/bio.h> 32# include <openssl/asn1.h> 33# include <openssl/safestack.h> 34# include <openssl/ec.h> 35 36# ifndef OPENSSL_NO_DEPRECATED_1_1_0 37# include <openssl/rsa.h> 38# include <openssl/dsa.h> 39# include <openssl/dh.h> 40# endif 41 42# include <openssl/sha.h> 43# include <openssl/x509err.h> 44# ifndef OPENSSL_NO_STDIO 45# include <stdio.h> 46# endif 47 48#ifdef __cplusplus 49extern "C" { 50#endif 51 52/* Needed stacks for types defined in other headers */ 53{- 54 generate_stack_macros("X509_NAME") 55 .generate_stack_macros("X509") 56 .generate_stack_macros("X509_REVOKED") 57 .generate_stack_macros("X509_CRL"); 58-} 59 60/* Flags for X509_get_signature_info() */ 61/* Signature info is valid */ 62# define X509_SIG_INFO_VALID 0x1 63/* Signature is suitable for TLS use */ 64# define X509_SIG_INFO_TLS 0x2 65 66# define X509_FILETYPE_PEM 1 67# define X509_FILETYPE_ASN1 2 68# define X509_FILETYPE_DEFAULT 3 69 70# define X509v3_KU_DIGITAL_SIGNATURE 0x0080 71# define X509v3_KU_NON_REPUDIATION 0x0040 72# define X509v3_KU_KEY_ENCIPHERMENT 0x0020 73# define X509v3_KU_DATA_ENCIPHERMENT 0x0010 74# define X509v3_KU_KEY_AGREEMENT 0x0008 75# define X509v3_KU_KEY_CERT_SIGN 0x0004 76# define X509v3_KU_CRL_SIGN 0x0002 77# define X509v3_KU_ENCIPHER_ONLY 0x0001 78# define X509v3_KU_DECIPHER_ONLY 0x8000 79# define X509v3_KU_UNDEF 0xffff 80 81struct X509_algor_st { 82 ASN1_OBJECT *algorithm; 83 ASN1_TYPE *parameter; 84} /* X509_ALGOR */ ; 85 86typedef STACK_OF(X509_ALGOR) X509_ALGORS; 87 88typedef struct X509_val_st { 89 ASN1_TIME *notBefore; 90 ASN1_TIME *notAfter; 91} X509_VAL; 92 93typedef struct X509_sig_st X509_SIG; 94 95typedef struct X509_name_entry_st X509_NAME_ENTRY; 96 97{- 98 generate_stack_macros("X509_NAME_ENTRY"); 99-} 100 101# define X509_EX_V_NETSCAPE_HACK 0x8000 102# define X509_EX_V_INIT 0x0001 103typedef struct X509_extension_st X509_EXTENSION; 104{- 105 generate_stack_macros("X509_EXTENSION"); 106-} 107typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; 108typedef struct x509_attributes_st X509_ATTRIBUTE; 109{- 110 generate_stack_macros("X509_ATTRIBUTE"); 111-} 112typedef struct X509_req_info_st X509_REQ_INFO; 113typedef struct X509_req_st X509_REQ; 114typedef struct x509_cert_aux_st X509_CERT_AUX; 115typedef struct x509_cinf_st X509_CINF; 116 117/* Flags for X509_print_ex() */ 118 119# define X509_FLAG_COMPAT 0 120# define X509_FLAG_NO_HEADER 1L 121# define X509_FLAG_NO_VERSION (1L << 1) 122# define X509_FLAG_NO_SERIAL (1L << 2) 123# define X509_FLAG_NO_SIGNAME (1L << 3) 124# define X509_FLAG_NO_ISSUER (1L << 4) 125# define X509_FLAG_NO_VALIDITY (1L << 5) 126# define X509_FLAG_NO_SUBJECT (1L << 6) 127# define X509_FLAG_NO_PUBKEY (1L << 7) 128# define X509_FLAG_NO_EXTENSIONS (1L << 8) 129# define X509_FLAG_NO_SIGDUMP (1L << 9) 130# define X509_FLAG_NO_AUX (1L << 10) 131# define X509_FLAG_NO_ATTRIBUTES (1L << 11) 132# define X509_FLAG_NO_IDS (1L << 12) 133# define X509_FLAG_EXTENSIONS_ONLY_KID (1L << 13) 134 135/* Flags specific to X509_NAME_print_ex() */ 136 137/* The field separator information */ 138 139# define XN_FLAG_SEP_MASK (0xf << 16) 140 141# define XN_FLAG_COMPAT 0/* Traditional; use old X509_NAME_print */ 142# define XN_FLAG_SEP_COMMA_PLUS (1 << 16)/* RFC2253 ,+ */ 143# define XN_FLAG_SEP_CPLUS_SPC (2 << 16)/* ,+ spaced: more readable */ 144# define XN_FLAG_SEP_SPLUS_SPC (3 << 16)/* ;+ spaced */ 145# define XN_FLAG_SEP_MULTILINE (4 << 16)/* One line per field */ 146 147# define XN_FLAG_DN_REV (1 << 20)/* Reverse DN order */ 148 149/* How the field name is shown */ 150 151# define XN_FLAG_FN_MASK (0x3 << 21) 152 153# define XN_FLAG_FN_SN 0/* Object short name */ 154# define XN_FLAG_FN_LN (1 << 21)/* Object long name */ 155# define XN_FLAG_FN_OID (2 << 21)/* Always use OIDs */ 156# define XN_FLAG_FN_NONE (3 << 21)/* No field names */ 157 158# define XN_FLAG_SPC_EQ (1 << 23)/* Put spaces round '=' */ 159 160/* 161 * This determines if we dump fields we don't recognise: RFC2253 requires 162 * this. 163 */ 164 165# define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) 166 167# define XN_FLAG_FN_ALIGN (1 << 25)/* Align field names to 20 168 * characters */ 169 170/* Complete set of RFC2253 flags */ 171 172# define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \ 173 XN_FLAG_SEP_COMMA_PLUS | \ 174 XN_FLAG_DN_REV | \ 175 XN_FLAG_FN_SN | \ 176 XN_FLAG_DUMP_UNKNOWN_FIELDS) 177 178/* readable oneline form */ 179 180# define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \ 181 ASN1_STRFLGS_ESC_QUOTE | \ 182 XN_FLAG_SEP_CPLUS_SPC | \ 183 XN_FLAG_SPC_EQ | \ 184 XN_FLAG_FN_SN) 185 186/* readable multiline form */ 187 188# define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \ 189 ASN1_STRFLGS_ESC_MSB | \ 190 XN_FLAG_SEP_MULTILINE | \ 191 XN_FLAG_SPC_EQ | \ 192 XN_FLAG_FN_LN | \ 193 XN_FLAG_FN_ALIGN) 194 195typedef struct X509_crl_info_st X509_CRL_INFO; 196 197typedef struct private_key_st { 198 int version; 199 /* The PKCS#8 data types */ 200 X509_ALGOR *enc_algor; 201 ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */ 202 /* When decrypted, the following will not be NULL */ 203 EVP_PKEY *dec_pkey; 204 /* used to encrypt and decrypt */ 205 int key_length; 206 char *key_data; 207 int key_free; /* true if we should auto free key_data */ 208 /* expanded version of 'enc_algor' */ 209 EVP_CIPHER_INFO cipher; 210} X509_PKEY; 211 212typedef struct X509_info_st { 213 X509 *x509; 214 X509_CRL *crl; 215 X509_PKEY *x_pkey; 216 EVP_CIPHER_INFO enc_cipher; 217 int enc_len; 218 char *enc_data; 219} X509_INFO; 220{- 221 generate_stack_macros("X509_INFO"); 222-} 223 224/* 225 * The next 2 structures and their 8 routines are used to manipulate Netscape's 226 * spki structures - useful if you are writing a CA web page 227 */ 228typedef struct Netscape_spkac_st { 229 X509_PUBKEY *pubkey; 230 ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ 231} NETSCAPE_SPKAC; 232 233typedef struct Netscape_spki_st { 234 NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ 235 X509_ALGOR sig_algor; 236 ASN1_BIT_STRING *signature; 237} NETSCAPE_SPKI; 238 239/* Netscape certificate sequence structure */ 240typedef struct Netscape_certificate_sequence { 241 ASN1_OBJECT *type; 242 STACK_OF(X509) *certs; 243} NETSCAPE_CERT_SEQUENCE; 244 245/*- Unused (and iv length is wrong) 246typedef struct CBCParameter_st 247 { 248 unsigned char iv[8]; 249 } CBC_PARAM; 250*/ 251 252/* Password based encryption structure */ 253 254typedef struct PBEPARAM_st { 255 ASN1_OCTET_STRING *salt; 256 ASN1_INTEGER *iter; 257} PBEPARAM; 258 259/* Password based encryption V2 structures */ 260 261typedef struct PBE2PARAM_st { 262 X509_ALGOR *keyfunc; 263 X509_ALGOR *encryption; 264} PBE2PARAM; 265 266typedef struct PBKDF2PARAM_st { 267/* Usually OCTET STRING but could be anything */ 268 ASN1_TYPE *salt; 269 ASN1_INTEGER *iter; 270 ASN1_INTEGER *keylength; 271 X509_ALGOR *prf; 272} PBKDF2PARAM; 273 274#ifndef OPENSSL_NO_SCRYPT 275typedef struct SCRYPT_PARAMS_st { 276 ASN1_OCTET_STRING *salt; 277 ASN1_INTEGER *costParameter; 278 ASN1_INTEGER *blockSize; 279 ASN1_INTEGER *parallelizationParameter; 280 ASN1_INTEGER *keyLength; 281} SCRYPT_PARAMS; 282#endif 283 284#ifdef __cplusplus 285} 286#endif 287 288# include <openssl/x509_vfy.h> 289# include <openssl/pkcs7.h> 290 291#ifdef __cplusplus 292extern "C" { 293#endif 294 295# define X509_EXT_PACK_UNKNOWN 1 296# define X509_EXT_PACK_STRING 2 297 298# define X509_extract_key(x) X509_get_pubkey(x)/*****/ 299# define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) 300# define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) 301 302void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); 303X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), 304 int (*crl_free) (X509_CRL *crl), 305 int (*crl_lookup) (X509_CRL *crl, 306 X509_REVOKED **ret, 307 const 308 ASN1_INTEGER *serial, 309 const 310 X509_NAME *issuer), 311 int (*crl_verify) (X509_CRL *crl, 312 EVP_PKEY *pk)); 313void X509_CRL_METHOD_free(X509_CRL_METHOD *m); 314 315void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); 316void *X509_CRL_get_meth_data(X509_CRL *crl); 317 318const char *X509_verify_cert_error_string(long n); 319 320int X509_verify(X509 *a, EVP_PKEY *r); 321int X509_self_signed(X509 *cert, int verify_signature); 322 323int X509_REQ_verify_ex(X509_REQ *a, EVP_PKEY *r, OSSL_LIB_CTX *libctx, 324 const char *propq); 325int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); 326int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); 327int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); 328 329NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len); 330char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x); 331EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x); 332int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); 333 334int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); 335 336int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent); 337int X509_signature_print(BIO *bp, const X509_ALGOR *alg, 338 const ASN1_STRING *sig); 339 340int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); 341int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); 342int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); 343int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); 344int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); 345int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); 346int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); 347 348int X509_pubkey_digest(const X509 *data, const EVP_MD *type, 349 unsigned char *md, unsigned int *len); 350int X509_digest(const X509 *data, const EVP_MD *type, 351 unsigned char *md, unsigned int *len); 352ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert, 353 EVP_MD **md_used, int *md_is_fallback); 354int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, 355 unsigned char *md, unsigned int *len); 356int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, 357 unsigned char *md, unsigned int *len); 358int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, 359 unsigned char *md, unsigned int *len); 360 361X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); 362X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); 363# ifndef OPENSSL_NO_DEPRECATED_3_0 364# include <openssl/http.h> /* OSSL_HTTP_REQ_CTX_nbio_d2i */ 365# define X509_http_nbio(rctx, pcert) \ 366 OSSL_HTTP_REQ_CTX_nbio_d2i(rctx, pcert, ASN1_ITEM_rptr(X509)) 367# define X509_CRL_http_nbio(rctx, pcrl) \ 368 OSSL_HTTP_REQ_CTX_nbio_d2i(rctx, pcrl, ASN1_ITEM_rptr(X509_CRL)) 369# endif 370 371# ifndef OPENSSL_NO_STDIO 372X509 *d2i_X509_fp(FILE *fp, X509 **x509); 373int i2d_X509_fp(FILE *fp, const X509 *x509); 374X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl); 375int i2d_X509_CRL_fp(FILE *fp, const X509_CRL *crl); 376X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req); 377int i2d_X509_REQ_fp(FILE *fp, const X509_REQ *req); 378# ifndef OPENSSL_NO_DEPRECATED_3_0 379OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa); 380OSSL_DEPRECATEDIN_3_0 int i2d_RSAPrivateKey_fp(FILE *fp, const RSA *rsa); 381OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa); 382OSSL_DEPRECATEDIN_3_0 int i2d_RSAPublicKey_fp(FILE *fp, const RSA *rsa); 383OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa); 384OSSL_DEPRECATEDIN_3_0 int i2d_RSA_PUBKEY_fp(FILE *fp, const RSA *rsa); 385# endif 386# ifndef OPENSSL_NO_DEPRECATED_3_0 387# ifndef OPENSSL_NO_DSA 388OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); 389OSSL_DEPRECATEDIN_3_0 int i2d_DSA_PUBKEY_fp(FILE *fp, const DSA *dsa); 390OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); 391OSSL_DEPRECATEDIN_3_0 int i2d_DSAPrivateKey_fp(FILE *fp, const DSA *dsa); 392# endif 393# endif 394# ifndef OPENSSL_NO_DEPRECATED_3_0 395# ifndef OPENSSL_NO_EC 396OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); 397OSSL_DEPRECATEDIN_3_0 int i2d_EC_PUBKEY_fp(FILE *fp, const EC_KEY *eckey); 398OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); 399OSSL_DEPRECATEDIN_3_0 int i2d_ECPrivateKey_fp(FILE *fp, const EC_KEY *eckey); 400# endif /* OPENSSL_NO_EC */ 401# endif /* OPENSSL_NO_DEPRECATED_3_0 */ 402X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8); 403int i2d_PKCS8_fp(FILE *fp, const X509_SIG *p8); 404X509_PUBKEY *d2i_X509_PUBKEY_fp(FILE *fp, X509_PUBKEY **xpk); 405int i2d_X509_PUBKEY_fp(FILE *fp, const X509_PUBKEY *xpk); 406PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, 407 PKCS8_PRIV_KEY_INFO **p8inf); 408int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, const PKCS8_PRIV_KEY_INFO *p8inf); 409int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, const EVP_PKEY *key); 410int i2d_PrivateKey_fp(FILE *fp, const EVP_PKEY *pkey); 411EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, 412 const char *propq); 413EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); 414int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey); 415EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); 416# endif 417 418X509 *d2i_X509_bio(BIO *bp, X509 **x509); 419int i2d_X509_bio(BIO *bp, const X509 *x509); 420X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl); 421int i2d_X509_CRL_bio(BIO *bp, const X509_CRL *crl); 422X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req); 423int i2d_X509_REQ_bio(BIO *bp, const X509_REQ *req); 424# ifndef OPENSSL_NO_DEPRECATED_3_0 425OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa); 426OSSL_DEPRECATEDIN_3_0 int i2d_RSAPrivateKey_bio(BIO *bp, const RSA *rsa); 427OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa); 428OSSL_DEPRECATEDIN_3_0 int i2d_RSAPublicKey_bio(BIO *bp, const RSA *rsa); 429OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa); 430OSSL_DEPRECATEDIN_3_0 int i2d_RSA_PUBKEY_bio(BIO *bp, const RSA *rsa); 431# endif 432# ifndef OPENSSL_NO_DEPRECATED_3_0 433# ifndef OPENSSL_NO_DSA 434OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); 435OSSL_DEPRECATEDIN_3_0 int i2d_DSA_PUBKEY_bio(BIO *bp, const DSA *dsa); 436OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); 437OSSL_DEPRECATEDIN_3_0 int i2d_DSAPrivateKey_bio(BIO *bp, const DSA *dsa); 438# endif 439# endif 440 441# ifndef OPENSSL_NO_DEPRECATED_3_0 442# ifndef OPENSSL_NO_EC 443OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); 444OSSL_DEPRECATEDIN_3_0 int i2d_EC_PUBKEY_bio(BIO *bp, const EC_KEY *eckey); 445OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); 446OSSL_DEPRECATEDIN_3_0 int i2d_ECPrivateKey_bio(BIO *bp, const EC_KEY *eckey); 447# endif /* OPENSSL_NO_EC */ 448# endif /* OPENSSL_NO_DEPRECATED_3_0 */ 449 450X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8); 451int i2d_PKCS8_bio(BIO *bp, const X509_SIG *p8); 452X509_PUBKEY *d2i_X509_PUBKEY_bio(BIO *bp, X509_PUBKEY **xpk); 453int i2d_X509_PUBKEY_bio(BIO *bp, const X509_PUBKEY *xpk); 454PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, 455 PKCS8_PRIV_KEY_INFO **p8inf); 456int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, const PKCS8_PRIV_KEY_INFO *p8inf); 457int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, const EVP_PKEY *key); 458int i2d_PrivateKey_bio(BIO *bp, const EVP_PKEY *pkey); 459EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, 460 const char *propq); 461EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); 462int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey); 463EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); 464 465DECLARE_ASN1_DUP_FUNCTION(X509) 466DECLARE_ASN1_DUP_FUNCTION(X509_ALGOR) 467DECLARE_ASN1_DUP_FUNCTION(X509_ATTRIBUTE) 468DECLARE_ASN1_DUP_FUNCTION(X509_CRL) 469DECLARE_ASN1_DUP_FUNCTION(X509_EXTENSION) 470DECLARE_ASN1_DUP_FUNCTION(X509_PUBKEY) 471DECLARE_ASN1_DUP_FUNCTION(X509_REQ) 472DECLARE_ASN1_DUP_FUNCTION(X509_REVOKED) 473int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, 474 void *pval); 475void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, 476 const void **ppval, const X509_ALGOR *algor); 477void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); 478int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); 479int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src); 480 481DECLARE_ASN1_DUP_FUNCTION(X509_NAME) 482DECLARE_ASN1_DUP_FUNCTION(X509_NAME_ENTRY) 483 484int X509_cmp_time(const ASN1_TIME *s, time_t *t); 485int X509_cmp_current_time(const ASN1_TIME *s); 486int X509_cmp_timeframe(const X509_VERIFY_PARAM *vpm, 487 const ASN1_TIME *start, const ASN1_TIME *end); 488ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t); 489ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, 490 int offset_day, long offset_sec, time_t *t); 491ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj); 492 493const char *X509_get_default_cert_area(void); 494const char *X509_get_default_cert_dir(void); 495const char *X509_get_default_cert_file(void); 496const char *X509_get_default_cert_dir_env(void); 497const char *X509_get_default_cert_file_env(void); 498const char *X509_get_default_private_dir(void); 499 500X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); 501X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey); 502 503DECLARE_ASN1_FUNCTIONS(X509_ALGOR) 504DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS) 505DECLARE_ASN1_FUNCTIONS(X509_VAL) 506 507DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) 508 509X509_PUBKEY *X509_PUBKEY_new_ex(OSSL_LIB_CTX *libctx, const char *propq); 510int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); 511EVP_PKEY *X509_PUBKEY_get0(const X509_PUBKEY *key); 512EVP_PKEY *X509_PUBKEY_get(const X509_PUBKEY *key); 513int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain); 514long X509_get_pathlen(X509 *x); 515DECLARE_ASN1_ENCODE_FUNCTIONS_only(EVP_PKEY, PUBKEY) 516EVP_PKEY *d2i_PUBKEY_ex(EVP_PKEY **a, const unsigned char **pp, long length, 517 OSSL_LIB_CTX *libctx, const char *propq); 518# ifndef OPENSSL_NO_DEPRECATED_3_0 519DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0,RSA, RSA_PUBKEY) 520# endif 521# ifndef OPENSSL_NO_DEPRECATED_3_0 522# ifndef OPENSSL_NO_DSA 523DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0,DSA, DSA_PUBKEY) 524# endif 525# endif 526# ifndef OPENSSL_NO_DEPRECATED_3_0 527# ifndef OPENSSL_NO_EC 528DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, EC_KEY, EC_PUBKEY) 529# endif 530# endif 531 532DECLARE_ASN1_FUNCTIONS(X509_SIG) 533void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, 534 const ASN1_OCTET_STRING **pdigest); 535void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, 536 ASN1_OCTET_STRING **pdigest); 537 538DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) 539DECLARE_ASN1_FUNCTIONS(X509_REQ) 540X509_REQ *X509_REQ_new_ex(OSSL_LIB_CTX *libctx, const char *propq); 541 542DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE) 543X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); 544 545DECLARE_ASN1_FUNCTIONS(X509_EXTENSION) 546DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) 547 548DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY) 549 550DECLARE_ASN1_FUNCTIONS(X509_NAME) 551 552int X509_NAME_set(X509_NAME **xn, const X509_NAME *name); 553 554DECLARE_ASN1_FUNCTIONS(X509_CINF) 555DECLARE_ASN1_FUNCTIONS(X509) 556X509 *X509_new_ex(OSSL_LIB_CTX *libctx, const char *propq); 557DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) 558 559#define X509_get_ex_new_index(l, p, newf, dupf, freef) \ 560 CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef) 561int X509_set_ex_data(X509 *r, int idx, void *arg); 562void *X509_get_ex_data(const X509 *r, int idx); 563DECLARE_ASN1_ENCODE_FUNCTIONS_only(X509,X509_AUX) 564 565int i2d_re_X509_tbs(X509 *x, unsigned char **pp); 566 567int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, 568 int *secbits, uint32_t *flags); 569void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, 570 int secbits, uint32_t flags); 571 572int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, 573 uint32_t *flags); 574 575void X509_get0_signature(const ASN1_BIT_STRING **psig, 576 const X509_ALGOR **palg, const X509 *x); 577int X509_get_signature_nid(const X509 *x); 578 579void X509_set0_distinguishing_id(X509 *x, ASN1_OCTET_STRING *d_id); 580ASN1_OCTET_STRING *X509_get0_distinguishing_id(X509 *x); 581void X509_REQ_set0_distinguishing_id(X509_REQ *x, ASN1_OCTET_STRING *d_id); 582ASN1_OCTET_STRING *X509_REQ_get0_distinguishing_id(X509_REQ *x); 583 584int X509_alias_set1(X509 *x, const unsigned char *name, int len); 585int X509_keyid_set1(X509 *x, const unsigned char *id, int len); 586unsigned char *X509_alias_get0(X509 *x, int *len); 587unsigned char *X509_keyid_get0(X509 *x, int *len); 588 589DECLARE_ASN1_FUNCTIONS(X509_REVOKED) 590DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO) 591DECLARE_ASN1_FUNCTIONS(X509_CRL) 592X509_CRL *X509_CRL_new_ex(OSSL_LIB_CTX *libctx, const char *propq); 593 594int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); 595int X509_CRL_get0_by_serial(X509_CRL *crl, 596 X509_REVOKED **ret, const ASN1_INTEGER *serial); 597int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); 598 599X509_PKEY *X509_PKEY_new(void); 600void X509_PKEY_free(X509_PKEY *a); 601 602DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) 603DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) 604DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) 605 606X509_INFO *X509_INFO_new(void); 607void X509_INFO_free(X509_INFO *a); 608char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); 609 610#ifndef OPENSSL_NO_DEPRECATED_3_0 611OSSL_DEPRECATEDIN_3_0 612int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, 613 ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey); 614OSSL_DEPRECATEDIN_3_0 615int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, 616 unsigned char *md, unsigned int *len); 617OSSL_DEPRECATEDIN_3_0 618int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, 619 ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, 620 const EVP_MD *type); 621#endif 622int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data, 623 unsigned char *md, unsigned int *len); 624int ASN1_item_verify(const ASN1_ITEM *it, const X509_ALGOR *alg, 625 const ASN1_BIT_STRING *signature, const void *data, 626 EVP_PKEY *pkey); 627int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, 628 const ASN1_BIT_STRING *signature, const void *data, 629 EVP_MD_CTX *ctx); 630int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, 631 ASN1_BIT_STRING *signature, const void *data, 632 EVP_PKEY *pkey, const EVP_MD *md); 633int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, 634 X509_ALGOR *algor2, ASN1_BIT_STRING *signature, 635 const void *data, EVP_MD_CTX *ctx); 636 637#define X509_VERSION_1 0 638#define X509_VERSION_2 1 639#define X509_VERSION_3 2 640 641long X509_get_version(const X509 *x); 642int X509_set_version(X509 *x, long version); 643int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); 644ASN1_INTEGER *X509_get_serialNumber(X509 *x); 645const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); 646int X509_set_issuer_name(X509 *x, const X509_NAME *name); 647X509_NAME *X509_get_issuer_name(const X509 *a); 648int X509_set_subject_name(X509 *x, const X509_NAME *name); 649X509_NAME *X509_get_subject_name(const X509 *a); 650const ASN1_TIME * X509_get0_notBefore(const X509 *x); 651ASN1_TIME *X509_getm_notBefore(const X509 *x); 652int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); 653const ASN1_TIME *X509_get0_notAfter(const X509 *x); 654ASN1_TIME *X509_getm_notAfter(const X509 *x); 655int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); 656int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); 657int X509_up_ref(X509 *x); 658int X509_get_signature_type(const X509 *x); 659 660# ifndef OPENSSL_NO_DEPRECATED_1_1_0 661# define X509_get_notBefore X509_getm_notBefore 662# define X509_get_notAfter X509_getm_notAfter 663# define X509_set_notBefore X509_set1_notBefore 664# define X509_set_notAfter X509_set1_notAfter 665#endif 666 667 668/* 669 * This one is only used so that a binary form can output, as in 670 * i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &buf) 671 */ 672X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x); 673const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); 674void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, 675 const ASN1_BIT_STRING **psuid); 676const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); 677 678EVP_PKEY *X509_get0_pubkey(const X509 *x); 679EVP_PKEY *X509_get_pubkey(X509 *x); 680ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); 681 682#define X509_REQ_VERSION_1 0 683 684long X509_REQ_get_version(const X509_REQ *req); 685int X509_REQ_set_version(X509_REQ *x, long version); 686X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); 687int X509_REQ_set_subject_name(X509_REQ *req, const X509_NAME *name); 688void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, 689 const X509_ALGOR **palg); 690void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig); 691int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg); 692int X509_REQ_get_signature_nid(const X509_REQ *req); 693int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); 694int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); 695EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); 696EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req); 697X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req); 698int X509_REQ_extension_nid(int nid); 699int *X509_REQ_get_extension_nids(void); 700void X509_REQ_set_extension_nids(int *nids); 701STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); 702int X509_REQ_add_extensions_nid(X509_REQ *req, 703 const STACK_OF(X509_EXTENSION) *exts, int nid); 704int X509_REQ_add_extensions(X509_REQ *req, const STACK_OF(X509_EXTENSION) *ext); 705int X509_REQ_get_attr_count(const X509_REQ *req); 706int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos); 707int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, 708 int lastpos); 709X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); 710X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); 711int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); 712int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, 713 const ASN1_OBJECT *obj, int type, 714 const unsigned char *bytes, int len); 715int X509_REQ_add1_attr_by_NID(X509_REQ *req, 716 int nid, int type, 717 const unsigned char *bytes, int len); 718int X509_REQ_add1_attr_by_txt(X509_REQ *req, 719 const char *attrname, int type, 720 const unsigned char *bytes, int len); 721 722#define X509_CRL_VERSION_1 0 723#define X509_CRL_VERSION_2 1 724 725int X509_CRL_set_version(X509_CRL *x, long version); 726int X509_CRL_set_issuer_name(X509_CRL *x, const X509_NAME *name); 727int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); 728int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); 729int X509_CRL_sort(X509_CRL *crl); 730int X509_CRL_up_ref(X509_CRL *crl); 731 732# ifndef OPENSSL_NO_DEPRECATED_1_1_0 733# define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate 734# define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate 735#endif 736 737long X509_CRL_get_version(const X509_CRL *crl); 738const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); 739const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); 740#ifndef OPENSSL_NO_DEPRECATED_1_1_0 741OSSL_DEPRECATEDIN_1_1_0 ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl); 742OSSL_DEPRECATEDIN_1_1_0 ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl); 743#endif 744X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); 745const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); 746STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); 747void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, 748 const X509_ALGOR **palg); 749int X509_CRL_get_signature_nid(const X509_CRL *crl); 750int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp); 751 752const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x); 753int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); 754const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x); 755int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); 756const STACK_OF(X509_EXTENSION) * 757X509_REVOKED_get0_extensions(const X509_REVOKED *r); 758 759X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, 760 EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); 761 762int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey); 763 764int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey); 765int X509_chain_check_suiteb(int *perror_depth, 766 X509 *x, STACK_OF(X509) *chain, 767 unsigned long flags); 768int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags); 769void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs); 770STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); 771 772int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); 773unsigned long X509_issuer_and_serial_hash(X509 *a); 774 775int X509_issuer_name_cmp(const X509 *a, const X509 *b); 776unsigned long X509_issuer_name_hash(X509 *a); 777 778int X509_subject_name_cmp(const X509 *a, const X509 *b); 779unsigned long X509_subject_name_hash(X509 *x); 780 781# ifndef OPENSSL_NO_MD5 782unsigned long X509_issuer_name_hash_old(X509 *a); 783unsigned long X509_subject_name_hash_old(X509 *x); 784# endif 785 786# define X509_ADD_FLAG_DEFAULT 0 787# define X509_ADD_FLAG_UP_REF 0x1 788# define X509_ADD_FLAG_PREPEND 0x2 789# define X509_ADD_FLAG_NO_DUP 0x4 790# define X509_ADD_FLAG_NO_SS 0x8 791int X509_add_cert(STACK_OF(X509) *sk, X509 *cert, int flags); 792int X509_add_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, int flags); 793 794int X509_cmp(const X509 *a, const X509 *b); 795int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); 796#ifndef OPENSSL_NO_DEPRECATED_3_0 797# define X509_NAME_hash(x) X509_NAME_hash_ex(x, NULL, NULL, NULL) 798OSSL_DEPRECATEDIN_3_0 int X509_certificate_type(const X509 *x, 799 const EVP_PKEY *pubkey); 800#endif 801unsigned long X509_NAME_hash_ex(const X509_NAME *x, OSSL_LIB_CTX *libctx, 802 const char *propq, int *ok); 803unsigned long X509_NAME_hash_old(const X509_NAME *x); 804 805int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); 806int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); 807int X509_aux_print(BIO *out, X509 *x, int indent); 808# ifndef OPENSSL_NO_STDIO 809int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, 810 unsigned long cflag); 811int X509_print_fp(FILE *bp, X509 *x); 812int X509_CRL_print_fp(FILE *bp, X509_CRL *x); 813int X509_REQ_print_fp(FILE *bp, X509_REQ *req); 814int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, 815 unsigned long flags); 816# endif 817 818int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); 819int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, 820 unsigned long flags); 821int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, 822 unsigned long cflag); 823int X509_print(BIO *bp, X509 *x); 824int X509_ocspid_print(BIO *bp, X509 *x); 825int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag); 826int X509_CRL_print(BIO *bp, X509_CRL *x); 827int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, 828 unsigned long cflag); 829int X509_REQ_print(BIO *bp, X509_REQ *req); 830 831int X509_NAME_entry_count(const X509_NAME *name); 832int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid, 833 char *buf, int len); 834int X509_NAME_get_text_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, 835 char *buf, int len); 836 837/* 838 * NOTE: you should be passing -1, not 0 as lastpos. The functions that use 839 * lastpos, search after that position on. 840 */ 841int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, int lastpos); 842int X509_NAME_get_index_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, 843 int lastpos); 844X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); 845X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); 846int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, 847 int loc, int set); 848int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, 849 const unsigned char *bytes, int len, int loc, 850 int set); 851int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, 852 const unsigned char *bytes, int len, int loc, 853 int set); 854X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, 855 const char *field, int type, 856 const unsigned char *bytes, 857 int len); 858X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, 859 int type, 860 const unsigned char *bytes, 861 int len); 862int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, 863 const unsigned char *bytes, int len, int loc, 864 int set); 865X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, 866 const ASN1_OBJECT *obj, int type, 867 const unsigned char *bytes, 868 int len); 869int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj); 870int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, 871 const unsigned char *bytes, int len); 872ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); 873ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); 874int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne); 875 876int X509_NAME_get0_der(const X509_NAME *nm, const unsigned char **pder, 877 size_t *pderlen); 878 879int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); 880int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, 881 int nid, int lastpos); 882int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, 883 const ASN1_OBJECT *obj, int lastpos); 884int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, 885 int crit, int lastpos); 886X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); 887X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); 888STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, 889 X509_EXTENSION *ex, int loc); 890 891int X509_get_ext_count(const X509 *x); 892int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); 893int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos); 894int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos); 895X509_EXTENSION *X509_get_ext(const X509 *x, int loc); 896X509_EXTENSION *X509_delete_ext(X509 *x, int loc); 897int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); 898void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); 899int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, 900 unsigned long flags); 901 902int X509_CRL_get_ext_count(const X509_CRL *x); 903int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); 904int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, 905 int lastpos); 906int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); 907X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); 908X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); 909int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); 910void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx); 911int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, 912 unsigned long flags); 913 914int X509_REVOKED_get_ext_count(const X509_REVOKED *x); 915int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos); 916int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, 917 int lastpos); 918int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, 919 int lastpos); 920X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); 921X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); 922int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); 923void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, 924 int *idx); 925int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, 926 unsigned long flags); 927 928X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, 929 int nid, int crit, 930 ASN1_OCTET_STRING *data); 931X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, 932 const ASN1_OBJECT *obj, int crit, 933 ASN1_OCTET_STRING *data); 934int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); 935int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); 936int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); 937ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); 938ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); 939int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); 940 941int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); 942int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, 943 int lastpos); 944int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, 945 const ASN1_OBJECT *obj, int lastpos); 946X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); 947X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); 948STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, 949 X509_ATTRIBUTE *attr); 950STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) 951 **x, const ASN1_OBJECT *obj, 952 int type, 953 const unsigned char *bytes, 954 int len); 955STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) 956 **x, int nid, int type, 957 const unsigned char *bytes, 958 int len); 959STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) 960 **x, const char *attrname, 961 int type, 962 const unsigned char *bytes, 963 int len); 964void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x, 965 const ASN1_OBJECT *obj, int lastpos, int type); 966X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, 967 int atrtype, const void *data, 968 int len); 969X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, 970 const ASN1_OBJECT *obj, 971 int atrtype, const void *data, 972 int len); 973X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, 974 const char *atrname, int type, 975 const unsigned char *bytes, 976 int len); 977int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj); 978int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, 979 const void *data, int len); 980void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, 981 void *data); 982int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr); 983ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); 984ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); 985 986int EVP_PKEY_get_attr_count(const EVP_PKEY *key); 987int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos); 988int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, 989 int lastpos); 990X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); 991X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); 992int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); 993int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, 994 const ASN1_OBJECT *obj, int type, 995 const unsigned char *bytes, int len); 996int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, 997 int nid, int type, 998 const unsigned char *bytes, int len); 999int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, 1000 const char *attrname, int type, 1001 const unsigned char *bytes, int len); 1002 1003/* lookup a cert from a X509 STACK */ 1004X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, const X509_NAME *name, 1005 const ASN1_INTEGER *serial); 1006X509 *X509_find_by_subject(STACK_OF(X509) *sk, const X509_NAME *name); 1007 1008DECLARE_ASN1_FUNCTIONS(PBEPARAM) 1009DECLARE_ASN1_FUNCTIONS(PBE2PARAM) 1010DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM) 1011#ifndef OPENSSL_NO_SCRYPT 1012DECLARE_ASN1_FUNCTIONS(SCRYPT_PARAMS) 1013#endif 1014 1015int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, 1016 const unsigned char *salt, int saltlen); 1017int PKCS5_pbe_set0_algor_ex(X509_ALGOR *algor, int alg, int iter, 1018 const unsigned char *salt, int saltlen, 1019 OSSL_LIB_CTX *libctx); 1020 1021X509_ALGOR *PKCS5_pbe_set(int alg, int iter, 1022 const unsigned char *salt, int saltlen); 1023X509_ALGOR *PKCS5_pbe_set_ex(int alg, int iter, 1024 const unsigned char *salt, int saltlen, 1025 OSSL_LIB_CTX *libctx); 1026 1027X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, 1028 unsigned char *salt, int saltlen); 1029X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, 1030 unsigned char *salt, int saltlen, 1031 unsigned char *aiv, int prf_nid); 1032X509_ALGOR *PKCS5_pbe2_set_iv_ex(const EVP_CIPHER *cipher, int iter, 1033 unsigned char *salt, int saltlen, 1034 unsigned char *aiv, int prf_nid, 1035 OSSL_LIB_CTX *libctx); 1036 1037#ifndef OPENSSL_NO_SCRYPT 1038X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, 1039 const unsigned char *salt, int saltlen, 1040 unsigned char *aiv, uint64_t N, uint64_t r, 1041 uint64_t p); 1042#endif 1043 1044X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, 1045 int prf_nid, int keylen); 1046X509_ALGOR *PKCS5_pbkdf2_set_ex(int iter, unsigned char *salt, int saltlen, 1047 int prf_nid, int keylen, 1048 OSSL_LIB_CTX *libctx); 1049 1050/* PKCS#8 utilities */ 1051 1052DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) 1053 1054EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8); 1055EVP_PKEY *EVP_PKCS82PKEY_ex(const PKCS8_PRIV_KEY_INFO *p8, OSSL_LIB_CTX *libctx, 1056 const char *propq); 1057PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey); 1058 1059int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, 1060 int version, int ptype, void *pval, 1061 unsigned char *penc, int penclen); 1062int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, 1063 const unsigned char **pk, int *ppklen, 1064 const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8); 1065 1066const STACK_OF(X509_ATTRIBUTE) * 1067PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8); 1068int PKCS8_pkey_add1_attr(PKCS8_PRIV_KEY_INFO *p8, X509_ATTRIBUTE *attr); 1069int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, 1070 const unsigned char *bytes, int len); 1071int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj, 1072 int type, const unsigned char *bytes, int len); 1073 1074 1075void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub, 1076 unsigned char *penc, int penclen); 1077int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, 1078 int ptype, void *pval, 1079 unsigned char *penc, int penclen); 1080int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, 1081 const unsigned char **pk, int *ppklen, 1082 X509_ALGOR **pa, const X509_PUBKEY *pub); 1083int X509_PUBKEY_eq(const X509_PUBKEY *a, const X509_PUBKEY *b); 1084 1085# ifdef __cplusplus 1086} 1087# endif 1088#endif 1089