1 files changed, 121 insertions, 31 deletions
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index 0192272e7c..813c8adffd 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -59,15 +59,16 @@
 #ifndef HEADER_X509_H
 #define HEADER_X509_H
-#ifdef  __cplusplus
+#include <openssl/symhacks.h>
-extern "C" {
+#ifndef NO_BUFFER
+#include <openssl/buffer.h>
 #endif
+#ifndef NO_EVP
-#ifdef VMS
+#include <openssl/evp.h>
-#undef X509_REVOKED_get_ext_by_critical
+#endif
-#define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic
+#ifndef NO_BIO
+#include <openssl/bio.h>
 #endif
 #include <openssl/stack.h>
 #include <openssl/asn1.h>
 #include <openssl/safestack.h>
@@ -87,11 +88,19 @@ extern "C" {
 #include <openssl/evp.h>
+#ifdef  __cplusplus
+extern "C" {
+#endif
 #ifdef WIN32
 /* Under Win32 this is defined in wincrypt.h */
 #undef X509_NAME
 #endif
+  /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */
+#define DECLARE_PKCS12_STACK_OF(type) /* Nothing */
+#define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */
 #define X509_FILETYPE_PEM       1
 #define X509_FILETYPE_ASN1      2
 #define X509_FILETYPE_DEFAULT   3
@@ -125,8 +134,8 @@ DECLARE_ASN1_SET_OF(X509_ALGOR)
 typedef struct X509_val_st
        {
-        ASN1_UTCTIME *notBefore;
+        ASN1_TIME *notBefore;
-        ASN1_UTCTIME *notAfter;
+        ASN1_TIME *notAfter;
        } X509_VAL;
 typedef struct X509_pubkey_st
@@ -158,7 +167,7 @@ typedef struct X509_name_st
        {
        STACK_OF(X509_NAME_ENTRY) *entries;
        int modified;   /* true if 'bytes' needs to be built */
-#ifdef HEADER_BUFFER_H
+#ifndef NO_BUFFER
        BUF_MEM *bytes;
 #else
        char *bytes;
@@ -200,6 +209,8 @@ DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
 typedef struct X509_req_info_st
        {
+        unsigned char *asn1;
+        int length;
        ASN1_INTEGER *version;
        X509_NAME *subject;
        X509_PUBKEY *pubkey;
@@ -260,6 +271,8 @@ typedef struct x509_st
        unsigned long ex_kusage;
        unsigned long ex_xkusage;
        unsigned long ex_nscert;
+        ASN1_OCTET_STRING *skid;
+        struct AUTHORITY_KEYID_st *akid;
 #ifndef NO_SHA
        unsigned char sha1_hash[SHA_DIGEST_LENGTH];
 #endif
@@ -307,10 +320,65 @@ DECLARE_STACK_OF(X509_TRUST)
 #define X509_TRUST_REJECTED     2
 #define X509_TRUST_UNTRUSTED    3
+/* Flags specific to X509_NAME_print_ex() */    
+/* The field separator information */
+#define XN_FLAG_SEP_MASK        (0xf << 16)
+#define XN_FLAG_COMPAT          0               /* Traditional SSLeay: use old X509_NAME_print */
+#define XN_FLAG_SEP_COMMA_PLUS  (1 << 16)       /* RFC2253 ,+ */
+#define XN_FLAG_SEP_CPLUS_SPC   (2 << 16)       /* ,+ spaced: more readable */
+#define XN_FLAG_SEP_SPLUS_SPC   (3 << 16)       /* ;+ spaced */
+#define XN_FLAG_SEP_MULTILINE   (4 << 16)       /* One line per field */
+#define XN_FLAG_DN_REV          (1 << 20)       /* Reverse DN order */
+/* How the field name is shown */
+#define XN_FLAG_FN_MASK         (0x3 << 21)
+#define XN_FLAG_FN_SN           0               /* Object short name */
+#define XN_FLAG_FN_LN           (1 << 21)       /* Object long name */
+#define XN_FLAG_FN_OID          (2 << 21)       /* Always use OIDs */
+#define XN_FLAG_FN_NONE         (3 << 21)       /* No field names */
+#define XN_FLAG_SPC_EQ          (1 << 23)       /* Put spaces round '=' */
+/* This determines if we dump fields we don't recognise:
+ * RFC2253 requires this.
+ */
+#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
+/* Complete set of RFC2253 flags */
+#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
+                        XN_FLAG_SEP_COMMA_PLUS | \
+                        XN_FLAG_DN_REV | \
+                        XN_FLAG_FN_SN | \
+                        XN_FLAG_DUMP_UNKNOWN_FIELDS)
+/* readable oneline form */
+#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
+                        ASN1_STRFLGS_ESC_QUOTE | \
+                        XN_FLAG_SEP_CPLUS_SPC | \
+                        XN_FLAG_SPC_EQ | \
+                        XN_FLAG_FN_SN)
+/* readable multiline form */
+#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
+                        ASN1_STRFLGS_ESC_MSB | \
+                        XN_FLAG_SEP_MULTILINE | \
+                        XN_FLAG_SPC_EQ | \
+                        XN_FLAG_FN_LN)
 typedef struct X509_revoked_st
        {
        ASN1_INTEGER *serialNumber;
-        ASN1_UTCTIME *revocationDate;
+        ASN1_TIME *revocationDate;
        STACK_OF(X509_EXTENSION) /* optional */ *extensions;
        int sequence; /* load sequence */
        } X509_REVOKED;
@@ -323,8 +391,8 @@ typedef struct X509_crl_info_st
        ASN1_INTEGER *version;
        X509_ALGOR *sig_alg;
        X509_NAME *issuer;
-        ASN1_UTCTIME *lastUpdate;
+        ASN1_TIME *lastUpdate;
-        ASN1_UTCTIME *nextUpdate;
+        ASN1_TIME *nextUpdate;
        STACK_OF(X509_REVOKED) *revoked;
        STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
        } X509_CRL_INFO;
@@ -362,7 +430,7 @@ typedef struct private_key_st
        int references;
        } X509_PKEY;
-#ifdef HEADER_ENVELOPE_H
+#ifndef NO_EVP
 typedef struct X509_info_st
        {
        X509 *x509;
@@ -445,9 +513,17 @@ typedef struct pkcs8_priv_key_info_st
        STACK_OF(X509_ATTRIBUTE) *attributes;
        } PKCS8_PRIV_KEY_INFO;
+#ifdef  __cplusplus
+}
+#endif
 #include <openssl/x509_vfy.h>
 #include <openssl/pkcs7.h>
+#ifdef  __cplusplus
+extern "C" {
+#endif
 #ifdef SSLEAY_MACROS
 #define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
        a->signature,(char *)a->cert_info,r)
@@ -610,7 +686,7 @@ typedef struct pkcs8_priv_key_info_st
 const char *X509_verify_cert_error_string(long n);
 #ifndef SSLEAY_MACROS
-#ifdef HEADER_ENVELOPE_H
+#ifndef NO_EVP
 int X509_verify(X509 *a, EVP_PKEY *r);
 int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
@@ -629,9 +705,14 @@ int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
 int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
-int X509_digest(X509 *data,const EVP_MD *type,unsigned char *md,unsigned int *len);
+int X509_digest(const X509 *data,const EVP_MD *type,
-int X509_NAME_digest(X509_NAME *data,const EVP_MD *type,
+                unsigned char *md, unsigned int *len);
-        unsigned char *md,unsigned int *len);
+int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type,
+                unsigned char *md, unsigned int *len);
+int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type,
+                unsigned char *md, unsigned int *len);
+int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type,
+                unsigned char *md, unsigned int *len);
 #endif
 #ifndef NO_FP_API
@@ -663,9 +744,11 @@ int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);
 int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
 int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
+int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 #endif
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
 X509 *d2i_X509_bio(BIO *bp,X509 **x509);
 int i2d_X509_bio(BIO *bp,X509 *x509);
 X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);
@@ -694,6 +777,8 @@ int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);
 int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
 int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
+int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 #endif
 X509 *X509_dup(X509 *x509);
@@ -711,8 +796,10 @@ RSA *RSAPrivateKey_dup(RSA *rsa);
 #endif /* !SSLEAY_MACROS */
-int             X509_cmp_current_time(ASN1_UTCTIME *s);
+int             X509_cmp_time(ASN1_TIME *s, time_t *t);
-ASN1_UTCTIME *  X509_gmtime_adj(ASN1_UTCTIME *s, long adj);
+int             X509_cmp_current_time(ASN1_TIME *s);
+ASN1_TIME *     X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
+ASN1_TIME *     X509_gmtime_adj(ASN1_TIME *s, long adj);
 const char *    X509_get_default_cert_area(void );
 const char *    X509_get_default_cert_dir(void );
@@ -825,6 +912,7 @@ int		i2d_X509_CERT_AUX(X509_CERT_AUX *a,unsigned char **pp);
 X509_CERT_AUX * d2i_X509_CERT_AUX(X509_CERT_AUX **a,unsigned char **pp,
                                                                long length);
 int X509_alias_set1(X509 *x, unsigned char *name, int len);
+int X509_keyid_set1(X509 *x, unsigned char *id, int len);
 unsigned char * X509_alias_get0(X509 *x, int *len);
 int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
 int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
@@ -871,7 +959,7 @@ NETSCAPE_CERT_SEQUENCE *NETSCAPE_CERT_SEQUENCE_new(void);
 NETSCAPE_CERT_SEQUENCE *d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE **a, unsigned char **pp, long length);
 void NETSCAPE_CERT_SEQUENCE_free(NETSCAPE_CERT_SEQUENCE *a);
-#ifdef HEADER_ENVELOPE_H
+#ifndef NO_EVP
 X509_INFO *     X509_INFO_new(void);
 void            X509_INFO_free(X509_INFO *a);
 char *          X509_NAME_oneline(X509_NAME *a,char *buf,int size);
@@ -894,8 +982,8 @@ int 		X509_set_issuer_name(X509 *x, X509_NAME *name);
 X509_NAME *     X509_get_issuer_name(X509 *a);
 int             X509_set_subject_name(X509 *x, X509_NAME *name);
 X509_NAME *     X509_get_subject_name(X509 *a);
-int             X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm);
+int             X509_set_notBefore(X509 *x, ASN1_TIME *tm);
-int             X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm);
+int             X509_set_notAfter(X509 *x, ASN1_TIME *tm);
 int             X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
 EVP_PKEY *      X509_get_pubkey(X509 *x);
 int             X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
@@ -931,28 +1019,30 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req,
 int             X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
-int             X509_issuer_and_serial_cmp(X509 *a, X509 *b);
+int             X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
 unsigned long   X509_issuer_and_serial_hash(X509 *a);
-int             X509_issuer_name_cmp(X509 *a, X509 *b);
+int             X509_issuer_name_cmp(const X509 *a, const X509 *b);
 unsigned long   X509_issuer_name_hash(X509 *a);
-int             X509_subject_name_cmp(X509 *a,X509 *b);
+int             X509_subject_name_cmp(const X509 *a, const X509 *b);
 unsigned long   X509_subject_name_hash(X509 *x);
-int             X509_cmp (X509 *a, X509 *b);
+int             X509_cmp(const X509 *a, const X509 *b);
-int             X509_NAME_cmp (X509_NAME *a, X509_NAME *b);
+int             X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
 unsigned long   X509_NAME_hash(X509_NAME *x);
-int             X509_CRL_cmp(X509_CRL *a,X509_CRL *b);
+int             X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
 #ifndef NO_FP_API
 int             X509_print_fp(FILE *bp,X509 *x);
 int             X509_CRL_print_fp(FILE *bp,X509_CRL *x);
 int             X509_REQ_print_fp(FILE *bp,X509_REQ *req);
+int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
 #endif
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
 int             X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
+int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
 int             X509_print(BIO *bp,X509 *x);
 int             X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
 int             X509_CRL_print(BIO *bp,X509_CRL *x);

diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h index 0192272e7c..813c8adffd 100644 --- a/src/lib/libcrypto/x509/x509.h +++ b/src/lib/libcrypto/x509/x509.h
@@ -59,15 +59,16 @@
59	#ifndef HEADER_X509_H	59	#ifndef HEADER_X509_H
60	#define HEADER_X509_H	60	#define HEADER_X509_H
61		61
62	#ifdef __cplusplus	62	#include <openssl/symhacks.h>
63	extern "C" {	63	#ifndef NO_BUFFER
		64	#include <openssl/buffer.h>
64	#endif	65	#endif
65		66	#ifndef NO_EVP
66	#ifdef VMS	67	#include <openssl/evp.h>
67	#undef X509_REVOKED_get_ext_by_critical	68	#endif
68	#define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic	69	#ifndef NO_BIO
		70	#include <openssl/bio.h>
69	#endif	71	#endif
70
71	#include <openssl/stack.h>	72	#include <openssl/stack.h>
72	#include <openssl/asn1.h>	73	#include <openssl/asn1.h>
73	#include <openssl/safestack.h>	74	#include <openssl/safestack.h>
@@ -87,11 +88,19 @@ extern "C" {
87	#include <openssl/evp.h>	88	#include <openssl/evp.h>
88		89
89		90
		91	#ifdef __cplusplus
		92	extern "C" {
		93	#endif
		94
90	#ifdef WIN32	95	#ifdef WIN32
91	/* Under Win32 this is defined in wincrypt.h */	96	/* Under Win32 this is defined in wincrypt.h */
92	#undef X509_NAME	97	#undef X509_NAME
93	#endif	98	#endif
94		99
		100	/* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */
		101	#define DECLARE_PKCS12_STACK_OF(type) /* Nothing */
		102	#define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */
		103
95	#define X509_FILETYPE_PEM 1	104	#define X509_FILETYPE_PEM 1
96	#define X509_FILETYPE_ASN1 2	105	#define X509_FILETYPE_ASN1 2
97	#define X509_FILETYPE_DEFAULT 3	106	#define X509_FILETYPE_DEFAULT 3
@@ -125,8 +134,8 @@ DECLARE_ASN1_SET_OF(X509_ALGOR)
125		134
126	typedef struct X509_val_st	135	typedef struct X509_val_st
127	{	136	{
128	ASN1_UTCTIME *notBefore;	137	ASN1_TIME *notBefore;
129	ASN1_UTCTIME *notAfter;	138	ASN1_TIME *notAfter;
130	} X509_VAL;	139	} X509_VAL;
131		140
132	typedef struct X509_pubkey_st	141	typedef struct X509_pubkey_st
@@ -158,7 +167,7 @@ typedef struct X509_name_st
158	{	167	{
159	STACK_OF(X509_NAME_ENTRY) *entries;	168	STACK_OF(X509_NAME_ENTRY) *entries;
160	int modified; /* true if 'bytes' needs to be built */	169	int modified; /* true if 'bytes' needs to be built */
161	#ifdef HEADER_BUFFER_H	170	#ifndef NO_BUFFER
162	BUF_MEM *bytes;	171	BUF_MEM *bytes;
163	#else	172	#else
164	char *bytes;	173	char *bytes;
@@ -200,6 +209,8 @@ DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
200		209
201	typedef struct X509_req_info_st	210	typedef struct X509_req_info_st
202	{	211	{
		212	unsigned char *asn1;
		213	int length;
203	ASN1_INTEGER *version;	214	ASN1_INTEGER *version;
204	X509_NAME *subject;	215	X509_NAME *subject;
205	X509_PUBKEY *pubkey;	216	X509_PUBKEY *pubkey;
@@ -260,6 +271,8 @@ typedef struct x509_st
260	unsigned long ex_kusage;	271	unsigned long ex_kusage;
261	unsigned long ex_xkusage;	272	unsigned long ex_xkusage;
262	unsigned long ex_nscert;	273	unsigned long ex_nscert;
		274	ASN1_OCTET_STRING *skid;
		275	struct AUTHORITY_KEYID_st *akid;
263	#ifndef NO_SHA	276	#ifndef NO_SHA
264	unsigned char sha1_hash[SHA_DIGEST_LENGTH];	277	unsigned char sha1_hash[SHA_DIGEST_LENGTH];
265	#endif	278	#endif
@@ -307,10 +320,65 @@ DECLARE_STACK_OF(X509_TRUST)
307	#define X509_TRUST_REJECTED 2	320	#define X509_TRUST_REJECTED 2
308	#define X509_TRUST_UNTRUSTED 3	321	#define X509_TRUST_UNTRUSTED 3
309		322
		323	/* Flags specific to X509_NAME_print_ex() */
		324
		325	/* The field separator information */
		326
		327	#define XN_FLAG_SEP_MASK (0xf << 16)
		328
		329	#define XN_FLAG_COMPAT 0 /* Traditional SSLeay: use old X509_NAME_print */
		330	#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) /* RFC2253 ,+ */
		331	#define XN_FLAG_SEP_CPLUS_SPC (2 << 16) /* ,+ spaced: more readable */
		332	#define XN_FLAG_SEP_SPLUS_SPC (3 << 16) /* ;+ spaced */
		333	#define XN_FLAG_SEP_MULTILINE (4 << 16) /* One line per field */
		334
		335	#define XN_FLAG_DN_REV (1 << 20) /* Reverse DN order */
		336
		337	/* How the field name is shown */
		338
		339	#define XN_FLAG_FN_MASK (0x3 << 21)
		340
		341	#define XN_FLAG_FN_SN 0 /* Object short name */
		342	#define XN_FLAG_FN_LN (1 << 21) /* Object long name */
		343	#define XN_FLAG_FN_OID (2 << 21) /* Always use OIDs */
		344	#define XN_FLAG_FN_NONE (3 << 21) /* No field names */
		345
		346	#define XN_FLAG_SPC_EQ (1 << 23) /* Put spaces round '=' */
		347
		348	/* This determines if we dump fields we don't recognise:
		349	* RFC2253 requires this.
		350	*/
		351
		352	#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
		353
		354	/* Complete set of RFC2253 flags */
		355
		356	#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 \| \
		357	XN_FLAG_SEP_COMMA_PLUS \| \
		358	XN_FLAG_DN_REV \| \
		359	XN_FLAG_FN_SN \| \
		360	XN_FLAG_DUMP_UNKNOWN_FIELDS)
		361
		362	/* readable oneline form */
		363
		364	#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 \| \
		365	ASN1_STRFLGS_ESC_QUOTE \| \
		366	XN_FLAG_SEP_CPLUS_SPC \| \
		367	XN_FLAG_SPC_EQ \| \
		368	XN_FLAG_FN_SN)
		369
		370	/* readable multiline form */
		371
		372	#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL \| \
		373	ASN1_STRFLGS_ESC_MSB \| \
		374	XN_FLAG_SEP_MULTILINE \| \
		375	XN_FLAG_SPC_EQ \| \
		376	XN_FLAG_FN_LN)
		377
310	typedef struct X509_revoked_st	378	typedef struct X509_revoked_st
311	{	379	{
312	ASN1_INTEGER *serialNumber;	380	ASN1_INTEGER *serialNumber;
313	ASN1_UTCTIME *revocationDate;	381	ASN1_TIME *revocationDate;
314	STACK_OF(X509_EXTENSION) /* optional / extensions;	382	STACK_OF(X509_EXTENSION) /* optional / extensions;
315	int sequence; /* load sequence */	383	int sequence; /* load sequence */
316	} X509_REVOKED;	384	} X509_REVOKED;
@@ -323,8 +391,8 @@ typedef struct X509_crl_info_st
323	ASN1_INTEGER *version;	391	ASN1_INTEGER *version;
324	X509_ALGOR *sig_alg;	392	X509_ALGOR *sig_alg;
325	X509_NAME *issuer;	393	X509_NAME *issuer;
326	ASN1_UTCTIME *lastUpdate;	394	ASN1_TIME *lastUpdate;
327	ASN1_UTCTIME *nextUpdate;	395	ASN1_TIME *nextUpdate;
328	STACK_OF(X509_REVOKED) *revoked;	396	STACK_OF(X509_REVOKED) *revoked;
329	STACK_OF(X509_EXTENSION) /* [0] / extensions;	397	STACK_OF(X509_EXTENSION) /* [0] / extensions;
330	} X509_CRL_INFO;	398	} X509_CRL_INFO;
@@ -362,7 +430,7 @@ typedef struct private_key_st
362	int references;	430	int references;
363	} X509_PKEY;	431	} X509_PKEY;
364		432
365	#ifdef HEADER_ENVELOPE_H	433	#ifndef NO_EVP
366	typedef struct X509_info_st	434	typedef struct X509_info_st
367	{	435	{
368	X509 *x509;	436	X509 *x509;
@@ -445,9 +513,17 @@ typedef struct pkcs8_priv_key_info_st
445	STACK_OF(X509_ATTRIBUTE) *attributes;	513	STACK_OF(X509_ATTRIBUTE) *attributes;
446	} PKCS8_PRIV_KEY_INFO;	514	} PKCS8_PRIV_KEY_INFO;
447		515
		516	#ifdef __cplusplus
		517	}
		518	#endif
		519
448	#include <openssl/x509_vfy.h>	520	#include <openssl/x509_vfy.h>
449	#include <openssl/pkcs7.h>	521	#include <openssl/pkcs7.h>
450		522
		523	#ifdef __cplusplus
		524	extern "C" {
		525	#endif
		526
451	#ifdef SSLEAY_MACROS	527	#ifdef SSLEAY_MACROS
452	#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\	528	#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
453	a->signature,(char *)a->cert_info,r)	529	a->signature,(char *)a->cert_info,r)
@@ -610,7 +686,7 @@ typedef struct pkcs8_priv_key_info_st
610	const char *X509_verify_cert_error_string(long n);	686	const char *X509_verify_cert_error_string(long n);
611		687
612	#ifndef SSLEAY_MACROS	688	#ifndef SSLEAY_MACROS
613	#ifdef HEADER_ENVELOPE_H	689	#ifndef NO_EVP
614	int X509_verify(X509 a, EVP_PKEY r);	690	int X509_verify(X509 a, EVP_PKEY r);
615		691
616	int X509_REQ_verify(X509_REQ a, EVP_PKEY r);	692	int X509_REQ_verify(X509_REQ a, EVP_PKEY r);
@@ -629,9 +705,14 @@ int X509_REQ_sign(X509_REQ x, EVP_PKEY pkey, const EVP_MD *md);
629	int X509_CRL_sign(X509_CRL x, EVP_PKEY pkey, const EVP_MD *md);	705	int X509_CRL_sign(X509_CRL x, EVP_PKEY pkey, const EVP_MD *md);
630	int NETSCAPE_SPKI_sign(NETSCAPE_SPKI x, EVP_PKEY pkey, const EVP_MD *md);	706	int NETSCAPE_SPKI_sign(NETSCAPE_SPKI x, EVP_PKEY pkey, const EVP_MD *md);
631		707
632	int X509_digest(X509 data,const EVP_MD type,unsigned char md,unsigned int len);	708	int X509_digest(const X509 data,const EVP_MD type,
633	int X509_NAME_digest(X509_NAME data,const EVP_MD type,	709	unsigned char md, unsigned int len);
634	unsigned char md,unsigned int len);	710	int X509_CRL_digest(const X509_CRL data,const EVP_MD type,
		711	unsigned char md, unsigned int len);
		712	int X509_REQ_digest(const X509_REQ data,const EVP_MD type,
		713	unsigned char md, unsigned int len);
		714	int X509_NAME_digest(const X509_NAME data,const EVP_MD type,
		715	unsigned char md, unsigned int len);
635	#endif	716	#endif
636		717
637	#ifndef NO_FP_API	718	#ifndef NO_FP_API
@@ -663,9 +744,11 @@ int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE fp,PKCS8_PRIV_KEY_INFO p8inf);
663	int i2d_PKCS8PrivateKeyInfo_fp(FILE fp, EVP_PKEY key);	744	int i2d_PKCS8PrivateKeyInfo_fp(FILE fp, EVP_PKEY key);
664	int i2d_PrivateKey_fp(FILE fp, EVP_PKEY pkey);	745	int i2d_PrivateKey_fp(FILE fp, EVP_PKEY pkey);
665	EVP_PKEY d2i_PrivateKey_fp(FILE fp, EVP_PKEY **a);	746	EVP_PKEY d2i_PrivateKey_fp(FILE fp, EVP_PKEY **a);
		747	int i2d_PUBKEY_fp(FILE fp, EVP_PKEY pkey);
		748	EVP_PKEY d2i_PUBKEY_fp(FILE fp, EVP_PKEY **a);
666	#endif	749	#endif
667		750
668	#ifdef HEADER_BIO_H	751	#ifndef NO_BIO
669	X509 d2i_X509_bio(BIO bp,X509 **x509);	752	X509 d2i_X509_bio(BIO bp,X509 **x509);
670	int i2d_X509_bio(BIO bp,X509 x509);	753	int i2d_X509_bio(BIO bp,X509 x509);
671	X509_CRL d2i_X509_CRL_bio(BIO bp,X509_CRL **crl);	754	X509_CRL d2i_X509_CRL_bio(BIO bp,X509_CRL **crl);
@@ -694,6 +777,8 @@ int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO bp,PKCS8_PRIV_KEY_INFO p8inf);
694	int i2d_PKCS8PrivateKeyInfo_bio(BIO bp, EVP_PKEY key);	777	int i2d_PKCS8PrivateKeyInfo_bio(BIO bp, EVP_PKEY key);
695	int i2d_PrivateKey_bio(BIO bp, EVP_PKEY pkey);	778	int i2d_PrivateKey_bio(BIO bp, EVP_PKEY pkey);
696	EVP_PKEY d2i_PrivateKey_bio(BIO bp, EVP_PKEY **a);	779	EVP_PKEY d2i_PrivateKey_bio(BIO bp, EVP_PKEY **a);
		780	int i2d_PUBKEY_bio(BIO bp, EVP_PKEY pkey);
		781	EVP_PKEY d2i_PUBKEY_bio(BIO bp, EVP_PKEY **a);
697	#endif	782	#endif
698		783
699	X509 X509_dup(X509 x509);	784	X509 X509_dup(X509 x509);
@@ -711,8 +796,10 @@ RSA RSAPrivateKey_dup(RSA rsa);
711		796
712	#endif /* !SSLEAY_MACROS */	797	#endif /* !SSLEAY_MACROS */
713		798
714	int X509_cmp_current_time(ASN1_UTCTIME *s);	799	int X509_cmp_time(ASN1_TIME s, time_t t);
715	ASN1_UTCTIME * X509_gmtime_adj(ASN1_UTCTIME *s, long adj);	800	int X509_cmp_current_time(ASN1_TIME *s);
		801	ASN1_TIME * X509_time_adj(ASN1_TIME s, long adj, time_t t);
		802	ASN1_TIME * X509_gmtime_adj(ASN1_TIME *s, long adj);
716		803
717	const char * X509_get_default_cert_area(void );	804	const char * X509_get_default_cert_area(void );
718	const char * X509_get_default_cert_dir(void );	805	const char * X509_get_default_cert_dir(void );
@@ -825,6 +912,7 @@ int i2d_X509_CERT_AUX(X509_CERT_AUX a,unsigned char *pp);
825	X509_CERT_AUX * d2i_X509_CERT_AUX(X509_CERT_AUX a,unsigned char pp,	912	X509_CERT_AUX * d2i_X509_CERT_AUX(X509_CERT_AUX a,unsigned char pp,
826	long length);	913	long length);
827	int X509_alias_set1(X509 x, unsigned char name, int len);	914	int X509_alias_set1(X509 x, unsigned char name, int len);
		915	int X509_keyid_set1(X509 x, unsigned char id, int len);
828	unsigned char * X509_alias_get0(X509 x, int len);	916	unsigned char * X509_alias_get0(X509 x, int len);
829	int (X509_TRUST_set_default(int (trust)(int , X509 , int)))(int, X509 , int);	917	int (X509_TRUST_set_default(int (trust)(int , X509 , int)))(int, X509 , int);
830	int X509_add1_trust_object(X509 x, ASN1_OBJECT obj);	918	int X509_add1_trust_object(X509 x, ASN1_OBJECT obj);
@@ -871,7 +959,7 @@ NETSCAPE_CERT_SEQUENCE *NETSCAPE_CERT_SEQUENCE_new(void);
871	NETSCAPE_CERT_SEQUENCE d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE a, unsigned char *pp, long length);	959	NETSCAPE_CERT_SEQUENCE d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE a, unsigned char *pp, long length);
872	void NETSCAPE_CERT_SEQUENCE_free(NETSCAPE_CERT_SEQUENCE *a);	960	void NETSCAPE_CERT_SEQUENCE_free(NETSCAPE_CERT_SEQUENCE *a);
873		961
874	#ifdef HEADER_ENVELOPE_H	962	#ifndef NO_EVP
875	X509_INFO * X509_INFO_new(void);	963	X509_INFO * X509_INFO_new(void);
876	void X509_INFO_free(X509_INFO *a);	964	void X509_INFO_free(X509_INFO *a);
877	char * X509_NAME_oneline(X509_NAME a,char buf,int size);	965	char * X509_NAME_oneline(X509_NAME a,char buf,int size);
@@ -894,8 +982,8 @@ int X509_set_issuer_name(X509 x, X509_NAME name);
894	X509_NAME * X509_get_issuer_name(X509 *a);	982	X509_NAME * X509_get_issuer_name(X509 *a);
895	int X509_set_subject_name(X509 x, X509_NAME name);	983	int X509_set_subject_name(X509 x, X509_NAME name);
896	X509_NAME * X509_get_subject_name(X509 *a);	984	X509_NAME * X509_get_subject_name(X509 *a);
897	int X509_set_notBefore(X509 x, ASN1_UTCTIME tm);	985	int X509_set_notBefore(X509 x, ASN1_TIME tm);
898	int X509_set_notAfter(X509 x, ASN1_UTCTIME tm);	986	int X509_set_notAfter(X509 x, ASN1_TIME tm);
899	int X509_set_pubkey(X509 x, EVP_PKEY pkey);	987	int X509_set_pubkey(X509 x, EVP_PKEY pkey);
900	EVP_PKEY * X509_get_pubkey(X509 *x);	988	EVP_PKEY * X509_get_pubkey(X509 *x);
901	int X509_certificate_type(X509 x,EVP_PKEY pubkey /* optional */);	989	int X509_certificate_type(X509 x,EVP_PKEY pubkey /* optional */);
@@ -931,28 +1019,30 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req,
931		1019
932	int X509_check_private_key(X509 x509,EVP_PKEY pkey);	1020	int X509_check_private_key(X509 x509,EVP_PKEY pkey);
933		1021
934	int X509_issuer_and_serial_cmp(X509 a, X509 b);	1022	int X509_issuer_and_serial_cmp(const X509 a, const X509 b);
935	unsigned long X509_issuer_and_serial_hash(X509 *a);	1023	unsigned long X509_issuer_and_serial_hash(X509 *a);
936		1024
937	int X509_issuer_name_cmp(X509 a, X509 b);	1025	int X509_issuer_name_cmp(const X509 a, const X509 b);
938	unsigned long X509_issuer_name_hash(X509 *a);	1026	unsigned long X509_issuer_name_hash(X509 *a);
939		1027
940	int X509_subject_name_cmp(X509 a,X509 b);	1028	int X509_subject_name_cmp(const X509 a, const X509 b);
941	unsigned long X509_subject_name_hash(X509 *x);	1029	unsigned long X509_subject_name_hash(X509 *x);
942		1030
943	int X509_cmp (X509 a, X509 b);	1031	int X509_cmp(const X509 a, const X509 b);
944	int X509_NAME_cmp (X509_NAME a, X509_NAME b);	1032	int X509_NAME_cmp(const X509_NAME a, const X509_NAME b);
945	unsigned long X509_NAME_hash(X509_NAME *x);	1033	unsigned long X509_NAME_hash(X509_NAME *x);
946		1034
947	int X509_CRL_cmp(X509_CRL a,X509_CRL b);	1035	int X509_CRL_cmp(const X509_CRL a, const X509_CRL b);
948	#ifndef NO_FP_API	1036	#ifndef NO_FP_API
949	int X509_print_fp(FILE bp,X509 x);	1037	int X509_print_fp(FILE bp,X509 x);
950	int X509_CRL_print_fp(FILE bp,X509_CRL x);	1038	int X509_CRL_print_fp(FILE bp,X509_CRL x);
951	int X509_REQ_print_fp(FILE bp,X509_REQ req);	1039	int X509_REQ_print_fp(FILE bp,X509_REQ req);
		1040	int X509_NAME_print_ex_fp(FILE fp, X509_NAME nm, int indent, unsigned long flags);
952	#endif	1041	#endif
953		1042
954	#ifdef HEADER_BIO_H	1043	#ifndef NO_BIO
955	int X509_NAME_print(BIO bp, X509_NAME name, int obase);	1044	int X509_NAME_print(BIO bp, X509_NAME name, int obase);
		1045	int X509_NAME_print_ex(BIO out, X509_NAME nm, int indent, unsigned long flags);
956	int X509_print(BIO bp,X509 x);	1046	int X509_print(BIO bp,X509 x);
957	int X509_CERT_AUX_print(BIO bp,X509_CERT_AUX x, int indent);	1047	int X509_CERT_AUX_print(BIO bp,X509_CERT_AUX x, int indent);
958	int X509_CRL_print(BIO bp,X509_CRL x);	1048	int X509_CRL_print(BIO bp,X509_CRL x);