grpc 1.61.0.pre2 → 1.62.0.pre1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (724) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +218 -196
  3. data/include/grpc/event_engine/event_engine.h +5 -43
  4. data/include/grpc/event_engine/extensible.h +68 -0
  5. data/include/grpc/impl/slice_type.h +1 -1
  6. data/include/grpc/support/port_platform.h +12 -20
  7. data/src/core/{ext/filters/client_channel → client_channel}/backend_metric.cc +1 -1
  8. data/src/core/{ext/filters/client_channel → client_channel}/backend_metric.h +4 -4
  9. data/src/core/{ext/filters/client_channel → client_channel}/backup_poller.cc +1 -1
  10. data/src/core/{ext/filters/client_channel → client_channel}/backup_poller.h +3 -3
  11. data/src/core/{ext/filters/client_channel → client_channel}/channel_connectivity.cc +11 -11
  12. data/src/core/{ext/filters/client_channel → client_channel}/client_channel_channelz.cc +1 -1
  13. data/src/core/{ext/filters/client_channel → client_channel}/client_channel_channelz.h +3 -3
  14. data/src/core/{ext/filters/client_channel → client_channel}/client_channel_factory.cc +1 -1
  15. data/src/core/{ext/filters/client_channel → client_channel}/client_channel_factory.h +4 -4
  16. data/src/core/{ext/filters/client_channel/client_channel.cc → client_channel/client_channel_filter.cc} +247 -231
  17. data/src/core/{ext/filters/client_channel/client_channel.h → client_channel/client_channel_filter.h} +42 -42
  18. data/src/core/{ext/filters/client_channel → client_channel}/client_channel_internal.h +6 -6
  19. data/src/core/{ext/filters/client_channel → client_channel}/client_channel_plugin.cc +5 -5
  20. data/src/core/{ext/filters/client_channel → client_channel}/client_channel_service_config.cc +2 -2
  21. data/src/core/{ext/filters/client_channel → client_channel}/client_channel_service_config.h +5 -5
  22. data/src/core/{ext/filters/client_channel → client_channel}/config_selector.cc +1 -1
  23. data/src/core/{ext/filters/client_channel → client_channel}/config_selector.h +5 -5
  24. data/src/core/{ext/filters/client_channel → client_channel}/connector.h +3 -3
  25. data/src/core/{ext/filters/client_channel → client_channel}/dynamic_filters.cc +1 -1
  26. data/src/core/{ext/filters/client_channel → client_channel}/dynamic_filters.h +3 -3
  27. data/src/core/{ext/filters/client_channel → client_channel}/global_subchannel_pool.cc +2 -2
  28. data/src/core/{ext/filters/client_channel → client_channel}/global_subchannel_pool.h +4 -4
  29. data/src/core/{ext/filters/client_channel → client_channel}/http_proxy_mapper.cc +1 -1
  30. data/src/core/{ext/filters/client_channel → client_channel}/http_proxy_mapper.h +3 -3
  31. data/src/core/{ext/filters/client_channel → client_channel}/local_subchannel_pool.cc +2 -2
  32. data/src/core/{ext/filters/client_channel → client_channel}/local_subchannel_pool.h +4 -4
  33. data/src/core/{ext/filters/client_channel → client_channel}/retry_filter.cc +8 -8
  34. data/src/core/{ext/filters/client_channel → client_channel}/retry_filter.h +8 -8
  35. data/src/core/{ext/filters/client_channel → client_channel}/retry_filter_legacy_call_data.cc +12 -9
  36. data/src/core/{ext/filters/client_channel → client_channel}/retry_filter_legacy_call_data.h +11 -10
  37. data/src/core/{ext/filters/client_channel → client_channel}/retry_service_config.cc +1 -1
  38. data/src/core/{ext/filters/client_channel → client_channel}/retry_service_config.h +4 -4
  39. data/src/core/{ext/filters/client_channel → client_channel}/retry_throttle.cc +1 -1
  40. data/src/core/{ext/filters/client_channel → client_channel}/retry_throttle.h +3 -3
  41. data/src/core/{ext/filters/client_channel → client_channel}/service_config_channel_arg_filter.cc +4 -4
  42. data/src/core/{ext/filters/client_channel → client_channel}/subchannel.cc +2 -2
  43. data/src/core/{ext/filters/client_channel → client_channel}/subchannel.h +6 -6
  44. data/src/core/{ext/filters/client_channel → client_channel}/subchannel_interface_internal.h +5 -5
  45. data/src/core/{ext/filters/client_channel → client_channel}/subchannel_pool_interface.cc +1 -1
  46. data/src/core/{ext/filters/client_channel → client_channel}/subchannel_pool_interface.h +3 -3
  47. data/src/core/{ext/filters/client_channel → client_channel}/subchannel_stream_client.cc +1 -1
  48. data/src/core/{ext/filters/client_channel → client_channel}/subchannel_stream_client.h +4 -4
  49. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +1 -1
  50. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +1 -1
  51. data/src/core/ext/filters/fault_injection/fault_injection_service_config_parser.h +1 -1
  52. data/src/core/ext/filters/http/message_compress/legacy_compression_filter.cc +2 -2
  53. data/src/core/ext/filters/http/server/http_server_filter.cc +1 -1
  54. data/src/core/ext/filters/message_size/message_size_filter.cc +3 -3
  55. data/src/core/ext/filters/message_size/message_size_filter.h +1 -1
  56. data/src/core/ext/filters/rbac/rbac_filter.cc +1 -1
  57. data/src/core/ext/filters/rbac/rbac_service_config_parser.h +1 -1
  58. data/src/core/ext/filters/server_config_selector/server_config_selector.h +2 -2
  59. data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +2 -2
  60. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +2 -2
  61. data/src/core/ext/filters/stateful_session/stateful_session_filter.h +1 -1
  62. data/src/core/ext/filters/stateful_session/stateful_session_service_config_parser.h +1 -1
  63. data/src/core/ext/transport/chttp2/alpn/alpn.cc +4 -1
  64. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +5 -5
  65. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +1 -1
  66. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +5 -0
  67. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +3 -1
  68. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +3 -1
  69. data/src/core/ext/transport/inproc/inproc_transport.cc +20 -13
  70. data/src/core/ext/transport/inproc/inproc_transport.h +8 -0
  71. data/src/core/ext/upb-gen/envoy/config/bootstrap/v3/bootstrap.upb.h +351 -164
  72. data/src/core/ext/upb-gen/envoy/config/bootstrap/v3/bootstrap.upb_minitable.c +89 -50
  73. data/src/core/ext/upb-gen/envoy/config/bootstrap/v3/bootstrap.upb_minitable.h +2 -0
  74. data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb.h +47 -3
  75. data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb_minitable.c +15 -7
  76. data/src/core/ext/upb-gen/envoy/config/cluster/v3/filter.upb.h +32 -3
  77. data/src/core/ext/upb-gen/envoy/config/cluster/v3/filter.upb_minitable.c +8 -5
  78. data/src/core/ext/upb-gen/envoy/config/cluster/v3/outlier_detection.upb.h +28 -0
  79. data/src/core/ext/upb-gen/envoy/config/cluster/v3/outlier_detection.upb_minitable.c +6 -4
  80. data/src/core/ext/upb-gen/envoy/config/common/matcher/v3/matcher.upb.h +0 -1
  81. data/src/core/ext/upb-gen/envoy/config/common/matcher/v3/matcher.upb_minitable.c +0 -1
  82. data/src/core/ext/upb-gen/envoy/config/core/v3/address.upb.h +29 -0
  83. data/src/core/ext/upb-gen/envoy/config/core/v3/address.upb_minitable.c +7 -4
  84. data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb.h +17 -1
  85. data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.c +4 -3
  86. data/src/core/ext/upb-gen/envoy/config/core/v3/http_service.upb.h +166 -0
  87. data/src/core/ext/upb-gen/envoy/config/core/v3/http_service.upb_minitable.c +55 -0
  88. data/src/core/ext/upb-gen/envoy/config/core/v3/http_service.upb_minitable.h +30 -0
  89. data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb.h +30 -0
  90. data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb_minitable.c +7 -5
  91. data/src/core/ext/upb-gen/envoy/config/core/v3/substitution_format_string.upb.h +99 -19
  92. data/src/core/ext/upb-gen/envoy/config/core/v3/substitution_format_string.upb_minitable.c +29 -12
  93. data/src/core/ext/upb-gen/envoy/config/core/v3/substitution_format_string.upb_minitable.h +1 -0
  94. data/src/core/ext/upb-gen/envoy/config/endpoint/v3/endpoint.upb.h +15 -0
  95. data/src/core/ext/upb-gen/envoy/config/endpoint/v3/endpoint.upb_minitable.c +4 -3
  96. data/src/core/ext/upb-gen/envoy/config/route/v3/route.upb.h +31 -3
  97. data/src/core/ext/upb-gen/envoy/config/route/v3/route.upb_minitable.c +22 -4
  98. data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb.h +91 -3
  99. data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.c +11 -8
  100. data/src/core/ext/upb-gen/envoy/config/tap/v3/common.upb.h +30 -0
  101. data/src/core/ext/upb-gen/envoy/config/tap/v3/common.upb_minitable.c +7 -4
  102. data/src/core/ext/upb-gen/envoy/config/trace/v3/dynamic_ot.upb.h +1 -0
  103. data/src/core/ext/upb-gen/envoy/config/trace/v3/dynamic_ot.upb_minitable.c +1 -0
  104. data/src/core/ext/upb-gen/envoy/config/trace/v3/opentelemetry.upb.h +125 -3
  105. data/src/core/ext/upb-gen/envoy/config/trace/v3/opentelemetry.upb_minitable.c +17 -4
  106. data/src/core/ext/upb-gen/envoy/data/accesslog/v3/accesslog.upb.h +19 -1
  107. data/src/core/ext/upb-gen/envoy/data/accesslog/v3/accesslog.upb_minitable.c +4 -3
  108. data/src/core/ext/upb-gen/envoy/extensions/filters/http/router/v3/router.upb.h +1 -0
  109. data/src/core/ext/upb-gen/envoy/extensions/filters/http/router/v3/router.upb_minitable.c +1 -0
  110. data/src/core/ext/upb-gen/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb.h +15 -0
  111. data/src/core/ext/upb-gen/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb_minitable.c +5 -2
  112. data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +42 -0
  113. data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb_minitable.c +11 -8
  114. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/common.upb.h +23 -8
  115. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/common.upb_minitable.c +9 -4
  116. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +58 -16
  117. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb_minitable.c +14 -11
  118. data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb.h +15 -0
  119. data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb_minitable.c +7 -2
  120. data/src/core/ext/upb-gen/envoy/type/matcher/v3/value.upb.h +129 -0
  121. data/src/core/ext/upb-gen/envoy/type/matcher/v3/value.upb_minitable.c +27 -6
  122. data/src/core/ext/upb-gen/envoy/type/matcher/v3/value.upb_minitable.h +1 -0
  123. data/src/core/ext/upb-gen/xds/type/matcher/v3/cel.upb.h +15 -0
  124. data/src/core/ext/upb-gen/xds/type/matcher/v3/cel.upb_minitable.c +5 -2
  125. data/src/core/ext/upbdefs-gen/envoy/config/accesslog/v3/accesslog.upbdefs.c +60 -60
  126. data/src/core/ext/upbdefs-gen/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +278 -256
  127. data/src/core/ext/upbdefs-gen/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +10 -0
  128. data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/cluster.upbdefs.c +483 -475
  129. data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/filter.upbdefs.c +27 -20
  130. data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/outlier_detection.upbdefs.c +17 -12
  131. data/src/core/ext/upbdefs-gen/envoy/config/common/matcher/v3/matcher.upbdefs.c +157 -161
  132. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/address.upbdefs.c +105 -97
  133. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.c +106 -102
  134. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/http_service.upbdefs.c +52 -0
  135. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/http_service.upbdefs.h +35 -0
  136. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/http_uri.upbdefs.c +14 -13
  137. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/protocol.upbdefs.c +228 -224
  138. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/substitution_format_string.upbdefs.c +32 -26
  139. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/substitution_format_string.upbdefs.h +5 -0
  140. data/src/core/ext/upbdefs-gen/envoy/config/endpoint/v3/endpoint.upbdefs.c +31 -28
  141. data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route.upbdefs.c +22 -19
  142. data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.c +818 -813
  143. data/src/core/ext/upbdefs-gen/envoy/config/tap/v3/common.upbdefs.c +158 -151
  144. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/dynamic_ot.upbdefs.c +27 -23
  145. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.c +59 -53
  146. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opentelemetry.upbdefs.c +40 -18
  147. data/src/core/ext/upbdefs-gen/envoy/data/accesslog/v3/accesslog.upbdefs.c +106 -103
  148. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/router/v3/router.upbdefs.c +16 -12
  149. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upbdefs.c +22 -21
  150. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +265 -261
  151. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +127 -125
  152. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +188 -182
  153. data/src/core/ext/upbdefs-gen/envoy/service/status/v3/csds.upbdefs.c +57 -56
  154. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/value.upbdefs.c +27 -20
  155. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/value.upbdefs.h +5 -0
  156. data/src/core/ext/upbdefs-gen/xds/type/matcher/v3/cel.upbdefs.c +10 -8
  157. data/src/core/ext/xds/xds_api.cc +63 -150
  158. data/src/core/ext/xds/xds_api.h +2 -7
  159. data/src/core/ext/xds/xds_bootstrap.h +3 -4
  160. data/src/core/ext/xds/xds_bootstrap_grpc.cc +4 -15
  161. data/src/core/ext/xds/xds_bootstrap_grpc.h +2 -1
  162. data/src/core/ext/xds/xds_client.cc +111 -59
  163. data/src/core/ext/xds/xds_client.h +20 -15
  164. data/src/core/ext/xds/xds_client_grpc.cc +53 -15
  165. data/src/core/ext/xds/xds_client_grpc.h +4 -1
  166. data/src/core/ext/xds/xds_client_stats.cc +11 -11
  167. data/src/core/ext/xds/xds_client_stats.h +8 -13
  168. data/src/core/ext/xds/xds_cluster.cc +1 -1
  169. data/src/core/ext/xds/xds_cluster.h +1 -1
  170. data/src/core/ext/xds/xds_endpoint.h +1 -1
  171. data/src/core/ext/xds/xds_health_status.h +1 -1
  172. data/src/core/ext/xds/xds_lb_policy_registry.cc +1 -1
  173. data/src/core/ext/xds/xds_route_config.cc +1 -1
  174. data/src/core/ext/xds/xds_server_config_fetcher.cc +2 -2
  175. data/src/core/ext/xds/xds_transport_grpc.cc +5 -5
  176. data/src/core/lib/channel/channel_args.h +15 -1
  177. data/src/core/lib/channel/connected_channel.cc +13 -12
  178. data/src/core/lib/channel/promise_based_filter.cc +4 -4
  179. data/src/core/lib/channel/promise_based_filter.h +1 -2
  180. data/src/core/lib/config/core_configuration.h +3 -3
  181. data/src/core/lib/event_engine/ares_resolver.cc +106 -59
  182. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +4 -0
  183. data/src/core/lib/event_engine/extensions/can_track_errors.h +40 -0
  184. data/src/core/lib/event_engine/extensions/supports_fd.h +160 -0
  185. data/src/core/lib/event_engine/forkable.cc +7 -5
  186. data/src/core/lib/event_engine/posix.h +11 -122
  187. data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.h +1 -5
  188. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +31 -7
  189. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +1 -0
  190. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +3 -4
  191. data/src/core/lib/event_engine/posix_engine/posix_engine.h +2 -3
  192. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +14 -6
  193. data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +10 -0
  194. data/src/core/lib/event_engine/query_extensions.h +85 -0
  195. data/src/core/lib/event_engine/shim.cc +3 -17
  196. data/src/core/lib/event_engine/shim.h +0 -2
  197. data/src/core/lib/event_engine/thread_pool/thread_count.cc +28 -7
  198. data/src/core/lib/event_engine/thread_pool/thread_count.h +6 -1
  199. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +109 -5
  200. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +9 -0
  201. data/src/core/lib/event_engine/utils.cc +2 -1
  202. data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.cc +1 -0
  203. data/src/core/lib/event_engine/windows/native_windows_dns_resolver.cc +1 -0
  204. data/src/core/lib/experiments/config.cc +10 -2
  205. data/src/core/lib/experiments/config.h +6 -0
  206. data/src/core/lib/experiments/experiments.cc +57 -18
  207. data/src/core/lib/experiments/experiments.h +16 -8
  208. data/src/core/lib/gpr/posix/sync.cc +2 -2
  209. data/src/core/lib/gpr/posix/time.cc +0 -5
  210. data/src/core/lib/gpr/windows/sync.cc +2 -2
  211. data/src/core/lib/gprpp/debug_location.h +2 -0
  212. data/src/core/lib/gprpp/down_cast.h +49 -0
  213. data/src/core/lib/gprpp/linux/env.cc +1 -19
  214. data/src/core/lib/gprpp/load_file.cc +2 -1
  215. data/src/core/lib/gprpp/load_file.h +2 -1
  216. data/src/core/lib/gprpp/posix/thd.cc +27 -2
  217. data/src/core/lib/gprpp/thd.h +8 -0
  218. data/src/core/lib/gprpp/time.h +4 -3
  219. data/src/core/lib/gprpp/windows/directory_reader.cc +1 -0
  220. data/src/core/lib/gprpp/windows/thd.cc +10 -1
  221. data/src/core/lib/iomgr/combiner.cc +1 -1
  222. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +20 -14
  223. data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +2 -2
  224. data/src/core/lib/iomgr/grpc_if_nametoindex_unsupported.cc +2 -2
  225. data/src/core/lib/iomgr/tcp_server_posix.cc +65 -50
  226. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +12 -0
  227. data/src/core/lib/json/json_writer.cc +1 -1
  228. data/src/core/lib/promise/activity.h +8 -2
  229. data/src/core/lib/promise/context.h +45 -7
  230. data/src/core/lib/promise/for_each.h +6 -9
  231. data/src/core/lib/promise/interceptor_list.h +13 -5
  232. data/src/core/lib/promise/latch.h +3 -3
  233. data/src/core/lib/promise/party.cc +12 -0
  234. data/src/core/lib/promise/party.h +37 -6
  235. data/src/core/lib/promise/pipe.h +2 -7
  236. data/src/core/lib/promise/sleep.cc +1 -1
  237. data/src/core/lib/promise/status_flag.h +32 -2
  238. data/src/core/lib/resource_quota/memory_quota.cc +4 -4
  239. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +5 -11
  240. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +11 -10
  241. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +9 -7
  242. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +1 -1
  243. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +16 -24
  244. data/src/core/lib/security/credentials/xds/xds_credentials.cc +1 -1
  245. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +1 -1
  246. data/src/core/lib/security/security_connector/load_system_roots_supported.cc +3 -7
  247. data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
  248. data/src/core/lib/security/security_connector/ssl_utils.cc +26 -17
  249. data/src/core/lib/security/transport/legacy_server_auth_filter.cc +2 -2
  250. data/src/core/lib/security/transport/security_handshaker.cc +0 -8
  251. data/src/core/lib/security/transport/security_handshaker.h +0 -6
  252. data/src/core/lib/security/transport/server_auth_filter.cc +2 -2
  253. data/src/core/lib/slice/slice_buffer.h +3 -1
  254. data/src/core/lib/surface/call.cc +162 -76
  255. data/src/core/lib/surface/call_trace.cc +9 -9
  256. data/src/core/lib/surface/channel.cc +15 -24
  257. data/src/core/lib/surface/channel.h +4 -20
  258. data/src/core/lib/surface/channel_init.cc +81 -7
  259. data/src/core/lib/surface/channel_init.h +104 -6
  260. data/src/core/lib/surface/init.cc +1 -1
  261. data/src/core/lib/surface/server.cc +4 -7
  262. data/src/core/lib/surface/version.cc +2 -2
  263. data/src/core/lib/surface/wait_for_cq_end_op.cc +75 -0
  264. data/src/core/lib/surface/wait_for_cq_end_op.h +4 -26
  265. data/src/core/lib/transport/batch_builder.cc +2 -3
  266. data/src/core/lib/transport/batch_builder.h +1 -1
  267. data/src/core/lib/transport/call_factory.cc +41 -0
  268. data/src/core/lib/transport/call_factory.h +56 -0
  269. data/src/core/lib/transport/call_filters.cc +371 -0
  270. data/src/core/lib/transport/call_filters.h +1500 -0
  271. data/src/core/lib/transport/call_size_estimator.cc +41 -0
  272. data/src/core/lib/transport/call_size_estimator.h +52 -0
  273. data/src/core/lib/transport/call_spine.cc +107 -0
  274. data/src/core/lib/transport/call_spine.h +429 -0
  275. data/src/core/lib/transport/handshaker.cc +0 -8
  276. data/src/core/lib/transport/handshaker.h +0 -7
  277. data/src/core/lib/transport/message.cc +45 -0
  278. data/src/core/lib/transport/message.h +61 -0
  279. data/src/core/lib/transport/metadata.cc +37 -0
  280. data/src/core/lib/transport/metadata.h +78 -0
  281. data/src/core/lib/transport/metadata_batch.cc +4 -2
  282. data/src/core/lib/transport/metadata_batch.h +2 -2
  283. data/src/core/lib/transport/transport.cc +0 -105
  284. data/src/core/lib/transport/transport.h +3 -452
  285. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/address_filtering.cc +1 -1
  286. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/address_filtering.h +4 -4
  287. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/backend_metric_data.h +3 -3
  288. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/child_policy_handler.cc +4 -4
  289. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/child_policy_handler.h +4 -4
  290. data/src/core/{lib/load_balancing → load_balancing}/delegating_helper.h +5 -5
  291. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/endpoint_list.cc +6 -6
  292. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/endpoint_list.h +6 -6
  293. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/client_load_reporting_filter.cc +2 -2
  294. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/client_load_reporting_filter.h +3 -3
  295. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb.cc +19 -19
  296. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb.h +3 -3
  297. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb_balancer_addresses.cc +1 -1
  298. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb_balancer_addresses.h +4 -4
  299. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb_client_stats.cc +1 -1
  300. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb_client_stats.h +3 -3
  301. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/load_balancer_api.cc +1 -1
  302. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/load_balancer_api.h +4 -4
  303. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/health_check_client.cc +6 -6
  304. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/health_check_client.h +4 -4
  305. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/health_check_client_internal.h +7 -7
  306. data/src/core/{lib/load_balancing → load_balancing}/lb_policy.cc +1 -1
  307. data/src/core/{lib/load_balancing → load_balancing}/lb_policy.h +6 -6
  308. data/src/core/{lib/load_balancing → load_balancing}/lb_policy_factory.h +4 -4
  309. data/src/core/{lib/load_balancing → load_balancing}/lb_policy_registry.cc +2 -2
  310. data/src/core/{lib/load_balancing → load_balancing}/lb_policy_registry.h +5 -5
  311. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/oob_backend_metric.cc +6 -6
  312. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/oob_backend_metric.h +5 -5
  313. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/oob_backend_metric_internal.h +8 -8
  314. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/outlier_detection/outlier_detection.cc +10 -10
  315. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/outlier_detection/outlier_detection.h +3 -3
  316. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/pick_first/pick_first.cc +6 -6
  317. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/pick_first/pick_first.h +4 -4
  318. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/priority/priority.cc +8 -8
  319. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/ring_hash/ring_hash.cc +8 -8
  320. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/ring_hash/ring_hash.h +4 -4
  321. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/rls/rls.cc +13 -13
  322. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/round_robin/round_robin.cc +7 -7
  323. data/src/core/{lib/load_balancing → load_balancing}/subchannel_interface.h +3 -3
  324. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/subchannel_list.h +8 -8
  325. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/weighted_round_robin/static_stride_scheduler.cc +1 -1
  326. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/weighted_round_robin/static_stride_scheduler.h +3 -3
  327. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/weighted_round_robin/weighted_round_robin.cc +10 -10
  328. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/weighted_target/weighted_target.cc +7 -7
  329. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/cds.cc +26 -23
  330. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_channel_args.h +4 -4
  331. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_cluster_impl.cc +11 -11
  332. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_cluster_manager.cc +8 -8
  333. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_override_host.cc +10 -10
  334. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_override_host.h +4 -4
  335. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_wrr_locality.cc +6 -6
  336. data/src/core/{ext/filters/client_channel/resolver → resolver}/binder/binder_resolver.cc +3 -3
  337. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/dns_resolver_ares.cc +9 -9
  338. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/dns_resolver_ares.h +3 -3
  339. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_ev_driver.h +4 -4
  340. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
  341. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_ev_driver_windows.cc +2 -2
  342. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_wrapper.cc +2 -2
  343. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_wrapper.h +4 -4
  344. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_wrapper_posix.cc +1 -1
  345. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_wrapper_windows.cc +2 -2
  346. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/dns_resolver_plugin.cc +7 -5
  347. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/dns_resolver_plugin.h +3 -3
  348. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/event_engine/event_engine_client_channel_resolver.cc +9 -9
  349. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/event_engine/event_engine_client_channel_resolver.h +5 -5
  350. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/event_engine/service_config_helper.cc +1 -1
  351. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/event_engine/service_config_helper.h +3 -3
  352. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/native/dns_resolver.cc +4 -4
  353. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/native/dns_resolver.h +3 -3
  354. data/src/core/{lib/resolver → resolver}/endpoint_addresses.cc +1 -1
  355. data/src/core/{lib/resolver → resolver}/endpoint_addresses.h +3 -3
  356. data/src/core/{ext/filters/client_channel/resolver → resolver}/fake/fake_resolver.cc +2 -2
  357. data/src/core/{ext/filters/client_channel/resolver → resolver}/fake/fake_resolver.h +4 -4
  358. data/src/core/{ext/filters/client_channel/resolver → resolver}/google_c2p/google_c2p_resolver.cc +3 -3
  359. data/src/core/{ext/filters/client_channel/resolver → resolver}/polling_resolver.cc +3 -3
  360. data/src/core/{ext/filters/client_channel/resolver → resolver}/polling_resolver.h +5 -5
  361. data/src/core/{lib/resolver → resolver}/resolver.cc +1 -1
  362. data/src/core/{lib/resolver → resolver}/resolver.h +6 -6
  363. data/src/core/{lib/resolver → resolver}/resolver_factory.h +4 -4
  364. data/src/core/{lib/resolver → resolver}/resolver_registry.cc +1 -1
  365. data/src/core/{lib/resolver → resolver}/resolver_registry.h +5 -5
  366. data/src/core/{lib/resolver → resolver}/server_address.h +4 -4
  367. data/src/core/{ext/filters/client_channel/resolver → resolver}/sockaddr/sockaddr_resolver.cc +3 -3
  368. data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_dependency_manager.cc +4 -4
  369. data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_dependency_manager.h +4 -4
  370. data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_resolver.cc +11 -11
  371. data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_resolver_attributes.h +4 -4
  372. data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_resolver_trace.cc +1 -1
  373. data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_resolver_trace.h +3 -3
  374. data/src/core/{lib/service_config → service_config}/service_config.h +4 -4
  375. data/src/core/{lib/service_config → service_config}/service_config_call_data.h +5 -5
  376. data/src/core/{lib/service_config → service_config}/service_config_impl.cc +2 -2
  377. data/src/core/{lib/service_config → service_config}/service_config_impl.h +5 -5
  378. data/src/core/{lib/service_config → service_config}/service_config_parser.cc +1 -1
  379. data/src/core/{lib/service_config → service_config}/service_config_parser.h +3 -3
  380. data/src/core/tsi/fake_transport_security.cc +1 -1
  381. data/src/ruby/ext/grpc/extconf.rb +0 -1
  382. data/src/ruby/ext/grpc/rb_channel.c +11 -5
  383. data/src/ruby/ext/grpc/rb_event_thread.c +9 -3
  384. data/src/ruby/lib/grpc/version.rb +1 -1
  385. data/third_party/abseil-cpp/absl/algorithm/algorithm.h +8 -103
  386. data/third_party/abseil-cpp/absl/algorithm/container.h +57 -71
  387. data/third_party/abseil-cpp/absl/base/attributes.h +51 -12
  388. data/third_party/abseil-cpp/absl/base/call_once.h +15 -9
  389. data/third_party/abseil-cpp/absl/base/casts.h +1 -1
  390. data/third_party/abseil-cpp/absl/base/config.h +91 -24
  391. data/third_party/abseil-cpp/absl/base/internal/endian.h +13 -12
  392. data/third_party/abseil-cpp/absl/base/internal/identity.h +4 -2
  393. data/third_party/abseil-cpp/absl/base/internal/inline_variable.h +19 -18
  394. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +1 -1
  395. data/third_party/abseil-cpp/absl/base/internal/nullability_impl.h +106 -0
  396. data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +9 -11
  397. data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +2 -0
  398. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +17 -4
  399. data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +20 -0
  400. data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +10 -4
  401. data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +13 -6
  402. data/third_party/abseil-cpp/absl/base/log_severity.cc +1 -0
  403. data/third_party/abseil-cpp/absl/base/log_severity.h +23 -10
  404. data/third_party/abseil-cpp/absl/base/no_destructor.h +217 -0
  405. data/third_party/abseil-cpp/absl/base/nullability.h +224 -0
  406. data/third_party/abseil-cpp/absl/base/optimization.h +1 -0
  407. data/third_party/abseil-cpp/absl/base/options.h +27 -1
  408. data/third_party/abseil-cpp/absl/base/prefetch.h +25 -14
  409. data/third_party/abseil-cpp/absl/base/thread_annotations.h +0 -2
  410. data/third_party/abseil-cpp/absl/container/flat_hash_map.h +3 -3
  411. data/third_party/abseil-cpp/absl/container/flat_hash_set.h +1 -1
  412. data/third_party/abseil-cpp/absl/container/internal/common_policy_traits.h +4 -2
  413. data/third_party/abseil-cpp/absl/container/internal/container_memory.h +13 -9
  414. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +2 -12
  415. data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +12 -1
  416. data/third_party/abseil-cpp/absl/container/internal/layout.h +6 -21
  417. data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +11 -2
  418. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +148 -31
  419. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +717 -278
  420. data/third_party/abseil-cpp/absl/crc/internal/cpu_detect.cc +26 -2
  421. data/third_party/abseil-cpp/absl/crc/internal/cpu_detect.h +6 -0
  422. data/third_party/abseil-cpp/absl/crc/internal/crc32_x86_arm_combined_simd.h +34 -5
  423. data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy.h +6 -3
  424. data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy_fallback.cc +4 -2
  425. data/third_party/abseil-cpp/absl/crc/internal/{crc_memcpy_x86_64.cc → crc_memcpy_x86_arm_combined.cc} +65 -47
  426. data/third_party/abseil-cpp/absl/crc/internal/crc_x86_arm_combined.cc +10 -2
  427. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +4 -2
  428. data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +24 -0
  429. data/third_party/abseil-cpp/absl/debugging/internal/demangle.h +35 -33
  430. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +41 -17
  431. data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +108 -44
  432. data/third_party/abseil-cpp/absl/flags/declare.h +0 -5
  433. data/third_party/abseil-cpp/absl/flags/flag.h +1 -10
  434. data/third_party/abseil-cpp/absl/flags/internal/flag.h +0 -5
  435. data/third_party/abseil-cpp/absl/flags/marshalling.cc +10 -1
  436. data/third_party/abseil-cpp/absl/flags/reflection.cc +2 -1
  437. data/third_party/abseil-cpp/absl/functional/function_ref.h +8 -0
  438. data/third_party/abseil-cpp/absl/functional/internal/any_invocable.h +2 -2
  439. data/third_party/abseil-cpp/absl/hash/internal/hash.h +49 -2
  440. data/third_party/abseil-cpp/absl/numeric/bits.h +37 -18
  441. data/third_party/abseil-cpp/absl/random/distributions.h +1 -1
  442. data/third_party/abseil-cpp/absl/status/internal/status_internal.cc +248 -0
  443. data/third_party/abseil-cpp/absl/status/internal/status_internal.h +55 -14
  444. data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +53 -2
  445. data/third_party/abseil-cpp/absl/status/status.cc +36 -238
  446. data/third_party/abseil-cpp/absl/status/status.h +95 -53
  447. data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +1 -3
  448. data/third_party/abseil-cpp/absl/status/status_payload_printer.h +3 -2
  449. data/third_party/abseil-cpp/absl/status/statusor.cc +5 -2
  450. data/third_party/abseil-cpp/absl/status/statusor.h +43 -3
  451. data/third_party/abseil-cpp/absl/strings/ascii.cc +84 -12
  452. data/third_party/abseil-cpp/absl/strings/ascii.h +8 -6
  453. data/third_party/abseil-cpp/absl/strings/charconv.cc +19 -12
  454. data/third_party/abseil-cpp/absl/strings/charconv.h +6 -3
  455. data/third_party/abseil-cpp/absl/strings/charset.h +164 -0
  456. data/third_party/abseil-cpp/absl/strings/cord.cc +266 -69
  457. data/third_party/abseil-cpp/absl/strings/cord.h +138 -92
  458. data/third_party/abseil-cpp/absl/strings/cord_analysis.cc +19 -33
  459. data/third_party/abseil-cpp/absl/strings/cord_analysis.h +4 -3
  460. data/third_party/abseil-cpp/absl/strings/escaping.cc +5 -4
  461. data/third_party/abseil-cpp/absl/strings/has_absl_stringify.h +63 -0
  462. data/third_party/abseil-cpp/absl/strings/has_ostream_operator.h +42 -0
  463. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +0 -6
  464. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +19 -45
  465. data/third_party/abseil-cpp/absl/strings/internal/cordz_info.cc +23 -28
  466. data/third_party/abseil-cpp/absl/strings/internal/has_absl_stringify.h +15 -26
  467. data/third_party/abseil-cpp/absl/strings/internal/memutil.cc +12 -4
  468. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +145 -8
  469. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +72 -24
  470. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +17 -1
  471. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +7 -4
  472. data/third_party/abseil-cpp/absl/strings/internal/str_format/constexpr_parser.h +8 -3
  473. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +10 -4
  474. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +5 -4
  475. data/third_party/abseil-cpp/absl/strings/match.cc +3 -0
  476. data/third_party/abseil-cpp/absl/strings/numbers.cc +396 -153
  477. data/third_party/abseil-cpp/absl/strings/numbers.h +193 -35
  478. data/third_party/abseil-cpp/absl/strings/str_cat.cc +151 -21
  479. data/third_party/abseil-cpp/absl/strings/str_cat.h +127 -25
  480. data/third_party/abseil-cpp/absl/strings/str_format.h +30 -20
  481. data/third_party/abseil-cpp/absl/strings/str_join.h +16 -16
  482. data/third_party/abseil-cpp/absl/strings/str_replace.cc +12 -3
  483. data/third_party/abseil-cpp/absl/strings/str_replace.h +8 -5
  484. data/third_party/abseil-cpp/absl/strings/str_split.cc +8 -6
  485. data/third_party/abseil-cpp/absl/strings/str_split.h +18 -0
  486. data/third_party/abseil-cpp/absl/strings/string_view.cc +26 -5
  487. data/third_party/abseil-cpp/absl/strings/string_view.h +91 -26
  488. data/third_party/abseil-cpp/absl/strings/strip.h +5 -2
  489. data/third_party/abseil-cpp/absl/strings/substitute.cc +12 -4
  490. data/third_party/abseil-cpp/absl/strings/substitute.h +103 -91
  491. data/third_party/abseil-cpp/absl/synchronization/internal/pthread_waiter.h +2 -2
  492. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -0
  493. data/third_party/abseil-cpp/absl/synchronization/internal/win32_waiter.h +4 -2
  494. data/third_party/abseil-cpp/absl/synchronization/mutex.cc +296 -332
  495. data/third_party/abseil-cpp/absl/synchronization/mutex.h +89 -34
  496. data/third_party/abseil-cpp/absl/time/civil_time.h +26 -0
  497. data/third_party/abseil-cpp/absl/time/clock.h +5 -1
  498. data/third_party/abseil-cpp/absl/time/duration.cc +3 -3
  499. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +2 -2
  500. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +1 -1
  501. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +9 -14
  502. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +0 -8
  503. data/third_party/abseil-cpp/absl/types/bad_optional_access.cc +18 -0
  504. data/third_party/abseil-cpp/absl/types/bad_variant_access.cc +18 -0
  505. data/third_party/abseil-cpp/absl/types/internal/variant.h +3 -3
  506. data/third_party/abseil-cpp/absl/types/optional.h +3 -2
  507. data/third_party/abseil-cpp/absl/types/span.h +9 -4
  508. data/third_party/abseil-cpp/absl/utility/utility.h +11 -93
  509. data/third_party/boringssl-with-bazel/err_data.c +278 -276
  510. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +1 -1
  511. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +9 -9
  512. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +8 -21
  513. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +1 -1
  514. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +19 -1
  515. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +1 -1
  516. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +11 -3
  517. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +4 -1
  518. data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +1 -1
  519. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +3 -3
  520. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +1 -6
  521. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +4 -13
  522. data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +1 -6
  523. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +27 -4
  524. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +1 -4
  525. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -4
  526. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +8 -0
  527. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +1 -11
  528. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +7 -8
  529. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +42 -12
  530. data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +0 -22
  531. data/third_party/boringssl-with-bazel/src/crypto/bytestring/unicode.c +9 -9
  532. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +34 -1
  533. data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +49 -3
  534. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +30 -42
  535. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +87 -96
  536. data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +5 -1
  537. data/third_party/boringssl-with-bazel/src/crypto/cpu_intel.c +4 -2
  538. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
  539. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +4 -0
  540. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -2
  541. data/third_party/boringssl-with-bazel/src/crypto/des/des.c +105 -31
  542. data/third_party/boringssl-with-bazel/src/crypto/des/internal.h +10 -81
  543. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +2 -15
  544. data/third_party/boringssl-with-bazel/src/crypto/engine/engine.c +1 -9
  545. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +1 -5
  546. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +2 -5
  547. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +1 -4
  548. data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +1 -2
  549. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +1 -3
  550. data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -2
  551. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/add.c +2 -8
  552. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +1 -1
  553. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +26 -17
  554. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +1 -1
  555. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +4 -2
  556. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +26 -5
  557. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +10 -41
  558. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +49 -2
  559. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +26 -0
  560. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +27 -26
  561. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +2 -6
  562. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +1 -8
  563. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +8 -2
  564. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +11 -2
  565. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +11 -24
  566. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aesccm.c +43 -50
  567. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +2 -6
  568. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +4 -0
  569. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +1 -2
  570. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +16 -9
  571. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +7 -6
  572. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +2 -7
  573. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +51 -13
  574. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +17 -0
  575. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +5 -2
  576. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +1 -2
  577. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +1 -3
  578. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +6 -5
  579. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +1 -2
  580. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +153 -6
  581. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +87 -7
  582. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +39 -5
  583. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +32 -5
  584. data/third_party/boringssl-with-bazel/src/crypto/internal.h +254 -54
  585. data/third_party/boringssl-with-bazel/src/crypto/keccak/internal.h +70 -0
  586. data/third_party/boringssl-with-bazel/src/crypto/{kyber → keccak}/keccak.c +124 -49
  587. data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +8 -39
  588. data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +39 -29
  589. data/third_party/boringssl-with-bazel/src/crypto/lhash/lhash.c +3 -6
  590. data/third_party/boringssl-with-bazel/src/crypto/mem.c +17 -33
  591. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +36 -16
  592. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +0 -3
  593. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +31 -0
  594. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +2 -4
  595. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +3 -3
  596. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +9 -13
  597. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +3 -6
  598. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/forkunsafe.c +4 -0
  599. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_crypt.c +3 -1
  600. data/third_party/boringssl-with-bazel/src/crypto/spx/address.c +101 -0
  601. data/third_party/boringssl-with-bazel/src/crypto/spx/address.h +50 -0
  602. data/third_party/boringssl-with-bazel/src/crypto/spx/fors.c +133 -0
  603. data/third_party/boringssl-with-bazel/src/crypto/spx/fors.h +54 -0
  604. data/third_party/boringssl-with-bazel/src/crypto/spx/internal.h +79 -0
  605. data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.c +150 -0
  606. data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.h +61 -0
  607. data/third_party/boringssl-with-bazel/src/crypto/spx/params.h +71 -0
  608. data/third_party/boringssl-with-bazel/src/crypto/spx/spx.c +139 -0
  609. data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.c +53 -0
  610. data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.h +44 -0
  611. data/third_party/boringssl-with-bazel/src/crypto/spx/thash.c +136 -0
  612. data/third_party/boringssl-with-bazel/src/crypto/spx/thash.h +70 -0
  613. data/third_party/boringssl-with-bazel/src/crypto/spx/wots.c +135 -0
  614. data/third_party/boringssl-with-bazel/src/crypto/spx/wots.h +45 -0
  615. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +4 -9
  616. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +10 -22
  617. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +3 -6
  618. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +12 -36
  619. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +1 -2
  620. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +0 -2
  621. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +14 -9
  622. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +23 -33
  623. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +225 -51
  624. data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +2 -6
  625. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +6 -2
  626. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +1 -1
  627. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +1 -4
  628. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +1 -3
  629. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_akey.c +1 -1
  630. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_akeya.c +3 -1
  631. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_alt.c +5 -6
  632. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_bcons.c +1 -1
  633. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_bitst.c +1 -1
  634. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_conf.c +0 -2
  635. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_cpols.c +1 -1
  636. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_crld.c +1 -2
  637. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_enum.c +1 -0
  638. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_extku.c +1 -1
  639. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_genn.c +12 -12
  640. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_ia5.c +1 -1
  641. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_info.c +4 -6
  642. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_int.c +1 -1
  643. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_lib.c +3 -2
  644. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_ncons.c +2 -2
  645. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_ocsp.c +1 -1
  646. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_pcons.c +1 -1
  647. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_pmaps.c +1 -1
  648. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_prn.c +3 -4
  649. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_purp.c +92 -335
  650. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_skey.c +1 -2
  651. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_utl.c +20 -18
  652. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +35 -32
  653. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +44 -59
  654. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +0 -1
  655. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +107 -255
  656. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +32 -20
  657. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +25 -152
  658. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +0 -1
  659. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +330 -944
  660. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +93 -215
  661. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +28 -6
  662. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +1 -1
  663. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +35 -129
  664. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +7 -8
  665. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +46 -50
  666. data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +2 -0
  667. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +1 -4
  668. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +6 -6
  669. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +0 -21
  670. data/third_party/boringssl-with-bazel/src/include/openssl/asm_base.h +5 -6
  671. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +3 -1
  672. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +24 -0
  673. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +14 -5
  674. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -0
  675. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +1 -0
  676. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +4 -1
  677. data/third_party/boringssl-with-bazel/src/include/openssl/curve25519.h +2 -2
  678. data/third_party/boringssl-with-bazel/src/include/openssl/des.h +0 -13
  679. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +33 -11
  680. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1 -1
  681. data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +5 -4
  682. data/third_party/boringssl-with-bazel/src/include/openssl/kyber.h +26 -18
  683. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +13 -6
  684. data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +5 -1
  685. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
  686. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +19 -5
  687. data/third_party/boringssl-with-bazel/src/include/openssl/posix_time.h +45 -0
  688. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +5 -0
  689. data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +20 -3
  690. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +18 -20
  691. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +76 -60
  692. data/third_party/boringssl-with-bazel/src/include/openssl/target.h +31 -6
  693. data/third_party/boringssl-with-bazel/src/include/openssl/time.h +3 -22
  694. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +2 -1
  695. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +2806 -941
  696. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +38 -1025
  697. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3_errors.h +124 -0
  698. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +1 -2
  699. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +82 -9
  700. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +42 -4
  701. data/third_party/boringssl-with-bazel/src/ssl/internal.h +4 -0
  702. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +4 -5
  703. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +9 -1
  704. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +0 -1
  705. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +5 -1
  706. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +5 -1
  707. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_adx.h +4 -2
  708. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +21 -0
  709. data/third_party/cares/config_linux/ares_config.h +2 -38
  710. metadata +214 -179
  711. data/src/core/lib/iomgr/load_file.cc +0 -78
  712. data/src/core/lib/iomgr/load_file.h +0 -35
  713. data/third_party/abseil-cpp/absl/base/internal/prefetch.h +0 -137
  714. data/third_party/abseil-cpp/absl/base/internal/thread_annotations.h +0 -280
  715. data/third_party/abseil-cpp/absl/flags/flag.cc +0 -38
  716. data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +0 -116
  717. data/third_party/abseil-cpp/absl/strings/internal/char_map.h +0 -158
  718. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +0 -773
  719. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +0 -607
  720. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +0 -118
  721. data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +0 -100
  722. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +0 -111
  723. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +0 -197
  724. /data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/ext_dat.h +0 -0
@@ -63,16 +63,21 @@
63
63
  #ifndef OPENSSL_HEADER_X509_H
64
64
  #define OPENSSL_HEADER_X509_H
65
65
 
66
- #include <openssl/asn1.h>
67
66
  #include <openssl/base.h>
67
+
68
+ #include <time.h>
69
+
70
+ #include <openssl/asn1.h>
68
71
  #include <openssl/bio.h>
69
72
  #include <openssl/cipher.h>
73
+ #include <openssl/conf.h>
70
74
  #include <openssl/dh.h>
71
75
  #include <openssl/dsa.h>
72
76
  #include <openssl/ec.h>
73
77
  #include <openssl/ecdh.h>
74
78
  #include <openssl/ecdsa.h>
75
79
  #include <openssl/evp.h>
80
+ #include <openssl/lhash.h>
76
81
  #include <openssl/obj.h>
77
82
  #include <openssl/pkcs7.h>
78
83
  #include <openssl/pool.h>
@@ -80,7 +85,7 @@
80
85
  #include <openssl/sha.h>
81
86
  #include <openssl/stack.h>
82
87
  #include <openssl/thread.h>
83
- #include <time.h>
88
+ #include <openssl/x509v3_errors.h> // IWYU pragma: export
84
89
 
85
90
  #if defined(__cplusplus)
86
91
  extern "C" {
@@ -193,11 +198,16 @@ OPENSSL_EXPORT X509_NAME *X509_get_subject_name(const X509 *x509);
193
198
  // object.
194
199
  OPENSSL_EXPORT X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x509);
195
200
 
196
- // X509_get_pubkey returns |x509|'s public key as an |EVP_PKEY|, or NULL if the
197
- // public key was unsupported or could not be decoded. This function returns a
198
- // reference to the |EVP_PKEY|. The caller must release the result with
199
- // |EVP_PKEY_free| when done.
200
- OPENSSL_EXPORT EVP_PKEY *X509_get_pubkey(X509 *x509);
201
+ // X509_get0_pubkey returns |x509|'s public key as an |EVP_PKEY|, or NULL if the
202
+ // public key was unsupported or could not be decoded. The |EVP_PKEY| is cached
203
+ // in |x509|, so callers must not mutate the result.
204
+ OPENSSL_EXPORT EVP_PKEY *X509_get0_pubkey(const X509 *x509);
205
+
206
+ // X509_get_pubkey behaves like |X509_get0_pubkey| but increments the reference
207
+ // count on the |EVP_PKEY|. The caller must release the result with
208
+ // |EVP_PKEY_free| when done. The |EVP_PKEY| is cached in |x509|, so callers
209
+ // must not mutate the result.
210
+ OPENSSL_EXPORT EVP_PKEY *X509_get_pubkey(const X509 *x509);
201
211
 
202
212
  // X509_get0_pubkey_bitstr returns the BIT STRING portion of |x509|'s public
203
213
  // key. Note this does not contain the AlgorithmIdentifier portion.
@@ -207,6 +217,11 @@ OPENSSL_EXPORT EVP_PKEY *X509_get_pubkey(X509 *x509);
207
217
  // internal invariants in |x509|.
208
218
  OPENSSL_EXPORT ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x509);
209
219
 
220
+ // X509_check_private_key returns one if |x509|'s public key matches |pkey| and
221
+ // zero otherwise.
222
+ OPENSSL_EXPORT int X509_check_private_key(const X509 *x509,
223
+ const EVP_PKEY *pkey);
224
+
210
225
  // X509_get0_uids sets |*out_issuer_uid| to a non-owning pointer to the
211
226
  // issuerUID field of |x509|, or NULL if |x509| has no issuerUID. It similarly
212
227
  // outputs |x509|'s subjectUID field to |*out_subject_uid|.
@@ -217,6 +232,146 @@ OPENSSL_EXPORT void X509_get0_uids(const X509 *x509,
217
232
  const ASN1_BIT_STRING **out_issuer_uid,
218
233
  const ASN1_BIT_STRING **out_subject_uid);
219
234
 
235
+ // The following bits are returned from |X509_get_extension_flags|.
236
+
237
+ // EXFLAG_BCONS indicates the certificate has a basic constraints extension.
238
+ #define EXFLAG_BCONS 0x1
239
+ // EXFLAG_KUSAGE indicates the certifcate has a key usage extension.
240
+ #define EXFLAG_KUSAGE 0x2
241
+ // EXFLAG_XKUSAGE indicates the certifcate has an extended key usage extension.
242
+ #define EXFLAG_XKUSAGE 0x4
243
+ // EXFLAG_CA indicates the certificate has a basic constraints extension with
244
+ // the CA bit set.
245
+ #define EXFLAG_CA 0x10
246
+ // EXFLAG_SI indicates the certificate is self-issued, i.e. its subject and
247
+ // issuer names match.
248
+ #define EXFLAG_SI 0x20
249
+ // EXFLAG_V1 indicates an X.509v1 certificate.
250
+ #define EXFLAG_V1 0x40
251
+ // EXFLAG_INVALID indicates an error processing some extension. The certificate
252
+ // should not be accepted. Note the lack of this bit does not imply all
253
+ // extensions are valid, only those used to compute extension flags.
254
+ #define EXFLAG_INVALID 0x80
255
+ // EXFLAG_SET is an internal bit that indicates extension flags were computed.
256
+ #define EXFLAG_SET 0x100
257
+ // EXFLAG_CRITICAL indicates an unsupported critical extension. The certificate
258
+ // should not be accepted.
259
+ #define EXFLAG_CRITICAL 0x200
260
+ // EXFLAG_SS indicates the certificate is likely self-signed. That is, if it is
261
+ // self-issued, its authority key identifer (if any) matches itself, and its key
262
+ // usage extension (if any) allows certificate signatures. The signature itself
263
+ // is not checked in computing this bit.
264
+ #define EXFLAG_SS 0x2000
265
+
266
+ // X509_get_extension_flags decodes a set of extensions from |x509| and returns
267
+ // a collection of |EXFLAG_*| bits which reflect |x509|. If there was an error
268
+ // in computing this bitmask, the result will include the |EXFLAG_INVALID| bit.
269
+ OPENSSL_EXPORT uint32_t X509_get_extension_flags(X509 *x509);
270
+
271
+ // X509_get_pathlen returns path length constraint from the basic constraints
272
+ // extension in |x509|. (See RFC 5280, section 4.2.1.9.) It returns -1 if the
273
+ // constraint is not present, or if some extension in |x509| was invalid.
274
+ //
275
+ // TODO(crbug.com/boringssl/381): Decoding an |X509| object will not check for
276
+ // invalid extensions. To detect the error case, call
277
+ // |X509_get_extension_flags| and check the |EXFLAG_INVALID| bit.
278
+ OPENSSL_EXPORT long X509_get_pathlen(X509 *x509);
279
+
280
+ // X509v3_KU_* are key usage bits returned from |X509_get_key_usage|.
281
+ #define X509v3_KU_DIGITAL_SIGNATURE 0x0080
282
+ #define X509v3_KU_NON_REPUDIATION 0x0040
283
+ #define X509v3_KU_KEY_ENCIPHERMENT 0x0020
284
+ #define X509v3_KU_DATA_ENCIPHERMENT 0x0010
285
+ #define X509v3_KU_KEY_AGREEMENT 0x0008
286
+ #define X509v3_KU_KEY_CERT_SIGN 0x0004
287
+ #define X509v3_KU_CRL_SIGN 0x0002
288
+ #define X509v3_KU_ENCIPHER_ONLY 0x0001
289
+ #define X509v3_KU_DECIPHER_ONLY 0x8000
290
+
291
+ // X509_get_key_usage returns a bitmask of key usages (see Section 4.2.1.3 of
292
+ // RFC 5280) which |x509| is valid for. This function only reports the first 16
293
+ // bits, in a little-endian byte order, but big-endian bit order. That is, bits
294
+ // 0 though 7 are reported at 1<<7 through 1<<0, and bits 8 through 15 are
295
+ // reported at 1<<15 through 1<<8.
296
+ //
297
+ // Instead of depending on this bit order, callers should compare against the
298
+ // |X509v3_KU_*| constants.
299
+ //
300
+ // If |x509| has no key usage extension, all key usages are valid and this
301
+ // function returns |UINT32_MAX|. If there was an error processing |x509|'s
302
+ // extensions, or if the first 16 bits in the key usage extension were all zero,
303
+ // this function returns zero.
304
+ OPENSSL_EXPORT uint32_t X509_get_key_usage(X509 *x509);
305
+
306
+ // XKU_* are extended key usage bits returned from
307
+ // |X509_get_extended_key_usage|.
308
+ #define XKU_SSL_SERVER 0x1
309
+ #define XKU_SSL_CLIENT 0x2
310
+ #define XKU_SMIME 0x4
311
+ #define XKU_CODE_SIGN 0x8
312
+ #define XKU_SGC 0x10
313
+ #define XKU_OCSP_SIGN 0x20
314
+ #define XKU_TIMESTAMP 0x40
315
+ #define XKU_DVCS 0x80
316
+ #define XKU_ANYEKU 0x100
317
+
318
+ // X509_get_extended_key_usage returns a bitmask of extended key usages (see
319
+ // Section 4.2.1.12 of RFC 5280) which |x509| is valid for. The result will be
320
+ // a combination of |XKU_*| constants. If checking an extended key usage not
321
+ // defined above, callers should extract the extended key usage extension
322
+ // separately, e.g. via |X509_get_ext_d2i|.
323
+ //
324
+ // If |x509| has no extended key usage extension, all extended key usages are
325
+ // valid and this function returns |UINT32_MAX|. If there was an error
326
+ // processing |x509|'s extensions, or if |x509|'s extended key usage extension
327
+ // contained no recognized usages, this function returns zero.
328
+ OPENSSL_EXPORT uint32_t X509_get_extended_key_usage(X509 *x509);
329
+
330
+ // X509_get0_subject_key_id returns |x509|'s subject key identifier, if present.
331
+ // (See RFC 5280, section 4.2.1.2.) It returns NULL if the extension is not
332
+ // present or if some extension in |x509| was invalid.
333
+ //
334
+ // TODO(crbug.com/boringssl/381): Decoding an |X509| object will not check for
335
+ // invalid extensions. To detect the error case, call
336
+ // |X509_get_extension_flags| and check the |EXFLAG_INVALID| bit.
337
+ OPENSSL_EXPORT const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x509);
338
+
339
+ // X509_get0_authority_key_id returns keyIdentifier of |x509|'s authority key
340
+ // identifier, if the extension and field are present. (See RFC 5280,
341
+ // section 4.2.1.1.) It returns NULL if the extension is not present, if it is
342
+ // present but lacks a keyIdentifier field, or if some extension in |x509| was
343
+ // invalid.
344
+ //
345
+ // TODO(crbug.com/boringssl/381): Decoding an |X509| object will not check for
346
+ // invalid extensions. To detect the error case, call
347
+ // |X509_get_extension_flags| and check the |EXFLAG_INVALID| bit.
348
+ OPENSSL_EXPORT const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x509);
349
+
350
+ DEFINE_STACK_OF(GENERAL_NAME)
351
+ typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
352
+
353
+ // X509_get0_authority_issuer returns the authorityCertIssuer of |x509|'s
354
+ // authority key identifier, if the extension and field are present. (See
355
+ // RFC 5280, section 4.2.1.1.) It returns NULL if the extension is not present,
356
+ // if it is present but lacks a authorityCertIssuer field, or if some extension
357
+ // in |x509| was invalid.
358
+ //
359
+ // TODO(crbug.com/boringssl/381): Decoding an |X509| object will not check for
360
+ // invalid extensions. To detect the error case, call
361
+ // |X509_get_extension_flags| and check the |EXFLAG_INVALID| bit.
362
+ OPENSSL_EXPORT const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x509);
363
+
364
+ // X509_get0_authority_serial returns the authorityCertSerialNumber of |x509|'s
365
+ // authority key identifier, if the extension and field are present. (See
366
+ // RFC 5280, section 4.2.1.1.) It returns NULL if the extension is not present,
367
+ // if it is present but lacks a authorityCertSerialNumber field, or if some
368
+ // extension in |x509| was invalid.
369
+ //
370
+ // TODO(crbug.com/boringssl/381): Decoding an |X509| object will not check for
371
+ // invalid extensions. To detect the error case, call
372
+ // |X509_get_extension_flags| and check the |EXFLAG_INVALID| bit.
373
+ OPENSSL_EXPORT const ASN1_INTEGER *X509_get0_authority_serial(X509 *x509);
374
+
220
375
  // X509_get0_extensions returns |x509|'s extension list, or NULL if |x509| omits
221
376
  // it.
222
377
  OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *X509_get0_extensions(
@@ -244,6 +399,14 @@ OPENSSL_EXPORT int X509_get_ext_by_critical(const X509 *x, int crit,
244
399
  // compatibility, but callers should not mutate the result.
245
400
  OPENSSL_EXPORT X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
246
401
 
402
+ // X509_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the extension in
403
+ // |x509|'s extension list.
404
+ //
405
+ // WARNING: This function is difficult to use correctly. See the documentation
406
+ // for |X509V3_get_d2i| for details.
407
+ OPENSSL_EXPORT void *X509_get_ext_d2i(const X509 *x509, int nid,
408
+ int *out_critical, int *out_idx);
409
+
247
410
  // X509_get0_tbs_sigalg returns the signature algorithm in |x509|'s
248
411
  // TBSCertificate. For the outer signature algorithm, see |X509_get0_signature|.
249
412
  //
@@ -283,6 +446,30 @@ OPENSSL_EXPORT int i2d_X509_tbs(X509 *x509, unsigned char **outp);
283
446
  // validation.
284
447
  OPENSSL_EXPORT int X509_verify(X509 *x509, EVP_PKEY *pkey);
285
448
 
449
+ // X509_get1_email returns a newly-allocated list of NUL-terminated strings
450
+ // containing all email addresses in |x509|'s subject and all rfc822name names
451
+ // in |x509|'s subject alternative names. Email addresses which contain embedded
452
+ // NUL bytes are skipped.
453
+ //
454
+ // On error, or if there are no such email addresses, it returns NULL. When
455
+ // done, the caller must release the result with |X509_email_free|.
456
+ OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_get1_email(const X509 *x509);
457
+
458
+ // X509_get1_ocsp returns a newly-allocated list of NUL-terminated strings
459
+ // containing all OCSP URIs in |x509|. That is, it collects all URI
460
+ // AccessDescriptions with an accessMethod of id-ad-ocsp in |x509|'s authority
461
+ // information access extension. URIs which contain embedded NUL bytes are
462
+ // skipped.
463
+ //
464
+ // On error, or if there are no such URIs, it returns NULL. When done, the
465
+ // caller must release the result with |X509_email_free|.
466
+ OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(const X509 *x509);
467
+
468
+ // X509_email_free releases memory associated with |sk|, including |sk| itself.
469
+ // Each |OPENSSL_STRING| in |sk| must be a NUL-terminated string allocated with
470
+ // |OPENSSL_malloc|. If |sk| is NULL, no action is taken.
471
+ OPENSSL_EXPORT void X509_email_free(STACK_OF(OPENSSL_STRING) *sk);
472
+
286
473
 
287
474
  // Issuing certificates.
288
475
  //
@@ -347,6 +534,15 @@ OPENSSL_EXPORT X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
347
534
  // list.
348
535
  OPENSSL_EXPORT int X509_add_ext(X509 *x, const X509_EXTENSION *ex, int loc);
349
536
 
537
+ // X509_add1_ext_i2d behaves like |X509V3_add1_i2d| but adds the extension to
538
+ // |x|'s extension list.
539
+ //
540
+ // WARNING: This function may return zero or -1 on error. The caller must also
541
+ // ensure |value|'s type matches |nid|. See the documentation for
542
+ // |X509V3_add1_i2d| for details.
543
+ OPENSSL_EXPORT int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
544
+ unsigned long flags);
545
+
350
546
  // X509_sign signs |x509| with |pkey| and replaces the signature algorithm and
351
547
  // signature fields. It returns the length of the signature on success and zero
352
548
  // on error. This function uses digest algorithm |md|, or |pkey|'s default if
@@ -359,6 +555,9 @@ OPENSSL_EXPORT int X509_sign(X509 *x509, EVP_PKEY *pkey, const EVP_MD *md);
359
555
  // zero on error. The signature algorithm and parameters come from |ctx|, which
360
556
  // must have been initialized with |EVP_DigestSignInit|. The caller should
361
557
  // configure the corresponding |EVP_PKEY_CTX| before calling this function.
558
+ //
559
+ // On success or failure, this function mutates |ctx| and resets it to the empty
560
+ // state. Caller should not rely on its contents after the function returns.
362
561
  OPENSSL_EXPORT int X509_sign_ctx(X509 *x509, EVP_MD_CTX *ctx);
363
562
 
364
563
  // i2d_re_X509_tbs serializes the TBSCertificate portion of |x509|, as described
@@ -401,7 +600,9 @@ OPENSSL_EXPORT int X509_set1_signature_value(X509 *x509, const uint8_t *sig,
401
600
  // Unlike similarly-named functions, this function does not output a single
402
601
  // ASN.1 element. Directly embedding the output in a larger ASN.1 structure will
403
602
  // not behave correctly.
404
- OPENSSL_EXPORT int i2d_X509_AUX(X509 *x509, unsigned char **outp);
603
+ //
604
+ // TODO(crbug.com/boringssl/407): |x509| should be const.
605
+ OPENSSL_EXPORT int i2d_X509_AUX(X509 *x509, uint8_t **outp);
405
606
 
406
607
  // d2i_X509_AUX parses up to |length| bytes from |*inp| as a DER-encoded X.509
407
608
  // Certificate (RFC 5280), followed optionally by a separate, OpenSSL-specific
@@ -413,19 +614,19 @@ OPENSSL_EXPORT int i2d_X509_AUX(X509 *x509, unsigned char **outp);
413
614
  // Unlike similarly-named functions, this function does not parse a single
414
615
  // ASN.1 element. Trying to parse data directly embedded in a larger ASN.1
415
616
  // structure will not behave correctly.
416
- OPENSSL_EXPORT X509 *d2i_X509_AUX(X509 **x509, const unsigned char **inp,
617
+ OPENSSL_EXPORT X509 *d2i_X509_AUX(X509 **x509, const uint8_t **inp,
417
618
  long length);
418
619
 
419
620
  // X509_alias_set1 sets |x509|'s alias to |len| bytes from |name|. If |name| is
420
621
  // NULL, the alias is cleared instead. Aliases are not part of the certificate
421
622
  // itself and will not be serialized by |i2d_X509|.
422
- OPENSSL_EXPORT int X509_alias_set1(X509 *x509, const unsigned char *name,
623
+ OPENSSL_EXPORT int X509_alias_set1(X509 *x509, const uint8_t *name,
423
624
  ossl_ssize_t len);
424
625
 
425
626
  // X509_keyid_set1 sets |x509|'s key ID to |len| bytes from |id|. If |id| is
426
627
  // NULL, the key ID is cleared instead. Key IDs are not part of the certificate
427
628
  // itself and will not be serialized by |i2d_X509|.
428
- OPENSSL_EXPORT int X509_keyid_set1(X509 *x509, const unsigned char *id,
629
+ OPENSSL_EXPORT int X509_keyid_set1(X509 *x509, const uint8_t *id,
429
630
  ossl_ssize_t len);
430
631
 
431
632
  // X509_alias_get0 looks up |x509|'s alias. If found, it sets |*out_len| to the
@@ -440,7 +641,7 @@ OPENSSL_EXPORT int X509_keyid_set1(X509 *x509, const unsigned char *id,
440
641
  // WARNING: In OpenSSL, this function did not set |*out_len| when the alias was
441
642
  // missing. Callers that target both OpenSSL and BoringSSL should set the value
442
643
  // to zero before calling this function.
443
- OPENSSL_EXPORT unsigned char *X509_alias_get0(X509 *x509, int *out_len);
644
+ OPENSSL_EXPORT const uint8_t *X509_alias_get0(const X509 *x509, int *out_len);
444
645
 
445
646
  // X509_keyid_get0 looks up |x509|'s key ID. If found, it sets |*out_len| to the
446
647
  // key ID's length and returns a pointer to a buffer containing the contents. If
@@ -450,29 +651,50 @@ OPENSSL_EXPORT unsigned char *X509_alias_get0(X509 *x509, int *out_len);
450
651
  // WARNING: In OpenSSL, this function did not set |*out_len| when the alias was
451
652
  // missing. Callers that target both OpenSSL and BoringSSL should set the value
452
653
  // to zero before calling this function.
453
- OPENSSL_EXPORT unsigned char *X509_keyid_get0(X509 *x509, int *out_len);
654
+ OPENSSL_EXPORT const uint8_t *X509_keyid_get0(const X509 *x509, int *out_len);
655
+
656
+ // X509_add1_trust_object configures |x509| as a valid trust anchor for |obj|.
657
+ // It returns one on success and zero on error. |obj| should be a certificate
658
+ // usage OID associated with an |X509_TRUST| object.
659
+ //
660
+ // See |X509_VERIFY_PARAM_set_trust| for details on how this value is evaluated.
661
+ OPENSSL_EXPORT int X509_add1_trust_object(X509 *x509, const ASN1_OBJECT *obj);
662
+
663
+ // X509_add1_reject_object configures |x509| as distrusted for |obj|. It returns
664
+ // one on success and zero on error. |obj| should be a certificate usage OID
665
+ // associated with an |X509_TRUST| object.
666
+ //
667
+ // See |X509_VERIFY_PARAM_set_trust| for details on how this value is evaluated.
668
+ OPENSSL_EXPORT int X509_add1_reject_object(X509 *x509, const ASN1_OBJECT *obj);
669
+
670
+ // X509_trust_clear clears the list of OIDs for which |x509| is trusted. See
671
+ // also |X509_add1_trust_object|.
672
+ OPENSSL_EXPORT void X509_trust_clear(X509 *x509);
673
+
674
+ // X509_reject_clear clears the list of OIDs for which |x509| is distrusted. See
675
+ // also |X509_add1_reject_object|.
676
+ OPENSSL_EXPORT void X509_reject_clear(X509 *x509);
454
677
 
455
678
 
456
679
  // Certificate revocation lists.
457
680
  //
458
681
  // An |X509_CRL| object represents an X.509 certificate revocation list (CRL),
459
- // defined in RFC 5280. A CRL is a signed list of certificates which are no
460
- // longer considered valid.
682
+ // defined in RFC 5280. A CRL is a signed list of certificates, the
683
+ // revokedCertificates field, which are no longer considered valid. Each entry
684
+ // of this list is represented with an |X509_REVOKED| object, documented in the
685
+ // "CRL entries" section below.
461
686
  //
462
- // Although an |X509_CRL| is a mutable object, mutating an |X509_CRL| can give
463
- // incorrect results. Callers typically obtain |X509_CRL|s by parsing some input
464
- // with |d2i_X509_CRL|, etc. Such objects carry information such as the
465
- // serialized TBSCertList and decoded extensions, which will become inconsistent
466
- // when mutated.
687
+ // Although an |X509_CRL| is a mutable object, mutating an |X509_CRL| or its
688
+ // |X509_REVOKED|s can give incorrect results. Callers typically obtain
689
+ // |X509_CRL|s by parsing some input with |d2i_X509_CRL|, etc. Such objects
690
+ // carry information such as the serialized TBSCertList and decoded extensions,
691
+ // which will become inconsistent when mutated.
467
692
  //
468
693
  // Instead, mutation functions should only be used when issuing new CRLs, as
469
694
  // described in a later section.
470
695
 
471
696
  DEFINE_STACK_OF(X509_CRL)
472
-
473
- // X509_CRL is an |ASN1_ITEM| whose ASN.1 type is X.509 CertificateList (RFC
474
- // 5280) and C type is |X509_CRL*|.
475
- DECLARE_ASN1_ITEM(X509_CRL)
697
+ DEFINE_STACK_OF(X509_REVOKED)
476
698
 
477
699
  // X509_CRL_up_ref adds one to the reference count of |crl| and returns one.
478
700
  OPENSSL_EXPORT int X509_CRL_up_ref(X509_CRL *crl);
@@ -522,6 +744,24 @@ OPENSSL_EXPORT const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
522
744
  // const-correct for legacy reasons.
523
745
  OPENSSL_EXPORT X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
524
746
 
747
+ // X509_CRL_get0_by_serial finds the entry in |crl| whose serial number is
748
+ // |serial|. If found, it sets |*out| to the entry and returns one. If not
749
+ // found, it returns zero.
750
+ //
751
+ // On success, |*out| continues to be owned by |crl|. It is an error to free or
752
+ // otherwise modify |*out|.
753
+ //
754
+ // TODO(crbug.com/boringssl/600): Ideally |crl| would be const. It is broadly
755
+ // thread-safe, but changes the order of entries in |crl|. It cannot be called
756
+ // concurrently with |i2d_X509_CRL|.
757
+ OPENSSL_EXPORT int X509_CRL_get0_by_serial(X509_CRL *crl, X509_REVOKED **out,
758
+ const ASN1_INTEGER *serial);
759
+
760
+ // X509_CRL_get0_by_cert behaves like |X509_CRL_get0_by_serial|, except it looks
761
+ // for the entry that matches |x509|.
762
+ OPENSSL_EXPORT int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **out,
763
+ X509 *x509);
764
+
525
765
  // X509_CRL_get_REVOKED returns the list of revoked certificates in |crl|, or
526
766
  // NULL if |crl| omits it.
527
767
  //
@@ -531,7 +771,9 @@ OPENSSL_EXPORT X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
531
771
  OPENSSL_EXPORT STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
532
772
 
533
773
  // X509_CRL_get0_extensions returns |crl|'s extension list, or NULL if |crl|
534
- // omits it.
774
+ // omits it. A CRL can have extensions on individual entries, which is
775
+ // |X509_REVOKED_get0_extensions|, or on the overall CRL, which is this
776
+ // function.
535
777
  OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(
536
778
  const X509_CRL *crl);
537
779
 
@@ -558,6 +800,14 @@ OPENSSL_EXPORT int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit,
558
800
  // compatibility, but callers should not mutate the result.
559
801
  OPENSSL_EXPORT X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
560
802
 
803
+ // X509_CRL_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the
804
+ // extension in |crl|'s extension list.
805
+ //
806
+ // WARNING: This function is difficult to use correctly. See the documentation
807
+ // for |X509V3_get_d2i| for details.
808
+ OPENSSL_EXPORT void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid,
809
+ int *out_critical, int *out_idx);
810
+
561
811
  // X509_CRL_get0_signature sets |*out_sig| and |*out_alg| to the signature and
562
812
  // signature algorithm of |crl|, respectively. Either output pointer may be NULL
563
813
  // to ignore the value.
@@ -619,6 +869,15 @@ OPENSSL_EXPORT int X509_CRL_set1_lastUpdate(X509_CRL *crl, const ASN1_TIME *tm);
619
869
  // on success and zero on error.
620
870
  OPENSSL_EXPORT int X509_CRL_set1_nextUpdate(X509_CRL *crl, const ASN1_TIME *tm);
621
871
 
872
+ // X509_CRL_add0_revoked adds |rev| to |crl|. On success, it takes ownership of
873
+ // |rev| and returns one. On error, it returns zero. If this function fails, the
874
+ // caller retains ownership of |rev| and must release it when done.
875
+ OPENSSL_EXPORT int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
876
+
877
+ // X509_CRL_sort sorts the entries in |crl| by serial number. It returns one on
878
+ // success and zero on error.
879
+ OPENSSL_EXPORT int X509_CRL_sort(X509_CRL *crl);
880
+
622
881
  // X509_CRL_delete_ext removes the extension in |x| at index |loc| and returns
623
882
  // the removed extension, or NULL if |loc| was out of bounds. If non-NULL, the
624
883
  // caller must release the result with |X509_EXTENSION_free|.
@@ -634,6 +893,15 @@ OPENSSL_EXPORT X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
634
893
  OPENSSL_EXPORT int X509_CRL_add_ext(X509_CRL *x, const X509_EXTENSION *ex,
635
894
  int loc);
636
895
 
896
+ // X509_CRL_add1_ext_i2d behaves like |X509V3_add1_i2d| but adds the extension
897
+ // to |x|'s extension list.
898
+ //
899
+ // WARNING: This function may return zero or -1 on error. The caller must also
900
+ // ensure |value|'s type matches |nid|. See the documentation for
901
+ // |X509V3_add1_i2d| for details.
902
+ OPENSSL_EXPORT int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value,
903
+ int crit, unsigned long flags);
904
+
637
905
  // X509_CRL_sign signs |crl| with |pkey| and replaces the signature algorithm
638
906
  // and signature fields. It returns the length of the signature on success and
639
907
  // zero on error. This function uses digest algorithm |md|, or |pkey|'s default
@@ -647,6 +915,9 @@ OPENSSL_EXPORT int X509_CRL_sign(X509_CRL *crl, EVP_PKEY *pkey,
647
915
  // zero on error. The signature algorithm and parameters come from |ctx|, which
648
916
  // must have been initialized with |EVP_DigestSignInit|. The caller should
649
917
  // configure the corresponding |EVP_PKEY_CTX| before calling this function.
918
+ //
919
+ // On success or failure, this function mutates |ctx| and resets it to the empty
920
+ // state. Caller should not rely on its contents after the function returns.
650
921
  OPENSSL_EXPORT int X509_CRL_sign_ctx(X509_CRL *crl, EVP_MD_CTX *ctx);
651
922
 
652
923
  // i2d_re_X509_CRL_tbs serializes the TBSCertList portion of |crl|, as described
@@ -677,6 +948,123 @@ OPENSSL_EXPORT int X509_CRL_set1_signature_value(X509_CRL *crl,
677
948
  size_t sig_len);
678
949
 
679
950
 
951
+ // CRL entries.
952
+ //
953
+ // Each entry of a CRL is represented as an |X509_REVOKED| object, which
954
+ // describes a revoked certificate by serial number.
955
+ //
956
+ // When an |X509_REVOKED| is obtained from an |X509_CRL| object, it is an error
957
+ // to mutate the object. Doing so may break |X509_CRL|'s and cause the library
958
+ // to behave incorrectly.
959
+
960
+ // X509_REVOKED_new returns a newly-allocated, empty |X509_REVOKED| object, or
961
+ // NULL on allocation error.
962
+ OPENSSL_EXPORT X509_REVOKED *X509_REVOKED_new(void);
963
+
964
+ // X509_REVOKED_free releases memory associated with |rev|.
965
+ OPENSSL_EXPORT void X509_REVOKED_free(X509_REVOKED *rev);
966
+
967
+ // d2i_X509_REVOKED parses up to |len| bytes from |*inp| as a DER-encoded X.509
968
+ // CRL entry, as described in |d2i_SAMPLE|.
969
+ OPENSSL_EXPORT X509_REVOKED *d2i_X509_REVOKED(X509_REVOKED **out,
970
+ const uint8_t **inp, long len);
971
+
972
+ // i2d_X509_REVOKED marshals |alg| as a DER-encoded X.509 CRL entry, as
973
+ // described in |i2d_SAMPLE|.
974
+ OPENSSL_EXPORT int i2d_X509_REVOKED(const X509_REVOKED *alg, uint8_t **outp);
975
+
976
+ // X509_REVOKED_dup returns a newly-allocated copy of |rev|, or NULL on error.
977
+ // This function works by serializing the structure, so if |rev| is incomplete,
978
+ // it may fail.
979
+ OPENSSL_EXPORT X509_REVOKED *X509_REVOKED_dup(const X509_REVOKED *rev);
980
+
981
+ // X509_REVOKED_get0_serialNumber returns the serial number of the certificate
982
+ // revoked by |revoked|.
983
+ OPENSSL_EXPORT const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(
984
+ const X509_REVOKED *revoked);
985
+
986
+ // X509_REVOKED_set_serialNumber sets |revoked|'s serial number to |serial|. It
987
+ // returns one on success or zero on error.
988
+ OPENSSL_EXPORT int X509_REVOKED_set_serialNumber(X509_REVOKED *revoked,
989
+ const ASN1_INTEGER *serial);
990
+
991
+ // X509_REVOKED_get0_revocationDate returns the revocation time of the
992
+ // certificate revoked by |revoked|.
993
+ OPENSSL_EXPORT const ASN1_TIME *X509_REVOKED_get0_revocationDate(
994
+ const X509_REVOKED *revoked);
995
+
996
+ // X509_REVOKED_set_revocationDate sets |revoked|'s revocation time to |tm|. It
997
+ // returns one on success or zero on error.
998
+ OPENSSL_EXPORT int X509_REVOKED_set_revocationDate(X509_REVOKED *revoked,
999
+ const ASN1_TIME *tm);
1000
+
1001
+ // X509_REVOKED_get0_extensions returns |r|'s extensions list, or NULL if |r|
1002
+ // omits it. A CRL can have extensions on individual entries, which is this
1003
+ // function, or on the overall CRL, which is |X509_CRL_get0_extensions|.
1004
+ OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(
1005
+ const X509_REVOKED *r);
1006
+
1007
+ // X509_REVOKED_get_ext_count returns the number of extensions in |x|.
1008
+ OPENSSL_EXPORT int X509_REVOKED_get_ext_count(const X509_REVOKED *x);
1009
+
1010
+ // X509_REVOKED_get_ext_by_NID behaves like |X509v3_get_ext_by_NID| but searches
1011
+ // for extensions in |x|.
1012
+ OPENSSL_EXPORT int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid,
1013
+ int lastpos);
1014
+
1015
+ // X509_REVOKED_get_ext_by_OBJ behaves like |X509v3_get_ext_by_OBJ| but searches
1016
+ // for extensions in |x|.
1017
+ OPENSSL_EXPORT int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x,
1018
+ const ASN1_OBJECT *obj,
1019
+ int lastpos);
1020
+
1021
+ // X509_REVOKED_get_ext_by_critical behaves like |X509v3_get_ext_by_critical|
1022
+ // but searches for extensions in |x|.
1023
+ OPENSSL_EXPORT int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x,
1024
+ int crit, int lastpos);
1025
+
1026
+ // X509_REVOKED_get_ext returns the extension in |x| at index |loc|, or NULL if
1027
+ // |loc| is out of bounds. This function returns a non-const pointer for OpenSSL
1028
+ // compatibility, but callers should not mutate the result.
1029
+ OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x,
1030
+ int loc);
1031
+
1032
+ // X509_REVOKED_delete_ext removes the extension in |x| at index |loc| and
1033
+ // returns the removed extension, or NULL if |loc| was out of bounds. If
1034
+ // non-NULL, the caller must release the result with |X509_EXTENSION_free|.
1035
+ OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x,
1036
+ int loc);
1037
+
1038
+ // X509_REVOKED_add_ext adds a copy of |ex| to |x|. It returns one on success
1039
+ // and zero on failure. The caller retains ownership of |ex| and can release it
1040
+ // independently of |x|.
1041
+ //
1042
+ // The new extension is inserted at index |loc|, shifting extensions to the
1043
+ // right. If |loc| is -1 or out of bounds, the new extension is appended to the
1044
+ // list.
1045
+ OPENSSL_EXPORT int X509_REVOKED_add_ext(X509_REVOKED *x,
1046
+ const X509_EXTENSION *ex, int loc);
1047
+
1048
+ // X509_REVOKED_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the
1049
+ // extension in |revoked|'s extension list.
1050
+ //
1051
+ // WARNING: This function is difficult to use correctly. See the documentation
1052
+ // for |X509V3_get_d2i| for details.
1053
+ OPENSSL_EXPORT void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *revoked,
1054
+ int nid, int *out_critical,
1055
+ int *out_idx);
1056
+
1057
+ // X509_REVOKED_add1_ext_i2d behaves like |X509V3_add1_i2d| but adds the
1058
+ // extension to |x|'s extension list.
1059
+ //
1060
+ // WARNING: This function may return zero or -1 on error. The caller must also
1061
+ // ensure |value|'s type matches |nid|. See the documentation for
1062
+ // |X509V3_add1_i2d| for details.
1063
+ OPENSSL_EXPORT int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid,
1064
+ void *value, int crit,
1065
+ unsigned long flags);
1066
+
1067
+
680
1068
  // Certificate requests.
681
1069
  //
682
1070
  // An |X509_REQ| represents a PKCS #10 certificate request (RFC 2986). These are
@@ -692,10 +1080,6 @@ OPENSSL_EXPORT int X509_CRL_set1_signature_value(X509_CRL *crl,
692
1080
  // Instead, mutation functions should only be used when issuing new CRLs, as
693
1081
  // described in a later section.
694
1082
 
695
- // X509_REQ is an |ASN1_ITEM| whose ASN.1 type is CertificateRequest (RFC 2986)
696
- // and C type is |X509_REQ*|.
697
- DECLARE_ASN1_ITEM(X509_REQ)
698
-
699
1083
  // X509_REQ_dup returns a newly-allocated copy of |req|, or NULL on error. This
700
1084
  // function works by serializing the structure, so if |req| is incomplete, it
701
1085
  // may fail.
@@ -735,11 +1119,21 @@ OPENSSL_EXPORT long X509_REQ_get_version(const X509_REQ *req);
735
1119
  // not const-correct for legacy reasons.
736
1120
  OPENSSL_EXPORT X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
737
1121
 
738
- // X509_REQ_get_pubkey returns |req|'s public key as an |EVP_PKEY|, or NULL if
739
- // the public key was unsupported or could not be decoded. This function returns
740
- // a reference to the |EVP_PKEY|. The caller must release the result with
741
- // |EVP_PKEY_free| when done.
742
- OPENSSL_EXPORT EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
1122
+ // X509_REQ_get0_pubkey returns |req|'s public key as an |EVP_PKEY|, or NULL if
1123
+ // the public key was unsupported or could not be decoded. The |EVP_PKEY| is
1124
+ // cached in |req|, so callers must not mutate the result.
1125
+ OPENSSL_EXPORT EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
1126
+
1127
+ // X509_REQ_get_pubkey behaves like |X509_REQ_get0_pubkey| but increments the
1128
+ // reference count on the |EVP_PKEY|. The caller must release the result with
1129
+ // |EVP_PKEY_free| when done. The |EVP_PKEY| is cached in |req|, so callers must
1130
+ // not mutate the result.
1131
+ OPENSSL_EXPORT EVP_PKEY *X509_REQ_get_pubkey(const X509_REQ *req);
1132
+
1133
+ // X509_REQ_check_private_key returns one if |req|'s public key matches |pkey|
1134
+ // and zero otherwise.
1135
+ OPENSSL_EXPORT int X509_REQ_check_private_key(const X509_REQ *req,
1136
+ const EVP_PKEY *pkey);
743
1137
 
744
1138
  // X509_REQ_get_attr_count returns the number of attributes in |req|.
745
1139
  OPENSSL_EXPORT int X509_REQ_get_attr_count(const X509_REQ *req);
@@ -770,16 +1164,18 @@ OPENSSL_EXPORT int X509_REQ_get_attr_by_OBJ(const X509_REQ *req,
770
1164
  // (a Microsoft szOID_CERT_EXTENSIONS variant).
771
1165
  OPENSSL_EXPORT int X509_REQ_extension_nid(int nid);
772
1166
 
773
- // X509_REQ_get_extensions decodes the list of requested extensions in |req| and
774
- // returns a newly-allocated |STACK_OF(X509_EXTENSION)| containing the result.
775
- // It returns NULL on error, or if |req| did not request extensions.
1167
+ // X509_REQ_get_extensions decodes the most preferred list of requested
1168
+ // extensions in |req| and returns a newly-allocated |STACK_OF(X509_EXTENSION)|
1169
+ // containing the result. It returns NULL on error, or if |req| did not request
1170
+ // extensions.
776
1171
  //
777
1172
  // CSRs do not store extensions directly. Instead there are attribute types
778
1173
  // which are defined to hold extensions. See |X509_REQ_extension_nid|. This
779
1174
  // function supports both pkcs-9-at-extensionRequest from RFC 2985 and the
780
1175
  // Microsoft szOID_CERT_EXTENSIONS variant. If both are present,
781
1176
  // pkcs-9-at-extensionRequest is preferred.
782
- OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
1177
+ OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(
1178
+ const X509_REQ *req);
783
1179
 
784
1180
  // X509_REQ_get0_signature sets |*out_sig| and |*out_alg| to the signature and
785
1181
  // signature algorithm of |req|, respectively. Either output pointer may be NULL
@@ -797,6 +1193,17 @@ OPENSSL_EXPORT int X509_REQ_get_signature_nid(const X509_REQ *req);
797
1193
  // one if the signature is valid and zero otherwise.
798
1194
  OPENSSL_EXPORT int X509_REQ_verify(X509_REQ *req, EVP_PKEY *pkey);
799
1195
 
1196
+ // X509_REQ_get1_email returns a newly-allocated list of NUL-terminated strings
1197
+ // containing all email addresses in |req|'s subject and all rfc822name names
1198
+ // in |req|'s subject alternative names. The subject alternative names extension
1199
+ // is extracted from the result of |X509_REQ_get_extensions|. Email addresses
1200
+ // which contain embedded NUL bytes are skipped.
1201
+ //
1202
+ // On error, or if there are no such email addresses, it returns NULL. When
1203
+ // done, the caller must release the result with |X509_email_free|.
1204
+ OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(
1205
+ const X509_REQ *req);
1206
+
800
1207
 
801
1208
  // Issuing certificate requests.
802
1209
  //
@@ -886,6 +1293,9 @@ OPENSSL_EXPORT int X509_REQ_sign(X509_REQ *req, EVP_PKEY *pkey,
886
1293
  // zero on error. The signature algorithm and parameters come from |ctx|, which
887
1294
  // must have been initialized with |EVP_DigestSignInit|. The caller should
888
1295
  // configure the corresponding |EVP_PKEY_CTX| before calling this function.
1296
+ //
1297
+ // On success or failure, this function mutates |ctx| and resets it to the empty
1298
+ // state. Caller should not rely on its contents after the function returns.
889
1299
  OPENSSL_EXPORT int X509_REQ_sign_ctx(X509_REQ *req, EVP_MD_CTX *ctx);
890
1300
 
891
1301
  // i2d_re_X509_REQ_tbs serializes the CertificationRequestInfo (see RFC 2986)
@@ -944,8 +1354,7 @@ DEFINE_STACK_OF(X509_NAME)
944
1354
  // type is |X509_NAME*|.
945
1355
  DECLARE_ASN1_ITEM(X509_NAME)
946
1356
 
947
- // X509_NAME_new returns a new, empty |X509_NAME_new|, or NULL on
948
- // error.
1357
+ // X509_NAME_new returns a new, empty |X509_NAME|, or NULL on error.
949
1358
  OPENSSL_EXPORT X509_NAME *X509_NAME_new(void);
950
1359
 
951
1360
  // X509_NAME_free releases memory associated with |name|.
@@ -971,12 +1380,30 @@ OPENSSL_EXPORT int i2d_X509_NAME(X509_NAME *in, uint8_t **outp);
971
1380
  // mutated.
972
1381
  OPENSSL_EXPORT X509_NAME *X509_NAME_dup(X509_NAME *name);
973
1382
 
974
- // X509_NAME_get0_der sets |*out_der| and |*out_der_len|
1383
+ // X509_NAME_cmp compares |a| and |b|'s canonicalized forms. It returns zero if
1384
+ // they are equal, one if |a| sorts after |b|, -1 if |b| sorts after |a|, and -2
1385
+ // on error.
1386
+ //
1387
+ // TODO(https://crbug.com/boringssl/407): This function is const, but it is not
1388
+ // always thread-safe, notably if |name| was mutated.
1389
+ //
1390
+ // TODO(https://crbug.com/boringssl/355): The -2 return is very inconvenient to
1391
+ // pass to a sorting function. Can we make this infallible? In the meantime,
1392
+ // prefer to use this function only for equality checks rather than comparisons.
1393
+ // Although even the library itself passes this to a sorting function.
1394
+ OPENSSL_EXPORT int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
1395
+
1396
+ // X509_NAME_get0_der marshals |name| as a DER-encoded X.509 Name (RFC 5280). On
1397
+ // success, it returns one and sets |*out_der| and |*out_der_len| to a buffer
1398
+ // containing the result. Otherwise, it returns zero. |*out_der| is owned by
1399
+ // |name| and must not be freed by the caller. It is invalidated after |name| is
1400
+ // mutated or freed.
975
1401
  //
976
1402
  // Avoid this function and prefer |i2d_X509_NAME|. It is one of the reasons
977
- // these functions are not consistently thread-safe or const-correct. Depending
978
- // on the resolution of https://crbug.com/boringssl/407, this function may be
979
- // removed or cause poor performance.
1403
+ // |X509_NAME| functions, including this one, are not consistently thread-safe
1404
+ // or const-correct. Depending on the resolution of
1405
+ // https://crbug.com/boringssl/407, this function may be removed or cause poor
1406
+ // performance.
980
1407
  OPENSSL_EXPORT int X509_NAME_get0_der(X509_NAME *name, const uint8_t **out_der,
981
1408
  size_t *out_der_len);
982
1409
 
@@ -1063,28 +1490,12 @@ OPENSSL_EXPORT int X509_NAME_add_entry_by_txt(X509_NAME *name,
1063
1490
  ossl_ssize_t len, int loc,
1064
1491
  int set);
1065
1492
 
1066
- // X509_NAME_ENTRY is an |ASN1_ITEM| whose ASN.1 type is AttributeTypeAndValue
1067
- // (RFC 5280) and C type is |X509_NAME_ENTRY*|.
1068
- DECLARE_ASN1_ITEM(X509_NAME_ENTRY)
1069
-
1070
- // X509_NAME_ENTRY_new returns a new, empty |X509_NAME_ENTRY_new|, or NULL on
1071
- // error.
1493
+ // X509_NAME_ENTRY_new returns a new, empty |X509_NAME_ENTRY|, or NULL on error.
1072
1494
  OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_new(void);
1073
1495
 
1074
1496
  // X509_NAME_ENTRY_free releases memory associated with |entry|.
1075
1497
  OPENSSL_EXPORT void X509_NAME_ENTRY_free(X509_NAME_ENTRY *entry);
1076
1498
 
1077
- // d2i_X509_NAME_ENTRY parses up to |len| bytes from |*inp| as a DER-encoded
1078
- // AttributeTypeAndValue (RFC 5280), as described in |d2i_SAMPLE|.
1079
- OPENSSL_EXPORT X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **out,
1080
- const uint8_t **inp,
1081
- long len);
1082
-
1083
- // i2d_X509_NAME_ENTRY marshals |in| as a DER-encoded AttributeTypeAndValue (RFC
1084
- // 5280), as described in |i2d_SAMPLE|.
1085
- OPENSSL_EXPORT int i2d_X509_NAME_ENTRY(const X509_NAME_ENTRY *in,
1086
- uint8_t **outp);
1087
-
1088
1499
  // X509_NAME_ENTRY_dup returns a newly-allocated copy of |entry|, or NULL on
1089
1500
  // error.
1090
1501
  OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_dup(
@@ -1160,6 +1571,81 @@ OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(
1160
1571
  ossl_ssize_t len);
1161
1572
 
1162
1573
 
1574
+ // Public keys.
1575
+ //
1576
+ // X.509 encodes public keys as SubjectPublicKeyInfo (RFC 5280), sometimes
1577
+ // referred to as SPKI. These are represented in this library by |X509_PUBKEY|.
1578
+
1579
+ // X509_PUBKEY_new returns a newly-allocated, empty |X509_PUBKEY| object, or
1580
+ // NULL on error.
1581
+ OPENSSL_EXPORT X509_PUBKEY *X509_PUBKEY_new(void);
1582
+
1583
+ // X509_PUBKEY_free releases memory associated with |key|.
1584
+ OPENSSL_EXPORT void X509_PUBKEY_free(X509_PUBKEY *key);
1585
+
1586
+ // d2i_X509_PUBKEY parses up to |len| bytes from |*inp| as a DER-encoded
1587
+ // SubjectPublicKeyInfo, as described in |d2i_SAMPLE|.
1588
+ OPENSSL_EXPORT X509_PUBKEY *d2i_X509_PUBKEY(X509_PUBKEY **out,
1589
+ const uint8_t **inp, long len);
1590
+
1591
+ // i2d_X509_PUBKEY marshals |key| as a DER-encoded SubjectPublicKeyInfo, as
1592
+ // described in |i2d_SAMPLE|.
1593
+ OPENSSL_EXPORT int i2d_X509_PUBKEY(const X509_PUBKEY *key, uint8_t **outp);
1594
+
1595
+ // X509_PUBKEY_set serializes |pkey| into a newly-allocated |X509_PUBKEY|
1596
+ // structure. On success, it frees |*x| if non-NULL, then sets |*x| to the new
1597
+ // object, and returns one. Otherwise, it returns zero.
1598
+ OPENSSL_EXPORT int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
1599
+
1600
+ // X509_PUBKEY_get0 returns |key| as an |EVP_PKEY|, or NULL if |key| either
1601
+ // could not be parsed or is an unrecognized algorithm. The |EVP_PKEY| is cached
1602
+ // in |key|, so callers must not mutate the result.
1603
+ OPENSSL_EXPORT EVP_PKEY *X509_PUBKEY_get0(const X509_PUBKEY *key);
1604
+
1605
+ // X509_PUBKEY_get behaves like |X509_PUBKEY_get0| but increments the reference
1606
+ // count on the |EVP_PKEY|. The caller must release the result with
1607
+ // |EVP_PKEY_free| when done. The |EVP_PKEY| is cached in |key|, so callers must
1608
+ // not mutate the result.
1609
+ OPENSSL_EXPORT EVP_PKEY *X509_PUBKEY_get(const X509_PUBKEY *key);
1610
+
1611
+ // X509_PUBKEY_set0_param sets |pub| to a key with AlgorithmIdentifier
1612
+ // determined by |obj|, |param_type|, and |param_value|, and an encoded
1613
+ // public key of |key|. On success, it gives |pub| ownership of all the other
1614
+ // parameters and returns one. Otherwise, it returns zero. |key| must have been
1615
+ // allocated by |OPENSSL_malloc|. |obj| and, if applicable, |param_value| must
1616
+ // not be freed after a successful call, and must have been allocated in a
1617
+ // manner compatible with |ASN1_OBJECT_free| or |ASN1_STRING_free|.
1618
+ //
1619
+ // |obj|, |param_type|, and |param_value| are interpreted as in
1620
+ // |X509_ALGOR_set0|. See |X509_ALGOR_set0| for details.
1621
+ OPENSSL_EXPORT int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *obj,
1622
+ int param_type, void *param_value,
1623
+ uint8_t *key, int key_len);
1624
+
1625
+ // X509_PUBKEY_get0_param outputs fields of |pub| and returns one. If |out_obj|
1626
+ // is not NULL, it sets |*out_obj| to AlgorithmIdentifier's OID. If |out_key|
1627
+ // is not NULL, it sets |*out_key| and |*out_key_len| to the encoded public key.
1628
+ // If |out_alg| is not NULL, it sets |*out_alg| to the AlgorithmIdentifier.
1629
+ //
1630
+ // All pointers outputted by this function are internal to |pub| and must not be
1631
+ // freed by the caller. Additionally, although some outputs are non-const,
1632
+ // callers must not mutate the resulting objects.
1633
+ //
1634
+ // Note: X.509 SubjectPublicKeyInfo structures store the encoded public key as a
1635
+ // BIT STRING. |*out_key| and |*out_key_len| will silently pad the key with zero
1636
+ // bits if |pub| did not contain a whole number of bytes. Use
1637
+ // |X509_PUBKEY_get0_public_key| to preserve this information.
1638
+ OPENSSL_EXPORT int X509_PUBKEY_get0_param(ASN1_OBJECT **out_obj,
1639
+ const uint8_t **out_key,
1640
+ int *out_key_len,
1641
+ X509_ALGOR **out_alg,
1642
+ X509_PUBKEY *pub);
1643
+
1644
+ // X509_PUBKEY_get0_public_key returns |pub|'s encoded public key.
1645
+ OPENSSL_EXPORT const ASN1_BIT_STRING *X509_PUBKEY_get0_public_key(
1646
+ const X509_PUBKEY *pub);
1647
+
1648
+
1163
1649
  // Extensions.
1164
1650
  //
1165
1651
  // X.509 certificates and CRLs may contain a list of extensions (RFC 5280).
@@ -1250,10 +1736,6 @@ OPENSSL_EXPORT int X509_EXTENSION_set_data(X509_EXTENSION *ex,
1250
1736
  DEFINE_STACK_OF(X509_EXTENSION)
1251
1737
  typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
1252
1738
 
1253
- // X509_EXTENSIONS is an |ASN1_ITEM| whose ASN.1 type is SEQUENCE of Extension
1254
- // (RFC 5280) and C type is |STACK_OF(X509_EXTENSION)*|.
1255
- DECLARE_ASN1_ITEM(X509_EXTENSIONS)
1256
-
1257
1739
  // d2i_X509_EXTENSIONS parses up to |len| bytes from |*inp| as a DER-encoded
1258
1740
  // SEQUENCE OF Extension (RFC 5280), as described in |d2i_SAMPLE|.
1259
1741
  OPENSSL_EXPORT X509_EXTENSIONS *d2i_X509_EXTENSIONS(X509_EXTENSIONS **out,
@@ -1317,7 +1799,182 @@ OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509v3_add_ext(
1317
1799
  STACK_OF(X509_EXTENSION) **x, const X509_EXTENSION *ex, int loc);
1318
1800
 
1319
1801
 
1320
- // Algorithm identifiers.
1802
+ // General names.
1803
+ //
1804
+ // A |GENERAL_NAME| represents an X.509 GeneralName structure, defined in RFC
1805
+ // 5280, Section 4.2.1.6. General names are distinct from names (|X509_NAME|). A
1806
+ // general name is a CHOICE type which may contain one of several name types,
1807
+ // most commonly a DNS name or an IP address. General names most commonly appear
1808
+ // in the subject alternative name (SAN) extension, though they are also used in
1809
+ // other extensions.
1810
+ //
1811
+ // Many extensions contain a SEQUENCE OF GeneralName, or GeneralNames, so
1812
+ // |STACK_OF(GENERAL_NAME)| is defined and aliased to |GENERAL_NAMES|.
1813
+
1814
+ typedef struct otherName_st {
1815
+ ASN1_OBJECT *type_id;
1816
+ ASN1_TYPE *value;
1817
+ } OTHERNAME;
1818
+
1819
+ typedef struct EDIPartyName_st {
1820
+ ASN1_STRING *nameAssigner;
1821
+ ASN1_STRING *partyName;
1822
+ } EDIPARTYNAME;
1823
+
1824
+ // GEN_* are constants for the |type| field of |GENERAL_NAME|, defined below.
1825
+ #define GEN_OTHERNAME 0
1826
+ #define GEN_EMAIL 1
1827
+ #define GEN_DNS 2
1828
+ #define GEN_X400 3
1829
+ #define GEN_DIRNAME 4
1830
+ #define GEN_EDIPARTY 5
1831
+ #define GEN_URI 6
1832
+ #define GEN_IPADD 7
1833
+ #define GEN_RID 8
1834
+
1835
+ // A GENERAL_NAME_st, aka |GENERAL_NAME|, represents an X.509 GeneralName. The
1836
+ // |type| field determines which member of |d| is active. A |GENERAL_NAME| may
1837
+ // also be empty, in which case |type| is -1 and |d| is NULL. Empty
1838
+ // |GENERAL_NAME|s are invalid and will never be returned from the parser, but
1839
+ // may be created temporarily, e.g. by |GENERAL_NAME_new|.
1840
+ struct GENERAL_NAME_st {
1841
+ int type;
1842
+ union {
1843
+ char *ptr;
1844
+ OTHERNAME *otherName;
1845
+ ASN1_IA5STRING *rfc822Name;
1846
+ ASN1_IA5STRING *dNSName;
1847
+ ASN1_STRING *x400Address;
1848
+ X509_NAME *directoryName;
1849
+ EDIPARTYNAME *ediPartyName;
1850
+ ASN1_IA5STRING *uniformResourceIdentifier;
1851
+ ASN1_OCTET_STRING *iPAddress;
1852
+ ASN1_OBJECT *registeredID;
1853
+
1854
+ // Old names
1855
+ ASN1_OCTET_STRING *ip; // iPAddress
1856
+ X509_NAME *dirn; // dirn
1857
+ ASN1_IA5STRING *ia5; // rfc822Name, dNSName, uniformResourceIdentifier
1858
+ ASN1_OBJECT *rid; // registeredID
1859
+ } d;
1860
+ } /* GENERAL_NAME */;
1861
+
1862
+ // GENERAL_NAME_new returns a new, empty |GENERAL_NAME|, or NULL on error.
1863
+ OPENSSL_EXPORT GENERAL_NAME *GENERAL_NAME_new(void);
1864
+
1865
+ // GENERAL_NAME_free releases memory associated with |gen|.
1866
+ OPENSSL_EXPORT void GENERAL_NAME_free(GENERAL_NAME *gen);
1867
+
1868
+ // d2i_GENERAL_NAME parses up to |len| bytes from |*inp| as a DER-encoded X.509
1869
+ // GeneralName (RFC 5280), as described in |d2i_SAMPLE|.
1870
+ OPENSSL_EXPORT GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **out,
1871
+ const uint8_t **inp, long len);
1872
+
1873
+ // i2d_GENERAL_NAME marshals |in| as a DER-encoded X.509 GeneralName (RFC 5280),
1874
+ // as described in |i2d_SAMPLE|.
1875
+ //
1876
+ // TODO(https://crbug.com/boringssl/407): This function should be const and
1877
+ // thread-safe but is currently neither in some cases, notably if |in| is an
1878
+ // directoryName and the |X509_NAME| has been modified.
1879
+ OPENSSL_EXPORT int i2d_GENERAL_NAME(GENERAL_NAME *in, uint8_t **outp);
1880
+
1881
+ // GENERAL_NAME_dup returns a newly-allocated copy of |gen|, or NULL on error.
1882
+ // This function works by serializing the structure, so it will fail if |gen| is
1883
+ // empty.
1884
+ //
1885
+ // TODO(https://crbug.com/boringssl/407): This function should be const and
1886
+ // thread-safe but is currently neither in some cases, notably if |gen| is an
1887
+ // directoryName and the |X509_NAME| has been modified.
1888
+ OPENSSL_EXPORT GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *gen);
1889
+
1890
+ // GENERAL_NAMES_new returns a new, empty |GENERAL_NAMES|, or NULL on error.
1891
+ OPENSSL_EXPORT GENERAL_NAMES *GENERAL_NAMES_new(void);
1892
+
1893
+ // GENERAL_NAMES_free releases memory associated with |gens|.
1894
+ OPENSSL_EXPORT void GENERAL_NAMES_free(GENERAL_NAMES *gens);
1895
+
1896
+ // d2i_GENERAL_NAMES parses up to |len| bytes from |*inp| as a DER-encoded
1897
+ // SEQUENCE OF GeneralName, as described in |d2i_SAMPLE|.
1898
+ OPENSSL_EXPORT GENERAL_NAMES *d2i_GENERAL_NAMES(GENERAL_NAMES **out,
1899
+ const uint8_t **inp, long len);
1900
+
1901
+ // i2d_GENERAL_NAMES marshals |in| as a DER-encoded SEQUENCE OF GeneralName, as
1902
+ // described in |i2d_SAMPLE|.
1903
+ //
1904
+ // TODO(https://crbug.com/boringssl/407): This function should be const and
1905
+ // thread-safe but is currently neither in some cases, notably if some element
1906
+ // of |in| is an directoryName and the |X509_NAME| has been modified.
1907
+ OPENSSL_EXPORT int i2d_GENERAL_NAMES(GENERAL_NAMES *in, uint8_t **outp);
1908
+
1909
+ // OTHERNAME_new returns a new, empty |OTHERNAME|, or NULL on error.
1910
+ OPENSSL_EXPORT OTHERNAME *OTHERNAME_new(void);
1911
+
1912
+ // OTHERNAME_free releases memory associated with |name|.
1913
+ OPENSSL_EXPORT void OTHERNAME_free(OTHERNAME *name);
1914
+
1915
+ // EDIPARTYNAME_new returns a new, empty |EDIPARTYNAME|, or NULL on error.
1916
+ // EDIPartyName is rarely used in practice, so callers are unlikely to need this
1917
+ // function.
1918
+ OPENSSL_EXPORT EDIPARTYNAME *EDIPARTYNAME_new(void);
1919
+
1920
+ // EDIPARTYNAME_free releases memory associated with |name|. EDIPartyName is
1921
+ // rarely used in practice, so callers are unlikely to need this function.
1922
+ OPENSSL_EXPORT void EDIPARTYNAME_free(EDIPARTYNAME *name);
1923
+
1924
+ // GENERAL_NAME_set0_value set |gen|'s type and value to |type| and |value|.
1925
+ // |type| must be a |GEN_*| constant and |value| must be an object of the
1926
+ // corresponding type. |gen| takes ownership of |value|, so |value| must have
1927
+ // been an allocated object.
1928
+ //
1929
+ // WARNING: |gen| must be empty (typically as returned from |GENERAL_NAME_new|)
1930
+ // before calling this function. If |gen| already contained a value, the
1931
+ // previous contents will be leaked.
1932
+ OPENSSL_EXPORT void GENERAL_NAME_set0_value(GENERAL_NAME *gen, int type,
1933
+ void *value);
1934
+
1935
+ // GENERAL_NAME_get0_value returns the in-memory representation of |gen|'s
1936
+ // contents and, |out_type| is not NULL, sets |*out_type| to the type of |gen|,
1937
+ // which will be a |GEN_*| constant. If |gen| is incomplete, the return value
1938
+ // will be NULL and the type will be -1.
1939
+ //
1940
+ // WARNING: Casting the result of this function to the wrong type is a
1941
+ // potentially exploitable memory error. Callers must check |gen|'s type, either
1942
+ // via |*out_type| or checking |gen->type| directly, before inspecting the
1943
+ // result.
1944
+ //
1945
+ // WARNING: This function is not const-correct. The return value should be
1946
+ // const. Callers shoudl not mutate the returned object.
1947
+ OPENSSL_EXPORT void *GENERAL_NAME_get0_value(const GENERAL_NAME *gen,
1948
+ int *out_type);
1949
+
1950
+ // GENERAL_NAME_set0_othername sets |gen| to be an OtherName with type |oid| and
1951
+ // value |value|. On success, it returns one and takes ownership of |oid| and
1952
+ // |value|, which must be created in a way compatible with |ASN1_OBJECT_free|
1953
+ // and |ASN1_TYPE_free|, respectively. On allocation failure, it returns zero.
1954
+ // In the failure case, the caller retains ownership of |oid| and |value| and
1955
+ // must release them when done.
1956
+ //
1957
+ // WARNING: |gen| must be empty (typically as returned from |GENERAL_NAME_new|)
1958
+ // before calling this function. If |gen| already contained a value, the
1959
+ // previously contents will be leaked.
1960
+ OPENSSL_EXPORT int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
1961
+ ASN1_OBJECT *oid,
1962
+ ASN1_TYPE *value);
1963
+
1964
+ // GENERAL_NAME_get0_otherName, if |gen| is an OtherName, sets |*out_oid| and
1965
+ // |*out_value| to the OtherName's type-id and value, respectively, and returns
1966
+ // one. If |gen| is not an OtherName, it returns zero and leaves |*out_oid| and
1967
+ // |*out_value| unmodified. Either of |out_oid| or |out_value| may be NULL to
1968
+ // ignore the value.
1969
+ //
1970
+ // WARNING: This function is not const-correct. |out_oid| and |out_value| are
1971
+ // not const, but callers should not mutate the resulting objects.
1972
+ OPENSSL_EXPORT int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen,
1973
+ ASN1_OBJECT **out_oid,
1974
+ ASN1_TYPE **out_value);
1975
+
1976
+
1977
+ // Algorithm identifiers.
1321
1978
  //
1322
1979
  // An |X509_ALGOR| represents an AlgorithmIdentifier structure, used in X.509
1323
1980
  // to represent signature algorithms and public key algorithms.
@@ -1407,10 +2064,6 @@ OPENSSL_EXPORT int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
1407
2064
 
1408
2065
  DEFINE_STACK_OF(X509_ATTRIBUTE)
1409
2066
 
1410
- // X509_ATTRIBUTE is an |ASN1_ITEM| whose ASN.1 type is Attribute (RFC 2986) and
1411
- // C type is |X509_ATTRIBUTE*|.
1412
- DECLARE_ASN1_ITEM(X509_ATTRIBUTE)
1413
-
1414
2067
  // X509_ATTRIBUTE_new returns a newly-allocated, empty |X509_ATTRIBUTE| object,
1415
2068
  // or NULL on error. |X509_ATTRIBUTE_set1_*| may be used to finish initializing
1416
2069
  // it.
@@ -1480,21 +2133,21 @@ OPENSSL_EXPORT int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr,
1480
2133
  // X509_ATTRIBUTE_set1_data appends a value to |attr|'s value set and returns
1481
2134
  // one on success or zero on error. The value is determined as follows:
1482
2135
  //
1483
- // If |attrtype| is a |MBSTRING_*| constant, the value is an ASN.1 string. The
1484
- // string is determined by decoding |len| bytes from |data| in the encoding
1485
- // specified by |attrtype|, and then re-encoding it in a form appropriate for
1486
- // |attr|'s type. If |len| is -1, |strlen(data)| is used instead. See
1487
- // |ASN1_STRING_set_by_NID| for details.
2136
+ // If |attrtype| is zero, this function returns one and does nothing. This form
2137
+ // may be used when calling |X509_ATTRIBUTE_create_by_*| to create an attribute
2138
+ // with an empty value set. Such attributes are invalid, but OpenSSL supports
2139
+ // creating them.
2140
+ //
2141
+ // Otherwise, if |attrtype| is a |MBSTRING_*| constant, the value is an ASN.1
2142
+ // string. The string is determined by decoding |len| bytes from |data| in the
2143
+ // encoding specified by |attrtype|, and then re-encoding it in a form
2144
+ // appropriate for |attr|'s type. If |len| is -1, |strlen(data)| is used
2145
+ // instead. See |ASN1_STRING_set_by_NID| for details.
1488
2146
  //
1489
2147
  // Otherwise, if |len| is not -1, the value is an ASN.1 string. |attrtype| is an
1490
2148
  // |ASN1_STRING| type value and the |len| bytes from |data| are copied as the
1491
2149
  // type-specific representation of |ASN1_STRING|. See |ASN1_STRING| for details.
1492
2150
  //
1493
- // WARNING: If this form is used to construct a negative INTEGER or ENUMERATED,
1494
- // |attrtype| includes the |V_ASN1_NEG| flag for |ASN1_STRING|, but the function
1495
- // forgets to clear the flag for |ASN1_TYPE|. This matches OpenSSL but is
1496
- // probably a bug. For now, do not use this form with negative values.
1497
- //
1498
2151
  // Otherwise, if |len| is -1, the value is constructed by passing |attrtype| and
1499
2152
  // |data| to |ASN1_TYPE_set1|. That is, |attrtype| is an |ASN1_TYPE| type value,
1500
2153
  // and |data| is cast to the corresponding pointer type.
@@ -1533,148 +2186,911 @@ OPENSSL_EXPORT ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr,
1533
2186
  int idx);
1534
2187
 
1535
2188
 
1536
- // SignedPublicKeyAndChallenge structures.
2189
+ // Certificate stores.
1537
2190
  //
1538
- // The SignedPublicKeyAndChallenge (SPKAC) is a legacy structure to request
1539
- // certificates, primarily in the legacy <keygen> HTML tag. An SPKAC structure
1540
- // is represented by a |NETSCAPE_SPKI| structure.
2191
+ // An |X509_STORE| contains trusted certificates, CRLs, and verification
2192
+ // parameters that are shared between multiple certificate verifications.
1541
2193
  //
1542
- // The structure is described in
1543
- // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/keygen
1544
-
1545
- // A Netscape_spki_st, or |NETSCAPE_SPKI|, represents a
1546
- // SignedPublicKeyAndChallenge structure. Although this structure contains a
1547
- // |spkac| field of type |NETSCAPE_SPKAC|, these are misnamed. The SPKAC is the
1548
- // entire structure, not the signed portion.
1549
- struct Netscape_spki_st {
1550
- NETSCAPE_SPKAC *spkac;
1551
- X509_ALGOR *sig_algor;
1552
- ASN1_BIT_STRING *signature;
1553
- } /* NETSCAPE_SPKI */;
2194
+ // Certificates in an |X509_STORE| are referred to as "trusted certificates",
2195
+ // but an individual certificate verification may not necessarily treat every
2196
+ // trusted certificate as a trust anchor. See |X509_VERIFY_PARAM_set_trust| for
2197
+ // details.
2198
+ //
2199
+ // WARNING: Although a trusted certificate which fails the
2200
+ // |X509_VERIFY_PARAM_set_trust| check is functionally an untrusted
2201
+ // intermediate certificate, callers should not rely on this to configure
2202
+ // untrusted intermediates in an |X509_STORE|. The trust check is complex, so
2203
+ // this risks inadvertently treating it as a trust anchor. Instead, configure
2204
+ // untrusted intermediates with the |chain| parameter of |X509_STORE_CTX_init|.
2205
+ //
2206
+ // Certificates in |X509_STORE| may be specified in several ways:
2207
+ // - Added by |X509_STORE_add_cert|.
2208
+ // - Returned by an |X509_LOOKUP| added by |X509_STORE_add_lookup|.
2209
+ //
2210
+ // |X509_STORE|s are reference-counted and may be shared by certificate
2211
+ // verifications running concurrently on multiple threads. However, an
2212
+ // |X509_STORE|'s verification parameters may not be modified concurrently with
2213
+ // certificate verification or other operations. Unless otherwise documented,
2214
+ // functions which take const pointer may be used concurrently, while
2215
+ // functions which take a non-const pointer may not. Callers that wish to modify
2216
+ // verification parameters in a shared |X509_STORE| should instead modify
2217
+ // |X509_STORE_CTX|s individually.
2218
+
2219
+ // X509_STORE_new returns a newly-allocated |X509_STORE|, or NULL on error.
2220
+ OPENSSL_EXPORT X509_STORE *X509_STORE_new(void);
1554
2221
 
1555
- // NETSCAPE_SPKI is an |ASN1_ITEM| whose ASN.1 type is
1556
- // SignedPublicKeyAndChallenge and C type is |NETSCAPE_SPKI*|.
1557
- DECLARE_ASN1_ITEM(NETSCAPE_SPKI)
2222
+ // X509_STORE_up_ref adds one to the reference count of |store| and returns one.
2223
+ // Although |store| is not const, this function's use of |store| is thread-safe.
2224
+ OPENSSL_EXPORT int X509_STORE_up_ref(X509_STORE *store);
1558
2225
 
1559
- // NETSCAPE_SPKI_new returns a newly-allocated, empty |NETSCAPE_SPKI| object, or
1560
- // NULL on error.
1561
- OPENSSL_EXPORT NETSCAPE_SPKI *NETSCAPE_SPKI_new(void);
2226
+ // X509_STORE_free releases memory associated with |store|.
2227
+ OPENSSL_EXPORT void X509_STORE_free(X509_STORE *store);
1562
2228
 
1563
- // NETSCAPE_SPKI_free releases memory associated with |spki|.
1564
- OPENSSL_EXPORT void NETSCAPE_SPKI_free(NETSCAPE_SPKI *spki);
2229
+ // X509_STORE_add_cert adds |x509| to |store| as a trusted certificate. It
2230
+ // returns one on success and zero on error. This function internally increments
2231
+ // |x509|'s reference count, so the caller retains ownership of |x509|.
2232
+ //
2233
+ // Certificates configured by this function are still subject to the checks
2234
+ // described in |X509_VERIFY_PARAM_set_trust|.
2235
+ //
2236
+ // Although |store| is not const, this function's use of |store| is thread-safe.
2237
+ // However, if this function is called concurrently with |X509_verify_cert|, it
2238
+ // is a race condition whether |x509| is available for issuer lookups.
2239
+ // Moreover, the result may differ for each issuer lookup performed by a single
2240
+ // |X509_verify_cert| call.
2241
+ OPENSSL_EXPORT int X509_STORE_add_cert(X509_STORE *store, X509 *x509);
2242
+
2243
+ // X509_STORE_add_crl adds |crl| to |store|. It returns one on success and zero
2244
+ // on error. This function internally increments |crl|'s reference count, so the
2245
+ // caller retains ownership of |crl|. CRLs added in this way are candidates for
2246
+ // CRL lookup when |X509_V_FLAG_CRL_CHECK| is set.
2247
+ //
2248
+ // Although |store| is not const, this function's use of |store| is thread-safe.
2249
+ // However, if this function is called concurrently with |X509_verify_cert|, it
2250
+ // is a race condition whether |crl| is available for CRL checks. Moreover, the
2251
+ // result may differ for each CRL check performed by a single
2252
+ // |X509_verify_cert| call.
2253
+ //
2254
+ // Note there are no supported APIs to remove CRLs from |store| once inserted.
2255
+ // To vary the set of CRLs over time, callers should either create a new
2256
+ // |X509_STORE| or configure CRLs on a per-verification basis with
2257
+ // |X509_STORE_CTX_set0_crls|.
2258
+ OPENSSL_EXPORT int X509_STORE_add_crl(X509_STORE *store, X509_CRL *crl);
2259
+
2260
+ // X509_STORE_get0_param returns |store|'s verification parameters. This object
2261
+ // is mutable and may be modified by the caller. For an individual certificate
2262
+ // verification operation, |X509_STORE_CTX_init| initializes the
2263
+ // |X509_STORE_CTX|'s parameters with these parameters.
2264
+ //
2265
+ // WARNING: |X509_STORE_CTX_init| applies some default parameters (as in
2266
+ // |X509_VERIFY_PARAM_inherit|) after copying |store|'s parameters. This means
2267
+ // it is impossible to leave some parameters unset at |store|. They must be
2268
+ // explicitly unset after creating the |X509_STORE_CTX|.
2269
+ //
2270
+ // As of writing these late defaults are a depth limit (see
2271
+ // |X509_VERIFY_PARAM_set_depth|) and the |X509_V_FLAG_TRUSTED_FIRST| flag. This
2272
+ // warning does not apply if the parameters were set in |store|.
2273
+ //
2274
+ // TODO(crbug.com/boringssl/441): This behavior is very surprising. Can we
2275
+ // remove this notion of late defaults? The unsettable value at |X509_STORE| is
2276
+ // -1, which rejects everything but explicitly-trusted self-signed certificates.
2277
+ // |X509_V_FLAG_TRUSTED_FIRST| is mostly a workaround for poor path-building.
2278
+ OPENSSL_EXPORT X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *store);
2279
+
2280
+ // X509_STORE_set1_param copies verification parameters from |param| as in
2281
+ // |X509_VERIFY_PARAM_set1|. It returns one on success and zero on error.
2282
+ OPENSSL_EXPORT int X509_STORE_set1_param(X509_STORE *store,
2283
+ const X509_VERIFY_PARAM *param);
2284
+
2285
+ // X509_STORE_set_flags enables all values in |flags| in |store|'s verification
2286
+ // flags. |flags| should be a combination of |X509_V_FLAG_*| constants.
2287
+ //
2288
+ // WARNING: These flags will be combined with default flags when copied to an
2289
+ // |X509_STORE_CTX|. This means it is impossible to unset those defaults from
2290
+ // the |X509_STORE|. See discussion in |X509_STORE_get0_param|.
2291
+ OPENSSL_EXPORT int X509_STORE_set_flags(X509_STORE *store, unsigned long flags);
2292
+
2293
+ // X509_STORE_set_depth configures |store| to, by default, limit certificate
2294
+ // chains to |depth| intermediate certificates. This count excludes both the
2295
+ // target certificate and the trust anchor (root certificate).
2296
+ OPENSSL_EXPORT int X509_STORE_set_depth(X509_STORE *store, int depth);
1565
2297
 
1566
- // d2i_NETSCAPE_SPKI parses up to |len| bytes from |*inp| as a DER-encoded
1567
- // SignedPublicKeyAndChallenge structure, as described in |d2i_SAMPLE|.
1568
- OPENSSL_EXPORT NETSCAPE_SPKI *d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **out,
1569
- const uint8_t **inp, long len);
2298
+ // X509_STORE_set_purpose configures the purpose check for |store|. See
2299
+ // |X509_VERIFY_PARAM_set_purpose| for details.
2300
+ OPENSSL_EXPORT int X509_STORE_set_purpose(X509_STORE *store, int purpose);
1570
2301
 
1571
- // i2d_NETSCAPE_SPKI marshals |spki| as a DER-encoded
1572
- // SignedPublicKeyAndChallenge structure, as described in |i2d_SAMPLE|.
1573
- OPENSSL_EXPORT int i2d_NETSCAPE_SPKI(const NETSCAPE_SPKI *spki, uint8_t **outp);
2302
+ // X509_STORE_set_trust configures the trust check for |store|. See
2303
+ // |X509_VERIFY_PARAM_set_trust| for details.
2304
+ OPENSSL_EXPORT int X509_STORE_set_trust(X509_STORE *store, int trust);
1574
2305
 
1575
- // NETSCAPE_SPKI_verify checks that |spki| has a valid signature by |pkey|. It
1576
- // returns one if the signature is valid and zero otherwise.
1577
- OPENSSL_EXPORT int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *spki, EVP_PKEY *pkey);
1578
2306
 
1579
- // NETSCAPE_SPKI_b64_decode decodes |len| bytes from |str| as a base64-encoded
1580
- // SignedPublicKeyAndChallenge structure. It returns a newly-allocated
1581
- // |NETSCAPE_SPKI| structure with the result, or NULL on error. If |len| is 0 or
1582
- // negative, the length is calculated with |strlen| and |str| must be a
1583
- // NUL-terminated C string.
1584
- OPENSSL_EXPORT NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str,
1585
- ossl_ssize_t len);
2307
+ // Certificate verification.
2308
+ //
2309
+ // An |X509_STORE_CTX| object represents a single certificate verification
2310
+ // operation. To verify a certificate chain, callers construct an
2311
+ // |X509_STORE_CTX|, initialize it with |X509_STORE_CTX_init|, configure extra
2312
+ // parameters with |X509_STORE_CTX_get0_param|, and call |X509_verify_cert|.
1586
2313
 
1587
- // NETSCAPE_SPKI_b64_encode encodes |spki| as a base64-encoded
1588
- // SignedPublicKeyAndChallenge structure. It returns a newly-allocated
1589
- // NUL-terminated C string with the result, or NULL on error. The caller must
1590
- // release the memory with |OPENSSL_free| when done.
1591
- OPENSSL_EXPORT char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki);
2314
+ // X509_STORE_CTX_new returns a newly-allocated, empty |X509_STORE_CTX|, or NULL
2315
+ // on error.
2316
+ OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_new(void);
1592
2317
 
1593
- // NETSCAPE_SPKI_get_pubkey decodes and returns the public key in |spki| as an
1594
- // |EVP_PKEY|, or NULL on error. The caller takes ownership of the resulting
1595
- // pointer and must call |EVP_PKEY_free| when done.
1596
- OPENSSL_EXPORT EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *spki);
2318
+ // X509_STORE_CTX_free releases memory associated with |ctx|.
2319
+ OPENSSL_EXPORT void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
1597
2320
 
1598
- // NETSCAPE_SPKI_set_pubkey sets |spki|'s public key to |pkey|. It returns one
1599
- // on success or zero on error. This function does not take ownership of |pkey|,
1600
- // so the caller may continue to manage its lifetime independently of |spki|.
1601
- OPENSSL_EXPORT int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *spki,
1602
- EVP_PKEY *pkey);
2321
+ // X509_STORE_CTX_init initializes |ctx| to verify |x509|, using trusted
2322
+ // certificates and parameters in |store|. It returns one on success and zero on
2323
+ // error. |chain| is a list of untrusted intermediate certificates to use in
2324
+ // verification.
2325
+ //
2326
+ // |ctx| stores pointers to |store|, |x509|, and |chain|. Each of these objects
2327
+ // must outlive |ctx| and may not be mutated for the duration of the certificate
2328
+ // verification.
2329
+ OPENSSL_EXPORT int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
2330
+ X509 *x509, STACK_OF(X509) *chain);
1603
2331
 
1604
- // NETSCAPE_SPKI_sign signs |spki| with |pkey| and replaces the signature
1605
- // algorithm and signature fields. It returns the length of the signature on
1606
- // success and zero on error. This function uses digest algorithm |md|, or
1607
- // |pkey|'s default if NULL. Other signing parameters use |pkey|'s defaults.
1608
- OPENSSL_EXPORT int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *spki, EVP_PKEY *pkey,
1609
- const EVP_MD *md);
2332
+ // X509_verify_cert performs certifice verification with |ctx|, which must have
2333
+ // been initialized with |X509_STORE_CTX_init|. It returns one on success and
2334
+ // zero on error. On success, |X509_STORE_CTX_get0_chain| or
2335
+ // |X509_STORE_CTX_get1_chain| may be used to return the verified certificate
2336
+ // chain. On error, |X509_STORE_CTX_get_error| may be used to return additional
2337
+ // error information.
2338
+ OPENSSL_EXPORT int X509_verify_cert(X509_STORE_CTX *ctx);
1610
2339
 
1611
- // A Netscape_spkac_st, or |NETSCAPE_SPKAC|, represents a PublicKeyAndChallenge
1612
- // structure. This type is misnamed. The full SPKAC includes the signature,
1613
- // which is represented with the |NETSCAPE_SPKI| type.
1614
- struct Netscape_spkac_st {
1615
- X509_PUBKEY *pubkey;
1616
- ASN1_IA5STRING *challenge;
1617
- } /* NETSCAPE_SPKAC */;
2340
+ // X509_STORE_CTX_get0_chain, after a successful |X509_verify_cert| call,
2341
+ // returns the verified certificate chain. The chain begins with the leaf and
2342
+ // ends with trust anchor.
2343
+ //
2344
+ // At other points, such as after a failed verification or during the deprecated
2345
+ // verification callback, it returns the partial chain built so far. Callers
2346
+ // should avoid relying on this as this exposes unstable library implementation
2347
+ // details.
2348
+ OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get0_chain(
2349
+ const X509_STORE_CTX *ctx);
2350
+
2351
+ // X509_STORE_CTX_get1_chain behaves like |X509_STORE_CTX_get0_chain| but
2352
+ // returns a newly-allocated |STACK_OF(X509)| containing the completed chain,
2353
+ // with each certificate's reference count incremented. Callers must free the
2354
+ // result with |sk_X509_pop_free| and |X509_free| when done.
2355
+ OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get1_chain(
2356
+ const X509_STORE_CTX *ctx);
2357
+
2358
+ // The following values are possible outputs of |X509_STORE_CTX_get_error|.
2359
+ #define X509_V_OK 0
2360
+ #define X509_V_ERR_UNSPECIFIED 1
2361
+ #define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
2362
+ #define X509_V_ERR_UNABLE_TO_GET_CRL 3
2363
+ #define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
2364
+ #define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
2365
+ #define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
2366
+ #define X509_V_ERR_CERT_SIGNATURE_FAILURE 7
2367
+ #define X509_V_ERR_CRL_SIGNATURE_FAILURE 8
2368
+ #define X509_V_ERR_CERT_NOT_YET_VALID 9
2369
+ #define X509_V_ERR_CERT_HAS_EXPIRED 10
2370
+ #define X509_V_ERR_CRL_NOT_YET_VALID 11
2371
+ #define X509_V_ERR_CRL_HAS_EXPIRED 12
2372
+ #define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
2373
+ #define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
2374
+ #define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
2375
+ #define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
2376
+ #define X509_V_ERR_OUT_OF_MEM 17
2377
+ #define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
2378
+ #define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19
2379
+ #define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
2380
+ #define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
2381
+ #define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
2382
+ #define X509_V_ERR_CERT_REVOKED 23
2383
+ #define X509_V_ERR_INVALID_CA 24
2384
+ #define X509_V_ERR_PATH_LENGTH_EXCEEDED 25
2385
+ #define X509_V_ERR_INVALID_PURPOSE 26
2386
+ #define X509_V_ERR_CERT_UNTRUSTED 27
2387
+ #define X509_V_ERR_CERT_REJECTED 28
2388
+ #define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29
2389
+ #define X509_V_ERR_AKID_SKID_MISMATCH 30
2390
+ #define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31
2391
+ #define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32
2392
+ #define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
2393
+ #define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
2394
+ #define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
2395
+ #define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
2396
+ #define X509_V_ERR_INVALID_NON_CA 37
2397
+ #define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38
2398
+ #define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39
2399
+ #define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40
2400
+ #define X509_V_ERR_INVALID_EXTENSION 41
2401
+ #define X509_V_ERR_INVALID_POLICY_EXTENSION 42
2402
+ #define X509_V_ERR_NO_EXPLICIT_POLICY 43
2403
+ #define X509_V_ERR_DIFFERENT_CRL_SCOPE 44
2404
+ #define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45
2405
+ #define X509_V_ERR_UNNESTED_RESOURCE 46
2406
+ #define X509_V_ERR_PERMITTED_VIOLATION 47
2407
+ #define X509_V_ERR_EXCLUDED_VIOLATION 48
2408
+ #define X509_V_ERR_SUBTREE_MINMAX 49
2409
+ #define X509_V_ERR_APPLICATION_VERIFICATION 50
2410
+ #define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51
2411
+ #define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52
2412
+ #define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53
2413
+ #define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54
2414
+ #define X509_V_ERR_HOSTNAME_MISMATCH 62
2415
+ #define X509_V_ERR_EMAIL_MISMATCH 63
2416
+ #define X509_V_ERR_IP_ADDRESS_MISMATCH 64
2417
+ #define X509_V_ERR_INVALID_CALL 65
2418
+ #define X509_V_ERR_STORE_LOOKUP 66
2419
+ #define X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS 67
1618
2420
 
1619
- // NETSCAPE_SPKAC is an |ASN1_ITEM| whose ASN.1 type is PublicKeyAndChallenge
1620
- // and C type is |NETSCAPE_SPKAC*|.
1621
- DECLARE_ASN1_ITEM(NETSCAPE_SPKAC)
2421
+ // X509_STORE_CTX_get_error, after |X509_verify_cert| returns, returns
2422
+ // |X509_V_OK| if verification succeeded or an |X509_V_ERR_*| describing why
2423
+ // verification failed. This will be consistent with |X509_verify_cert|'s return
2424
+ // value, unless the caller used the deprecated verification callback (see
2425
+ // |X509_STORE_CTX_set_verify_cb|) in a way that breaks |ctx|'s invariants.
2426
+ //
2427
+ // If called during the deprecated verification callback when |ok| is zero, it
2428
+ // returns the current error under consideration.
2429
+ OPENSSL_EXPORT int X509_STORE_CTX_get_error(const X509_STORE_CTX *ctx);
1622
2430
 
1623
- // NETSCAPE_SPKAC_new returns a newly-allocated, empty |NETSCAPE_SPKAC| object,
1624
- // or NULL on error.
1625
- OPENSSL_EXPORT NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void);
2431
+ // X509_STORE_CTX_set_error sets |ctx|'s error to |err|, which should be
2432
+ // |X509_V_OK| or an |X509_V_ERR_*| constant. It is not expected to be called in
2433
+ // typical |X509_STORE_CTX| usage, but may be used in callback APIs where
2434
+ // applications synthesize |X509_STORE_CTX| error conditions. See also
2435
+ // |X509_STORE_CTX_set_verify_cb| and |SSL_CTX_set_cert_verify_callback|.
2436
+ OPENSSL_EXPORT void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err);
1626
2437
 
1627
- // NETSCAPE_SPKAC_free releases memory associated with |spkac|.
1628
- OPENSSL_EXPORT void NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *spkac);
2438
+ // X509_verify_cert_error_string returns |err| as a human-readable string, where
2439
+ // |err| should be one of the |X509_V_*| values. If |err| is unknown, it returns
2440
+ // a default description.
2441
+ OPENSSL_EXPORT const char *X509_verify_cert_error_string(long err);
1629
2442
 
1630
- // d2i_NETSCAPE_SPKAC parses up to |len| bytes from |*inp| as a DER-encoded
1631
- // PublicKeyAndChallenge structure, as described in |d2i_SAMPLE|.
1632
- OPENSSL_EXPORT NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **out,
1633
- const uint8_t **inp,
1634
- long len);
2443
+ // X509_STORE_CTX_get_error_depth returns the depth at which the error returned
2444
+ // by |X509_STORE_CTX_get_error| occured. This is zero-indexed integer into the
2445
+ // certificate chain. Zero indicates the target certificate, one its issuer, and
2446
+ // so on.
2447
+ OPENSSL_EXPORT int X509_STORE_CTX_get_error_depth(const X509_STORE_CTX *ctx);
1635
2448
 
1636
- // i2d_NETSCAPE_SPKAC marshals |spkac| as a DER-encoded PublicKeyAndChallenge
1637
- // structure, as described in |i2d_SAMPLE|.
1638
- OPENSSL_EXPORT int i2d_NETSCAPE_SPKAC(const NETSCAPE_SPKAC *spkac,
1639
- uint8_t **outp);
2449
+ // X509_STORE_CTX_get_current_cert returns the certificate which caused the
2450
+ // error returned by |X509_STORE_CTX_get_error|.
2451
+ OPENSSL_EXPORT X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx);
1640
2452
 
2453
+ // X509_STORE_CTX_get0_current_crl returns the CRL which caused the error
2454
+ // returned by |X509_STORE_CTX_get_error|.
2455
+ OPENSSL_EXPORT X509_CRL *X509_STORE_CTX_get0_current_crl(
2456
+ const X509_STORE_CTX *ctx);
1641
2457
 
1642
- // Printing functions.
1643
- //
1644
- // The following functions output human-readable representations of
1645
- // X.509-related structures. They should only be used for debugging or logging
1646
- // and not parsed programmatically. In many cases, the outputs are ambiguous, so
1647
- // attempting to parse them can lead to string injection vulnerabilities.
2458
+ // X509_STORE_CTX_get0_store returns the |X509_STORE| that |ctx| uses.
2459
+ OPENSSL_EXPORT X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
1648
2460
 
1649
- // The following flags control |X509_print_ex| and |X509_REQ_print_ex|.
2461
+ // X509_STORE_CTX_get0_cert returns the leaf certificate that |ctx| is
2462
+ // verifying.
2463
+ OPENSSL_EXPORT X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
1650
2464
 
1651
- // X509_FLAG_COMPAT disables all flags. It additionally causes names to be
1652
- // printed with a 16-byte indent.
1653
- #define X509_FLAG_COMPAT 0
2465
+ // X509_STORE_CTX_get0_untrusted returns the stack of untrusted intermediates
2466
+ // used by |ctx| for certificate verification.
2467
+ OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(
2468
+ const X509_STORE_CTX *ctx);
1654
2469
 
1655
- // X509_FLAG_NO_HEADER skips a header identifying the type of object printed.
1656
- #define X509_FLAG_NO_HEADER 1L
2470
+ // X509_STORE_CTX_set0_trusted_stack configures |ctx| to trust the certificates
2471
+ // in |sk|. |sk| must remain valid for the duration of |ctx|. Calling this
2472
+ // function causes |ctx| to ignore any certificates configured in the
2473
+ // |X509_STORE|. Certificates in |sk| are still subject to the check described
2474
+ // in |X509_VERIFY_PARAM_set_trust|.
2475
+ //
2476
+ // WARNING: This function differs from most |set0| functions in that it does not
2477
+ // take ownership of its input. The caller is required to ensure the lifetimes
2478
+ // are consistent.
2479
+ OPENSSL_EXPORT void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx,
2480
+ STACK_OF(X509) *sk);
1657
2481
 
1658
- // X509_FLAG_NO_VERSION skips printing the X.509 version number.
1659
- #define X509_FLAG_NO_VERSION (1L << 1)
2482
+ // X509_STORE_CTX_set0_crls configures |ctx| to consider the CRLs in |sk| as
2483
+ // candidates for CRL lookup. |sk| must remain valid for the duration of |ctx|.
2484
+ // These CRLs are considered in addition to CRLs found in |X509_STORE|.
2485
+ //
2486
+ // WARNING: This function differs from most |set0| functions in that it does not
2487
+ // take ownership of its input. The caller is required to ensure the lifetimes
2488
+ // are consistent.
2489
+ OPENSSL_EXPORT void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx,
2490
+ STACK_OF(X509_CRL) *sk);
1660
2491
 
1661
- // X509_FLAG_NO_SERIAL skips printing the serial number. It is ignored in
1662
- // |X509_REQ_print_fp|.
1663
- #define X509_FLAG_NO_SERIAL (1L << 2)
2492
+ // X509_STORE_CTX_set_default looks up the set of parameters named |name| and
2493
+ // applies those default verification parameters for |ctx|. As in
2494
+ // |X509_VERIFY_PARAM_inherit|, only unset parameters are changed. This function
2495
+ // returns one on success and zero on error.
2496
+ //
2497
+ // The supported values of |name| are:
2498
+ // - "default" is an internal value which configures some late defaults. See the
2499
+ // discussion in |X509_STORE_get0_param|.
2500
+ // - "pkcs7" configures default trust and purpose checks for PKCS#7 signatures.
2501
+ // - "smime_sign" configures trust and purpose checks for S/MIME signatures.
2502
+ // - "ssl_client" configures trust and purpose checks for TLS clients.
2503
+ // - "ssl_server" configures trust and purpose checks for TLS servers.
2504
+ //
2505
+ // TODO(crbug.com/boringssl/441): Make "default" a no-op.
2506
+ OPENSSL_EXPORT int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx,
2507
+ const char *name);
1664
2508
 
1665
- // X509_FLAG_NO_SIGNAME skips printing the signature algorithm in the
1666
- // TBSCertificate. It is ignored in |X509_REQ_print_fp|.
1667
- #define X509_FLAG_NO_SIGNAME (1L << 3)
2509
+ // X509_STORE_CTX_get0_param returns |ctx|'s verification parameters. This
2510
+ // object is mutable and may be modified by the caller.
2511
+ OPENSSL_EXPORT X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(
2512
+ X509_STORE_CTX *ctx);
1668
2513
 
1669
- // X509_FLAG_NO_ISSUER skips printing the issuer.
1670
- #define X509_FLAG_NO_ISSUER (1L << 4)
2514
+ // X509_STORE_CTX_set0_param returns |ctx|'s verification parameters to |param|
2515
+ // and takes ownership of |param|. After this function returns, the caller
2516
+ // should not free |param|.
2517
+ //
2518
+ // WARNING: This function discards any values which were previously applied in
2519
+ // |ctx|, including the "default" parameters applied late in
2520
+ // |X509_STORE_CTX_init|. These late defaults are not applied to parameters
2521
+ // created standalone by |X509_VERIFY_PARAM_new|.
2522
+ //
2523
+ // TODO(crbug.com/boringssl/441): This behavior is very surprising. Should we
2524
+ // re-apply the late defaults in |param|, or somehow avoid this notion of late
2525
+ // defaults altogether?
2526
+ OPENSSL_EXPORT void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx,
2527
+ X509_VERIFY_PARAM *param);
1671
2528
 
1672
- // X509_FLAG_NO_VALIDITY skips printing the notBefore and notAfter times. It is
1673
- // ignored in |X509_REQ_print_fp|.
1674
- #define X509_FLAG_NO_VALIDITY (1L << 5)
2529
+ // X509_STORE_CTX_set_flags enables all values in |flags| in |ctx|'s
2530
+ // verification flags. |flags| should be a combination of |X509_V_FLAG_*|
2531
+ // constants.
2532
+ OPENSSL_EXPORT void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx,
2533
+ unsigned long flags);
1675
2534
 
1676
- // X509_FLAG_NO_SUBJECT skips printing the subject.
1677
- #define X509_FLAG_NO_SUBJECT (1L << 6)
2535
+ // X509_STORE_CTX_set_time configures certificate verification to use |t|
2536
+ // instead of the current time. |flags| is ignored and should be zero.
2537
+ OPENSSL_EXPORT void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx,
2538
+ unsigned long flags, time_t t);
2539
+
2540
+ // X509_STORE_CTX_set_time_posix configures certificate verification to use |t|
2541
+ // instead of the current time. |t| is interpreted as a POSIX timestamp in
2542
+ // seconds. |flags| is ignored and should be zero.
2543
+ OPENSSL_EXPORT void X509_STORE_CTX_set_time_posix(X509_STORE_CTX *ctx,
2544
+ unsigned long flags,
2545
+ int64_t t);
2546
+
2547
+ // X509_STORE_CTX_set_depth configures |ctx| to, by default, limit certificate
2548
+ // chains to |depth| intermediate certificates. This count excludes both the
2549
+ // target certificate and the trust anchor (root certificate).
2550
+ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
2551
+
2552
+ // X509_STORE_CTX_set_purpose simultaneously configures |ctx|'s purpose and
2553
+ // trust checks, if unset. It returns one on success and zero if |purpose| is
2554
+ // not a valid purpose value. |purpose| should be an |X509_PURPOSE_*| constant.
2555
+ // If so, it configures |ctx| with a purpose check of |purpose| and a trust
2556
+ // check of |purpose|'s corresponding trust value. If either the purpose or
2557
+ // trust check had already been specified for |ctx|, that corresponding
2558
+ // modification is silently dropped.
2559
+ //
2560
+ // See |X509_VERIFY_PARAM_set_purpose| and |X509_VERIFY_PARAM_set_trust| for
2561
+ // details on the purpose and trust checks, respectively.
2562
+ //
2563
+ // If |purpose| is |X509_PURPOSE_ANY|, this function returns an error because it
2564
+ // has no corresponding |X509_TRUST_*| value. It is not possible to set
2565
+ // |X509_PURPOSE_ANY| with this function, only |X509_VERIFY_PARAM_set_purpose|.
2566
+ //
2567
+ // WARNING: Unlike similarly named functions in this header, this function
2568
+ // silently does not behave the same as |X509_VERIFY_PARAM_set_purpose|. Callers
2569
+ // may use |X509_VERIFY_PARAM_set_purpose| with |X509_STORE_CTX_get0_param| to
2570
+ // avoid this difference.
2571
+ OPENSSL_EXPORT int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
2572
+
2573
+ // X509_STORE_CTX_set_trust configures |ctx|'s trust check, if unset. It returns
2574
+ // one on success and zero if |trust| is not a valid trust value. |trust| should
2575
+ // be an |X509_TRUST_*| constant. If so, it configures |ctx| with a trust check
2576
+ // of |trust|. If the trust check had already been specified for |ctx|, it
2577
+ // silently does nothing.
2578
+ //
2579
+ // See |X509_VERIFY_PARAM_set_trust| for details on the purpose and trust check.
2580
+ //
2581
+ // WARNING: Unlike similarly named functions in this header, this function
2582
+ // does not behave the same as |X509_VERIFY_PARAM_set_trust|. Callers may use
2583
+ // |X509_VERIFY_PARAM_set_trust| with |X509_STORE_CTX_get0_param| to avoid this
2584
+ // difference.
2585
+ OPENSSL_EXPORT int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
2586
+
2587
+
2588
+ // Verification parameters.
2589
+ //
2590
+ // An |X509_VERIFY_PARAM| contains a set of parameters for certificate
2591
+ // verification.
2592
+
2593
+ // X509_VERIFY_PARAM_new returns a newly-allocated |X509_VERIFY_PARAM|, or NULL
2594
+ // on error.
2595
+ OPENSSL_EXPORT X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
2596
+
2597
+ // X509_VERIFY_PARAM_free releases memory associated with |param|.
2598
+ OPENSSL_EXPORT void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param);
2599
+
2600
+ // X509_VERIFY_PARAM_inherit applies |from| as the default values for |to|. That
2601
+ // is, for each parameter that is unset in |to|, it copies the value in |from|.
2602
+ // This function returns one on success and zero on error.
2603
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to,
2604
+ const X509_VERIFY_PARAM *from);
2605
+
2606
+ // X509_VERIFY_PARAM_set1 copies parameters from |from| to |to|. If a parameter
2607
+ // is unset in |from|, the existing value in |to| is preserved. This function
2608
+ // returns one on success and zero on error.
2609
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
2610
+ const X509_VERIFY_PARAM *from);
2611
+
2612
+ // X509_VERIFY_PARAM_set_flags enables all values in |flags| in |param|'s
2613
+ // verification flags and returns one. |flags| should be a combination of
2614
+ // |X509_V_FLAG_*| constants.
2615
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param,
2616
+ unsigned long flags);
2617
+
2618
+ // X509_VERIFY_PARAM_clear_flags disables all values in |flags| in |param|'s
2619
+ // verification flags and returns one. |flags| should be a combination of
2620
+ // |X509_V_FLAG_*| constants.
2621
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
2622
+ unsigned long flags);
2623
+
2624
+ // X509_VERIFY_PARAM_get_flags returns |param|'s verification flags.
2625
+ OPENSSL_EXPORT unsigned long X509_VERIFY_PARAM_get_flags(
2626
+ const X509_VERIFY_PARAM *param);
2627
+
2628
+ // X509_VERIFY_PARAM_set_depth configures |param| to limit certificate chains to
2629
+ // |depth| intermediate certificates. This count excludes both the target
2630
+ // certificate and the trust anchor (root certificate).
2631
+ OPENSSL_EXPORT void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param,
2632
+ int depth);
2633
+
2634
+ // X509_VERIFY_PARAM_get_depth returns the maximum depth configured in |param|.
2635
+ // See |X509_VERIFY_PARAM_set_depth|.
2636
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
2637
+
2638
+ // X509_VERIFY_PARAM_set_time configures certificate verification to use |t|
2639
+ // instead of the current time.
2640
+ OPENSSL_EXPORT void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param,
2641
+ time_t t);
2642
+
2643
+ // X509_VERIFY_PARAM_set_time_posix configures certificate verification to use
2644
+ // |t| instead of the current time. |t| is interpreted as a POSIX timestamp in
2645
+ // seconds.
2646
+ OPENSSL_EXPORT void X509_VERIFY_PARAM_set_time_posix(X509_VERIFY_PARAM *param,
2647
+ int64_t t);
2648
+
2649
+ // X509_VERIFY_PARAM_add0_policy adds |policy| to the user-initial-policy-set
2650
+ // (see Section 6.1.1 of RFC 5280). On success, it takes ownership of
2651
+ // |policy| and returns one. Otherwise, it returns zero and the caller retains
2652
+ // owneship of |policy|.
2653
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
2654
+ ASN1_OBJECT *policy);
2655
+
2656
+ // X509_VERIFY_PARAM_set1_policies sets the user-initial-policy-set (see
2657
+ // Section 6.1.1 of RFC 5280) to a copy of |policies|. It returns one on success
2658
+ // and zero on error.
2659
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_policies(
2660
+ X509_VERIFY_PARAM *param, const STACK_OF(ASN1_OBJECT) *policies);
2661
+
2662
+ // X509_VERIFY_PARAM_set1_host configures |param| to check for the DNS name
2663
+ // specified by |name|. It returns one on success and zero on error.
2664
+ //
2665
+ // By default, both subject alternative names and the subject's common name
2666
+ // attribute are checked. The latter has long been deprecated, so callers should
2667
+ // call |X509_VERIFY_PARAM_set_hostflags| with
2668
+ // |X509_CHECK_FLAG_NEVER_CHECK_SUBJECT| to use the standard behavior.
2669
+ // https://crbug.com/boringssl/464 tracks fixing the default.
2670
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
2671
+ const char *name,
2672
+ size_t name_len);
2673
+
2674
+ // X509_VERIFY_PARAM_add1_host adds |name| to the list of names checked by
2675
+ // |param|. If any configured DNS name matches the certificate, verification
2676
+ // succeeds. It returns one on success and zero on error.
2677
+ //
2678
+ // By default, both subject alternative names and the subject's common name
2679
+ // attribute are checked. The latter has long been deprecated, so callers should
2680
+ // call |X509_VERIFY_PARAM_set_hostflags| with
2681
+ // |X509_CHECK_FLAG_NEVER_CHECK_SUBJECT| to use the standard behavior.
2682
+ // https://crbug.com/boringssl/464 tracks fixing the default.
2683
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
2684
+ const char *name,
2685
+ size_t name_len);
2686
+
2687
+ // X509_CHECK_FLAG_NO_WILDCARDS disables wildcard matching for DNS names.
2688
+ #define X509_CHECK_FLAG_NO_WILDCARDS 0x2
2689
+
2690
+ // X509_CHECK_FLAG_NEVER_CHECK_SUBJECT disables the subject fallback, normally
2691
+ // enabled when subjectAltNames is missing.
2692
+ #define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20
2693
+
2694
+ // X509_VERIFY_PARAM_set_hostflags sets the name-checking flags on |param| to
2695
+ // |flags|. |flags| should be a combination of |X509_CHECK_FLAG_*| constants.
2696
+ OPENSSL_EXPORT void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
2697
+ unsigned int flags);
2698
+
2699
+ // X509_VERIFY_PARAM_set1_email configures |param| to check for the email
2700
+ // address specified by |email|. It returns one on success and zero on error.
2701
+ //
2702
+ // By default, both subject alternative names and the subject's email address
2703
+ // attribute are checked. The |X509_CHECK_FLAG_NEVER_CHECK_SUBJECT| flag may be
2704
+ // used to change this behavior.
2705
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
2706
+ const char *email,
2707
+ size_t email_len);
2708
+
2709
+ // X509_VERIFY_PARAM_set1_ip configures |param| to check for the IP address
2710
+ // specified by |ip|. It returns one on success and zero on error. The IP
2711
+ // address is specified in its binary representation. |ip_len| must be 4 for an
2712
+ // IPv4 address and 16 for an IPv6 address.
2713
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
2714
+ const uint8_t *ip, size_t ip_len);
2715
+
2716
+ // X509_VERIFY_PARAM_set1_ip_asc decodes |ipasc| as the ASCII representation of
2717
+ // an IPv4 or IPv6 address, and configures |param| to check for it. It returns
2718
+ // one on success and zero on error.
2719
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param,
2720
+ const char *ipasc);
2721
+
2722
+ // X509_PURPOSE_SSL_CLIENT validates TLS client certificates. It checks for the
2723
+ // id-kp-clientAuth EKU and one of digitalSignature or keyAgreement key usages.
2724
+ // The TLS library is expected to check for the key usage specific to the
2725
+ // negotiated TLS parameters.
2726
+ #define X509_PURPOSE_SSL_CLIENT 1
2727
+ // X509_PURPOSE_SSL_SERVER validates TLS server certificates. It checks for the
2728
+ // id-kp-clientAuth EKU and one of digitalSignature, keyAgreement, or
2729
+ // keyEncipherment key usages. The TLS library is expected to check for the key
2730
+ // usage specific to the negotiated TLS parameters.
2731
+ #define X509_PURPOSE_SSL_SERVER 2
2732
+ // X509_PURPOSE_NS_SSL_SERVER is a legacy mode. It behaves like
2733
+ // |X509_PURPOSE_SSL_SERVER|, but only accepts the keyEncipherment key usage,
2734
+ // used by SSL 2.0 and RSA key exchange. Do not use this.
2735
+ #define X509_PURPOSE_NS_SSL_SERVER 3
2736
+ // X509_PURPOSE_SMIME_SIGN validates S/MIME signing certificates. It checks for
2737
+ // the id-kp-emailProtection EKU and one of digitalSignature or nonRepudiation
2738
+ // key usages.
2739
+ #define X509_PURPOSE_SMIME_SIGN 4
2740
+ // X509_PURPOSE_SMIME_ENCRYPT validates S/MIME encryption certificates. It
2741
+ // checks for the id-kp-emailProtection EKU and keyEncipherment key usage.
2742
+ #define X509_PURPOSE_SMIME_ENCRYPT 5
2743
+ // X509_PURPOSE_CRL_SIGN validates indirect CRL signers. It checks for the
2744
+ // cRLSign key usage. BoringSSL does not support indirect CRLs and does not use
2745
+ // this mode.
2746
+ #define X509_PURPOSE_CRL_SIGN 6
2747
+ // X509_PURPOSE_ANY performs no EKU or key usage checks. Such checks are the
2748
+ // responsibility of the caller.
2749
+ #define X509_PURPOSE_ANY 7
2750
+ // X509_PURPOSE_OCSP_HELPER performs no EKU or key usage checks. It was
2751
+ // historically used in OpenSSL's OCSP implementation, which left those checks
2752
+ // to the OCSP implementation itself.
2753
+ #define X509_PURPOSE_OCSP_HELPER 8
2754
+ // X509_PURPOSE_TIMESTAMP_SIGN validates Time Stamping Authority (RFC 3161)
2755
+ // certificates. It checks for the id-kp-timeStamping EKU and one of
2756
+ // digitalSignature or nonRepudiation key usages. It additionally checks that
2757
+ // the EKU extension is critical and that no other EKUs or key usages are
2758
+ // asserted.
2759
+ #define X509_PURPOSE_TIMESTAMP_SIGN 9
2760
+
2761
+ // X509_VERIFY_PARAM_set_purpose configures |param| to validate certificates for
2762
+ // a specified purpose. It returns one on success and zero if |purpose| is not a
2763
+ // valid purpose type. |purpose| should be one of the |X509_PURPOSE_*| values.
2764
+ //
2765
+ // This option controls checking the extended key usage (EKU) and key usage
2766
+ // extensions. These extensions specify how a certificate's public key may be
2767
+ // used and are important to avoid cross-protocol attacks, particularly in PKIs
2768
+ // that may issue certificates for multiple protocols, or for protocols that use
2769
+ // keys in multiple ways. If not configured, these security checks are the
2770
+ // caller's responsibility.
2771
+ //
2772
+ // This library applies the EKU checks to all untrusted intermediates. Although
2773
+ // not defined in RFC 5280, this matches widely-deployed practice. It also does
2774
+ // not accept anyExtendedKeyUsage.
2775
+ //
2776
+ // Many purpose values have a corresponding trust value, which is not configured
2777
+ // by this function. See |X509_VERIFY_PARAM_set_trust| for details. Callers
2778
+ // that wish to configure both should either call both functions, or use
2779
+ // |X509_STORE_CTX_set_purpose|.
2780
+ //
2781
+ // It is currently not possible to configure custom EKU OIDs or key usage bits.
2782
+ // Contact the BoringSSL maintainers if your application needs to do so. OpenSSL
2783
+ // had an |X509_PURPOSE_add| API, but it was not thread-safe and relied on
2784
+ // global mutable state, so we removed it.
2785
+ //
2786
+ // TODO(davidben): This function additionally configures checking the legacy
2787
+ // Netscape certificate type extension. Remove this.
2788
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param,
2789
+ int purpose);
2790
+
2791
+ // X509_TRUST_COMPAT evaluates trust using only the self-signed fallback. Trust
2792
+ // and distrust OIDs are ignored.
2793
+ #define X509_TRUST_COMPAT 1
2794
+ // X509_TRUST_SSL_CLIENT evaluates trust with the |NID_client_auth| OID, for
2795
+ // validating TLS client certificates.
2796
+ #define X509_TRUST_SSL_CLIENT 2
2797
+ // X509_TRUST_SSL_SERVER evaluates trust with the |NID_server_auth| OID, for
2798
+ // validating TLS server certificates.
2799
+ #define X509_TRUST_SSL_SERVER 3
2800
+ // X509_TRUST_EMAIL evaluates trust with the |NID_email_protect| OID, for
2801
+ // validating S/MIME email certificates.
2802
+ #define X509_TRUST_EMAIL 4
2803
+ // X509_TRUST_OBJECT_SIGN evaluates trust with the |NID_code_sign| OID, for
2804
+ // validating code signing certificates.
2805
+ #define X509_TRUST_OBJECT_SIGN 5
2806
+ // X509_TRUST_TSA evaluates trust with the |NID_time_stamp| OID, for validating
2807
+ // Time Stamping Authority (RFC 3161) certificates.
2808
+ #define X509_TRUST_TSA 8
2809
+
2810
+ // X509_VERIFY_PARAM_set_trust configures which certificates from |X509_STORE|
2811
+ // are trust anchors. It returns one on success and zero if |trust| is not a
2812
+ // valid trust value. |trust| should be one of the |X509_TRUST_*| constants.
2813
+ // This function allows applications to vary trust anchors when the same set of
2814
+ // trusted certificates is used in multiple contexts.
2815
+ //
2816
+ // Two properties determine whether a certificate is a trust anchor:
2817
+ //
2818
+ // - Whether it is trusted or distrusted for some OID, via auxiliary information
2819
+ // configured by |X509_add1_trust_object| or |X509_add1_reject_object|.
2820
+ //
2821
+ // - Whether it is "self-signed". That is, whether |X509_get_extension_flags|
2822
+ // includes |EXFLAG_SS|. The signature itself is not checked.
2823
+ //
2824
+ // When this function is called, |trust| determines the OID to check in the
2825
+ // first case. If the certificate is not explicitly trusted or distrusted for
2826
+ // any OID, it is trusted if self-signed instead.
2827
+ //
2828
+ // If unset, the default behavior is to check for the |NID_anyExtendedKeyUsage|
2829
+ // OID. If the certificate is not explicitly trusted or distrusted for this OID,
2830
+ // it is trusted if self-signed instead. Note this slightly differs from the
2831
+ // above.
2832
+ //
2833
+ // It is currently not possible to configure custom trust OIDs. Contact the
2834
+ // BoringSSL maintainers if your application needs to do so. OpenSSL had an
2835
+ // |X509_TRUST_add| API, but it was not thread-safe and relied on global mutable
2836
+ // state, so we removed it.
2837
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param,
2838
+ int trust);
2839
+
2840
+
2841
+ // SignedPublicKeyAndChallenge structures.
2842
+ //
2843
+ // The SignedPublicKeyAndChallenge (SPKAC) is a legacy structure to request
2844
+ // certificates, primarily in the legacy <keygen> HTML tag. An SPKAC structure
2845
+ // is represented by a |NETSCAPE_SPKI| structure.
2846
+ //
2847
+ // The structure is described in
2848
+ // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/keygen
2849
+
2850
+ // A Netscape_spki_st, or |NETSCAPE_SPKI|, represents a
2851
+ // SignedPublicKeyAndChallenge structure. Although this structure contains a
2852
+ // |spkac| field of type |NETSCAPE_SPKAC|, these are misnamed. The SPKAC is the
2853
+ // entire structure, not the signed portion.
2854
+ struct Netscape_spki_st {
2855
+ NETSCAPE_SPKAC *spkac;
2856
+ X509_ALGOR *sig_algor;
2857
+ ASN1_BIT_STRING *signature;
2858
+ } /* NETSCAPE_SPKI */;
2859
+
2860
+ // NETSCAPE_SPKI_new returns a newly-allocated, empty |NETSCAPE_SPKI| object, or
2861
+ // NULL on error.
2862
+ OPENSSL_EXPORT NETSCAPE_SPKI *NETSCAPE_SPKI_new(void);
2863
+
2864
+ // NETSCAPE_SPKI_free releases memory associated with |spki|.
2865
+ OPENSSL_EXPORT void NETSCAPE_SPKI_free(NETSCAPE_SPKI *spki);
2866
+
2867
+ // d2i_NETSCAPE_SPKI parses up to |len| bytes from |*inp| as a DER-encoded
2868
+ // SignedPublicKeyAndChallenge structure, as described in |d2i_SAMPLE|.
2869
+ OPENSSL_EXPORT NETSCAPE_SPKI *d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **out,
2870
+ const uint8_t **inp, long len);
2871
+
2872
+ // i2d_NETSCAPE_SPKI marshals |spki| as a DER-encoded
2873
+ // SignedPublicKeyAndChallenge structure, as described in |i2d_SAMPLE|.
2874
+ OPENSSL_EXPORT int i2d_NETSCAPE_SPKI(const NETSCAPE_SPKI *spki, uint8_t **outp);
2875
+
2876
+ // NETSCAPE_SPKI_verify checks that |spki| has a valid signature by |pkey|. It
2877
+ // returns one if the signature is valid and zero otherwise.
2878
+ OPENSSL_EXPORT int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *spki, EVP_PKEY *pkey);
2879
+
2880
+ // NETSCAPE_SPKI_b64_decode decodes |len| bytes from |str| as a base64-encoded
2881
+ // SignedPublicKeyAndChallenge structure. It returns a newly-allocated
2882
+ // |NETSCAPE_SPKI| structure with the result, or NULL on error. If |len| is 0 or
2883
+ // negative, the length is calculated with |strlen| and |str| must be a
2884
+ // NUL-terminated C string.
2885
+ OPENSSL_EXPORT NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str,
2886
+ ossl_ssize_t len);
2887
+
2888
+ // NETSCAPE_SPKI_b64_encode encodes |spki| as a base64-encoded
2889
+ // SignedPublicKeyAndChallenge structure. It returns a newly-allocated
2890
+ // NUL-terminated C string with the result, or NULL on error. The caller must
2891
+ // release the memory with |OPENSSL_free| when done.
2892
+ OPENSSL_EXPORT char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki);
2893
+
2894
+ // NETSCAPE_SPKI_get_pubkey decodes and returns the public key in |spki| as an
2895
+ // |EVP_PKEY|, or NULL on error. The caller takes ownership of the resulting
2896
+ // pointer and must call |EVP_PKEY_free| when done.
2897
+ OPENSSL_EXPORT EVP_PKEY *NETSCAPE_SPKI_get_pubkey(const NETSCAPE_SPKI *spki);
2898
+
2899
+ // NETSCAPE_SPKI_set_pubkey sets |spki|'s public key to |pkey|. It returns one
2900
+ // on success or zero on error. This function does not take ownership of |pkey|,
2901
+ // so the caller may continue to manage its lifetime independently of |spki|.
2902
+ OPENSSL_EXPORT int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *spki,
2903
+ EVP_PKEY *pkey);
2904
+
2905
+ // NETSCAPE_SPKI_sign signs |spki| with |pkey| and replaces the signature
2906
+ // algorithm and signature fields. It returns the length of the signature on
2907
+ // success and zero on error. This function uses digest algorithm |md|, or
2908
+ // |pkey|'s default if NULL. Other signing parameters use |pkey|'s defaults.
2909
+ OPENSSL_EXPORT int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *spki, EVP_PKEY *pkey,
2910
+ const EVP_MD *md);
2911
+
2912
+ // A Netscape_spkac_st, or |NETSCAPE_SPKAC|, represents a PublicKeyAndChallenge
2913
+ // structure. This type is misnamed. The full SPKAC includes the signature,
2914
+ // which is represented with the |NETSCAPE_SPKI| type.
2915
+ struct Netscape_spkac_st {
2916
+ X509_PUBKEY *pubkey;
2917
+ ASN1_IA5STRING *challenge;
2918
+ } /* NETSCAPE_SPKAC */;
2919
+
2920
+ // NETSCAPE_SPKAC_new returns a newly-allocated, empty |NETSCAPE_SPKAC| object,
2921
+ // or NULL on error.
2922
+ OPENSSL_EXPORT NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void);
2923
+
2924
+ // NETSCAPE_SPKAC_free releases memory associated with |spkac|.
2925
+ OPENSSL_EXPORT void NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *spkac);
2926
+
2927
+ // d2i_NETSCAPE_SPKAC parses up to |len| bytes from |*inp| as a DER-encoded
2928
+ // PublicKeyAndChallenge structure, as described in |d2i_SAMPLE|.
2929
+ OPENSSL_EXPORT NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **out,
2930
+ const uint8_t **inp,
2931
+ long len);
2932
+
2933
+ // i2d_NETSCAPE_SPKAC marshals |spkac| as a DER-encoded PublicKeyAndChallenge
2934
+ // structure, as described in |i2d_SAMPLE|.
2935
+ OPENSSL_EXPORT int i2d_NETSCAPE_SPKAC(const NETSCAPE_SPKAC *spkac,
2936
+ uint8_t **outp);
2937
+
2938
+
2939
+ // RSASSA-PSS Parameters.
2940
+ //
2941
+ // In X.509, RSASSA-PSS signatures and keys use a complex parameter structure,
2942
+ // defined in RFC 4055. The following functions are provided for compatibility
2943
+ // with some OpenSSL APIs relating to this. Use of RSASSA-PSS in X.509 is
2944
+ // discouraged. The parameters structure is very complex, and it takes more
2945
+ // bytes to merely encode parameters than an entire P-256 ECDSA signature.
2946
+
2947
+ // An rsa_pss_params_st, aka |RSA_PSS_PARAMS|, represents a parsed
2948
+ // RSASSA-PSS-params structure, as defined in (RFC 4055).
2949
+ struct rsa_pss_params_st {
2950
+ X509_ALGOR *hashAlgorithm;
2951
+ X509_ALGOR *maskGenAlgorithm;
2952
+ ASN1_INTEGER *saltLength;
2953
+ ASN1_INTEGER *trailerField;
2954
+ // OpenSSL caches the MGF hash on |RSA_PSS_PARAMS| in some cases. None of the
2955
+ // cases apply to BoringSSL, so this is always NULL, but Node expects the
2956
+ // field to be present.
2957
+ X509_ALGOR *maskHash;
2958
+ } /* RSA_PSS_PARAMS */;
2959
+
2960
+ // RSA_PSS_PARAMS is an |ASN1_ITEM| whose ASN.1 type is RSASSA-PSS-params (RFC
2961
+ // 4055) and C type is |RSA_PSS_PARAMS*|.
2962
+ DECLARE_ASN1_ITEM(RSA_PSS_PARAMS)
2963
+
2964
+ // RSA_PSS_PARAMS_new returns a new, empty |RSA_PSS_PARAMS|, or NULL on error.
2965
+ OPENSSL_EXPORT RSA_PSS_PARAMS *RSA_PSS_PARAMS_new(void);
2966
+
2967
+ // RSA_PSS_PARAMS_free releases memory associated with |params|.
2968
+ OPENSSL_EXPORT void RSA_PSS_PARAMS_free(RSA_PSS_PARAMS *params);
2969
+
2970
+ // d2i_RSA_PSS_PARAMS parses up to |len| bytes from |*inp| as a DER-encoded
2971
+ // RSASSA-PSS-params (RFC 4055), as described in |d2i_SAMPLE|.
2972
+ OPENSSL_EXPORT RSA_PSS_PARAMS *d2i_RSA_PSS_PARAMS(RSA_PSS_PARAMS **out,
2973
+ const uint8_t **inp,
2974
+ long len);
2975
+
2976
+ // i2d_RSA_PSS_PARAMS marshals |in| as a DER-encoded RSASSA-PSS-params (RFC
2977
+ // 4055), as described in |i2d_SAMPLE|.
2978
+ OPENSSL_EXPORT int i2d_RSA_PSS_PARAMS(const RSA_PSS_PARAMS *in, uint8_t **outp);
2979
+
2980
+
2981
+ // PKCS#8 private keys.
2982
+ //
2983
+ // The |PKCS8_PRIV_KEY_INFO| type represents a PKCS#8 PrivateKeyInfo (RFC 5208)
2984
+ // structure. This is analogous to SubjectPublicKeyInfo and uses the same
2985
+ // AlgorithmIdentifiers, but carries private keys and is not part of X.509
2986
+ // itself.
2987
+ //
2988
+ // TODO(davidben): Do these functions really belong in this header?
2989
+
2990
+ // PKCS8_PRIV_KEY_INFO_new returns a newly-allocated, empty
2991
+ // |PKCS8_PRIV_KEY_INFO| object, or NULL on error.
2992
+ OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void);
2993
+
2994
+ // PKCS8_PRIV_KEY_INFO_free releases memory associated with |key|.
2995
+ OPENSSL_EXPORT void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *key);
2996
+
2997
+ // d2i_PKCS8_PRIV_KEY_INFO parses up to |len| bytes from |*inp| as a DER-encoded
2998
+ // PrivateKeyInfo, as described in |d2i_SAMPLE|.
2999
+ OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(
3000
+ PKCS8_PRIV_KEY_INFO **out, const uint8_t **inp, long len);
3001
+
3002
+ // i2d_PKCS8_PRIV_KEY_INFO marshals |key| as a DER-encoded PrivateKeyInfo, as
3003
+ // described in |i2d_SAMPLE|.
3004
+ OPENSSL_EXPORT int i2d_PKCS8_PRIV_KEY_INFO(const PKCS8_PRIV_KEY_INFO *key,
3005
+ uint8_t **outp);
3006
+
3007
+ // EVP_PKCS82PKEY returns |p8| as a newly-allocated |EVP_PKEY|, or NULL if the
3008
+ // key was unsupported or could not be decoded. The caller must release the
3009
+ // result with |EVP_PKEY_free| when done.
3010
+ //
3011
+ // Use |EVP_parse_private_key| instead.
3012
+ OPENSSL_EXPORT EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8);
3013
+
3014
+ // EVP_PKEY2PKCS8 encodes |pkey| as a PKCS#8 PrivateKeyInfo (RFC 5208),
3015
+ // represented as a newly-allocated |PKCS8_PRIV_KEY_INFO|, or NULL on error. The
3016
+ // caller must release the result with |PKCS8_PRIV_KEY_INFO_free| when done.
3017
+ //
3018
+ // Use |EVP_marshal_private_key| instead.
3019
+ OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey);
3020
+
3021
+
3022
+ // Algorithm and octet string pairs.
3023
+ //
3024
+ // The |X509_SIG| type represents an ASN.1 SEQUENCE type of an
3025
+ // AlgorithmIdentifier and an OCTET STRING. Although named |X509_SIG|, there is
3026
+ // no type in X.509 which matches this format. The two common types which do are
3027
+ // DigestInfo (RFC 2315 and RFC 8017), and EncryptedPrivateKeyInfo (RFC 5208).
3028
+
3029
+ // X509_SIG_new returns a newly-allocated, empty |X509_SIG| object, or NULL on
3030
+ // error.
3031
+ OPENSSL_EXPORT X509_SIG *X509_SIG_new(void);
3032
+
3033
+ // X509_SIG_free releases memory associated with |key|.
3034
+ OPENSSL_EXPORT void X509_SIG_free(X509_SIG *key);
3035
+
3036
+ // d2i_X509_SIG parses up to |len| bytes from |*inp| as a DER-encoded algorithm
3037
+ // and octet string pair, as described in |d2i_SAMPLE|.
3038
+ OPENSSL_EXPORT X509_SIG *d2i_X509_SIG(X509_SIG **out, const uint8_t **inp,
3039
+ long len);
3040
+
3041
+ // i2d_X509_SIG marshals |sig| as a DER-encoded algorithm
3042
+ // and octet string pair, as described in |i2d_SAMPLE|.
3043
+ OPENSSL_EXPORT int i2d_X509_SIG(const X509_SIG *sig, uint8_t **outp);
3044
+
3045
+ // X509_SIG_get0 sets |*out_alg| and |*out_digest| to non-owning pointers to
3046
+ // |sig|'s algorithm and digest fields, respectively. Either |out_alg| and
3047
+ // |out_digest| may be NULL to skip those fields.
3048
+ OPENSSL_EXPORT void X509_SIG_get0(const X509_SIG *sig,
3049
+ const X509_ALGOR **out_alg,
3050
+ const ASN1_OCTET_STRING **out_digest);
3051
+
3052
+ // X509_SIG_getm behaves like |X509_SIG_get0| but returns mutable pointers.
3053
+ OPENSSL_EXPORT void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **out_alg,
3054
+ ASN1_OCTET_STRING **out_digest);
3055
+
3056
+
3057
+ // Printing functions.
3058
+ //
3059
+ // The following functions output human-readable representations of
3060
+ // X.509-related structures. They should only be used for debugging or logging
3061
+ // and not parsed programmatically. In many cases, the outputs are ambiguous, so
3062
+ // attempting to parse them can lead to string injection vulnerabilities.
3063
+
3064
+ // The following flags control |X509_print_ex| and |X509_REQ_print_ex|. These
3065
+ // flags co-exist with |X509V3_EXT_*|, so avoid collisions when adding new ones.
3066
+
3067
+ // X509_FLAG_COMPAT disables all flags. It additionally causes names to be
3068
+ // printed with a 16-byte indent.
3069
+ #define X509_FLAG_COMPAT 0
3070
+
3071
+ // X509_FLAG_NO_HEADER skips a header identifying the type of object printed.
3072
+ #define X509_FLAG_NO_HEADER 1L
3073
+
3074
+ // X509_FLAG_NO_VERSION skips printing the X.509 version number.
3075
+ #define X509_FLAG_NO_VERSION (1L << 1)
3076
+
3077
+ // X509_FLAG_NO_SERIAL skips printing the serial number. It is ignored in
3078
+ // |X509_REQ_print_fp|.
3079
+ #define X509_FLAG_NO_SERIAL (1L << 2)
3080
+
3081
+ // X509_FLAG_NO_SIGNAME skips printing the signature algorithm in the
3082
+ // TBSCertificate. It is ignored in |X509_REQ_print_fp|.
3083
+ #define X509_FLAG_NO_SIGNAME (1L << 3)
3084
+
3085
+ // X509_FLAG_NO_ISSUER skips printing the issuer.
3086
+ #define X509_FLAG_NO_ISSUER (1L << 4)
3087
+
3088
+ // X509_FLAG_NO_VALIDITY skips printing the notBefore and notAfter times. It is
3089
+ // ignored in |X509_REQ_print_fp|.
3090
+ #define X509_FLAG_NO_VALIDITY (1L << 5)
3091
+
3092
+ // X509_FLAG_NO_SUBJECT skips printing the subject.
3093
+ #define X509_FLAG_NO_SUBJECT (1L << 6)
1678
3094
 
1679
3095
  // X509_FLAG_NO_PUBKEY skips printing the public key.
1680
3096
  #define X509_FLAG_NO_PUBKEY (1L << 7)
@@ -1700,10 +3116,34 @@ OPENSSL_EXPORT int i2d_NETSCAPE_SPKAC(const NETSCAPE_SPKAC *spkac,
1700
3116
  // certificate. It is ignored in |X509_REQ_print_fp|.
1701
3117
  #define X509_FLAG_NO_IDS (1L << 12)
1702
3118
 
3119
+ // The following flags control |X509_print_ex|, |X509_REQ_print_ex|,
3120
+ // |X509V3_EXT_print|, and |X509V3_extensions_print|. These flags coexist with
3121
+ // |X509_FLAG_*|, so avoid collisions when adding new ones.
3122
+
3123
+ // X509V3_EXT_UNKNOWN_MASK is a mask that determines how unknown extensions are
3124
+ // processed.
3125
+ #define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
3126
+
3127
+ // X509V3_EXT_DEFAULT causes unknown extensions or syntax errors to return
3128
+ // failure.
3129
+ #define X509V3_EXT_DEFAULT 0
3130
+
3131
+ // X509V3_EXT_ERROR_UNKNOWN causes unknown extensions or syntax errors to print
3132
+ // as "<Not Supported>" or "<Parse Error>", respectively.
3133
+ #define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
3134
+
3135
+ // X509V3_EXT_PARSE_UNKNOWN is deprecated and behaves like
3136
+ // |X509V3_EXT_DUMP_UNKNOWN|.
3137
+ #define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
3138
+
3139
+ // X509V3_EXT_DUMP_UNKNOWN causes unknown extensions to be displayed as a
3140
+ // hexdump.
3141
+ #define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
3142
+
1703
3143
  // X509_print_ex writes a human-readable representation of |x| to |bp|. It
1704
3144
  // returns one on success and zero on error. |nmflags| is the flags parameter
1705
3145
  // for |X509_NAME_print_ex| when printing the subject and issuer. |cflag| should
1706
- // be some combination of the |X509_FLAG_*| constants.
3146
+ // be some combination of the |X509_FLAG_*| and |X509V3_EXT_*| constants.
1707
3147
  OPENSSL_EXPORT int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag,
1708
3148
  unsigned long cflag);
1709
3149
 
@@ -1728,7 +3168,7 @@ OPENSSL_EXPORT int X509_CRL_print_fp(FILE *fp, X509_CRL *x);
1728
3168
  // X509_REQ_print_ex writes a human-readable representation of |x| to |bp|. It
1729
3169
  // returns one on success and zero on error. |nmflags| is the flags parameter
1730
3170
  // for |X509_NAME_print_ex|, when printing the subject. |cflag| should be some
1731
- // combination of the |X509_FLAG_*| constants.
3171
+ // combination of the |X509_FLAG_*| and |X509V3_EXT_*| constants.
1732
3172
  OPENSSL_EXPORT int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag,
1733
3173
  unsigned long cflag);
1734
3174
 
@@ -1846,6 +3286,40 @@ OPENSSL_EXPORT int X509_signature_dump(BIO *bio, const ASN1_STRING *sig,
1846
3286
  OPENSSL_EXPORT int X509_signature_print(BIO *bio, const X509_ALGOR *alg,
1847
3287
  const ASN1_STRING *sig);
1848
3288
 
3289
+ // X509V3_EXT_print prints a human-readable representation of |ext| to out. It
3290
+ // returns one on success and zero on error. The output is indented by |indent|
3291
+ // spaces. |flag| is one of the |X509V3_EXT_*| constants and controls printing
3292
+ // of unknown extensions and syntax errors.
3293
+ //
3294
+ // WARNING: Although some applications programmatically parse the output of this
3295
+ // function to process X.509 extensions, this is not safe. In many cases, the
3296
+ // outputs are ambiguous to attempting to parse them can lead to string
3297
+ // injection vulnerabilities. These functions should only be used for debugging
3298
+ // or logging.
3299
+ OPENSSL_EXPORT int X509V3_EXT_print(BIO *out, const X509_EXTENSION *ext,
3300
+ unsigned long flag, int indent);
3301
+
3302
+ // X509V3_EXT_print_fp behaves like |X509V3_EXT_print| but writes to a |FILE|
3303
+ // instead of a |BIO|.
3304
+ OPENSSL_EXPORT int X509V3_EXT_print_fp(FILE *out, const X509_EXTENSION *ext,
3305
+ int flag, int indent);
3306
+
3307
+ // X509V3_extensions_print prints |title|, followed by a human-readable
3308
+ // representation of |exts| to |out|. It returns one on success and zero on
3309
+ // error. The output is indented by |indent| spaces. |flag| is one of the
3310
+ // |X509V3_EXT_*| constants and controls printing of unknown extensions and
3311
+ // syntax errors.
3312
+ OPENSSL_EXPORT int X509V3_extensions_print(BIO *out, const char *title,
3313
+ const STACK_OF(X509_EXTENSION) *exts,
3314
+ unsigned long flag, int indent);
3315
+
3316
+ // GENERAL_NAME_print prints a human-readable representation of |gen| to |out|.
3317
+ // It returns one on success and zero on error.
3318
+ //
3319
+ // TODO(davidben): Actually, it just returns one and doesn't check for I/O or
3320
+ // allocation errors. But it should return zero on error.
3321
+ OPENSSL_EXPORT int GENERAL_NAME_print(BIO *out, const GENERAL_NAME *gen);
3322
+
1849
3323
 
1850
3324
  // Convenience functions.
1851
3325
 
@@ -2026,6 +3500,55 @@ OPENSSL_EXPORT ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, int offset_day,
2026
3500
  // current time.
2027
3501
  OPENSSL_EXPORT ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long offset_sec);
2028
3502
 
3503
+ // X509_issuer_name_cmp behaves like |X509_NAME_cmp|, but compares |a| and |b|'s
3504
+ // issuer names.
3505
+ OPENSSL_EXPORT int X509_issuer_name_cmp(const X509 *a, const X509 *b);
3506
+
3507
+ // X509_subject_name_cmp behaves like |X509_NAME_cmp|, but compares |a| and
3508
+ // |b|'s subject names.
3509
+ OPENSSL_EXPORT int X509_subject_name_cmp(const X509 *a, const X509 *b);
3510
+
3511
+ // X509_CRL_cmp behaves like |X509_NAME_cmp|, but compares |a| and |b|'s
3512
+ // issuer names.
3513
+ //
3514
+ // WARNING: This function is misnamed. It does not compare other parts of the
3515
+ // CRL, only the issuer fields using |X509_NAME_cmp|.
3516
+ OPENSSL_EXPORT int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
3517
+
3518
+ // X509_issuer_name_hash returns the hash of |x509|'s issuer name with
3519
+ // |X509_NAME_hash|.
3520
+ //
3521
+ // This hash is specific to the |X509_LOOKUP_hash_dir| filesystem format and is
3522
+ // not suitable for general-purpose X.509 name processing. It is very short, so
3523
+ // there will be hash collisions. It also depends on an OpenSSL-specific
3524
+ // canonicalization process.
3525
+ OPENSSL_EXPORT uint32_t X509_issuer_name_hash(X509 *x509);
3526
+
3527
+ // X509_subject_name_hash returns the hash of |x509|'s subject name with
3528
+ // |X509_NAME_hash|.
3529
+ //
3530
+ // This hash is specific to the |X509_LOOKUP_hash_dir| filesystem format and is
3531
+ // not suitable for general-purpose X.509 name processing. It is very short, so
3532
+ // there will be hash collisions. It also depends on an OpenSSL-specific
3533
+ // canonicalization process.
3534
+ OPENSSL_EXPORT uint32_t X509_subject_name_hash(X509 *x509);
3535
+
3536
+ // X509_issuer_name_hash_old returns the hash of |x509|'s issuer name with
3537
+ // |X509_NAME_hash_old|.
3538
+ //
3539
+ // This hash is specific to the |X509_LOOKUP_hash_dir| filesystem format and is
3540
+ // not suitable for general-purpose X.509 name processing. It is very short, so
3541
+ // there will be hash collisions.
3542
+ OPENSSL_EXPORT uint32_t X509_issuer_name_hash_old(X509 *x509);
3543
+
3544
+ // X509_subject_name_hash_old returns the hash of |x509|'s usjbect name with
3545
+ // |X509_NAME_hash_old|.
3546
+ //
3547
+ // This hash is specific to the |X509_LOOKUP_hash_dir| filesystem format and is
3548
+ // not suitable for general-purpose X.509 name processing. It is very short, so
3549
+ // there will be hash collisions.
3550
+ OPENSSL_EXPORT uint32_t X509_subject_name_hash_old(X509 *x509);
3551
+
2029
3552
 
2030
3553
  // ex_data functions.
2031
3554
  //
@@ -2047,175 +3570,232 @@ OPENSSL_EXPORT int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx,
2047
3570
  OPENSSL_EXPORT void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx);
2048
3571
 
2049
3572
 
2050
- // Deprecated functions.
2051
-
2052
- // X509_get_notBefore returns |x509|'s notBefore time. Note this function is not
2053
- // const-correct for legacy reasons. Use |X509_get0_notBefore| or
2054
- // |X509_getm_notBefore| instead.
2055
- OPENSSL_EXPORT ASN1_TIME *X509_get_notBefore(const X509 *x509);
2056
-
2057
- // X509_get_notAfter returns |x509|'s notAfter time. Note this function is not
2058
- // const-correct for legacy reasons. Use |X509_get0_notAfter| or
2059
- // |X509_getm_notAfter| instead.
2060
- OPENSSL_EXPORT ASN1_TIME *X509_get_notAfter(const X509 *x509);
2061
-
2062
- // X509_set_notBefore calls |X509_set1_notBefore|. Use |X509_set1_notBefore|
2063
- // instead.
2064
- OPENSSL_EXPORT int X509_set_notBefore(X509 *x509, const ASN1_TIME *tm);
2065
-
2066
- // X509_set_notAfter calls |X509_set1_notAfter|. Use |X509_set1_notAfter|
2067
- // instead.
2068
- OPENSSL_EXPORT int X509_set_notAfter(X509 *x509, const ASN1_TIME *tm);
3573
+ // Hashing and signing ASN.1 structures.
2069
3574
 
2070
- // X509_CRL_get_lastUpdate returns a mutable pointer to |crl|'s thisUpdate time.
2071
- // The OpenSSL API refers to this field as lastUpdate.
3575
+ // ASN1_digest serializes |data| with |i2d| and then hashes the result with
3576
+ // |type|. On success, it returns one, writes the digest to |md|, and sets
3577
+ // |*len| to the digest length if non-NULL. On error, it returns zero.
2072
3578
  //
2073
- // Use |X509_CRL_get0_lastUpdate| or |X509_CRL_set1_lastUpdate| instead.
2074
- OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
2075
-
2076
- // X509_CRL_get_nextUpdate returns a mutable pointer to |crl|'s nextUpdate time,
2077
- // or NULL if |crl| has none. Use |X509_CRL_get0_nextUpdate| or
2078
- // |X509_CRL_set1_nextUpdate| instead.
2079
- OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl);
2080
-
2081
- // X509_extract_key is a legacy alias to |X509_get_pubkey|. Use
2082
- // |X509_get_pubkey| instead.
2083
- #define X509_extract_key(x) X509_get_pubkey(x)
2084
-
2085
- // X509_REQ_extract_key is a legacy alias for |X509_REQ_get_pubkey|.
2086
- #define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
2087
-
2088
- // X509_name_cmp is a legacy alias for |X509_NAME_cmp|.
2089
- #define X509_name_cmp(a, b) X509_NAME_cmp((a), (b))
2090
-
2091
- // The following symbols are deprecated aliases to |X509_CRL_set1_*|.
2092
- #define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
2093
- #define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
2094
-
2095
- // X509_get_serialNumber returns a mutable pointer to |x509|'s serial number.
2096
- // Prefer |X509_get0_serialNumber|.
2097
- OPENSSL_EXPORT ASN1_INTEGER *X509_get_serialNumber(X509 *x509);
2098
-
2099
- // X509_NAME_get_text_by_OBJ finds the first attribute with type |obj| in
2100
- // |name|. If found, it ignores the value's ASN.1 type, writes the raw
2101
- // |ASN1_STRING| representation to |buf|, followed by a NUL byte, and
2102
- // returns the number of bytes in output, excluding the NUL byte.
2103
- //
2104
- // This function writes at most |len| bytes, including the NUL byte. If |len| is
2105
- // not large enough, it silently truncates the output to fit. If |buf| is NULL,
2106
- // it instead writes enough and returns the number of bytes in the output,
2107
- // excluding the NUL byte.
2108
- //
2109
- // WARNING: Do not use this function. It does not return enough information for
2110
- // the caller to correctly interpret its output. The attribute value may be of
2111
- // any type, including one of several ASN.1 string encodings, but this function
2112
- // only outputs the raw |ASN1_STRING| representation. See
2113
- // https://crbug.com/boringssl/436.
2114
- OPENSSL_EXPORT int X509_NAME_get_text_by_OBJ(const X509_NAME *name,
2115
- const ASN1_OBJECT *obj, char *buf,
2116
- int len);
2117
-
2118
- // X509_NAME_get_text_by_NID behaves like |X509_NAME_get_text_by_OBJ| except it
2119
- // finds an attribute of type |nid|, which should be one of the |NID_*|
2120
- // constants.
2121
- OPENSSL_EXPORT int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid,
2122
- char *buf, int len);
2123
-
2124
-
2125
- // Private structures.
2126
-
2127
- struct X509_algor_st {
2128
- ASN1_OBJECT *algorithm;
2129
- ASN1_TYPE *parameter;
2130
- } /* X509_ALGOR */;
2131
-
2132
-
2133
- // Functions below this point have not yet been organized into sections.
2134
-
2135
- #define X509_FILETYPE_PEM 1
2136
- #define X509_FILETYPE_ASN1 2
2137
- #define X509_FILETYPE_DEFAULT 3
2138
-
2139
- #define X509v3_KU_DIGITAL_SIGNATURE 0x0080
2140
- #define X509v3_KU_NON_REPUDIATION 0x0040
2141
- #define X509v3_KU_KEY_ENCIPHERMENT 0x0020
2142
- #define X509v3_KU_DATA_ENCIPHERMENT 0x0010
2143
- #define X509v3_KU_KEY_AGREEMENT 0x0008
2144
- #define X509v3_KU_KEY_CERT_SIGN 0x0004
2145
- #define X509v3_KU_CRL_SIGN 0x0002
2146
- #define X509v3_KU_ENCIPHER_ONLY 0x0001
2147
- #define X509v3_KU_DECIPHER_ONLY 0x8000
2148
- #define X509v3_KU_UNDEF 0xffff
2149
-
2150
- // This stuff is certificate "auxiliary info"
2151
- // it contains details which are useful in certificate
2152
- // stores and databases. When used this is tagged onto
2153
- // the end of the certificate itself
2154
-
2155
- DECLARE_STACK_OF(DIST_POINT)
2156
- DECLARE_STACK_OF(GENERAL_NAME)
3579
+ // |EVP_MD_CTX_size| bytes are written, which is at most |EVP_MAX_MD_SIZE|. The
3580
+ // buffer must have sufficient space for this output.
3581
+ OPENSSL_EXPORT int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
3582
+ unsigned char *md, unsigned int *len);
2157
3583
 
2158
- // This is used for a table of trust checking functions
3584
+ // ASN1_item_digest serializes |data| with |it| and then hashes the result with
3585
+ // |type|. On success, it returns one, writes the digest to |md|, and sets
3586
+ // |*len| to the digest length if non-NULL. On error, it returns zero.
3587
+ //
3588
+ // |EVP_MD_CTX_size| bytes are written, which is at most |EVP_MAX_MD_SIZE|. The
3589
+ // buffer must have sufficient space for this output.
3590
+ //
3591
+ // WARNING: |data| must be a pointer with the same type as |it|'s corresponding
3592
+ // C type. Using the wrong type is a potentially exploitable memory error.
3593
+ OPENSSL_EXPORT int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type,
3594
+ void *data, unsigned char *md,
3595
+ unsigned int *len);
2159
3596
 
2160
- struct x509_trust_st {
2161
- int trust;
2162
- int flags;
2163
- int (*check_trust)(struct x509_trust_st *, X509 *, int);
2164
- char *name;
2165
- int arg1;
2166
- void *arg2;
2167
- } /* X509_TRUST */;
3597
+ // ASN1_item_verify serializes |data| with |it| and then verifies |signature| is
3598
+ // a valid signature for the result with |algor1| and |pkey|. It returns one on
3599
+ // success and zero on error. The signature and algorithm are interpreted as in
3600
+ // X.509.
3601
+ //
3602
+ // WARNING: |data| must be a pointer with the same type as |it|'s corresponding
3603
+ // C type. Using the wrong type is a potentially exploitable memory error.
3604
+ OPENSSL_EXPORT int ASN1_item_verify(const ASN1_ITEM *it,
3605
+ const X509_ALGOR *algor1,
3606
+ const ASN1_BIT_STRING *signature,
3607
+ void *data, EVP_PKEY *pkey);
2168
3608
 
2169
- DEFINE_STACK_OF(X509_TRUST)
3609
+ // ASN1_item_sign serializes |data| with |it| and then signs the result with
3610
+ // the private key |pkey|. It returns the length of the signature on success and
3611
+ // zero on error. On success, it writes the signature to |signature| and the
3612
+ // signature algorithm to each of |algor1| and |algor2|. Either of |algor1| or
3613
+ // |algor2| may be NULL to ignore them. This function uses digest algorithm
3614
+ // |md|, or |pkey|'s default if NULL. Other signing parameters use |pkey|'s
3615
+ // defaults. To customize them, use |ASN1_item_sign_ctx|.
3616
+ //
3617
+ // WARNING: |data| must be a pointer with the same type as |it|'s corresponding
3618
+ // C type. Using the wrong type is a potentially exploitable memory error.
3619
+ OPENSSL_EXPORT int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
3620
+ X509_ALGOR *algor2,
3621
+ ASN1_BIT_STRING *signature, void *data,
3622
+ EVP_PKEY *pkey, const EVP_MD *type);
2170
3623
 
2171
- // standard trust ids
3624
+ // ASN1_item_sign_ctx behaves like |ASN1_item_sign| except the signature is
3625
+ // signed with |ctx|, |ctx|, which must have been initialized with
3626
+ // |EVP_DigestSignInit|. The caller should configure the corresponding
3627
+ // |EVP_PKEY_CTX| with any additional parameters before calling this function.
3628
+ //
3629
+ // On success or failure, this function mutates |ctx| and resets it to the empty
3630
+ // state. Caller should not rely on its contents after the function returns.
3631
+ //
3632
+ // WARNING: |data| must be a pointer with the same type as |it|'s corresponding
3633
+ // C type. Using the wrong type is a potentially exploitable memory error.
3634
+ OPENSSL_EXPORT int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
3635
+ X509_ALGOR *algor2,
3636
+ ASN1_BIT_STRING *signature, void *asn,
3637
+ EVP_MD_CTX *ctx);
2172
3638
 
2173
- #define X509_TRUST_DEFAULT (-1) // Only valid in purpose settings
2174
3639
 
2175
- #define X509_TRUST_COMPAT 1
2176
- #define X509_TRUST_SSL_CLIENT 2
2177
- #define X509_TRUST_SSL_SERVER 3
2178
- #define X509_TRUST_EMAIL 4
2179
- #define X509_TRUST_OBJECT_SIGN 5
2180
- #define X509_TRUST_OCSP_SIGN 6
2181
- #define X509_TRUST_OCSP_REQUEST 7
2182
- #define X509_TRUST_TSA 8
3640
+ // Verification internals.
3641
+ //
3642
+ // The following functions expose portions of certificate validation. They are
3643
+ // exported for compatibility with existing callers, or to support some obscure
3644
+ // use cases. Most callers, however, will not need these functions and should
3645
+ // instead use |X509_STORE_CTX| APIs.
2183
3646
 
2184
- // Keep these up to date!
2185
- #define X509_TRUST_MIN 1
2186
- #define X509_TRUST_MAX 8
3647
+ // X509_supported_extension returns one if |ex| is a critical X.509 certificate
3648
+ // extension, supported by |X509_verify_cert|, and zero otherwise.
3649
+ //
3650
+ // Note this function only reports certificate extensions (as opposed to CRL or
3651
+ // CRL extensions), and only extensions that are expected to be marked critical.
3652
+ // Additionally, |X509_verify_cert| checks for unsupported critical extensions
3653
+ // internally, so most callers will not need to call this function separately.
3654
+ OPENSSL_EXPORT int X509_supported_extension(const X509_EXTENSION *ex);
3655
+
3656
+ // X509_check_ca returns one if |x509| may be considered a CA certificate,
3657
+ // according to basic constraints and key usage extensions. Otherwise, it
3658
+ // returns zero. If |x509| is an X509v1 certificate, and thus has no extensions,
3659
+ // it is considered eligible.
3660
+ //
3661
+ // This function returning one does not indicate that |x509| is trusted, only
3662
+ // that it is eligible to be a CA.
3663
+ //
3664
+ // TODO(crbug.com/boringssl/407): |x509| should be const.
3665
+ OPENSSL_EXPORT int X509_check_ca(X509 *x509);
2187
3666
 
3667
+ // X509_check_issued checks if |issuer| and |subject|'s name, authority key
3668
+ // identifier, and key usage fields allow |issuer| to have issued |subject|. It
3669
+ // returns |X509_V_OK| on success and an |X509_V_ERR_*| value otherwise.
3670
+ //
3671
+ // This function does not check the signature on |subject|. Rather, it is
3672
+ // intended to prune the set of possible issuer certificates during
3673
+ // path-building.
3674
+ //
3675
+ // TODO(crbug.com/boringssl/407): Both parameters should be const.
3676
+ OPENSSL_EXPORT int X509_check_issued(X509 *issuer, X509 *subject);
2188
3677
 
2189
- // trust_flags values
2190
- #define X509_TRUST_DYNAMIC 1
2191
- #define X509_TRUST_DYNAMIC_NAME 2
3678
+ // NAME_CONSTRAINTS_check checks if |x509| satisfies name constraints in |nc|.
3679
+ // It returns |X509_V_OK| on success and some |X509_V_ERR_*| constant on error.
3680
+ //
3681
+ // TODO(crbug.com/boringssl/407): Both parameters should be const.
3682
+ OPENSSL_EXPORT int NAME_CONSTRAINTS_check(X509 *x509, NAME_CONSTRAINTS *nc);
3683
+
3684
+ // X509_check_host checks if |x509| matches the DNS name |chk|. It returns one
3685
+ // on match, zero on mismatch, or a negative number on error. |flags| should be
3686
+ // some combination of |X509_CHECK_FLAG_*| and modifies the behavior. On match,
3687
+ // if |out_peername| is non-NULL, it additionally sets |*out_peername| to a
3688
+ // newly-allocated, NUL-terminated string containing the DNS name or wildcard in
3689
+ // the certificate which matched. The caller must then free |*out_peername| with
3690
+ // |OPENSSL_free| when done.
3691
+ //
3692
+ // By default, both subject alternative names and the subject's common name
3693
+ // attribute are checked. The latter has long been deprecated, so callers should
3694
+ // include |X509_CHECK_FLAG_NEVER_CHECK_SUBJECT| in |flags| to use the standard
3695
+ // behavior. https://crbug.com/boringssl/464 tracks fixing the default.
3696
+ //
3697
+ // This function does not check if |x509| is a trusted certificate, only if,
3698
+ // were it trusted, it would match |chk|.
3699
+ //
3700
+ // WARNING: This function differs from the usual calling convention and may
3701
+ // return either 0 or a negative number on error.
3702
+ //
3703
+ // TODO(davidben): Make the error case also return zero.
3704
+ OPENSSL_EXPORT int X509_check_host(const X509 *x509, const char *chk,
3705
+ size_t chklen, unsigned int flags,
3706
+ char **out_peername);
3707
+
3708
+ // X509_check_email checks if |x509| matches the email address |chk|. It returns
3709
+ // one on match, zero on mismatch, or a negative number on error. |flags| should
3710
+ // be some combination of |X509_CHECK_FLAG_*| and modifies the behavior.
3711
+ //
3712
+ // By default, both subject alternative names and the subject's email address
3713
+ // attribute are checked. The |X509_CHECK_FLAG_NEVER_CHECK_SUBJECT| flag may be
3714
+ // used to change this behavior.
3715
+ //
3716
+ // This function does not check if |x509| is a trusted certificate, only if,
3717
+ // were it trusted, it would match |chk|.
3718
+ //
3719
+ // WARNING: This function differs from the usual calling convention and may
3720
+ // return either 0 or a negative number on error.
3721
+ //
3722
+ // TODO(davidben): Make the error case also return zero.
3723
+ OPENSSL_EXPORT int X509_check_email(const X509 *x509, const char *chk,
3724
+ size_t chklen, unsigned int flags);
3725
+
3726
+ // X509_check_ip checks if |x509| matches the IP address |chk|. The IP address
3727
+ // is represented in byte form and should be 4 bytes for an IPv4 address and 16
3728
+ // bytes for an IPv6 address. It returns one on match, zero on mismatch, or a
3729
+ // negative number on error. |flags| should be some combination of
3730
+ // |X509_CHECK_FLAG_*| and modifies the behavior.
3731
+ //
3732
+ // This function does not check if |x509| is a trusted certificate, only if,
3733
+ // were it trusted, it would match |chk|.
3734
+ //
3735
+ // WARNING: This function differs from the usual calling convention and may
3736
+ // return either 0 or a negative number on error.
3737
+ //
3738
+ // TODO(davidben): Make the error case also return zero.
3739
+ OPENSSL_EXPORT int X509_check_ip(const X509 *x509, const uint8_t *chk,
3740
+ size_t chklen, unsigned int flags);
2192
3741
 
2193
- // check_trust return codes
3742
+ // X509_check_ip_asc behaves like |X509_check_ip| except the IP address is
3743
+ // specified in textual form in |ipasc|.
3744
+ //
3745
+ // WARNING: This function differs from the usual calling convention and may
3746
+ // return either 0 or a negative number on error.
3747
+ //
3748
+ // TODO(davidben): Make the error case also return zero.
3749
+ OPENSSL_EXPORT int X509_check_ip_asc(const X509 *x509, const char *ipasc,
3750
+ unsigned int flags);
3751
+
3752
+ // X509_STORE_CTX_get1_issuer looks up a candidate trusted issuer for |x509| out
3753
+ // of |ctx|'s |X509_STORE|, based on the criteria in |X509_check_issued|. If one
3754
+ // was found, it returns one and sets |*out_issuer| to the issuer. The caller
3755
+ // must release |*out_issuer| with |X509_free| when done. If none was found, it
3756
+ // returns zero and leaves |*out_issuer| unchanged.
3757
+ //
3758
+ // This function only searches for trusted issuers. It does not consider
3759
+ // untrusted intermediates passed in to |X509_STORE_CTX_init|.
3760
+ //
3761
+ // TODO(crbug.com/boringssl/407): |x509| should be const.
3762
+ OPENSSL_EXPORT int X509_STORE_CTX_get1_issuer(X509 **out_issuer,
3763
+ X509_STORE_CTX *ctx, X509 *x509);
3764
+
3765
+ // X509_check_purpose performs checks if |x509|'s basic constraints, key usage,
3766
+ // and extended key usage extensions for the specified purpose. |purpose| should
3767
+ // be one of |X509_PURPOSE_*| constants. See |X509_VERIFY_PARAM_set_purpose| for
3768
+ // details. It returns one if |x509|'s extensions are consistent with |purpose|
3769
+ // and zero otherwise. If |ca| is non-zero, |x509| is checked as a CA
3770
+ // certificate. Otherwise, it is checked as an end-entity certificate.
3771
+ //
3772
+ // If |purpose| is -1, this function performs no purpose checks, but it parses
3773
+ // some extensions in |x509| and may return zero on syntax error. Historically,
3774
+ // callers primarily used this function to trigger this parsing, but this is no
3775
+ // longer necessary. Functions acting on |X509| will internally parse as needed.
3776
+ OPENSSL_EXPORT int X509_check_purpose(X509 *x509, int purpose, int ca);
2194
3777
 
2195
3778
  #define X509_TRUST_TRUSTED 1
2196
3779
  #define X509_TRUST_REJECTED 2
2197
3780
  #define X509_TRUST_UNTRUSTED 3
2198
3781
 
2199
- DEFINE_STACK_OF(X509_REVOKED)
3782
+ // X509_check_trust checks if |x509| is a valid trust anchor for trust type
3783
+ // |id|. See |X509_VERIFY_PARAM_set_trust| for details. It returns
3784
+ // |X509_TRUST_TRUSTED| if |x509| is a trust anchor, |X509_TRUST_REJECTED| if it
3785
+ // was distrusted, and |X509_TRUST_UNTRUSTED| otherwise. |id| should be one of
3786
+ // the |X509_TRUST_*| constants, or zero to indicate the default behavior.
3787
+ // |flags| should be zero and is ignored.
3788
+ OPENSSL_EXPORT int X509_check_trust(X509 *x509, int id, int flags);
2200
3789
 
2201
- DECLARE_STACK_OF(GENERAL_NAMES)
2202
3790
 
2203
- struct private_key_st {
2204
- int version;
2205
- // The PKCS#8 data types
2206
- X509_ALGOR *enc_algor;
2207
- ASN1_OCTET_STRING *enc_pkey; // encrypted pub key
3791
+ // X.509 information.
3792
+ //
3793
+ // |X509_INFO| is the return type for |PEM_X509_INFO_read_bio|, defined in
3794
+ // <openssl/pem.h>. It is used to store a certificate, CRL, or private key. This
3795
+ // type is defined in this header for OpenSSL compatibility.
2208
3796
 
2209
- // When decrypted, the following will not be NULL
3797
+ struct private_key_st {
2210
3798
  EVP_PKEY *dec_pkey;
2211
-
2212
- // used to encrypt and decrypt
2213
- int key_length;
2214
- char *key_data;
2215
- int key_free; // true if we should auto free key_data
2216
-
2217
- // expanded version of 'enc_algor'
2218
- EVP_CIPHER_INFO cipher;
2219
3799
  } /* X509_PKEY */;
2220
3800
 
2221
3801
  struct X509_info_st {
@@ -2226,329 +3806,507 @@ struct X509_info_st {
2226
3806
  EVP_CIPHER_INFO enc_cipher;
2227
3807
  int enc_len;
2228
3808
  char *enc_data;
2229
-
2230
3809
  } /* X509_INFO */;
2231
3810
 
2232
3811
  DEFINE_STACK_OF(X509_INFO)
2233
3812
 
2234
- // X509_get_pathlen returns path length constraint from the basic constraints
2235
- // extension in |x509|. (See RFC 5280, section 4.2.1.9.) It returns -1 if the
2236
- // constraint is not present, or if some extension in |x509| was invalid.
2237
- //
2238
- // Note that decoding an |X509| object will not check for invalid extensions. To
2239
- // detect the error case, call |X509_get_extensions_flags| and check the
2240
- // |EXFLAG_INVALID| bit.
2241
- OPENSSL_EXPORT long X509_get_pathlen(X509 *x509);
2242
-
2243
- // X509_SIG_get0 sets |*out_alg| and |*out_digest| to non-owning pointers to
2244
- // |sig|'s algorithm and digest fields, respectively. Either |out_alg| and
2245
- // |out_digest| may be NULL to skip those fields.
2246
- OPENSSL_EXPORT void X509_SIG_get0(const X509_SIG *sig,
2247
- const X509_ALGOR **out_alg,
2248
- const ASN1_OCTET_STRING **out_digest);
2249
-
2250
- // X509_SIG_getm behaves like |X509_SIG_get0| but returns mutable pointers.
2251
- OPENSSL_EXPORT void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **out_alg,
2252
- ASN1_OCTET_STRING **out_digest);
3813
+ // X509_INFO_free releases memory associated with |info|.
3814
+ OPENSSL_EXPORT void X509_INFO_free(X509_INFO *info);
2253
3815
 
2254
- // X509_verify_cert_error_string returns |err| as a human-readable string, where
2255
- // |err| should be one of the |X509_V_*| values. If |err| is unknown, it returns
2256
- // a default description.
2257
- OPENSSL_EXPORT const char *X509_verify_cert_error_string(long err);
2258
-
2259
- // X509_REVOKED_dup returns a newly-allocated copy of |rev|, or NULL on error.
2260
- // This function works by serializing the structure, so if |rev| is incomplete,
2261
- // it may fail.
2262
- OPENSSL_EXPORT X509_REVOKED *X509_REVOKED_dup(const X509_REVOKED *rev);
2263
-
2264
- OPENSSL_EXPORT const char *X509_get_default_cert_area(void);
2265
- OPENSSL_EXPORT const char *X509_get_default_cert_dir(void);
2266
- OPENSSL_EXPORT const char *X509_get_default_cert_file(void);
2267
- OPENSSL_EXPORT const char *X509_get_default_cert_dir_env(void);
2268
- OPENSSL_EXPORT const char *X509_get_default_cert_file_env(void);
2269
- OPENSSL_EXPORT const char *X509_get_default_private_dir(void);
2270
3816
 
2271
- DECLARE_ASN1_FUNCTIONS_const(X509_PUBKEY)
3817
+ // Deprecated config-based extension creation.
3818
+ //
3819
+ // The following functions allow specifying X.509 extensions using OpenSSL's
3820
+ // config file syntax, from the OpenSSL command-line tool. They are retained,
3821
+ // for now, for compatibility with legacy software but may be removed in the
3822
+ // future. Construct the extensions using the typed C APIs instead.
3823
+ //
3824
+ // Callers should especially avoid these functions if passing in non-constant
3825
+ // values. They use ad-hoc, string-based formats which are prone to injection
3826
+ // vulnerabilities. For a CA, this means using them risks misissuance.
3827
+ //
3828
+ // These functions are not safe to use with untrusted inputs. The string formats
3829
+ // may implicitly reference context information and, in OpenSSL (though not
3830
+ // BoringSSL), one even allows reading arbitrary files. Many formats can also
3831
+ // produce far larger outputs than their inputs, so untrusted inputs may lead to
3832
+ // denial-of-service attacks. Finally, the parsers see much less testing and
3833
+ // review than most of the library and may have bugs including memory leaks or
3834
+ // crashes.
3835
+
3836
+ // v3_ext_ctx, aka |X509V3_CTX|, contains additional context information for
3837
+ // constructing extensions. Some string formats reference additional values in
3838
+ // these objects. It must be initialized with |X509V3_set_ctx| or
3839
+ // |X509V3_set_ctx_test| before use.
3840
+ struct v3_ext_ctx {
3841
+ int flags;
3842
+ const X509 *issuer_cert;
3843
+ const X509 *subject_cert;
3844
+ const X509_REQ *subject_req;
3845
+ const X509_CRL *crl;
3846
+ const CONF *db;
3847
+ };
3848
+
3849
+ #define X509V3_CTX_TEST 0x1
3850
+
3851
+ // X509V3_set_ctx initializes |ctx| with the specified objects. Some string
3852
+ // formats will reference fields in these objects. Each object may be NULL to
3853
+ // omit it, in which case those formats cannot be used. |flags| should be zero,
3854
+ // unless called via |X509V3_set_ctx_test|.
3855
+ //
3856
+ // |issuer|, |subject|, |req|, and |crl|, if non-NULL, must outlive |ctx|.
3857
+ OPENSSL_EXPORT void X509V3_set_ctx(X509V3_CTX *ctx, const X509 *issuer,
3858
+ const X509 *subject, const X509_REQ *req,
3859
+ const X509_CRL *crl, int flags);
3860
+
3861
+ // X509V3_set_ctx_test calls |X509V3_set_ctx| without any reference objects and
3862
+ // mocks out some features that use them. The resulting extensions may be
3863
+ // incomplete and should be discarded. This can be used to partially validate
3864
+ // syntax.
3865
+ //
3866
+ // TODO(davidben): Can we remove this?
3867
+ #define X509V3_set_ctx_test(ctx) \
3868
+ X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, X509V3_CTX_TEST)
3869
+
3870
+ // X509V3_set_nconf sets |ctx| to use |conf| as the config database. |ctx| must
3871
+ // have previously been initialized by |X509V3_set_ctx| or
3872
+ // |X509V3_set_ctx_test|. Some string formats will reference sections in |conf|.
3873
+ // |conf| may be NULL, in which case these formats cannot be used. If non-NULL,
3874
+ // |conf| must outlive |ctx|.
3875
+ OPENSSL_EXPORT void X509V3_set_nconf(X509V3_CTX *ctx, const CONF *conf);
3876
+
3877
+ // X509V3_set_ctx_nodb calls |X509V3_set_nconf| with no config database.
3878
+ #define X509V3_set_ctx_nodb(ctx) X509V3_set_nconf(ctx, NULL)
3879
+
3880
+ // X509V3_EXT_nconf constructs an extension of type specified by |name|, and
3881
+ // value specified by |value|. It returns a newly-allocated |X509_EXTENSION|
3882
+ // object on success, or NULL on error. |conf| and |ctx| specify additional
3883
+ // information referenced by some formats. Either |conf| or |ctx| may be NULL,
3884
+ // in which case features which use it will be disabled.
3885
+ //
3886
+ // If non-NULL, |ctx| must be initialized with |X509V3_set_ctx| or
3887
+ // |X509V3_set_ctx_test|.
3888
+ //
3889
+ // Both |conf| and |ctx| provide a |CONF| object. When |ctx| is non-NULL, most
3890
+ // features use the |ctx| copy, configured with |X509V3_set_ctx|, but some use
3891
+ // |conf|. Callers should ensure the two match to avoid surprisingly behavior.
3892
+ OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_nconf(const CONF *conf,
3893
+ const X509V3_CTX *ctx,
3894
+ const char *name,
3895
+ const char *value);
3896
+
3897
+ // X509V3_EXT_nconf_nid behaves like |X509V3_EXT_nconf|, except the extension
3898
+ // type is specified as a NID.
3899
+ OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_nconf_nid(const CONF *conf,
3900
+ const X509V3_CTX *ctx,
3901
+ int ext_nid,
3902
+ const char *value);
3903
+
3904
+ // X509V3_EXT_conf_nid calls |X509V3_EXT_nconf_nid|. |conf| must be NULL.
3905
+ //
3906
+ // TODO(davidben): This is the only exposed instance of an LHASH in our public
3907
+ // headers. cryptography.io wraps this function so we cannot, yet, replace the
3908
+ // type with a dummy struct.
3909
+ OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
3910
+ const X509V3_CTX *ctx,
3911
+ int ext_nid,
3912
+ const char *value);
3913
+
3914
+ // X509V3_EXT_add_nconf_sk looks up the section named |section| in |conf|. For
3915
+ // each |CONF_VALUE| in the section, it constructs an extension as in
3916
+ // |X509V3_EXT_nconf|, taking |name| and |value| from the |CONF_VALUE|. Each new
3917
+ // extension is appended to |*sk|. If |*sk| is non-NULL, and at least one
3918
+ // extension is added, it sets |*sk| to a newly-allocated
3919
+ // |STACK_OF(X509_EXTENSION)|. It returns one on success and zero on error.
3920
+ OPENSSL_EXPORT int X509V3_EXT_add_nconf_sk(const CONF *conf,
3921
+ const X509V3_CTX *ctx,
3922
+ const char *section,
3923
+ STACK_OF(X509_EXTENSION) **sk);
3924
+
3925
+ // X509V3_EXT_add_nconf adds extensions to |cert| as in
3926
+ // |X509V3_EXT_add_nconf_sk|. It returns one on success and zero on error.
3927
+ OPENSSL_EXPORT int X509V3_EXT_add_nconf(const CONF *conf, const X509V3_CTX *ctx,
3928
+ const char *section, X509 *cert);
3929
+
3930
+ // X509V3_EXT_REQ_add_nconf adds extensions to |req| as in
3931
+ // |X509V3_EXT_add_nconf_sk|. It returns one on success and zero on error.
3932
+ OPENSSL_EXPORT int X509V3_EXT_REQ_add_nconf(const CONF *conf,
3933
+ const X509V3_CTX *ctx,
3934
+ const char *section, X509_REQ *req);
3935
+
3936
+ // X509V3_EXT_CRL_add_nconf adds extensions to |crl| as in
3937
+ // |X509V3_EXT_add_nconf_sk|. It returns one on success and zero on error.
3938
+ OPENSSL_EXPORT int X509V3_EXT_CRL_add_nconf(const CONF *conf,
3939
+ const X509V3_CTX *ctx,
3940
+ const char *section, X509_CRL *crl);
3941
+
3942
+ // i2s_ASN1_OCTET_STRING returns a human-readable representation of |oct| as a
3943
+ // newly-allocated, NUL-terminated string, or NULL on error. |method| is
3944
+ // ignored. The caller must release the result with |OPENSSL_free| when done.
3945
+ OPENSSL_EXPORT char *i2s_ASN1_OCTET_STRING(const X509V3_EXT_METHOD *method,
3946
+ const ASN1_OCTET_STRING *oct);
3947
+
3948
+ // s2i_ASN1_OCTET_STRING decodes |str| as a hexdecimal byte string, with
3949
+ // optional colon separators between bytes. It returns a newly-allocated
3950
+ // |ASN1_OCTET_STRING| with the result on success, or NULL on error. |method|
3951
+ // and |ctx| are ignored.
3952
+ OPENSSL_EXPORT ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(
3953
+ const X509V3_EXT_METHOD *method, const X509V3_CTX *ctx, const char *str);
3954
+
3955
+ // i2s_ASN1_INTEGER returns a human-readable representation of |aint| as a
3956
+ // newly-allocated, NUL-terminated string, or NULL on error. |method| is
3957
+ // ignored. The caller must release the result with |OPENSSL_free| when done.
3958
+ OPENSSL_EXPORT char *i2s_ASN1_INTEGER(const X509V3_EXT_METHOD *method,
3959
+ const ASN1_INTEGER *aint);
3960
+
3961
+ // s2i_ASN1_INTEGER decodes |value| as the ASCII representation of an integer,
3962
+ // and returns a newly-allocated |ASN1_INTEGER| containing the result, or NULL
3963
+ // on error. |method| is ignored. If |value| begins with "0x" or "0X", the input
3964
+ // is decoded in hexadecimal, otherwise decimal.
3965
+ OPENSSL_EXPORT ASN1_INTEGER *s2i_ASN1_INTEGER(const X509V3_EXT_METHOD *method,
3966
+ const char *value);
3967
+
3968
+ // i2s_ASN1_ENUMERATED returns a human-readable representation of |aint| as a
3969
+ // newly-allocated, NUL-terminated string, or NULL on error. |method| is
3970
+ // ignored. The caller must release the result with |OPENSSL_free| when done.
3971
+ OPENSSL_EXPORT char *i2s_ASN1_ENUMERATED(const X509V3_EXT_METHOD *method,
3972
+ const ASN1_ENUMERATED *aint);
3973
+
3974
+ // X509V3_conf_free releases memory associated with |CONF_VALUE|.
3975
+ OPENSSL_EXPORT void X509V3_conf_free(CONF_VALUE *val);
3976
+
3977
+ // i2v_GENERAL_NAME serializes |gen| as a |CONF_VALUE|. If |ret| is non-NULL, it
3978
+ // appends the value to |ret| and returns |ret| on success or NULL on error. If
3979
+ // it returns NULL, the caller is still responsible for freeing |ret|. If |ret|
3980
+ // is NULL, it returns a newly-allocated |STACK_OF(CONF_VALUE)| containing the
3981
+ // result. |method| is ignored. When done, the caller should release the result
3982
+ // with |sk_CONF_VALUE_pop_free| and |X509V3_conf_free|.
3983
+ //
3984
+ // Do not use this function. This is an internal implementation detail of the
3985
+ // human-readable print functions. If extracting a SAN list from a certificate,
3986
+ // look at |gen| directly.
3987
+ OPENSSL_EXPORT STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(
3988
+ const X509V3_EXT_METHOD *method, const GENERAL_NAME *gen,
3989
+ STACK_OF(CONF_VALUE) *ret);
3990
+
3991
+ // i2v_GENERAL_NAMES serializes |gen| as a list of |CONF_VALUE|s. If |ret| is
3992
+ // non-NULL, it appends the values to |ret| and returns |ret| on success or NULL
3993
+ // on error. If it returns NULL, the caller is still responsible for freeing
3994
+ // |ret|. If |ret| is NULL, it returns a newly-allocated |STACK_OF(CONF_VALUE)|
3995
+ // containing the results. |method| is ignored.
3996
+ //
3997
+ // Do not use this function. This is an internal implementation detail of the
3998
+ // human-readable print functions. If extracting a SAN list from a certificate,
3999
+ // look at |gen| directly.
4000
+ OPENSSL_EXPORT STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(
4001
+ const X509V3_EXT_METHOD *method, const GENERAL_NAMES *gen,
4002
+ STACK_OF(CONF_VALUE) *extlist);
4003
+
4004
+ // a2i_IPADDRESS decodes |ipasc| as the textual representation of an IPv4 or
4005
+ // IPv6 address. On success, it returns a newly-allocated |ASN1_OCTET_STRING|
4006
+ // containing the decoded IP address. IPv4 addresses are represented as 4-byte
4007
+ // strings and IPv6 addresses as 16-byte strings. On failure, it returns NULL.
4008
+ OPENSSL_EXPORT ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
4009
+
4010
+ // a2i_IPADDRESS_NC decodes |ipasc| as the textual representation of an IPv4 or
4011
+ // IPv6 address range. On success, it returns a newly-allocated
4012
+ // |ASN1_OCTET_STRING| containing the decoded IP address, followed by the
4013
+ // decoded mask. IPv4 ranges are represented as 8-byte strings and IPv6 ranges
4014
+ // as 32-byte strings. On failure, it returns NULL.
4015
+ //
4016
+ // The text format decoded by this function is not the standard CIDR notiation.
4017
+ // Instead, the mask after the "/" is represented as another IP address. For
4018
+ // example, "192.168.0.0/16" would be written "192.168.0.0/255.255.0.0".
4019
+ OPENSSL_EXPORT ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
2272
4020
 
2273
- // X509_PUBKEY_set serializes |pkey| into a newly-allocated |X509_PUBKEY|
2274
- // structure. On success, it frees |*x|, sets |*x| to the new object, and
2275
- // returns one. Otherwise, it returns zero.
2276
- OPENSSL_EXPORT int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
2277
4021
 
2278
- // X509_PUBKEY_get decodes the public key in |key| and returns an |EVP_PKEY| on
2279
- // success, or NULL on error. The caller must release the result with
2280
- // |EVP_PKEY_free| when done. The |EVP_PKEY| is cached in |key|, so callers must
2281
- // not mutate the result.
2282
- OPENSSL_EXPORT EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
4022
+ // Deprecated functions.
2283
4023
 
2284
- DECLARE_ASN1_FUNCTIONS_const(X509_SIG)
4024
+ // X509_get_notBefore returns |x509|'s notBefore time. Note this function is not
4025
+ // const-correct for legacy reasons. Use |X509_get0_notBefore| or
4026
+ // |X509_getm_notBefore| instead.
4027
+ OPENSSL_EXPORT ASN1_TIME *X509_get_notBefore(const X509 *x509);
2285
4028
 
2286
- OPENSSL_EXPORT int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
2287
- OPENSSL_EXPORT int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
2288
- OPENSSL_EXPORT void X509_trust_clear(X509 *x);
2289
- OPENSSL_EXPORT void X509_reject_clear(X509 *x);
4029
+ // X509_get_notAfter returns |x509|'s notAfter time. Note this function is not
4030
+ // const-correct for legacy reasons. Use |X509_get0_notAfter| or
4031
+ // |X509_getm_notAfter| instead.
4032
+ OPENSSL_EXPORT ASN1_TIME *X509_get_notAfter(const X509 *x509);
2290
4033
 
4034
+ // X509_set_notBefore calls |X509_set1_notBefore|. Use |X509_set1_notBefore|
4035
+ // instead.
4036
+ OPENSSL_EXPORT int X509_set_notBefore(X509 *x509, const ASN1_TIME *tm);
2291
4037
 
2292
- OPENSSL_EXPORT int X509_TRUST_set(int *t, int trust);
4038
+ // X509_set_notAfter calls |X509_set1_notAfter|. Use |X509_set1_notAfter|
4039
+ // instead.
4040
+ OPENSSL_EXPORT int X509_set_notAfter(X509 *x509, const ASN1_TIME *tm);
2293
4041
 
2294
- DECLARE_ASN1_FUNCTIONS_const(X509_REVOKED)
4042
+ // X509_CRL_get_lastUpdate returns a mutable pointer to |crl|'s thisUpdate time.
4043
+ // The OpenSSL API refers to this field as lastUpdate.
4044
+ //
4045
+ // Use |X509_CRL_get0_lastUpdate| or |X509_CRL_set1_lastUpdate| instead.
4046
+ OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
2295
4047
 
2296
- OPENSSL_EXPORT int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
2297
- OPENSSL_EXPORT int X509_CRL_get0_by_serial(X509_CRL *crl, X509_REVOKED **ret,
2298
- ASN1_INTEGER *serial);
2299
- OPENSSL_EXPORT int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret,
2300
- X509 *x);
4048
+ // X509_CRL_get_nextUpdate returns a mutable pointer to |crl|'s nextUpdate time,
4049
+ // or NULL if |crl| has none. Use |X509_CRL_get0_nextUpdate| or
4050
+ // |X509_CRL_set1_nextUpdate| instead.
4051
+ OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl);
2301
4052
 
2302
- OPENSSL_EXPORT X509_PKEY *X509_PKEY_new(void);
2303
- OPENSSL_EXPORT void X509_PKEY_free(X509_PKEY *a);
4053
+ // X509_extract_key is a legacy alias to |X509_get_pubkey|. Use
4054
+ // |X509_get_pubkey| instead.
4055
+ #define X509_extract_key(x) X509_get_pubkey(x)
2304
4056
 
2305
- OPENSSL_EXPORT X509_INFO *X509_INFO_new(void);
2306
- OPENSSL_EXPORT void X509_INFO_free(X509_INFO *a);
4057
+ // X509_REQ_extract_key is a legacy alias for |X509_REQ_get_pubkey|.
4058
+ #define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
2307
4059
 
2308
- OPENSSL_EXPORT int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
2309
- unsigned char *md, unsigned int *len);
4060
+ // X509_name_cmp is a legacy alias for |X509_NAME_cmp|.
4061
+ #define X509_name_cmp(a, b) X509_NAME_cmp((a), (b))
2310
4062
 
2311
- OPENSSL_EXPORT int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type,
2312
- void *data, unsigned char *md,
2313
- unsigned int *len);
4063
+ // The following symbols are deprecated aliases to |X509_CRL_set1_*|.
4064
+ #define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
4065
+ #define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
2314
4066
 
2315
- OPENSSL_EXPORT int ASN1_item_verify(const ASN1_ITEM *it,
2316
- const X509_ALGOR *algor1,
2317
- const ASN1_BIT_STRING *signature,
2318
- void *data, EVP_PKEY *pkey);
4067
+ // X509_get_serialNumber returns a mutable pointer to |x509|'s serial number.
4068
+ // Prefer |X509_get0_serialNumber|.
4069
+ OPENSSL_EXPORT ASN1_INTEGER *X509_get_serialNumber(X509 *x509);
2319
4070
 
2320
- OPENSSL_EXPORT int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
2321
- X509_ALGOR *algor2,
2322
- ASN1_BIT_STRING *signature, void *data,
2323
- EVP_PKEY *pkey, const EVP_MD *type);
2324
- OPENSSL_EXPORT int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
2325
- X509_ALGOR *algor2,
2326
- ASN1_BIT_STRING *signature, void *asn,
2327
- EVP_MD_CTX *ctx);
4071
+ // X509_NAME_get_text_by_OBJ finds the first attribute with type |obj| in
4072
+ // |name|. If found, it writes the value's UTF-8 representation to |buf|.
4073
+ // followed by a NUL byte, and returns the number of bytes in the output,
4074
+ // excluding the NUL byte. This is unlike OpenSSL which returns the raw
4075
+ // ASN1_STRING data. The UTF-8 encoding of the |ASN1_STRING| may not contain a 0
4076
+ // codepoint.
4077
+ //
4078
+ // This function writes at most |len| bytes, including the NUL byte. If |buf|
4079
+ // is NULL, it writes nothing and returns the number of bytes in the
4080
+ // output, excluding the NUL byte that would be required for the full UTF-8
4081
+ // output.
4082
+ //
4083
+ // This function may return -1 if an error occurs for any reason, including the
4084
+ // value not being a recognized string type, |len| being of insufficient size to
4085
+ // hold the full UTF-8 encoding and NUL byte, memory allocation failures, an
4086
+ // object with type |obj| not existing in |name|, or if the UTF-8 encoding of
4087
+ // the string contains a zero byte.
4088
+ OPENSSL_EXPORT int X509_NAME_get_text_by_OBJ(const X509_NAME *name,
4089
+ const ASN1_OBJECT *obj, char *buf,
4090
+ int len);
2328
4091
 
2329
- OPENSSL_EXPORT int X509_CRL_sort(X509_CRL *crl);
4092
+ // X509_NAME_get_text_by_NID behaves like |X509_NAME_get_text_by_OBJ| except it
4093
+ // finds an attribute of type |nid|, which should be one of the |NID_*|
4094
+ // constants.
4095
+ OPENSSL_EXPORT int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid,
4096
+ char *buf, int len);
2330
4097
 
2331
- // X509_REVOKED_get0_serialNumber returns the serial number of the certificate
2332
- // revoked by |revoked|.
2333
- OPENSSL_EXPORT const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(
2334
- const X509_REVOKED *revoked);
4098
+ // X509_STORE_CTX_get0_parent_ctx returns NULL.
4099
+ OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(
4100
+ const X509_STORE_CTX *ctx);
2335
4101
 
2336
- // X509_REVOKED_set_serialNumber sets |revoked|'s serial number to |serial|. It
2337
- // returns one on success or zero on error.
2338
- OPENSSL_EXPORT int X509_REVOKED_set_serialNumber(X509_REVOKED *revoked,
2339
- const ASN1_INTEGER *serial);
4102
+ // X509_OBJECT_free_contents sets |obj| to the empty object, freeing any values
4103
+ // that were previously there.
4104
+ //
4105
+ // TODO(davidben): Unexport this function after rust-openssl is fixed to no
4106
+ // longer call it.
4107
+ OPENSSL_EXPORT void X509_OBJECT_free_contents(X509_OBJECT *obj);
2340
4108
 
2341
- // X509_REVOKED_get0_revocationDate returns the revocation time of the
2342
- // certificate revoked by |revoked|.
2343
- OPENSSL_EXPORT const ASN1_TIME *X509_REVOKED_get0_revocationDate(
2344
- const X509_REVOKED *revoked);
4109
+ // X509_LOOKUP_free releases memory associated with |ctx|. This function should
4110
+ // never be used outside the library. No function in the public API hands
4111
+ // ownership of an |X509_LOOKUP| to the caller.
4112
+ //
4113
+ // TODO(davidben): Unexport this function after rust-openssl is fixed to no
4114
+ // longer call it.
4115
+ OPENSSL_EXPORT void X509_LOOKUP_free(X509_LOOKUP *ctx);
2345
4116
 
2346
- // X509_REVOKED_set_revocationDate sets |revoked|'s revocation time to |tm|. It
2347
- // returns one on success or zero on error.
2348
- OPENSSL_EXPORT int X509_REVOKED_set_revocationDate(X509_REVOKED *revoked,
2349
- const ASN1_TIME *tm);
4117
+ // X509_STORE_CTX_cleanup resets |ctx| to the empty state.
4118
+ //
4119
+ // This function is a remnant of when |X509_STORE_CTX| was stack-allocated and
4120
+ // should not be used. If releasing |ctx|, call |X509_STORE_CTX_free|. If
4121
+ // reusing |ctx| for a new verification, release the old one and create a new
4122
+ // one.
4123
+ OPENSSL_EXPORT void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
2350
4124
 
2351
- // X509_REVOKED_get0_extensions returns |r|'s extensions list, or NULL if |r|
2352
- // omits it.
2353
- OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(
2354
- const X509_REVOKED *r);
4125
+ // X509V3_add_standard_extensions returns one.
4126
+ OPENSSL_EXPORT int X509V3_add_standard_extensions(void);
2355
4127
 
2356
- OPENSSL_EXPORT X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
2357
- EVP_PKEY *skey, const EVP_MD *md,
2358
- unsigned int flags);
4128
+ // The following symbols are legacy aliases for |X509_STORE_CTX| functions.
4129
+ #define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject
4130
+ #define X509_STORE_get1_certs X509_STORE_CTX_get1_certs
4131
+ #define X509_STORE_get1_crls X509_STORE_CTX_get1_crls
2359
4132
 
2360
- OPENSSL_EXPORT int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
4133
+ // X509_STORE_CTX_get_chain is a legacy alias for |X509_STORE_CTX_get0_chain|.
4134
+ OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get_chain(
4135
+ const X509_STORE_CTX *ctx);
2361
4136
 
2362
- OPENSSL_EXPORT int X509_check_private_key(X509 *x509, const EVP_PKEY *pkey);
4137
+ // X509_STORE_CTX_trusted_stack is a deprecated alias for
4138
+ // |X509_STORE_CTX_set0_trusted_stack|.
4139
+ OPENSSL_EXPORT void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx,
4140
+ STACK_OF(X509) *sk);
2363
4141
 
2364
- OPENSSL_EXPORT int X509_issuer_name_cmp(const X509 *a, const X509 *b);
2365
- OPENSSL_EXPORT unsigned long X509_issuer_name_hash(X509 *a);
4142
+ typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
2366
4143
 
2367
- OPENSSL_EXPORT int X509_subject_name_cmp(const X509 *a, const X509 *b);
2368
- OPENSSL_EXPORT unsigned long X509_subject_name_hash(X509 *x);
4144
+ // X509_STORE_CTX_set_verify_cb configures a callback function for |ctx| that is
4145
+ // called multiple times during |X509_verify_cert|. The callback returns zero to
4146
+ // fail verification and one to proceed. Typically, it will return |ok|, which
4147
+ // preserves the default behavior. Returning one when |ok| is zero will proceed
4148
+ // past some error. The callback may inspect |ctx| and the error queue to
4149
+ // attempt to determine the current stage of certificate verification, but this
4150
+ // is often unreliable. When synthesizing an error, callbacks should use
4151
+ // |X509_STORE_CTX_set_error| to set a corresponding error.
4152
+ //
4153
+ // WARNING: Do not use this function. It is extremely fragile and unpredictable.
4154
+ // This callback exposes implementation details of certificate verification,
4155
+ // which change as the library evolves. Attempting to use it for security checks
4156
+ // can introduce vulnerabilities if making incorrect assumptions about when the
4157
+ // callback is called. Some errors, when suppressed, may implicitly suppress
4158
+ // other errors due to internal implementation details. Additionally, overriding
4159
+ // |ok| may leave |ctx| in an inconsistent state and break invariants.
4160
+ //
4161
+ // Instead, customize certificate verification by configuring options on the
4162
+ // |X509_STORE_CTX| before verification, or applying additional checks after
4163
+ // |X509_verify_cert| completes successfully.
4164
+ OPENSSL_EXPORT void X509_STORE_CTX_set_verify_cb(
4165
+ X509_STORE_CTX *ctx, int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
2369
4166
 
2370
- OPENSSL_EXPORT unsigned long X509_issuer_name_hash_old(X509 *a);
2371
- OPENSSL_EXPORT unsigned long X509_subject_name_hash_old(X509 *x);
4167
+ // X509_STORE_set_verify_cb acts like |X509_STORE_CTX_set_verify_cb| but sets
4168
+ // the verify callback for any |X509_STORE_CTX| created from this |X509_STORE|
4169
+ //
4170
+ // Do not use this function. See |X509_STORE_CTX_set_verify_cb| for details.
4171
+ OPENSSL_EXPORT void X509_STORE_set_verify_cb(
4172
+ X509_STORE *store, X509_STORE_CTX_verify_cb verify_cb);
2372
4173
 
2373
- OPENSSL_EXPORT int X509_cmp(const X509 *a, const X509 *b);
2374
- OPENSSL_EXPORT int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
2375
- OPENSSL_EXPORT unsigned long X509_NAME_hash(X509_NAME *x);
2376
- OPENSSL_EXPORT unsigned long X509_NAME_hash_old(X509_NAME *x);
4174
+ // X509_STORE_set_verify_cb_func is a deprecated alias for
4175
+ // |X509_STORE_set_verify_cb|.
4176
+ #define X509_STORE_set_verify_cb_func(store, func) \
4177
+ X509_STORE_set_verify_cb((store), (func))
2377
4178
 
2378
- OPENSSL_EXPORT int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
2379
- OPENSSL_EXPORT int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
4179
+ typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, X509_CRL **crl,
4180
+ X509 *x);
4181
+ typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
2380
4182
 
2381
- // X509_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the extension in
2382
- // |x509|'s extension list.
4183
+ // X509_STORE_set_get_crl override's |store|'s logic for looking up CRLs.
2383
4184
  //
2384
- // WARNING: This function is difficult to use correctly. See the documentation
2385
- // for |X509V3_get_d2i| for details.
2386
- OPENSSL_EXPORT void *X509_get_ext_d2i(const X509 *x509, int nid,
2387
- int *out_critical, int *out_idx);
4185
+ // Do not use this function. It is temporarily retained to support one caller
4186
+ // and will be removed after that caller is fixed. It is not possible for
4187
+ // external callers to correctly implement this callback. The real
4188
+ // implementation sets some inaccessible internal state on |X509_STORE_CTX|.
4189
+ OPENSSL_EXPORT void X509_STORE_set_get_crl(X509_STORE *store,
4190
+ X509_STORE_CTX_get_crl_fn get_crl);
2388
4191
 
2389
- // X509_add1_ext_i2d behaves like |X509V3_add1_i2d| but adds the extension to
2390
- // |x|'s extension list.
4192
+ // X509_STORE_set_check_crl override's |store|'s logic for checking CRL
4193
+ // validity.
2391
4194
  //
2392
- // WARNING: This function may return zero or -1 on error. The caller must also
2393
- // ensure |value|'s type matches |nid|. See the documentation for
2394
- // |X509V3_add1_i2d| for details.
2395
- OPENSSL_EXPORT int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
2396
- unsigned long flags);
4195
+ // Do not use this function. It is temporarily retained to support one caller
4196
+ // and will be removed after that caller is fixed. It is not possible for
4197
+ // external callers to correctly implement this callback. The real
4198
+ // implementation relies some inaccessible internal state on |X509_STORE_CTX|.
4199
+ OPENSSL_EXPORT void X509_STORE_set_check_crl(
4200
+ X509_STORE *store, X509_STORE_CTX_check_crl_fn check_crl);
2397
4201
 
2398
- // X509_CRL_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the
2399
- // extension in |crl|'s extension list.
4202
+ // X509_STORE_CTX_set_chain configures |ctx| to use |sk| for untrusted
4203
+ // intermediate certificates to use in verification. This function is redundant
4204
+ // with the |chain| parameter of |X509_STORE_CTX_init|. Use the parameter
4205
+ // instead.
2400
4206
  //
2401
- // WARNING: This function is difficult to use correctly. See the documentation
2402
- // for |X509V3_get_d2i| for details.
2403
- OPENSSL_EXPORT void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid,
2404
- int *out_critical, int *out_idx);
2405
-
2406
- // X509_CRL_add1_ext_i2d behaves like |X509V3_add1_i2d| but adds the extension
2407
- // to |x|'s extension list.
4207
+ // WARNING: Despite the similar name, this function is unrelated to
4208
+ // |X509_STORE_CTX_get0_chain|.
2408
4209
  //
2409
- // WARNING: This function may return zero or -1 on error. The caller must also
2410
- // ensure |value|'s type matches |nid|. See the documentation for
2411
- // |X509V3_add1_i2d| for details.
2412
- OPENSSL_EXPORT int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value,
2413
- int crit, unsigned long flags);
4210
+ // WARNING: This function saves a pointer to |sk| without copying or
4211
+ // incrementing reference counts. |sk| must outlive |ctx| and may not be mutated
4212
+ // for the duration of the certificate verification.
4213
+ OPENSSL_EXPORT void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx,
4214
+ STACK_OF(X509) *sk);
2414
4215
 
2415
- // X509_REVOKED_get_ext_count returns the number of extensions in |x|.
2416
- OPENSSL_EXPORT int X509_REVOKED_get_ext_count(const X509_REVOKED *x);
4216
+ // The following flags do nothing. The corresponding non-standard options have
4217
+ // been removed.
4218
+ #define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0
4219
+ #define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0
4220
+ #define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0
2417
4221
 
2418
- // X509_REVOKED_get_ext_by_NID behaves like |X509v3_get_ext_by_NID| but searches
2419
- // for extensions in |x|.
2420
- OPENSSL_EXPORT int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid,
2421
- int lastpos);
4222
+ // X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS does nothing, but is necessary in
4223
+ // OpenSSL to enable standard wildcard matching. In BoringSSL, this behavior is
4224
+ // always enabled.
4225
+ #define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0
2422
4226
 
2423
- // X509_REVOKED_get_ext_by_OBJ behaves like |X509v3_get_ext_by_OBJ| but searches
2424
- // for extensions in |x|.
2425
- OPENSSL_EXPORT int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x,
2426
- const ASN1_OBJECT *obj,
2427
- int lastpos);
2428
4227
 
2429
- // X509_REVOKED_get_ext_by_critical behaves like |X509v3_get_ext_by_critical|
2430
- // but searches for extensions in |x|.
2431
- OPENSSL_EXPORT int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x,
2432
- int crit, int lastpos);
4228
+ // Private structures.
2433
4229
 
2434
- // X509_REVOKED_get_ext returns the extension in |x| at index |loc|, or NULL if
2435
- // |loc| is out of bounds. This function returns a non-const pointer for OpenSSL
2436
- // compatibility, but callers should not mutate the result.
2437
- OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x,
2438
- int loc);
4230
+ struct X509_algor_st {
4231
+ ASN1_OBJECT *algorithm;
4232
+ ASN1_TYPE *parameter;
4233
+ } /* X509_ALGOR */;
2439
4234
 
2440
- // X509_REVOKED_delete_ext removes the extension in |x| at index |loc| and
2441
- // returns the removed extension, or NULL if |loc| was out of bounds. If
2442
- // non-NULL, the caller must release the result with |X509_EXTENSION_free|.
2443
- OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x,
2444
- int loc);
2445
4235
 
2446
- // X509_REVOKED_add_ext adds a copy of |ex| to |x|. It returns one on success
2447
- // and zero on failure. The caller retains ownership of |ex| and can release it
2448
- // independently of |x|.
2449
- //
2450
- // The new extension is inserted at index |loc|, shifting extensions to the
2451
- // right. If |loc| is -1 or out of bounds, the new extension is appended to the
2452
- // list.
2453
- OPENSSL_EXPORT int X509_REVOKED_add_ext(X509_REVOKED *x,
2454
- const X509_EXTENSION *ex, int loc);
4236
+ // Functions below this point have not yet been organized into sections.
2455
4237
 
2456
- // X509_REVOKED_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the
2457
- // extension in |revoked|'s extension list.
2458
- //
2459
- // WARNING: This function is difficult to use correctly. See the documentation
2460
- // for |X509V3_get_d2i| for details.
2461
- OPENSSL_EXPORT void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *revoked,
2462
- int nid, int *out_critical,
2463
- int *out_idx);
4238
+ // This stuff is certificate "auxiliary info"
4239
+ // it contains details which are useful in certificate
4240
+ // stores and databases. When used this is tagged onto
4241
+ // the end of the certificate itself
2464
4242
 
2465
- // X509_REVOKED_add1_ext_i2d behaves like |X509V3_add1_i2d| but adds the
2466
- // extension to |x|'s extension list.
2467
- //
2468
- // WARNING: This function may return zero or -1 on error. The caller must also
2469
- // ensure |value|'s type matches |nid|. See the documentation for
2470
- // |X509V3_add1_i2d| for details.
2471
- OPENSSL_EXPORT int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid,
2472
- void *value, int crit,
2473
- unsigned long flags);
4243
+ DECLARE_STACK_OF(DIST_POINT)
4244
+
4245
+ // This is used for a table of trust checking functions
4246
+
4247
+ struct x509_trust_st {
4248
+ int trust;
4249
+ int flags;
4250
+ int (*check_trust)(const X509_TRUST *, X509 *, int);
4251
+ char *name;
4252
+ int arg1;
4253
+ void *arg2;
4254
+ } /* X509_TRUST */;
4255
+
4256
+ DEFINE_STACK_OF(X509_TRUST)
4257
+
4258
+ // standard trust ids
4259
+
4260
+ #define X509_TRUST_DEFAULT (-1) // Only valid in purpose settings
4261
+
4262
+ OPENSSL_EXPORT const char *X509_get_default_cert_area(void);
4263
+ OPENSSL_EXPORT const char *X509_get_default_cert_dir(void);
4264
+ OPENSSL_EXPORT const char *X509_get_default_cert_file(void);
4265
+ OPENSSL_EXPORT const char *X509_get_default_cert_dir_env(void);
4266
+ OPENSSL_EXPORT const char *X509_get_default_cert_file_env(void);
4267
+ OPENSSL_EXPORT const char *X509_get_default_private_dir(void);
2474
4268
 
2475
- OPENSSL_EXPORT int X509_verify_cert(X509_STORE_CTX *ctx);
2476
4269
 
2477
- // PKCS#8 utilities
4270
+ OPENSSL_EXPORT int X509_TRUST_set(int *t, int trust);
2478
4271
 
2479
- DECLARE_ASN1_FUNCTIONS_const(PKCS8_PRIV_KEY_INFO)
4272
+ OPENSSL_EXPORT int X509_cmp(const X509 *a, const X509 *b);
2480
4273
 
2481
- // EVP_PKCS82PKEY returns |p8| as a newly-allocated |EVP_PKEY|, or NULL if the
2482
- // key was unsupported or could not be decoded. If non-NULL, the caller must
2483
- // release the result with |EVP_PKEY_free| when done.
4274
+ // X509_NAME_hash returns a hash of |name|, or zero on error. This is the new
4275
+ // hash used by |X509_LOOKUP_hash_dir|.
2484
4276
  //
2485
- // Use |EVP_parse_private_key| instead.
2486
- OPENSSL_EXPORT EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8);
2487
-
2488
- // EVP_PKEY2PKCS8 encodes |pkey| as a PKCS#8 PrivateKeyInfo (RFC 5208),
2489
- // represented as a newly-allocated |PKCS8_PRIV_KEY_INFO|, or NULL on error. The
2490
- // caller must release the result with |PKCS8_PRIV_KEY_INFO_free| when done.
4277
+ // This hash is specific to the |X509_LOOKUP_hash_dir| filesystem format and is
4278
+ // not suitable for general-purpose X.509 name processing. It is very short, so
4279
+ // there will be hash collisions. It also depends on an OpenSSL-specific
4280
+ // canonicalization process.
2491
4281
  //
2492
- // Use |EVP_marshal_private_key| instead.
2493
- OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey);
2494
-
2495
- // X509_PUBKEY_set0_param sets |pub| to a key with AlgorithmIdentifier
2496
- // determined by |obj|, |param_type|, and |param_value|, and an encoded
2497
- // public key of |key|. On success, it takes ownership of all its parameters and
2498
- // returns one. Otherwise, it returns zero. |key| must have been allocated by
2499
- // |OPENSSL_malloc|.
4282
+ // TODO(https://crbug.com/boringssl/407): This should be const and thread-safe
4283
+ // but currently is neither, notably if |name| was modified from its parsed
4284
+ // value.
4285
+ OPENSSL_EXPORT uint32_t X509_NAME_hash(X509_NAME *name);
4286
+
4287
+ // X509_NAME_hash_old returns a hash of |name|, or zero on error. This is the
4288
+ // legacy hash used by |X509_LOOKUP_hash_dir|, which is still supported for
4289
+ // compatibility.
2500
4290
  //
2501
- // |obj|, |param_type|, and |param_value| are interpreted as in
2502
- // |X509_ALGOR_set0|. See |X509_ALGOR_set0| for details.
2503
- OPENSSL_EXPORT int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *obj,
2504
- int param_type, void *param_value,
2505
- uint8_t *key, int key_len);
2506
-
2507
- // X509_PUBKEY_get0_param outputs fields of |pub| and returns one. If |out_obj|
2508
- // is not NULL, it sets |*out_obj| to AlgorithmIdentifier's OID. If |out_key|
2509
- // is not NULL, it sets |*out_key| and |*out_key_len| to the encoded public key.
2510
- // If |out_alg| is not NULL, it sets |*out_alg| to the AlgorithmIdentifier.
4291
+ // This hash is specific to the |X509_LOOKUP_hash_dir| filesystem format and is
4292
+ // not suitable for general-purpose X.509 name processing. It is very short, so
4293
+ // there will be hash collisions.
2511
4294
  //
2512
- // Note: X.509 SubjectPublicKeyInfo structures store the encoded public key as a
2513
- // BIT STRING. |*out_key| and |*out_key_len| will silently pad the key with zero
2514
- // bits if |pub| did not contain a whole number of bytes. Use
2515
- // |X509_PUBKEY_get0_public_key| to preserve this information.
2516
- OPENSSL_EXPORT int X509_PUBKEY_get0_param(ASN1_OBJECT **out_obj,
2517
- const uint8_t **out_key,
2518
- int *out_key_len,
2519
- X509_ALGOR **out_alg,
2520
- X509_PUBKEY *pub);
4295
+ // TODO(https://crbug.com/boringssl/407): This should be const and thread-safe
4296
+ // but currently is neither, notably if |name| was modified from its parsed
4297
+ // value.
4298
+ OPENSSL_EXPORT uint32_t X509_NAME_hash_old(X509_NAME *name);
2521
4299
 
2522
- // X509_PUBKEY_get0_public_key returns |pub|'s encoded public key.
2523
- OPENSSL_EXPORT const ASN1_BIT_STRING *X509_PUBKEY_get0_public_key(
2524
- const X509_PUBKEY *pub);
4300
+ OPENSSL_EXPORT int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
2525
4301
 
2526
- OPENSSL_EXPORT int X509_check_trust(X509 *x, int id, int flags);
2527
4302
  OPENSSL_EXPORT int X509_TRUST_get_count(void);
2528
- OPENSSL_EXPORT X509_TRUST *X509_TRUST_get0(int idx);
4303
+ OPENSSL_EXPORT const X509_TRUST *X509_TRUST_get0(int idx);
2529
4304
  OPENSSL_EXPORT int X509_TRUST_get_by_id(int id);
2530
- OPENSSL_EXPORT int X509_TRUST_add(int id, int flags,
2531
- int (*ck)(X509_TRUST *, X509 *, int),
2532
- const char *name, int arg1, void *arg2);
2533
- OPENSSL_EXPORT void X509_TRUST_cleanup(void);
2534
4305
  OPENSSL_EXPORT int X509_TRUST_get_flags(const X509_TRUST *xp);
2535
4306
  OPENSSL_EXPORT char *X509_TRUST_get0_name(const X509_TRUST *xp);
2536
4307
  OPENSSL_EXPORT int X509_TRUST_get_trust(const X509_TRUST *xp);
2537
4308
 
2538
4309
 
2539
- struct rsa_pss_params_st {
2540
- X509_ALGOR *hashAlgorithm;
2541
- X509_ALGOR *maskGenAlgorithm;
2542
- ASN1_INTEGER *saltLength;
2543
- ASN1_INTEGER *trailerField;
2544
- // OpenSSL caches the MGF hash on |RSA_PSS_PARAMS| in some cases. None of the
2545
- // cases apply to BoringSSL, so this is always NULL, but Node expects the
2546
- // field to be present.
2547
- X509_ALGOR *maskHash;
2548
- } /* RSA_PSS_PARAMS */;
2549
-
2550
- DECLARE_ASN1_FUNCTIONS_const(RSA_PSS_PARAMS)
2551
-
2552
4310
  /*
2553
4311
  SSL_CTX -> X509_STORE
2554
4312
  -> X509_LOOKUP
@@ -2566,36 +4324,12 @@ The X509_STORE then calls a function to actually verify the
2566
4324
  certificate chain.
2567
4325
  */
2568
4326
 
4327
+ #define X509_LU_NONE 0
2569
4328
  #define X509_LU_X509 1
2570
4329
  #define X509_LU_CRL 2
2571
4330
  #define X509_LU_PKEY 3
2572
4331
 
2573
- DEFINE_STACK_OF(X509_LOOKUP)
2574
4332
  DEFINE_STACK_OF(X509_OBJECT)
2575
- DEFINE_STACK_OF(X509_VERIFY_PARAM)
2576
-
2577
- typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
2578
- typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);
2579
- typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, X509_STORE_CTX *ctx,
2580
- X509 *x);
2581
- typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, X509 *x,
2582
- X509 *issuer);
2583
- typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
2584
- typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, X509_CRL **crl,
2585
- X509 *x);
2586
- typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
2587
- typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl,
2588
- X509 *x);
2589
- typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
2590
- typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
2591
- X509_NAME *nm);
2592
- typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(
2593
- X509_STORE_CTX *ctx, X509_NAME *nm);
2594
- typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
2595
-
2596
- OPENSSL_EXPORT int X509_STORE_set_depth(X509_STORE *store, int depth);
2597
-
2598
- OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
2599
4333
 
2600
4334
  #define X509_STORE_CTX_set_app_data(ctx, data) \
2601
4335
  X509_STORE_CTX_set_ex_data(ctx, 0, data)
@@ -2604,85 +4338,27 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
2604
4338
  #define X509_L_FILE_LOAD 1
2605
4339
  #define X509_L_ADD_DIR 2
2606
4340
 
2607
- #define X509_LOOKUP_load_file(x, name, type) \
2608
- X509_LOOKUP_ctrl((x), X509_L_FILE_LOAD, (name), (long)(type), NULL)
2609
-
2610
- #define X509_LOOKUP_add_dir(x, name, type) \
2611
- X509_LOOKUP_ctrl((x), X509_L_ADD_DIR, (name), (long)(type), NULL)
2612
-
2613
- #define X509_V_OK 0
2614
- #define X509_V_ERR_UNSPECIFIED 1
2615
-
2616
- #define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
2617
- #define X509_V_ERR_UNABLE_TO_GET_CRL 3
2618
- #define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
2619
- #define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
2620
- #define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
2621
- #define X509_V_ERR_CERT_SIGNATURE_FAILURE 7
2622
- #define X509_V_ERR_CRL_SIGNATURE_FAILURE 8
2623
- #define X509_V_ERR_CERT_NOT_YET_VALID 9
2624
- #define X509_V_ERR_CERT_HAS_EXPIRED 10
2625
- #define X509_V_ERR_CRL_NOT_YET_VALID 11
2626
- #define X509_V_ERR_CRL_HAS_EXPIRED 12
2627
- #define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
2628
- #define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
2629
- #define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
2630
- #define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
2631
- #define X509_V_ERR_OUT_OF_MEM 17
2632
- #define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
2633
- #define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19
2634
- #define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
2635
- #define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
2636
- #define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
2637
- #define X509_V_ERR_CERT_REVOKED 23
2638
- #define X509_V_ERR_INVALID_CA 24
2639
- #define X509_V_ERR_PATH_LENGTH_EXCEEDED 25
2640
- #define X509_V_ERR_INVALID_PURPOSE 26
2641
- #define X509_V_ERR_CERT_UNTRUSTED 27
2642
- #define X509_V_ERR_CERT_REJECTED 28
2643
- // These are 'informational' when looking for issuer cert
2644
- #define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29
2645
- #define X509_V_ERR_AKID_SKID_MISMATCH 30
2646
- #define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31
2647
- #define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32
2648
-
2649
- #define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
2650
- #define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
2651
- #define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
2652
- #define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
2653
- #define X509_V_ERR_INVALID_NON_CA 37
2654
- #define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38
2655
- #define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39
2656
- #define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40
2657
-
2658
- #define X509_V_ERR_INVALID_EXTENSION 41
2659
- #define X509_V_ERR_INVALID_POLICY_EXTENSION 42
2660
- #define X509_V_ERR_NO_EXPLICIT_POLICY 43
2661
- #define X509_V_ERR_DIFFERENT_CRL_SCOPE 44
2662
- #define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45
2663
-
2664
- #define X509_V_ERR_UNNESTED_RESOURCE 46
2665
-
2666
- #define X509_V_ERR_PERMITTED_VIOLATION 47
2667
- #define X509_V_ERR_EXCLUDED_VIOLATION 48
2668
- #define X509_V_ERR_SUBTREE_MINMAX 49
2669
- #define X509_V_ERR_APPLICATION_VERIFICATION 50
2670
- #define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51
2671
- #define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52
2672
- #define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53
2673
- #define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54
2674
-
2675
- // Host, email and IP check errors
2676
- #define X509_V_ERR_HOSTNAME_MISMATCH 62
2677
- #define X509_V_ERR_EMAIL_MISMATCH 63
2678
- #define X509_V_ERR_IP_ADDRESS_MISMATCH 64
2679
-
2680
- // Caller error
2681
- #define X509_V_ERR_INVALID_CALL 65
2682
- // Issuer lookup error
2683
- #define X509_V_ERR_STORE_LOOKUP 66
4341
+ // The following constants are used to specify the format of files in an
4342
+ // |X509_LOOKUP|.
4343
+ #define X509_FILETYPE_PEM 1
4344
+ #define X509_FILETYPE_ASN1 2
4345
+ #define X509_FILETYPE_DEFAULT 3
2684
4346
 
2685
- #define X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS 67
4347
+ // X509_LOOKUP_load_file configures |lookup| to load information from the file
4348
+ // at |path|. It returns one on success and zero on error. |type| should be one
4349
+ // of the |X509_FILETYPE_*| constants to determine if the contents are PEM or
4350
+ // DER. If |type| is |X509_FILETYPE_DEFAULT|, |path| is ignored and instead some
4351
+ // default system path is used.
4352
+ OPENSSL_EXPORT int X509_LOOKUP_load_file(X509_LOOKUP *lookup, const char *path,
4353
+ int type);
4354
+
4355
+ // X509_LOOKUP_add_dir configures |lookup| to load information from the
4356
+ // directory at |path|. It returns one on success and zero on error. |type|
4357
+ // should be one of the |X509_FILETYPE_*| constants to determine if the contents
4358
+ // are PEM or DER. If |type| is |X509_FILETYPE_DEFAULT|, |path| is ignored and
4359
+ // instead some default system path is used.
4360
+ OPENSSL_EXPORT int X509_LOOKUP_add_dir(X509_LOOKUP *lookup, const char *path,
4361
+ int type);
2686
4362
 
2687
4363
  // Certificate verify flags
2688
4364
 
@@ -2708,11 +4384,11 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
2708
4384
  #define X509_V_FLAG_INHIBIT_ANY 0x200
2709
4385
  // Policy variable inhibit-policy-mapping
2710
4386
  #define X509_V_FLAG_INHIBIT_MAP 0x400
2711
- // Notify callback that policy is OK
4387
+ // Does nothing
2712
4388
  #define X509_V_FLAG_NOTIFY_POLICY 0x800
2713
- // Extended CRL features such as indirect CRLs, alternate CRL signing keys
4389
+ // Causes all verifications to fail. Extended CRL features have been removed.
2714
4390
  #define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000
2715
- // Delta CRL support
4391
+ // Causes all verifications to fail. Delta CRL support has been removed.
2716
4392
  #define X509_V_FLAG_USE_DELTAS 0x2000
2717
4393
  // Check selfsigned CA signature
2718
4394
  #define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
@@ -2731,135 +4407,36 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
2731
4407
  // verification.
2732
4408
  #define X509_V_FLAG_NO_CHECK_TIME 0x200000
2733
4409
 
2734
- #define X509_VP_FLAG_DEFAULT 0x1
2735
- #define X509_VP_FLAG_OVERWRITE 0x2
2736
- #define X509_VP_FLAG_RESET_FLAGS 0x4
2737
- #define X509_VP_FLAG_LOCKED 0x8
2738
- #define X509_VP_FLAG_ONCE 0x10
2739
-
2740
- OPENSSL_EXPORT int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h,
2741
- int type, X509_NAME *name);
2742
- OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_retrieve_by_subject(
2743
- STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name);
2744
- OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
2745
- X509_OBJECT *x);
2746
- OPENSSL_EXPORT int X509_OBJECT_up_ref_count(X509_OBJECT *a);
2747
- OPENSSL_EXPORT void X509_OBJECT_free_contents(X509_OBJECT *a);
2748
- OPENSSL_EXPORT int X509_OBJECT_get_type(const X509_OBJECT *a);
2749
- OPENSSL_EXPORT X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a);
2750
- OPENSSL_EXPORT X509_STORE *X509_STORE_new(void);
2751
- OPENSSL_EXPORT int X509_STORE_up_ref(X509_STORE *store);
2752
- OPENSSL_EXPORT void X509_STORE_free(X509_STORE *v);
2753
-
2754
- OPENSSL_EXPORT STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *st);
2755
- OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *st,
2756
- X509_NAME *nm);
2757
- OPENSSL_EXPORT STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *st,
2758
- X509_NAME *nm);
2759
- OPENSSL_EXPORT int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
2760
- OPENSSL_EXPORT int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
2761
- OPENSSL_EXPORT int X509_STORE_set_trust(X509_STORE *ctx, int trust);
2762
- OPENSSL_EXPORT int X509_STORE_set1_param(X509_STORE *ctx,
2763
- X509_VERIFY_PARAM *pm);
2764
- OPENSSL_EXPORT X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
2765
-
2766
- OPENSSL_EXPORT void X509_STORE_set_verify(X509_STORE *ctx,
2767
- X509_STORE_CTX_verify_fn verify);
2768
- #define X509_STORE_set_verify_func(ctx, func) \
2769
- X509_STORE_set_verify((ctx), (func))
2770
- OPENSSL_EXPORT void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
2771
- X509_STORE_CTX_verify_fn verify);
2772
- OPENSSL_EXPORT X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx);
2773
-
2774
- // X509_STORE_set_verify_cb acts like |X509_STORE_CTX_set_verify_cb| but sets
2775
- // the verify callback for any |X509_STORE_CTX| created from this |X509_STORE|
2776
- //
2777
- // Do not use this funciton. see |X509_STORE_CTX_set_verify_cb|.
2778
- OPENSSL_EXPORT void X509_STORE_set_verify_cb(
2779
- X509_STORE *ctx, X509_STORE_CTX_verify_cb verify_cb);
2780
- #define X509_STORE_set_verify_cb_func(ctx, func) \
2781
- X509_STORE_set_verify_cb((ctx), (func))
2782
- OPENSSL_EXPORT X509_STORE_CTX_verify_cb
2783
- X509_STORE_get_verify_cb(X509_STORE *ctx);
2784
- OPENSSL_EXPORT void X509_STORE_set_get_issuer(
2785
- X509_STORE *ctx, X509_STORE_CTX_get_issuer_fn get_issuer);
2786
- OPENSSL_EXPORT X509_STORE_CTX_get_issuer_fn
2787
- X509_STORE_get_get_issuer(X509_STORE *ctx);
2788
- OPENSSL_EXPORT void X509_STORE_set_check_issued(
2789
- X509_STORE *ctx, X509_STORE_CTX_check_issued_fn check_issued);
2790
- OPENSSL_EXPORT X509_STORE_CTX_check_issued_fn
2791
- X509_STORE_get_check_issued(X509_STORE *ctx);
2792
- OPENSSL_EXPORT void X509_STORE_set_check_revocation(
2793
- X509_STORE *ctx, X509_STORE_CTX_check_revocation_fn check_revocation);
2794
- OPENSSL_EXPORT X509_STORE_CTX_check_revocation_fn
2795
- X509_STORE_get_check_revocation(X509_STORE *ctx);
2796
- OPENSSL_EXPORT void X509_STORE_set_get_crl(X509_STORE *ctx,
2797
- X509_STORE_CTX_get_crl_fn get_crl);
2798
- OPENSSL_EXPORT X509_STORE_CTX_get_crl_fn
2799
- X509_STORE_get_get_crl(X509_STORE *ctx);
2800
- OPENSSL_EXPORT void X509_STORE_set_check_crl(
2801
- X509_STORE *ctx, X509_STORE_CTX_check_crl_fn check_crl);
2802
- OPENSSL_EXPORT X509_STORE_CTX_check_crl_fn
2803
- X509_STORE_get_check_crl(X509_STORE *ctx);
2804
- OPENSSL_EXPORT void X509_STORE_set_cert_crl(
2805
- X509_STORE *ctx, X509_STORE_CTX_cert_crl_fn cert_crl);
2806
- OPENSSL_EXPORT X509_STORE_CTX_cert_crl_fn
2807
- X509_STORE_get_cert_crl(X509_STORE *ctx);
2808
- OPENSSL_EXPORT void X509_STORE_set_lookup_certs(
2809
- X509_STORE *ctx, X509_STORE_CTX_lookup_certs_fn lookup_certs);
2810
- OPENSSL_EXPORT X509_STORE_CTX_lookup_certs_fn
2811
- X509_STORE_get_lookup_certs(X509_STORE *ctx);
2812
- OPENSSL_EXPORT void X509_STORE_set_lookup_crls(
2813
- X509_STORE *ctx, X509_STORE_CTX_lookup_crls_fn lookup_crls);
2814
- #define X509_STORE_set_lookup_crls_cb(ctx, func) \
2815
- X509_STORE_set_lookup_crls((ctx), (func))
2816
- OPENSSL_EXPORT X509_STORE_CTX_lookup_crls_fn
2817
- X509_STORE_get_lookup_crls(X509_STORE *ctx);
2818
- OPENSSL_EXPORT void X509_STORE_set_cleanup(X509_STORE *ctx,
2819
- X509_STORE_CTX_cleanup_fn cleanup);
2820
- OPENSSL_EXPORT X509_STORE_CTX_cleanup_fn
2821
- X509_STORE_get_cleanup(X509_STORE *ctx);
2822
-
2823
- OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_new(void);
2824
-
2825
- OPENSSL_EXPORT int X509_STORE_CTX_get1_issuer(X509 **issuer,
2826
- X509_STORE_CTX *ctx, X509 *x);
2827
-
2828
- OPENSSL_EXPORT void X509_STORE_CTX_zero(X509_STORE_CTX *ctx);
2829
- OPENSSL_EXPORT void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
2830
- OPENSSL_EXPORT int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
2831
- X509 *x509, STACK_OF(X509) *chain);
4410
+ // X509_OBJECT_new returns a newly-allocated, empty |X509_OBJECT| or NULL on
4411
+ // error.
4412
+ OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_new(void);
2832
4413
 
2833
- // X509_STORE_CTX_set0_trusted_stack configures |ctx| to trust the certificates
2834
- // in |sk|. |sk| must remain valid for the duration of |ctx|.
2835
- //
2836
- // WARNING: This function differs from most |set0| functions in that it does not
2837
- // take ownership of its input. The caller is required to ensure the lifetimes
2838
- // are consistent.
2839
- OPENSSL_EXPORT void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx,
2840
- STACK_OF(X509) *sk);
4414
+ // X509_OBJECT_free releases memory associated with |obj|.
4415
+ OPENSSL_EXPORT void X509_OBJECT_free(X509_OBJECT *obj);
2841
4416
 
2842
- // X509_STORE_CTX_trusted_stack is a deprecated alias for
2843
- // |X509_STORE_CTX_set0_trusted_stack|.
2844
- OPENSSL_EXPORT void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx,
2845
- STACK_OF(X509) *sk);
4417
+ // X509_OBJECT_get_type returns the type of |obj|, which will be one of the
4418
+ // |X509_LU_*| constants.
4419
+ OPENSSL_EXPORT int X509_OBJECT_get_type(const X509_OBJECT *obj);
2846
4420
 
2847
- OPENSSL_EXPORT void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
4421
+ // X509_OBJECT_get0_X509 returns |obj| as a certificate, or NULL if |obj| is not
4422
+ // a certificate.
4423
+ OPENSSL_EXPORT X509 *X509_OBJECT_get0_X509(const X509_OBJECT *obj);
2848
4424
 
2849
- OPENSSL_EXPORT X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
2850
- OPENSSL_EXPORT X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
4425
+ OPENSSL_EXPORT STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *st);
4426
+ OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
4427
+ X509_NAME *nm);
4428
+ OPENSSL_EXPORT STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *st,
4429
+ X509_NAME *nm);
2851
4430
 
2852
4431
  OPENSSL_EXPORT X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v,
2853
- X509_LOOKUP_METHOD *m);
4432
+ const X509_LOOKUP_METHOD *m);
2854
4433
 
2855
- OPENSSL_EXPORT X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
2856
- OPENSSL_EXPORT X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
4434
+ OPENSSL_EXPORT const X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
4435
+ OPENSSL_EXPORT const X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
2857
4436
 
2858
- OPENSSL_EXPORT int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
2859
- OPENSSL_EXPORT int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
2860
-
2861
- OPENSSL_EXPORT int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type,
2862
- X509_NAME *name, X509_OBJECT *ret);
4437
+ OPENSSL_EXPORT int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, int type,
4438
+ X509_NAME *name,
4439
+ X509_OBJECT *ret);
2863
4440
 
2864
4441
  OPENSSL_EXPORT int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
2865
4442
  long argl, char **ret);
@@ -2871,130 +4448,408 @@ OPENSSL_EXPORT int X509_load_crl_file(X509_LOOKUP *ctx, const char *file,
2871
4448
  OPENSSL_EXPORT int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file,
2872
4449
  int type);
2873
4450
 
2874
- OPENSSL_EXPORT X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
2875
- OPENSSL_EXPORT void X509_LOOKUP_free(X509_LOOKUP *ctx);
2876
- OPENSSL_EXPORT int X509_LOOKUP_init(X509_LOOKUP *ctx);
2877
- OPENSSL_EXPORT int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type,
2878
- X509_NAME *name, X509_OBJECT *ret);
2879
- OPENSSL_EXPORT int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
2880
-
2881
4451
  OPENSSL_EXPORT int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
2882
4452
  const char *dir);
2883
4453
  OPENSSL_EXPORT int X509_STORE_set_default_paths(X509_STORE *ctx);
2884
- OPENSSL_EXPORT int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
2885
- OPENSSL_EXPORT void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
2886
- OPENSSL_EXPORT int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
2887
- OPENSSL_EXPORT X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
2888
- OPENSSL_EXPORT X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);
2889
- OPENSSL_EXPORT X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
2890
- OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(
2891
- X509_STORE_CTX *ctx);
2892
- OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
2893
- OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx);
2894
- OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
2895
- OPENSSL_EXPORT void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x);
2896
- OPENSSL_EXPORT void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,
2897
- STACK_OF(X509) *sk);
2898
- OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(
2899
- X509_STORE_CTX *ctx);
2900
- OPENSSL_EXPORT void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,
2901
- STACK_OF(X509_CRL) *sk);
2902
- OPENSSL_EXPORT int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
2903
- OPENSSL_EXPORT int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
2904
- OPENSSL_EXPORT int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx,
2905
- int def_purpose, int purpose,
2906
- int trust);
2907
- OPENSSL_EXPORT void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx,
2908
- unsigned long flags);
2909
- OPENSSL_EXPORT void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx,
2910
- unsigned long flags, time_t t);
2911
- OPENSSL_EXPORT void X509_STORE_CTX_set_time_posix(X509_STORE_CTX *ctx,
2912
- unsigned long flags,
2913
- int64_t t);
2914
4454
 
2915
- // X509_STORE_CTX_set_verify_cb configures a callback function for |ctx| that is
2916
- // called multiple times during |X509_verify_cert|. The callback returns zero to
2917
- // fail verification and non-zero to proceed. Typically, it will return |ok|,
2918
- // which preserves the default behavior. Returning one when |ok| is zero will
2919
- // proceed past some error. The callback may inspect |ctx| and the error queue
2920
- // to attempt to determine the current stage of certificate verification, but
2921
- // this is often unreliable.
4455
+ typedef void *(*X509V3_EXT_NEW)(void);
4456
+ typedef void (*X509V3_EXT_FREE)(void *);
4457
+ typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long);
4458
+ typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
4459
+ typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V)(const X509V3_EXT_METHOD *method,
4460
+ void *ext,
4461
+ STACK_OF(CONF_VALUE) *extlist);
4462
+ typedef void *(*X509V3_EXT_V2I)(const X509V3_EXT_METHOD *method,
4463
+ const X509V3_CTX *ctx,
4464
+ const STACK_OF(CONF_VALUE) *values);
4465
+ typedef char *(*X509V3_EXT_I2S)(const X509V3_EXT_METHOD *method, void *ext);
4466
+ typedef void *(*X509V3_EXT_S2I)(const X509V3_EXT_METHOD *method,
4467
+ const X509V3_CTX *ctx, const char *str);
4468
+ typedef int (*X509V3_EXT_I2R)(const X509V3_EXT_METHOD *method, void *ext,
4469
+ BIO *out, int indent);
4470
+ typedef void *(*X509V3_EXT_R2I)(const X509V3_EXT_METHOD *method,
4471
+ const X509V3_CTX *ctx, const char *str);
4472
+
4473
+ // V3 extension structure
4474
+
4475
+ struct v3_ext_method {
4476
+ int ext_nid;
4477
+ int ext_flags;
4478
+
4479
+ // it determines how values of this extension are allocated, released, parsed,
4480
+ // and marshalled. This must be non-NULL.
4481
+ ASN1_ITEM_EXP *it;
4482
+
4483
+ // The following functions are ignored in favor of |it|. They are retained in
4484
+ // the struct only for source compatibility with existing struct definitions.
4485
+ X509V3_EXT_NEW ext_new;
4486
+ X509V3_EXT_FREE ext_free;
4487
+ X509V3_EXT_D2I d2i;
4488
+ X509V3_EXT_I2D i2d;
4489
+
4490
+ // The following pair is used for string extensions
4491
+ X509V3_EXT_I2S i2s;
4492
+ X509V3_EXT_S2I s2i;
4493
+
4494
+ // The following pair is used for multi-valued extensions
4495
+ X509V3_EXT_I2V i2v;
4496
+ X509V3_EXT_V2I v2i;
4497
+
4498
+ // The following are used for raw extensions
4499
+ X509V3_EXT_I2R i2r;
4500
+ X509V3_EXT_R2I r2i;
4501
+
4502
+ void *usr_data; // Any extension specific data
4503
+ };
4504
+
4505
+ DEFINE_STACK_OF(X509V3_EXT_METHOD)
4506
+
4507
+ // ext_flags values
4508
+ #define X509V3_EXT_CTX_DEP 0x2
4509
+ #define X509V3_EXT_MULTILINE 0x4
4510
+
4511
+ struct BASIC_CONSTRAINTS_st {
4512
+ int ca;
4513
+ ASN1_INTEGER *pathlen;
4514
+ };
4515
+
4516
+ typedef struct ACCESS_DESCRIPTION_st {
4517
+ ASN1_OBJECT *method;
4518
+ GENERAL_NAME *location;
4519
+ } ACCESS_DESCRIPTION;
4520
+
4521
+ DEFINE_STACK_OF(ACCESS_DESCRIPTION)
4522
+
4523
+ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
4524
+
4525
+ typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
4526
+
4527
+ typedef struct DIST_POINT_NAME_st {
4528
+ int type;
4529
+ union {
4530
+ GENERAL_NAMES *fullname;
4531
+ STACK_OF(X509_NAME_ENTRY) *relativename;
4532
+ } name;
4533
+ // If relativename then this contains the full distribution point name
4534
+ X509_NAME *dpname;
4535
+ } DIST_POINT_NAME;
4536
+ // All existing reasons
4537
+ #define CRLDP_ALL_REASONS 0x807f
4538
+
4539
+ struct DIST_POINT_st {
4540
+ DIST_POINT_NAME *distpoint;
4541
+ ASN1_BIT_STRING *reasons;
4542
+ GENERAL_NAMES *CRLissuer;
4543
+ };
4544
+
4545
+ typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
4546
+
4547
+ DEFINE_STACK_OF(DIST_POINT)
4548
+
4549
+ struct AUTHORITY_KEYID_st {
4550
+ ASN1_OCTET_STRING *keyid;
4551
+ GENERAL_NAMES *issuer;
4552
+ ASN1_INTEGER *serial;
4553
+ };
4554
+
4555
+ typedef struct NOTICEREF_st {
4556
+ ASN1_STRING *organization;
4557
+ STACK_OF(ASN1_INTEGER) *noticenos;
4558
+ } NOTICEREF;
4559
+
4560
+ typedef struct USERNOTICE_st {
4561
+ NOTICEREF *noticeref;
4562
+ ASN1_STRING *exptext;
4563
+ } USERNOTICE;
4564
+
4565
+ typedef struct POLICYQUALINFO_st {
4566
+ ASN1_OBJECT *pqualid;
4567
+ union {
4568
+ ASN1_IA5STRING *cpsuri;
4569
+ USERNOTICE *usernotice;
4570
+ ASN1_TYPE *other;
4571
+ } d;
4572
+ } POLICYQUALINFO;
4573
+
4574
+ DEFINE_STACK_OF(POLICYQUALINFO)
4575
+
4576
+ typedef struct POLICYINFO_st {
4577
+ ASN1_OBJECT *policyid;
4578
+ STACK_OF(POLICYQUALINFO) *qualifiers;
4579
+ } POLICYINFO;
4580
+
4581
+ typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
4582
+
4583
+ DEFINE_STACK_OF(POLICYINFO)
4584
+
4585
+ typedef struct POLICY_MAPPING_st {
4586
+ ASN1_OBJECT *issuerDomainPolicy;
4587
+ ASN1_OBJECT *subjectDomainPolicy;
4588
+ } POLICY_MAPPING;
4589
+
4590
+ DEFINE_STACK_OF(POLICY_MAPPING)
4591
+
4592
+ typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;
4593
+
4594
+ typedef struct GENERAL_SUBTREE_st {
4595
+ GENERAL_NAME *base;
4596
+ ASN1_INTEGER *minimum;
4597
+ ASN1_INTEGER *maximum;
4598
+ } GENERAL_SUBTREE;
4599
+
4600
+ DEFINE_STACK_OF(GENERAL_SUBTREE)
4601
+
4602
+ struct NAME_CONSTRAINTS_st {
4603
+ STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
4604
+ STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
4605
+ };
4606
+
4607
+ typedef struct POLICY_CONSTRAINTS_st {
4608
+ ASN1_INTEGER *requireExplicitPolicy;
4609
+ ASN1_INTEGER *inhibitPolicyMapping;
4610
+ } POLICY_CONSTRAINTS;
4611
+
4612
+ struct ISSUING_DIST_POINT_st {
4613
+ DIST_POINT_NAME *distpoint;
4614
+ ASN1_BOOLEAN onlyuser;
4615
+ ASN1_BOOLEAN onlyCA;
4616
+ ASN1_BIT_STRING *onlysomereasons;
4617
+ ASN1_BOOLEAN indirectCRL;
4618
+ ASN1_BOOLEAN onlyattr;
4619
+ };
4620
+
4621
+ // X509_PURPOSE stuff
4622
+
4623
+ #define NS_SSL_CLIENT 0x80
4624
+ #define NS_SSL_SERVER 0x40
4625
+ #define NS_SMIME 0x20
4626
+ #define NS_OBJSIGN 0x10
4627
+ #define NS_SSL_CA 0x04
4628
+ #define NS_SMIME_CA 0x02
4629
+ #define NS_OBJSIGN_CA 0x01
4630
+ #define NS_ANY_CA (NS_SSL_CA | NS_SMIME_CA | NS_OBJSIGN_CA)
4631
+
4632
+ typedef struct x509_purpose_st {
4633
+ int purpose;
4634
+ int trust; // Default trust ID
4635
+ int flags;
4636
+ int (*check_purpose)(const struct x509_purpose_st *, const X509 *, int);
4637
+ char *name;
4638
+ char *sname;
4639
+ void *usr_data;
4640
+ } X509_PURPOSE;
4641
+
4642
+ DEFINE_STACK_OF(X509_PURPOSE)
4643
+
4644
+ DECLARE_ASN1_FUNCTIONS_const(BASIC_CONSTRAINTS)
4645
+
4646
+ // TODO(https://crbug.com/boringssl/407): This is not const because it contains
4647
+ // an |X509_NAME|.
4648
+ DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
4649
+
4650
+ DECLARE_ASN1_FUNCTIONS_const(EXTENDED_KEY_USAGE)
4651
+
4652
+ DECLARE_ASN1_FUNCTIONS_const(CERTIFICATEPOLICIES)
4653
+ DECLARE_ASN1_FUNCTIONS_const(POLICYINFO)
4654
+ DECLARE_ASN1_FUNCTIONS_const(POLICYQUALINFO)
4655
+ DECLARE_ASN1_FUNCTIONS_const(USERNOTICE)
4656
+ DECLARE_ASN1_FUNCTIONS_const(NOTICEREF)
4657
+
4658
+ // TODO(https://crbug.com/boringssl/407): This is not const because it contains
4659
+ // an |X509_NAME|.
4660
+ DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
4661
+ // TODO(https://crbug.com/boringssl/407): This is not const because it contains
4662
+ // an |X509_NAME|.
4663
+ DECLARE_ASN1_FUNCTIONS(DIST_POINT)
4664
+ // TODO(https://crbug.com/boringssl/407): This is not const because it contains
4665
+ // an |X509_NAME|.
4666
+ DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
4667
+ // TODO(https://crbug.com/boringssl/407): This is not const because it contains
4668
+ // an |X509_NAME|.
4669
+ DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
4670
+
4671
+ OPENSSL_EXPORT int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn,
4672
+ X509_NAME *iname);
4673
+
4674
+ // TODO(https://crbug.com/boringssl/407): This is not const because it contains
4675
+ // an |X509_NAME|.
4676
+ DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
4677
+ // TODO(https://crbug.com/boringssl/407): This is not const because it contains
4678
+ // an |X509_NAME|.
4679
+ DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
4680
+
4681
+ DECLARE_ASN1_ITEM(POLICY_MAPPING)
4682
+ DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
4683
+ DECLARE_ASN1_ITEM(POLICY_MAPPINGS)
4684
+
4685
+ DECLARE_ASN1_ITEM(GENERAL_SUBTREE)
4686
+ DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
4687
+
4688
+ DECLARE_ASN1_ITEM(NAME_CONSTRAINTS)
4689
+ DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
4690
+
4691
+ DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
4692
+ DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
4693
+
4694
+ // X509V3_EXT_add registers |ext| as a custom extension for the extension type
4695
+ // |ext->ext_nid|. |ext| must be valid for the remainder of the address space's
4696
+ // lifetime. It returns one on success and zero on error.
2922
4697
  //
2923
- // WARNING: Do not use this function. It is extremely fragile and unpredictable.
2924
- // This callback exposes implementation details of certificate verification,
2925
- // which change as the library evolves. Attempting to use it for security checks
2926
- // can introduce vulnerabilities if making incorrect assumptions about when the
2927
- // callback is called. Additionally, overriding |ok| may leave |ctx| in an
2928
- // inconsistent state and break invariants.
4698
+ // WARNING: This function modifies global state. If other code in the same
4699
+ // address space also registers an extension with type |ext->ext_nid|, the two
4700
+ // registrations will conflict. Which registration takes effect is undefined. If
4701
+ // the two registrations use incompatible in-memory representations, code
4702
+ // expecting the other registration will then cast a type to the wrong type,
4703
+ // resulting in a potentially exploitable memory error. This conflict can also
4704
+ // occur if BoringSSL later adds support for |ext->ext_nid|, with a different
4705
+ // in-memory representation than the one expected by |ext|.
2929
4706
  //
2930
- // Instead, customize certificate verification by configuring options on the
2931
- // |X509_STORE_CTX| before verification, or applying additional checks after
2932
- // |X509_verify_cert| completes successfully.
2933
- OPENSSL_EXPORT void X509_STORE_CTX_set_verify_cb(
2934
- X509_STORE_CTX *ctx, int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
2935
-
2936
- OPENSSL_EXPORT X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(
2937
- X509_STORE_CTX *ctx);
2938
- OPENSSL_EXPORT void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx,
2939
- X509_VERIFY_PARAM *param);
2940
- OPENSSL_EXPORT int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx,
2941
- const char *name);
2942
-
2943
- // X509_VERIFY_PARAM functions
2944
-
2945
- OPENSSL_EXPORT X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
2946
- OPENSSL_EXPORT void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param);
2947
- OPENSSL_EXPORT int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to,
2948
- const X509_VERIFY_PARAM *from);
2949
- OPENSSL_EXPORT int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
2950
- const X509_VERIFY_PARAM *from);
2951
- OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param,
2952
- const char *name);
2953
- OPENSSL_EXPORT int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param,
2954
- unsigned long flags);
2955
- OPENSSL_EXPORT int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
2956
- unsigned long flags);
2957
- OPENSSL_EXPORT unsigned long X509_VERIFY_PARAM_get_flags(
2958
- X509_VERIFY_PARAM *param);
2959
- OPENSSL_EXPORT int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param,
2960
- int purpose);
2961
- OPENSSL_EXPORT int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param,
2962
- int trust);
2963
- OPENSSL_EXPORT void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param,
2964
- int depth);
2965
- OPENSSL_EXPORT void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param,
2966
- time_t t);
2967
- OPENSSL_EXPORT void X509_VERIFY_PARAM_set_time_posix(X509_VERIFY_PARAM *param,
2968
- int64_t t);
2969
- OPENSSL_EXPORT int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
2970
- ASN1_OBJECT *policy);
2971
- OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_policies(
2972
- X509_VERIFY_PARAM *param, const STACK_OF(ASN1_OBJECT) *policies);
4707
+ // This function, additionally, is not thread-safe and cannot be called
4708
+ // concurrently with any other BoringSSL function.
4709
+ //
4710
+ // As a result, it is impossible to safely use this function. Registering a
4711
+ // custom extension has no impact on certificate verification so, instead,
4712
+ // callers should simply handle the custom extension with the byte-based
4713
+ // |X509_EXTENSION| APIs directly. Registering |ext| with the library has little
4714
+ // practical value.
4715
+ OPENSSL_EXPORT OPENSSL_DEPRECATED int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
4716
+
4717
+ // X509V3_EXT_add_alias registers a custom extension with NID |nid_to|. The
4718
+ // corresponding ASN.1 type is copied from |nid_from|. It returns one on success
4719
+ // and zero on error.
4720
+ //
4721
+ // WARNING: Do not use this function. See |X509V3_EXT_add|.
4722
+ OPENSSL_EXPORT OPENSSL_DEPRECATED int X509V3_EXT_add_alias(int nid_to,
4723
+ int nid_from);
4724
+
4725
+ OPENSSL_EXPORT const X509V3_EXT_METHOD *X509V3_EXT_get(
4726
+ const X509_EXTENSION *ext);
4727
+ OPENSSL_EXPORT const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
4728
+
4729
+ // X509V3_EXT_d2i decodes |ext| and returns a pointer to a newly-allocated
4730
+ // structure, with type dependent on the type of the extension. It returns NULL
4731
+ // if |ext| is an unsupported extension or if there was a syntax error in the
4732
+ // extension. The caller should cast the return value to the expected type and
4733
+ // free the structure when done.
4734
+ //
4735
+ // WARNING: Casting the return value to the wrong type is a potentially
4736
+ // exploitable memory error, so callers must not use this function before
4737
+ // checking |ext| is of a known type.
4738
+ OPENSSL_EXPORT void *X509V3_EXT_d2i(const X509_EXTENSION *ext);
4739
+
4740
+ // X509V3_get_d2i finds and decodes the extension in |extensions| of type |nid|.
4741
+ // If found, it decodes it and returns a newly-allocated structure, with type
4742
+ // dependent on |nid|. If the extension is not found or on error, it returns
4743
+ // NULL. The caller may distinguish these cases using the |out_critical| value.
4744
+ //
4745
+ // If |out_critical| is not NULL, this function sets |*out_critical| to one if
4746
+ // the extension is found and critical, zero if it is found and not critical, -1
4747
+ // if it is not found, and -2 if there is an invalid duplicate extension. Note
4748
+ // this function may set |*out_critical| to one or zero and still return NULL if
4749
+ // the extension is found but has a syntax error.
4750
+ //
4751
+ // If |out_idx| is not NULL, this function looks for the first occurrence of the
4752
+ // extension after |*out_idx|. It then sets |*out_idx| to the index of the
4753
+ // extension, or -1 if not found. If |out_idx| is non-NULL, duplicate extensions
4754
+ // are not treated as an error. Callers, however, should not rely on this
4755
+ // behavior as it may be removed in the future. Duplicate extensions are
4756
+ // forbidden in RFC 5280.
4757
+ //
4758
+ // WARNING: This function is difficult to use correctly. Callers should pass a
4759
+ // non-NULL |out_critical| and check both the return value and |*out_critical|
4760
+ // to handle errors. If the return value is NULL and |*out_critical| is not -1,
4761
+ // there was an error. Otherwise, the function succeeded and but may return NULL
4762
+ // for a missing extension. Callers should pass NULL to |out_idx| so that
4763
+ // duplicate extensions are handled correctly.
4764
+ //
4765
+ // Additionally, casting the return value to the wrong type is a potentially
4766
+ // exploitable memory error, so callers must ensure the cast and |nid| match.
4767
+ OPENSSL_EXPORT void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *extensions,
4768
+ int nid, int *out_critical, int *out_idx);
4769
+
4770
+ // X509V3_EXT_free casts |ext_data| into the type that corresponds to |nid| and
4771
+ // releases memory associated with it. It returns one on success and zero if
4772
+ // |nid| is not a known extension.
4773
+ //
4774
+ // WARNING: Casting |ext_data| to the wrong type is a potentially exploitable
4775
+ // memory error, so callers must ensure |ext_data|'s type matches |nid|.
4776
+ //
4777
+ // TODO(davidben): OpenSSL upstream no longer exposes this function. Remove it?
4778
+ OPENSSL_EXPORT int X509V3_EXT_free(int nid, void *ext_data);
2973
4779
 
2974
- OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
2975
- const char *name,
2976
- size_t namelen);
2977
- OPENSSL_EXPORT int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
2978
- const char *name,
2979
- size_t namelen);
2980
- OPENSSL_EXPORT void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
2981
- unsigned int flags);
2982
- OPENSSL_EXPORT char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *);
2983
- OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
2984
- const char *email,
2985
- size_t emaillen);
2986
- OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
2987
- const unsigned char *ip,
2988
- size_t iplen);
2989
- OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param,
2990
- const char *ipasc);
4780
+ // X509V3_EXT_i2d casts |ext_struc| into the type that corresponds to
4781
+ // |ext_nid|, serializes it, and returns a newly-allocated |X509_EXTENSION|
4782
+ // object containing the serialization, or NULL on error. The |X509_EXTENSION|
4783
+ // has OID |ext_nid| and is critical if |crit| is one.
4784
+ //
4785
+ // WARNING: Casting |ext_struc| to the wrong type is a potentially exploitable
4786
+ // memory error, so callers must ensure |ext_struct|'s type matches |ext_nid|.
4787
+ OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit,
4788
+ void *ext_struc);
4789
+
4790
+ // The following constants control the behavior of |X509V3_add1_i2d| and related
4791
+ // functions.
4792
+
4793
+ // X509V3_ADD_OP_MASK can be ANDed with the flags to determine how duplicate
4794
+ // extensions are processed.
4795
+ #define X509V3_ADD_OP_MASK 0xfL
4796
+
4797
+ // X509V3_ADD_DEFAULT causes the function to fail if the extension was already
4798
+ // present.
4799
+ #define X509V3_ADD_DEFAULT 0L
4800
+
4801
+ // X509V3_ADD_APPEND causes the function to unconditionally appended the new
4802
+ // extension to to the extensions list, even if there is a duplicate.
4803
+ #define X509V3_ADD_APPEND 1L
4804
+
4805
+ // X509V3_ADD_REPLACE causes the function to replace the existing extension, or
4806
+ // append if it is not present.
4807
+ #define X509V3_ADD_REPLACE 2L
4808
+
4809
+ // X509V3_ADD_REPLACE causes the function to replace the existing extension and
4810
+ // fail if it is not present.
4811
+ #define X509V3_ADD_REPLACE_EXISTING 3L
4812
+
4813
+ // X509V3_ADD_KEEP_EXISTING causes the function to succeed without replacing the
4814
+ // extension if already present.
4815
+ #define X509V3_ADD_KEEP_EXISTING 4L
4816
+
4817
+ // X509V3_ADD_DELETE causes the function to remove the matching extension. No
4818
+ // new extension is added. If there is no matching extension, the function
4819
+ // fails. The |value| parameter is ignored in this mode.
4820
+ #define X509V3_ADD_DELETE 5L
4821
+
4822
+ // X509V3_ADD_SILENT may be ORed into one of the values above to indicate the
4823
+ // function should not add to the error queue on duplicate or missing extension.
4824
+ // The function will continue to return zero in those cases, and it will
4825
+ // continue to return -1 and add to the error queue on other errors.
4826
+ #define X509V3_ADD_SILENT 0x10
4827
+
4828
+ // X509V3_add1_i2d casts |value| to the type that corresponds to |nid|,
4829
+ // serializes it, and appends it to the extension list in |*x|. If |*x| is NULL,
4830
+ // it will set |*x| to a newly-allocated |STACK_OF(X509_EXTENSION)| as needed.
4831
+ // The |crit| parameter determines whether the new extension is critical.
4832
+ // |flags| may be some combination of the |X509V3_ADD_*| constants to control
4833
+ // the function's behavior on duplicate extension.
4834
+ //
4835
+ // This function returns one on success, zero if the operation failed due to a
4836
+ // missing or duplicate extension, and -1 on other errors.
4837
+ //
4838
+ // WARNING: Casting |value| to the wrong type is a potentially exploitable
4839
+ // memory error, so callers must ensure |value|'s type matches |nid|.
4840
+ OPENSSL_EXPORT int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid,
4841
+ void *value, int crit, unsigned long flags);
2991
4842
 
2992
- OPENSSL_EXPORT int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
2993
- OPENSSL_EXPORT const char *X509_VERIFY_PARAM_get0_name(
2994
- const X509_VERIFY_PARAM *param);
4843
+ OPENSSL_EXPORT int X509_PURPOSE_set(int *p, int purpose);
2995
4844
 
2996
- OPENSSL_EXPORT const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(
2997
- const char *name);
4845
+ OPENSSL_EXPORT int X509_PURPOSE_get_count(void);
4846
+ OPENSSL_EXPORT const X509_PURPOSE *X509_PURPOSE_get0(int idx);
4847
+ OPENSSL_EXPORT int X509_PURPOSE_get_by_sname(const char *sname);
4848
+ OPENSSL_EXPORT int X509_PURPOSE_get_by_id(int id);
4849
+ OPENSSL_EXPORT char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp);
4850
+ OPENSSL_EXPORT char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp);
4851
+ OPENSSL_EXPORT int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);
4852
+ OPENSSL_EXPORT int X509_PURPOSE_get_id(const X509_PURPOSE *);
2998
4853
 
2999
4854
 
3000
4855
  #if defined(__cplusplus)
@@ -3006,7 +4861,18 @@ extern "C++" {
3006
4861
 
3007
4862
  BSSL_NAMESPACE_BEGIN
3008
4863
 
4864
+ BORINGSSL_MAKE_DELETER(ACCESS_DESCRIPTION, ACCESS_DESCRIPTION_free)
4865
+ BORINGSSL_MAKE_DELETER(AUTHORITY_KEYID, AUTHORITY_KEYID_free)
4866
+ BORINGSSL_MAKE_DELETER(BASIC_CONSTRAINTS, BASIC_CONSTRAINTS_free)
4867
+ // TODO(davidben): Move this to conf.h and rename to CONF_VALUE_free.
4868
+ BORINGSSL_MAKE_DELETER(CONF_VALUE, X509V3_conf_free)
4869
+ BORINGSSL_MAKE_DELETER(DIST_POINT, DIST_POINT_free)
4870
+ BORINGSSL_MAKE_DELETER(GENERAL_NAME, GENERAL_NAME_free)
4871
+ BORINGSSL_MAKE_DELETER(GENERAL_SUBTREE, GENERAL_SUBTREE_free)
4872
+ BORINGSSL_MAKE_DELETER(NAME_CONSTRAINTS, NAME_CONSTRAINTS_free)
3009
4873
  BORINGSSL_MAKE_DELETER(NETSCAPE_SPKI, NETSCAPE_SPKI_free)
4874
+ BORINGSSL_MAKE_DELETER(POLICY_MAPPING, POLICY_MAPPING_free)
4875
+ BORINGSSL_MAKE_DELETER(POLICYINFO, POLICYINFO_free)
3010
4876
  BORINGSSL_MAKE_DELETER(RSA_PSS_PARAMS, RSA_PSS_PARAMS_free)
3011
4877
  BORINGSSL_MAKE_DELETER(X509, X509_free)
3012
4878
  BORINGSSL_MAKE_UP_REF(X509, X509_up_ref)
@@ -3019,7 +4885,6 @@ BORINGSSL_MAKE_DELETER(X509_INFO, X509_INFO_free)
3019
4885
  BORINGSSL_MAKE_DELETER(X509_LOOKUP, X509_LOOKUP_free)
3020
4886
  BORINGSSL_MAKE_DELETER(X509_NAME, X509_NAME_free)
3021
4887
  BORINGSSL_MAKE_DELETER(X509_NAME_ENTRY, X509_NAME_ENTRY_free)
3022
- BORINGSSL_MAKE_DELETER(X509_PKEY, X509_PKEY_free)
3023
4888
  BORINGSSL_MAKE_DELETER(X509_PUBKEY, X509_PUBKEY_free)
3024
4889
  BORINGSSL_MAKE_DELETER(X509_REQ, X509_REQ_free)
3025
4890
  BORINGSSL_MAKE_DELETER(X509_REVOKED, X509_REVOKED_free)