Upgrade chrome's OpenSSL to same version Android ships with.

openssl/crypto/x509/x509.h

 /* crypto/x509/x509.h */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
  * 
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
@@ skipping 139 matching lines @@
 DECLARE_ASN1_SET_OF(X509_ALGOR)
 
 typedef STACK_OF(X509_ALGOR) X509_ALGORS;
 
 typedef struct X509_val_st
         {
         ASN1_TIME *notBefore;
         ASN1_TIME *notAfter;
         } X509_VAL;
 
-typedef struct X509_pubkey_st
+struct X509_pubkey_st
         {
         X509_ALGOR *algor;
         ASN1_BIT_STRING *public_key;
         EVP_PKEY *pkey;
-        } X509_PUBKEY;
+        };
 
 typedef struct X509_sig_st
         {
         X509_ALGOR *algor;
         ASN1_OCTET_STRING *digest;
         } X509_SIG;
 
 typedef struct X509_name_entry_st
         {
         ASN1_OBJECT *object;
         ASN1_STRING *value;
         int set;
         int size;       /* temp variable */
         } X509_NAME_ENTRY;
 
 DECLARE_STACK_OF(X509_NAME_ENTRY)
 DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
 
 /* we always keep X509_NAMEs in 2 forms. */
 struct X509_name_st
         {
         STACK_OF(X509_NAME_ENTRY) *entries;
         int modified;   /* true if 'bytes' needs to be built */
 #ifndef OPENSSL_NO_BUFFER
         BUF_MEM *bytes;
 #else
         char *bytes;
 #endif
-        unsigned long hash; /* Keep the hash around for lookups */
+/*      unsigned long hash; Keep the hash around for lookups */
+        unsigned char *canon_enc;
+        int canon_enclen;
         } /* X509_NAME */;
 
 DECLARE_STACK_OF(X509_NAME)
 
 #define X509_EX_V_NETSCAPE_HACK         0x8000
 #define X509_EX_V_INIT                  0x0001
 typedef struct X509_extension_st
         {
         ASN1_OBJECT *object;
         ASN1_BOOLEAN critical;
@@ skipping 44 matching lines @@
         ASN1_INTEGER *version;          /* [ 0 ] default of v1 */
         ASN1_INTEGER *serialNumber;
         X509_ALGOR *signature;
         X509_NAME *issuer;
         X509_VAL *validity;
         X509_NAME *subject;
         X509_PUBKEY *key;
         ASN1_BIT_STRING *issuerUID;             /* [ 1 ] optional in v2 */
         ASN1_BIT_STRING *subjectUID;            /* [ 2 ] optional in v2 */
         STACK_OF(X509_EXTENSION) *extensions;   /* [ 3 ] optional in v3 */
+        ASN1_ENCODING enc;
         } X509_CINF;
 
 /* This stuff is certificate "auxiliary info"
  * it contains details which are useful in certificate
  * stores and databases. When used this is tagged onto
  * the end of the certificate itself
  */
 
 typedef struct x509_cert_aux_st
         {
@@ skipping 14 matching lines @@
         char *name;
         CRYPTO_EX_DATA ex_data;
         /* These contain copies of various extension values */
         long ex_pathlen;
         long ex_pcpathlen;
         unsigned long ex_flags;
         unsigned long ex_kusage;
         unsigned long ex_xkusage;
         unsigned long ex_nscert;
         ASN1_OCTET_STRING *skid;
-        struct AUTHORITY_KEYID_st *akid;
+        AUTHORITY_KEYID *akid;
         X509_POLICY_CACHE *policy_cache;
+        STACK_OF(DIST_POINT) *crldp;
+        STACK_OF(GENERAL_NAME) *altname;
+        NAME_CONSTRAINTS *nc;
 #ifndef OPENSSL_NO_RFC3779
         STACK_OF(IPAddressFamily) *rfc3779_addr;
         struct ASIdentifiers_st *rfc3779_asid;
 #endif
 #ifndef OPENSSL_NO_SHA
         unsigned char sha1_hash[SHA_DIGEST_LENGTH];
 #endif
         X509_CERT_AUX *aux;
         } /* X509 */;
 
@@ skipping 22 matching lines @@
 
 #define X509_TRUST_DEFAULT      -1      /* Only valid in purpose settings */
 
 #define X509_TRUST_COMPAT       1
 #define X509_TRUST_SSL_CLIENT   2
 #define X509_TRUST_SSL_SERVER   3
 #define X509_TRUST_EMAIL        4
 #define X509_TRUST_OBJECT_SIGN  5
 #define X509_TRUST_OCSP_SIGN    6
 #define X509_TRUST_OCSP_REQUEST 7
+#define X509_TRUST_TSA          8
 
 /* Keep these up to date! */
 #define X509_TRUST_MIN          1
-#define X509_TRUST_MAX          7
+#define X509_TRUST_MAX          8
 
 
 /* trust_flags values */
 #define X509_TRUST_DYNAMIC      1
 #define X509_TRUST_DYNAMIC_NAME 2
 
 /* check_trust return codes */
 
 #define X509_TRUST_TRUSTED      1
 #define X509_TRUST_REJECTED     2
@@ skipping 66 matching lines @@
 
 /* readable multiline form */
 
 #define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
                         ASN1_STRFLGS_ESC_MSB | \
                         XN_FLAG_SEP_MULTILINE | \
                         XN_FLAG_SPC_EQ | \
                         XN_FLAG_FN_LN | \
                         XN_FLAG_FN_ALIGN)
 
-typedef struct X509_revoked_st
+struct x509_revoked_st
         {
         ASN1_INTEGER *serialNumber;
         ASN1_TIME *revocationDate;
         STACK_OF(X509_EXTENSION) /* optional */ *extensions;
+        /* Set up if indirect CRL */
+        STACK_OF(GENERAL_NAME) *issuer;
+        /* Revocation reason */
+        int reason;
         int sequence; /* load sequence */
-        } X509_REVOKED;
+        };
 
 DECLARE_STACK_OF(X509_REVOKED)
 DECLARE_ASN1_SET_OF(X509_REVOKED)
 
 typedef struct X509_crl_info_st
         {
         ASN1_INTEGER *version;
         X509_ALGOR *sig_alg;
         X509_NAME *issuer;
         ASN1_TIME *lastUpdate;
         ASN1_TIME *nextUpdate;
         STACK_OF(X509_REVOKED) *revoked;
         STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
         ASN1_ENCODING enc;
         } X509_CRL_INFO;
 
 struct X509_crl_st
         {
         /* actual signature */
         X509_CRL_INFO *crl;
         X509_ALGOR *sig_alg;
         ASN1_BIT_STRING *signature;
         int references;
+        int flags;
+        /* Copies of various extensions */
+        AUTHORITY_KEYID *akid;
+        ISSUING_DIST_POINT *idp;
+        /* Convenient breakdown of IDP */
+        int idp_flags;
+        int idp_reasons;
+        /* CRL and base CRL numbers for delta processing */
+        ASN1_INTEGER *crl_number;
+        ASN1_INTEGER *base_crl_number;
+#ifndef OPENSSL_NO_SHA
+        unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+#endif
+        STACK_OF(GENERAL_NAMES) *issuers;
+        const X509_CRL_METHOD *meth;
+        void *meth_data;
         } /* X509_CRL */;
 
 DECLARE_STACK_OF(X509_CRL)
 DECLARE_ASN1_SET_OF(X509_CRL)
 
 typedef struct private_key_st
         {
         int version;
         /* The PKCS#8 data types */
         X509_ALGOR *enc_algor;
@@ skipping 78 matching lines @@
 typedef struct PBKDF2PARAM_st {
 ASN1_TYPE *salt;        /* Usually OCTET STRING but could be anything */
 ASN1_INTEGER *iter;
 ASN1_INTEGER *keylength;
 X509_ALGOR *prf;
 } PBKDF2PARAM;
 
 
 /* PKCS#8 private key info structure */
 
-typedef struct pkcs8_priv_key_info_st
+struct pkcs8_priv_key_info_st
         {
         int broken;     /* Flag for various broken formats */
 #define PKCS8_OK                0
 #define PKCS8_NO_OCTET          1
 #define PKCS8_EMBEDDED_PARAM    2
 #define PKCS8_NS_DB             3
+#define PKCS8_NEG_PRIVKEY       4
         ASN1_INTEGER *version;
         X509_ALGOR *pkeyalg;
         ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
         STACK_OF(X509_ATTRIBUTE) *attributes;
-        } PKCS8_PRIV_KEY_INFO;
+        };
 
 #ifdef  __cplusplus
 }
 #endif
 
 #include <openssl/x509_vfy.h>
 #include <openssl/pkcs7.h>
 
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#ifdef SSLEAY_MACROS
-#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
-        a->signature,(char *)a->cert_info,r)
-#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \
-        a->sig_alg,a->signature,(char *)a->req_info,r)
-#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \
-        a->sig_alg, a->signature,(char *)a->crl,r)
-
-#define X509_sign(x,pkey,md) \
-        ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \
-                x->sig_alg, x->signature, (char *)x->cert_info,pkey,md)
-#define X509_REQ_sign(x,pkey,md) \
-        ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \
-                x->signature, (char *)x->req_info,pkey,md)
-#define X509_CRL_sign(x,pkey,md) \
-        ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \
-                x->signature, (char *)x->crl,pkey,md)
-#define NETSCAPE_SPKI_sign(x,pkey,md) \
-        ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \
-                x->signature, (char *)x->spkac,pkey,md)
-
-#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \
-                (char *(*)())d2i_X509,(char *)x509)
-#define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\
-                (int (*)())i2d_X509_ATTRIBUTE, \
-                (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa)
-#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \
-                (int (*)())i2d_X509_EXTENSION, \
-                (char *(*)())d2i_X509_EXTENSION,(char *)ex)
-#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \
-                (char *(*)())d2i_X509, (fp),(unsigned char **)(x509))
-#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509)
-#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \
-                (char *(*)())d2i_X509, (bp),(unsigned char **)(x509))
-#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509)
-
-#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \
-                (char *(*)())d2i_X509_CRL,(char *)crl)
-#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \
-                X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\
-                (unsigned char **)(crl))
-#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\
-                (unsigned char *)crl)
-#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \
-                X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\
-                (unsigned char **)(crl))
-#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\
-                (unsigned char *)crl)
-
-#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \
-                (char *(*)())d2i_PKCS7,(char *)p7)
-#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \
-                PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\
-                (unsigned char **)(p7))
-#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\
-                (unsigned char *)p7)
-#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \
-                PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\
-                (unsigned char **)(p7))
-#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\
-                (unsigned char *)p7)
-
-#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \
-                (char *(*)())d2i_X509_REQ,(char *)req)
-#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\
-                X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\
-                (unsigned char **)(req))
-#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\
-                (unsigned char *)req)
-#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\
-                X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\
-                (unsigned char **)(req))
-#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\
-                (unsigned char *)req)
-
-#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \
-                (char *(*)())d2i_RSAPublicKey,(char *)rsa)
-#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \
-                (char *(*)())d2i_RSAPrivateKey,(char *)rsa)
-
-#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
-                RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \
-                (unsigned char **)(rsa))
-#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \
-                (unsigned char *)rsa)
-#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
-                RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \
-                (unsigned char **)(rsa))
-#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \
-                (unsigned char *)rsa)
-
-#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
-                RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \
-                (unsigned char **)(rsa))
-#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \
-                (unsigned char *)rsa)
-#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
-                RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \
-                (unsigned char **)(rsa))
-#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \
-                (unsigned char *)rsa)
-
-#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\
-                DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \
-                (unsigned char **)(dsa))
-#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \
-                (unsigned char *)dsa)
-#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\
-                DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \
-                (unsigned char **)(dsa))
-#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \
-                (unsigned char *)dsa)
-
-#define d2i_ECPrivateKey_fp(fp,ecdsa) (EC_KEY *)ASN1_d2i_fp((char *(*)())\
-                EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (fp), \
-                (unsigned char **)(ecdsa))
-#define i2d_ECPrivateKey_fp(fp,ecdsa) ASN1_i2d_fp(i2d_ECPrivateKey,fp, \
-                (unsigned char *)ecdsa)
-#define d2i_ECPrivateKey_bio(bp,ecdsa) (EC_KEY *)ASN1_d2i_bio((char *(*)())\
-                EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (bp), \
-                (unsigned char **)(ecdsa))
-#define i2d_ECPrivateKey_bio(bp,ecdsa) ASN1_i2d_bio(i2d_ECPrivateKey,bp, \
-                (unsigned char *)ecdsa)
-
-#define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\
-                (char *(*)())d2i_X509_ALGOR,(char *)xn)
-
-#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \
-                (char *(*)())d2i_X509_NAME,(char *)xn)
-#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \
-                (int (*)())i2d_X509_NAME_ENTRY, \
-                (char *(*)())d2i_X509_NAME_ENTRY,\
-                (char *)ne)
-
-#define X509_digest(data,type,md,len) \
-        ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)
-#define X509_NAME_digest(data,type,md,len) \
-        ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)
-#ifndef PKCS7_ISSUER_AND_SERIAL_digest
-#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
-        ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
-                (char *)data,md,len)
-#endif
-#endif
-
 #define X509_EXT_PACK_UNKNOWN   1
 #define X509_EXT_PACK_STRING    2
 
 #define         X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
 /* #define      X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
 #define         X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
 #define         X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
 #define         X509_extract_key(x)     X509_get_pubkey(x) /*****/
 #define         X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
 #define         X509_REQ_get_subject_name(x) ((x)->req_info->subject)
 #define         X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
 #define         X509_name_cmp(a,b)      X509_NAME_cmp((a),(b))
 #define         X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
 
 #define         X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
 #define         X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
 #define         X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
 #define         X509_CRL_get_issuer(x) ((x)->crl->issuer)
 #define         X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
 
+void X509_CRL_set_default_method(const X509_CRL_METHOD *meth);
+X509_CRL_METHOD *X509_CRL_METHOD_new(
+        int (*crl_init)(X509_CRL *crl),
+        int (*crl_free)(X509_CRL *crl),
+        int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
+                                ASN1_INTEGER *ser, X509_NAME *issuer),
+        int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk));
+void X509_CRL_METHOD_free(X509_CRL_METHOD *m);
+
+void X509_CRL_set_meth_data(X509_CRL *crl, void *dat);
+void *X509_CRL_get_meth_data(X509_CRL *crl);
+
 /* This one is only used so that a binary form can output, as in
  * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
 #define         X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
 
 
 const char *X509_verify_cert_error_string(long n);
 
-#ifndef SSLEAY_MACROS
 #ifndef OPENSSL_NO_EVP
 int X509_verify(X509 *a, EVP_PKEY *r);
 
 int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
 int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
 int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
 
 NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len);
 char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
 EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
@@ skipping 104 matching lines @@
 X509_CRL *X509_CRL_dup(X509_CRL *crl);
 X509_REQ *X509_REQ_dup(X509_REQ *req);
 X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
 int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
 void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
                                                 X509_ALGOR *algor);
 
 X509_NAME *X509_NAME_dup(X509_NAME *xn);
 X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
 
-#endif /* !SSLEAY_MACROS */
-
-int             X509_cmp_time(ASN1_TIME *s, time_t *t);
-int             X509_cmp_current_time(ASN1_TIME *s);
+int             X509_cmp_time(const ASN1_TIME *s, time_t *t);
+int             X509_cmp_current_time(const ASN1_TIME *s);
 ASN1_TIME *     X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
+ASN1_TIME *     X509_time_adj_ex(ASN1_TIME *s,
+                                int offset_day, long offset_sec, time_t *t);
 ASN1_TIME *     X509_gmtime_adj(ASN1_TIME *s, long adj);
 
 const char *    X509_get_default_cert_area(void );
 const char *    X509_get_default_cert_dir(void );
 const char *    X509_get_default_cert_file(void );
 const char *    X509_get_default_cert_dir_env(void );
 const char *    X509_get_default_cert_file_env(void );
 const char *    X509_get_default_private_dir(void );
 
 X509_REQ *      X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
@@ skipping 67 matching lines @@
 int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
 int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
 void X509_trust_clear(X509 *x);
 void X509_reject_clear(X509 *x);
 
 DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
 DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
 DECLARE_ASN1_FUNCTIONS(X509_CRL)
 
 int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
+int X509_CRL_get0_by_serial(X509_CRL *crl,
+                X509_REVOKED **ret, ASN1_INTEGER *serial);
+int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);
 
 X509_PKEY *     X509_PKEY_new(void );
 void            X509_PKEY_free(X509_PKEY *a);
 int             i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp);
 X509_PKEY *     d2i_X509_PKEY(X509_PKEY **a,const unsigned char **pp,long length);
 
 DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
 DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
 DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
 
@@ skipping 23 matching lines @@
         void *data, EVP_PKEY *pkey, const EVP_MD *type);
 #endif
 
 int             X509_set_version(X509 *x,long version);
 int             X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
 ASN1_INTEGER *  X509_get_serialNumber(X509 *x);
 int             X509_set_issuer_name(X509 *x, X509_NAME *name);
 X509_NAME *     X509_get_issuer_name(X509 *a);
 int             X509_set_subject_name(X509 *x, X509_NAME *name);
 X509_NAME *     X509_get_subject_name(X509 *a);
-int             X509_set_notBefore(X509 *x, ASN1_TIME *tm);
-int             X509_set_notAfter(X509 *x, ASN1_TIME *tm);
+int             X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
+int             X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
 int             X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
 EVP_PKEY *      X509_get_pubkey(X509 *x);
 ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x);
 int             X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
 
 int             X509_REQ_set_version(X509_REQ *x,long version);
 int             X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
 int             X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *      X509_REQ_get_pubkey(X509_REQ *req);
 int             X509_REQ_extension_nid(int nid);
@@ skipping 16 matching lines @@
                         const unsigned char *bytes, int len);
 int X509_REQ_add1_attr_by_NID(X509_REQ *req,
                         int nid, int type,
                         const unsigned char *bytes, int len);
 int X509_REQ_add1_attr_by_txt(X509_REQ *req,
                         const char *attrname, int type,
                         const unsigned char *bytes, int len);
 
 int X509_CRL_set_version(X509_CRL *x, long version);
 int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
-int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm);
-int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm);
+int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
+int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
 int X509_CRL_sort(X509_CRL *crl);
 
 int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
 int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
 
 int             X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey);
 
 int             X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
 
 int             X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
 unsigned long   X509_issuer_and_serial_hash(X509 *a);
 
 int             X509_issuer_name_cmp(const X509 *a, const X509 *b);
 unsigned long   X509_issuer_name_hash(X509 *a);
 
 int             X509_subject_name_cmp(const X509 *a, const X509 *b);
 unsigned long   X509_subject_name_hash(X509 *x);
 
+#ifndef OPENSSL_NO_MD5
+unsigned long   X509_issuer_name_hash_old(X509 *a);
+unsigned long   X509_subject_name_hash_old(X509 *x);
+#endif
+
 int             X509_cmp(const X509 *a, const X509 *b);
 int             X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
 unsigned long   X509_NAME_hash(X509_NAME *x);
+unsigned long   X509_NAME_hash_old(X509_NAME *x);
 
 int             X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
+int             X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
 #ifndef OPENSSL_NO_FP_API
 int             X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
 int             X509_print_fp(FILE *bp,X509 *x);
 int             X509_CRL_print_fp(FILE *bp,X509_CRL *x);
 int             X509_REQ_print_fp(FILE *bp,X509_REQ *req);
 int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
 #endif
 
 #ifndef OPENSSL_NO_BIO
 int             X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
@@ skipping 155 matching lines @@
 
 /* lookup a cert from a X509 STACK */
 X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name,
                                      ASN1_INTEGER *serial);
 X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);
 
 DECLARE_ASN1_FUNCTIONS(PBEPARAM)
 DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
 DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
 
-X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen);
+int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
+                                const unsigned char *salt, int saltlen);
+
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
+                                const unsigned char *salt, int saltlen);
 X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
                                          unsigned char *salt, int saltlen);
+X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
+                                 unsigned char *salt, int saltlen,
+                                 unsigned char *aiv, int prf_nid);
 
 /* PKCS#8 utilities */
 
 DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
 
 EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
 PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
 PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
 PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
 
+int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
+                        int version, int ptype, void *pval,
+                                unsigned char *penc, int penclen);
+int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
+                const unsigned char **pk, int *ppklen,
+                X509_ALGOR **pa,
+                PKCS8_PRIV_KEY_INFO *p8);
+
+int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
+                                        int ptype, void *pval,
+                                        unsigned char *penc, int penclen);
+int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
+                const unsigned char **pk, int *ppklen,
+                X509_ALGOR **pa,
+                X509_PUBKEY *pub);
+
 int X509_check_trust(X509 *x, int id, int flags);
 int X509_TRUST_get_count(void);
 X509_TRUST * X509_TRUST_get0(int idx);
 int X509_TRUST_get_by_id(int id);
 int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
                                         char *name, int arg1, void *arg2);
 void X509_TRUST_cleanup(void);
 int X509_TRUST_get_flags(X509_TRUST *xp);
 char *X509_TRUST_get0_name(X509_TRUST *xp);
 int X509_TRUST_get_trust(X509_TRUST *xp);
@@ skipping 59 matching lines @@
 #define X509_R_CANT_CHECK_DH_KEY                         114
 #define X509_R_CERT_ALREADY_IN_HASH_TABLE                101
 #define X509_R_ERR_ASN1_LIB                              102
 #define X509_R_INVALID_DIRECTORY                         113
 #define X509_R_INVALID_FIELD_NAME                        119
 #define X509_R_INVALID_TRUST                             123
 #define X509_R_KEY_TYPE_MISMATCH                         115
 #define X509_R_KEY_VALUES_MISMATCH                       116
 #define X509_R_LOADING_CERT_DIR                          103
 #define X509_R_LOADING_DEFAULTS                          104
+#define X509_R_METHOD_NOT_SUPPORTED                      124
 #define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY              105
+#define X509_R_PUBLIC_KEY_DECODE_ERROR                   125
+#define X509_R_PUBLIC_KEY_ENCODE_ERROR                   126
 #define X509_R_SHOULD_RETRY                              106
 #define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN        107
 #define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY            108
 #define X509_R_UNKNOWN_KEY_TYPE                          117
 #define X509_R_UNKNOWN_NID                               109
 #define X509_R_UNKNOWN_PURPOSE_ID                        121
 #define X509_R_UNKNOWN_TRUST_ID                          120
 #define X509_R_UNSUPPORTED_ALGORITHM                     111
 #define X509_R_WRONG_LOOKUP_TYPE                         112
 #define X509_R_WRONG_TYPE                                122
 
 #ifdef  __cplusplus
 }
 #endif
 #endif