summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authortb <>2021-10-23 13:16:52 +0000
committertb <>2021-10-23 13:16:52 +0000
commit8dff56643193b97a1340c067138c6eecbb262caf (patch)
treeeb28d4d18974144dfa5934102765bc60fd6efc73 /src
parent3a97113aaac4c71917ea6bcb2f8cf69c939ca55a (diff)
downloadopenbsd-8dff56643193b97a1340c067138c6eecbb262caf.tar.gz
openbsd-8dff56643193b97a1340c067138c6eecbb262caf.tar.bz2
openbsd-8dff56643193b97a1340c067138c6eecbb262caf.zip
Prepare to make many of the structs in x509.h opaque.
ok beck jsing
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/x509/x509.h162
1 files changed, 86 insertions, 76 deletions
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index 84288de5de..c89b2a5d32 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509.h,v 1.81 2021/10/23 11:56:10 tb Exp $ */ 1/* $OpenBSD: x509.h,v 1.82 2021/10/23 13:16:52 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -134,47 +134,46 @@ typedef struct X509_objects_st
134 int (*i2a)(void); 134 int (*i2a)(void);
135 } X509_OBJECTS; 135 } X509_OBJECTS;
136 136
137struct X509_algor_st 137struct X509_algor_st {
138 {
139 ASN1_OBJECT *algorithm; 138 ASN1_OBJECT *algorithm;
140 ASN1_TYPE *parameter; 139 ASN1_TYPE *parameter;
141 } /* X509_ALGOR */; 140} /* X509_ALGOR */;
142
143 141
144typedef STACK_OF(X509_ALGOR) X509_ALGORS; 142typedef STACK_OF(X509_ALGOR) X509_ALGORS;
145 143
146typedef struct X509_val_st 144typedef struct X509_val_st {
147 {
148 ASN1_TIME *notBefore; 145 ASN1_TIME *notBefore;
149 ASN1_TIME *notAfter; 146 ASN1_TIME *notAfter;
150 } X509_VAL; 147} X509_VAL;
151 148
152struct X509_pubkey_st 149#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
153 { 150struct X509_pubkey_st {
154 X509_ALGOR *algor; 151 X509_ALGOR *algor;
155 ASN1_BIT_STRING *public_key; 152 ASN1_BIT_STRING *public_key;
156 EVP_PKEY *pkey; 153 EVP_PKEY *pkey;
157 }; 154};
158 155
159typedef struct X509_sig_st 156typedef struct X509_sig_st {
160 {
161 X509_ALGOR *algor; 157 X509_ALGOR *algor;
162 ASN1_OCTET_STRING *digest; 158 ASN1_OCTET_STRING *digest;
163 } X509_SIG; 159} X509_SIG;
164 160
165typedef struct X509_name_entry_st 161typedef struct X509_name_entry_st {
166 {
167 ASN1_OBJECT *object; 162 ASN1_OBJECT *object;
168 ASN1_STRING *value; 163 ASN1_STRING *value;
169 int set; 164 int set;
170 int size; /* temp variable */ 165 int size; /* temp variable */
171 } X509_NAME_ENTRY; 166} X509_NAME_ENTRY;
167#else
168typedef struct X509_sig_st X509_SIG;
169typedef struct X509_name_entry_st X509_NAME_ENTRY;
170#endif
172 171
173DECLARE_STACK_OF(X509_NAME_ENTRY) 172DECLARE_STACK_OF(X509_NAME_ENTRY)
174 173
174#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
175/* we always keep X509_NAMEs in 2 forms. */ 175/* we always keep X509_NAMEs in 2 forms. */
176struct X509_name_st 176struct X509_name_st {
177 {
178 STACK_OF(X509_NAME_ENTRY) *entries; 177 STACK_OF(X509_NAME_ENTRY) *entries;
179 int modified; /* true if 'bytes' needs to be built */ 178 int modified; /* true if 'bytes' needs to be built */
180#ifndef OPENSSL_NO_BUFFER 179#ifndef OPENSSL_NO_BUFFER
@@ -185,58 +184,63 @@ struct X509_name_st
185/* unsigned long hash; Keep the hash around for lookups */ 184/* unsigned long hash; Keep the hash around for lookups */
186 unsigned char *canon_enc; 185 unsigned char *canon_enc;
187 int canon_enclen; 186 int canon_enclen;
188 } /* X509_NAME */; 187} /* X509_NAME */;
188#endif
189 189
190DECLARE_STACK_OF(X509_NAME) 190DECLARE_STACK_OF(X509_NAME)
191 191
192#define X509_EX_V_NETSCAPE_HACK 0x8000 192#define X509_EX_V_NETSCAPE_HACK 0x8000
193#define X509_EX_V_INIT 0x0001 193#define X509_EX_V_INIT 0x0001
194typedef struct X509_extension_st 194#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
195 { 195typedef struct X509_extension_st {
196 ASN1_OBJECT *object; 196 ASN1_OBJECT *object;
197 ASN1_BOOLEAN critical; 197 ASN1_BOOLEAN critical;
198 ASN1_OCTET_STRING *value; 198 ASN1_OCTET_STRING *value;
199 } X509_EXTENSION; 199} X509_EXTENSION;
200#else
201typedef struct X509_extension_st X509_EXTENSION;
202#endif
200 203
201typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; 204typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
202 205
203DECLARE_STACK_OF(X509_EXTENSION) 206DECLARE_STACK_OF(X509_EXTENSION)
204 207
205/* a sequence of these are used */ 208/* a sequence of these are used */
206typedef struct x509_attributes_st 209#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
207 { 210typedef struct x509_attributes_st {
208 ASN1_OBJECT *object; 211 ASN1_OBJECT *object;
209 int single; /* 0 for a set, 1 for a single item (which is wrong) */ 212 int single; /* 0 for a set, 1 for a single item (which is wrong) */
210 union { 213 union {
211 char *ptr; 214 char *ptr;
212/* 0 */ STACK_OF(ASN1_TYPE) *set; 215/* 0 */ STACK_OF(ASN1_TYPE) *set;
213/* 1 */ ASN1_TYPE *single; 216/* 1 */ ASN1_TYPE *single;
214 } value; 217 } value;
215 } X509_ATTRIBUTE; 218} X509_ATTRIBUTE;
219#else
220typedef struct x509_attributes_st X509_ATTRIBUTE;
221#endif
216 222
217DECLARE_STACK_OF(X509_ATTRIBUTE) 223DECLARE_STACK_OF(X509_ATTRIBUTE)
218 224
219 225
220typedef struct X509_req_info_st 226#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
221 { 227typedef struct X509_req_info_st {
222 ASN1_ENCODING enc; 228 ASN1_ENCODING enc;
223 ASN1_INTEGER *version; 229 ASN1_INTEGER *version;
224 X509_NAME *subject; 230 X509_NAME *subject;
225 X509_PUBKEY *pubkey; 231 X509_PUBKEY *pubkey;
226 /* d=2 hl=2 l= 0 cons: cont: 00 */ 232 /* d=2 hl=2 l= 0 cons: cont: 00 */
227 STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ 233 STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
228 } X509_REQ_INFO; 234} X509_REQ_INFO;
229 235
230typedef struct X509_req_st 236typedef struct X509_req_st {
231 {
232 X509_REQ_INFO *req_info; 237 X509_REQ_INFO *req_info;
233 X509_ALGOR *sig_alg; 238 X509_ALGOR *sig_alg;
234 ASN1_BIT_STRING *signature; 239 ASN1_BIT_STRING *signature;
235 int references; 240 int references;
236 } X509_REQ; 241} X509_REQ;
237 242
238typedef struct x509_cinf_st 243typedef struct x509_cinf_st {
239 {
240 ASN1_INTEGER *version; /* [ 0 ] default of v1 */ 244 ASN1_INTEGER *version; /* [ 0 ] default of v1 */
241 ASN1_INTEGER *serialNumber; 245 ASN1_INTEGER *serialNumber;
242 X509_ALGOR *signature; 246 X509_ALGOR *signature;
@@ -248,7 +252,12 @@ typedef struct x509_cinf_st
248 ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ 252 ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
249 STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ 253 STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
250 ASN1_ENCODING enc; 254 ASN1_ENCODING enc;
251 } X509_CINF; 255} X509_CINF;
256#else
257typedef struct X509_req_info_st X509_REQ_INFO;
258typedef struct X509_req_st X509_REQ;
259typedef struct x509_cinf_st X509_CINF;
260#endif
252 261
253/* This stuff is certificate "auxiliary info" 262/* This stuff is certificate "auxiliary info"
254 * it contains details which are useful in certificate 263 * it contains details which are useful in certificate
@@ -256,14 +265,17 @@ typedef struct x509_cinf_st
256 * the end of the certificate itself 265 * the end of the certificate itself
257 */ 266 */
258 267
259typedef struct x509_cert_aux_st 268#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
260 { 269typedef struct x509_cert_aux_st {
261 STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ 270 STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
262 STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ 271 STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
263 ASN1_UTF8STRING *alias; /* "friendly name" */ 272 ASN1_UTF8STRING *alias; /* "friendly name" */
264 ASN1_OCTET_STRING *keyid; /* key id of private key */ 273 ASN1_OCTET_STRING *keyid; /* key id of private key */
265 STACK_OF(X509_ALGOR) *other; /* other unspecified info */ 274 STACK_OF(X509_ALGOR) *other; /* other unspecified info */
266 } X509_CERT_AUX; 275} X509_CERT_AUX;
276#else
277typedef struct x509_cert_aux_st X509_CERT_AUX;
278#endif
267 279
268struct x509_st; 280struct x509_st;
269 281
@@ -422,8 +434,8 @@ typedef struct x509_cert_pair_st {
422 XN_FLAG_FN_LN | \ 434 XN_FLAG_FN_LN | \
423 XN_FLAG_FN_ALIGN) 435 XN_FLAG_FN_ALIGN)
424 436
425struct x509_revoked_st 437#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
426 { 438struct x509_revoked_st {
427 ASN1_INTEGER *serialNumber; 439 ASN1_INTEGER *serialNumber;
428 ASN1_TIME *revocationDate; 440 ASN1_TIME *revocationDate;
429 STACK_OF(X509_EXTENSION) /* optional */ *extensions; 441 STACK_OF(X509_EXTENSION) /* optional */ *extensions;
@@ -432,12 +444,13 @@ struct x509_revoked_st
432 /* Revocation reason */ 444 /* Revocation reason */
433 int reason; 445 int reason;
434 int sequence; /* load sequence */ 446 int sequence; /* load sequence */
435 }; 447};
448#endif
436 449
437DECLARE_STACK_OF(X509_REVOKED) 450DECLARE_STACK_OF(X509_REVOKED)
438 451
439typedef struct X509_crl_info_st 452#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
440 { 453typedef struct X509_crl_info_st {
441 ASN1_INTEGER *version; 454 ASN1_INTEGER *version;
442 X509_ALGOR *sig_alg; 455 X509_ALGOR *sig_alg;
443 X509_NAME *issuer; 456 X509_NAME *issuer;
@@ -446,10 +459,13 @@ typedef struct X509_crl_info_st
446 STACK_OF(X509_REVOKED) *revoked; 459 STACK_OF(X509_REVOKED) *revoked;
447 STACK_OF(X509_EXTENSION) /* [0] */ *extensions; 460 STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
448 ASN1_ENCODING enc; 461 ASN1_ENCODING enc;
449 } X509_CRL_INFO; 462} X509_CRL_INFO;
463#else
464typedef struct X509_crl_info_st X509_CRL_INFO;
465#endif
450 466
451struct X509_crl_st 467#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
452 { 468struct X509_crl_st {
453 /* actual signature */ 469 /* actual signature */
454 X509_CRL_INFO *crl; 470 X509_CRL_INFO *crl;
455 X509_ALGOR *sig_alg; 471 X509_ALGOR *sig_alg;
@@ -471,7 +487,8 @@ struct X509_crl_st
471 STACK_OF(GENERAL_NAMES) *issuers; 487 STACK_OF(GENERAL_NAMES) *issuers;
472 const X509_CRL_METHOD *meth; 488 const X509_CRL_METHOD *meth;
473 void *meth_data; 489 void *meth_data;
474 } /* X509_CRL */; 490} /* X509_CRL */;
491#endif
475 492
476DECLARE_STACK_OF(X509_CRL) 493DECLARE_STACK_OF(X509_CRL)
477 494
@@ -497,8 +514,7 @@ typedef struct private_key_st
497 } X509_PKEY; 514 } X509_PKEY;
498 515
499#ifndef OPENSSL_NO_EVP 516#ifndef OPENSSL_NO_EVP
500typedef struct X509_info_st 517typedef struct X509_info_st {
501 {
502 X509 *x509; 518 X509 *x509;
503 X509_CRL *crl; 519 X509_CRL *crl;
504 X509_PKEY *x_pkey; 520 X509_PKEY *x_pkey;
@@ -508,7 +524,7 @@ typedef struct X509_info_st
508 char *enc_data; 524 char *enc_data;
509 525
510 int references; 526 int references;
511 } X509_INFO; 527} X509_INFO;
512 528
513DECLARE_STACK_OF(X509_INFO) 529DECLARE_STACK_OF(X509_INFO)
514#endif 530#endif
@@ -517,63 +533,57 @@ DECLARE_STACK_OF(X509_INFO)
517 * Pat Richard <patr@x509.com> and are used to manipulate 533 * Pat Richard <patr@x509.com> and are used to manipulate
518 * Netscapes spki structures - useful if you are writing a CA web page 534 * Netscapes spki structures - useful if you are writing a CA web page
519 */ 535 */
520typedef struct Netscape_spkac_st 536typedef struct Netscape_spkac_st {
521 {
522 X509_PUBKEY *pubkey; 537 X509_PUBKEY *pubkey;
523 ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ 538 ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */
524 } NETSCAPE_SPKAC; 539} NETSCAPE_SPKAC;
525 540
526typedef struct Netscape_spki_st 541typedef struct Netscape_spki_st {
527 {
528 NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ 542 NETSCAPE_SPKAC *spkac; /* signed public key and challenge */
529 X509_ALGOR *sig_algor; 543 X509_ALGOR *sig_algor;
530 ASN1_BIT_STRING *signature; 544 ASN1_BIT_STRING *signature;
531 } NETSCAPE_SPKI; 545} NETSCAPE_SPKI;
532 546
533/* Netscape certificate sequence structure */ 547/* Netscape certificate sequence structure */
534typedef struct Netscape_certificate_sequence 548typedef struct Netscape_certificate_sequence {
535 {
536 ASN1_OBJECT *type; 549 ASN1_OBJECT *type;
537 STACK_OF(X509) *certs; 550 STACK_OF(X509) *certs;
538 } NETSCAPE_CERT_SEQUENCE; 551} NETSCAPE_CERT_SEQUENCE;
539 552
540/* Unused (and iv length is wrong)
541typedef struct CBCParameter_st
542 {
543 unsigned char iv[8];
544 } CBC_PARAM;
545*/
546 553
547/* Password based encryption structure */ 554/* Password based encryption structure */
548 555
549typedef struct PBEPARAM_st { 556typedef struct PBEPARAM_st {
550ASN1_OCTET_STRING *salt; 557 ASN1_OCTET_STRING *salt;
551ASN1_INTEGER *iter; 558 ASN1_INTEGER *iter;
552} PBEPARAM; 559} PBEPARAM;
553 560
554/* Password based encryption V2 structures */ 561/* Password based encryption V2 structures */
555 562
556typedef struct PBE2PARAM_st { 563typedef struct PBE2PARAM_st {
557X509_ALGOR *keyfunc; 564 X509_ALGOR *keyfunc;
558X509_ALGOR *encryption; 565 X509_ALGOR *encryption;
559} PBE2PARAM; 566} PBE2PARAM;
560 567
561typedef struct PBKDF2PARAM_st { 568typedef struct PBKDF2PARAM_st {
562ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */ 569 /* Usually OCTET STRING but could be anything */
563ASN1_INTEGER *iter; 570 ASN1_TYPE *salt;
564ASN1_INTEGER *keylength; 571 ASN1_INTEGER *iter;
565X509_ALGOR *prf; 572 ASN1_INTEGER *keylength;
573 X509_ALGOR *prf;
566} PBKDF2PARAM; 574} PBKDF2PARAM;
567 575
568 576
569/* PKCS#8 private key info structure */ 577/* PKCS#8 private key info structure */
570 578
579#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
571struct pkcs8_priv_key_info_st { 580struct pkcs8_priv_key_info_st {
572 ASN1_INTEGER *version; 581 ASN1_INTEGER *version;
573 X509_ALGOR *pkeyalg; 582 X509_ALGOR *pkeyalg;
574 ASN1_OCTET_STRING *pkey; 583 ASN1_OCTET_STRING *pkey;
575 STACK_OF(X509_ATTRIBUTE) *attributes; 584 STACK_OF(X509_ATTRIBUTE) *attributes;
576}; 585};
586#endif
577 587
578#ifdef __cplusplus 588#ifdef __cplusplus
579} 589}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 21:25:31 +0000