# define X509v3_KU_DECIPHER_ONLY 0x8000
# define X509v3_KU_UNDEF 0xffff
-typedef struct X509_objects_st {
- int nid;
- int (*a2i) (void);
- int (*i2a) (void);
-} X509_OBJECTS;
-
struct X509_algor_st {
ASN1_OBJECT *algorithm;
ASN1_TYPE *parameter;
typedef struct x509_cinf_st {
ASN1_INTEGER *version; /* [ 0 ] default of v1 */
ASN1_INTEGER *serialNumber;
- X509_ALGOR *signature;
+ X509_ALGOR signature;
X509_NAME *issuer;
- X509_VAL *validity;
+ X509_VAL validity;
X509_NAME *subject;
X509_PUBKEY *key;
ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
typedef struct x509_cert_aux_st X509_CERT_AUX;
struct x509_st {
- X509_CINF *cert_info;
- X509_ALGOR *sig_alg;
+ X509_CINF cert_info;
+ X509_ALGOR sig_alg;
ASN1_BIT_STRING *signature;
int valid;
int references;
/* These contain copies of various extension values */
long ex_pathlen;
long ex_pcpathlen;
- unsigned long ex_flags;
- unsigned long ex_kusage;
- unsigned long ex_xkusage;
- unsigned long ex_nscert;
+ uint32_t ex_flags;
+ uint32_t ex_kusage;
+ uint32_t ex_xkusage;
+ uint32_t ex_nscert;
ASN1_OCTET_STRING *skid;
AUTHORITY_KEYID *akid;
X509_POLICY_CACHE *policy_cache;
STACK_OF(DIST_POINT) *crldp;
STACK_OF(GENERAL_NAME) *altname;
NAME_CONSTRAINTS *nc;
+#ifndef OPENSSL_NO_RFC3779
STACK_OF(IPAddressFamily) *rfc3779_addr;
struct ASIdentifiers_st *rfc3779_asid;
+# endif
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
X509_CERT_AUX *aux;
} /* X509 */ ;
XN_FLAG_FN_LN | \
XN_FLAG_FN_ALIGN)
-struct x509_revoked_st {
- ASN1_INTEGER *serialNumber;
- ASN1_TIME *revocationDate;
- STACK_OF(X509_EXTENSION) /* optional */ *extensions;
- /* Set up if indirect CRL */
- STACK_OF(GENERAL_NAME) *issuer;
- /* Revocation reason */
- int reason;
- int sequence; /* load sequence */
-};
-
DECLARE_STACK_OF(X509_REVOKED)
-typedef struct X509_crl_info_st {
- ASN1_INTEGER *version;
- X509_ALGOR *sig_alg;
- X509_NAME *issuer;
- ASN1_TIME *lastUpdate;
- ASN1_TIME *nextUpdate;
- STACK_OF(X509_REVOKED) *revoked;
- STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
- ASN1_ENCODING enc;
-} X509_CRL_INFO;
-
-struct X509_crl_st {
- /* actual signature */
- X509_CRL_INFO *crl;
- X509_ALGOR *sig_alg;
- ASN1_BIT_STRING *signature;
- int references;
- int flags;
- /* Copies of various extensions */
- AUTHORITY_KEYID *akid;
- ISSUING_DIST_POINT *idp;
- /* Convenient breakdown of IDP */
- int idp_flags;
- int idp_reasons;
- /* CRL and base CRL numbers for delta processing */
- ASN1_INTEGER *crl_number;
- ASN1_INTEGER *base_crl_number;
- unsigned char sha1_hash[SHA_DIGEST_LENGTH];
- STACK_OF(GENERAL_NAMES) *issuers;
- const X509_CRL_METHOD *meth;
- void *meth_data;
-} /* X509_CRL */ ;
+typedef struct X509_crl_info_st X509_CRL_INFO;
DECLARE_STACK_OF(X509_CRL)
typedef struct Netscape_spki_st {
NETSCAPE_SPKAC *spkac; /* signed public key and challenge */
- X509_ALGOR *sig_algor;
+ X509_ALGOR sig_algor;
ASN1_BIT_STRING *signature;
} NETSCAPE_SPKI;
# define X509_EXT_PACK_UNKNOWN 1
# define X509_EXT_PACK_STRING 2
-# define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
-/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
-# define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
-# define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
# define X509_extract_key(x) X509_get_pubkey(x)/*****/
# define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
# define X509_name_cmp(a,b) X509_NAME_cmp((a),(b))
-# define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
-
-# define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
-# define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
-# define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
-# define X509_CRL_get_issuer(x) ((x)->crl->issuer)
-# define X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
void X509_CRL_set_default_method(const X509_CRL_METHOD *meth);
X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl),
void X509_CRL_set_meth_data(X509_CRL *crl, void *dat);
void *X509_CRL_get_meth_data(X509_CRL *crl);
-/*
- * This one is only used so that a binary form can output, as in
- * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf)
- */
-# define X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
-
const char *X509_verify_cert_error_string(long n);
int X509_verify(X509 *a, EVP_PKEY *r);
int i2d_re_X509_tbs(X509 *x, unsigned char **pp);
-void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
- const X509 *x);
+void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509 *x);
int X509_get_signature_nid(const X509 *x);
int X509_alias_set1(X509 *x, unsigned char *name, int len);
X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
void *asn, EVP_MD_CTX *ctx);
+long X509_get_version(X509 *x);
int X509_set_version(X509 *x, long version);
int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
ASN1_INTEGER *X509_get_serialNumber(X509 *x);
X509_NAME *X509_get_issuer_name(X509 *a);
int X509_set_subject_name(X509 *x, X509_NAME *name);
X509_NAME *X509_get_subject_name(X509 *a);
+ASN1_TIME * X509_get_notBefore(X509 *x);
int X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
+ASN1_TIME *X509_get_notAfter(X509 *x);
int X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
+void X509_up_ref(X509 *x);
+int X509_get_signature_type(const X509 *x);
+/*
+ * This one is only used so that a binary form can output, as in
+ * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf)
+ */
+X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x);
+
EVP_PKEY *X509_get_pubkey(X509 *x);
ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
int X509_certificate_type(X509 *x, EVP_PKEY *pubkey /* optional */ );
int X509_CRL_sort(X509_CRL *crl);
void X509_CRL_up_ref(X509_CRL *crl);
+long X509_CRL_get_version(X509_CRL *crl);
+ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
+ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl);
+X509_NAME *X509_CRL_get_issuer(X509_CRL *crl);
+STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
+void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
+ X509_CRL *crl);
+
int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
unsigned char *salt, int saltlen,
unsigned char *aiv, int prf_nid);
+#ifndef OPENSSL_NO_SCRYPT
X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
const unsigned char *salt, int saltlen,
unsigned char *aiv, uint64_t N, uint64_t r,
uint64_t p);
+#endif
X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
int prf_nid, int keylen);