1	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2	* All rights reserved.
3	*
4	* This package is an SSL implementation written
5	* by Eric Young (eay@cryptsoft.com).
6	* The implementation was written so as to conform with Netscapes SSL.
7	*
8	* This library is free for commercial and non-commercial use as long as
9	* the following conditions are aheared to. The following conditions
10	* apply to all code found in this distribution, be it the RC4, RSA,
11	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
12	* included with this distribution is covered by the same copyright terms
13	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
14	*
15	* Copyright remains Eric Young's, and as such any Copyright notices in
16	* the code are not to be removed.
17	* If this package is used in a product, Eric Young should be given attribution
18	* as the author of the parts of the library used.
19	* This can be in the form of a textual message at program startup or
20	* in documentation (online or textual) provided with the package.
21	*
22	* Redistribution and use in source and binary forms, with or without
23	* modification, are permitted provided that the following conditions
24	* are met:
25	* 1. Redistributions of source code must retain the copyright
26	* notice, this list of conditions and the following disclaimer.
27	* 2. Redistributions in binary form must reproduce the above copyright
28	* notice, this list of conditions and the following disclaimer in the
29	* documentation and/or other materials provided with the distribution.
30	* 3. All advertising materials mentioning features or use of this software
31	* must display the following acknowledgement:
32	* "This product includes cryptographic software written by
33	* Eric Young (eay@cryptsoft.com)"
34	* The word 'cryptographic' can be left out if the rouines from the library
35	* being used are not cryptographic related :-).
36	* 4. If you include any Windows specific code (or a derivative thereof) from
37	* the apps directory (application code) you must include an acknowledgement:
38	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39	*
40	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50	* SUCH DAMAGE.
51	*
52	* The licence and distribution terms for any publically available version or
53	* derivative of this code cannot be changed. i.e. this code cannot simply be
54	* copied and put under another distribution licence
55	* [including the GNU Public Licence.]
56	*/
57
58	#ifndef OPENSSL_HEADER_ASN1_H
59	#define OPENSSL_HEADER_ASN1_H
60
61	#include <openssl/base.h>
62
63	#include <time.h>
64
65	#include <openssl/bio.h>
66	#include <openssl/bn.h>
67	#include <openssl/stack.h>
68
69	#if defined(__cplusplus)
70	extern "C" {
71	#endif
72
73
74	// Legacy ASN.1 library.
75	//
76	// This header is part of OpenSSL's ASN.1 implementation. It is retained for
77	// compatibility but should not be used by new code. The functions are difficult
78	// to use correctly, and have buggy or non-standard behaviors. They are thus
79	// particularly prone to behavior changes and API removals, as BoringSSL
80	// iterates on these issues.
81	//
82	// Use the new |CBS| and |CBB| library in <openssl/bytestring.h> instead.
83
84
85	// Tag constants.
86	//
87	// These constants are used in various APIs to specify ASN.1 types and tag
88	// components. See the specific API's documentation for details on which values
89	// are used and how.
90
91	// The following constants are tag classes.
92	#define V_ASN1_UNIVERSAL 0x00
93	#define V_ASN1_APPLICATION 0x40
94	#define V_ASN1_CONTEXT_SPECIFIC 0x80
95	#define V_ASN1_PRIVATE 0xc0
96
97	// V_ASN1_CONSTRUCTED indicates an element is constructed, rather than
98	// primitive.
99	#define V_ASN1_CONSTRUCTED 0x20
100
101	// V_ASN1_PRIMITIVE_TAG is the highest tag number which can be encoded in a
102	// single byte. Note this is unrelated to whether an element is constructed or
103	// primitive.
104	//
105	// TODO(davidben): Make this private.
106	#define V_ASN1_PRIMITIVE_TAG 0x1f
107
108	// V_ASN1_MAX_UNIVERSAL is the highest supported universal tag number. It is
109	// necessary to avoid ambiguity with |V_ASN1_NEG| and |MBSTRING_FLAG|.
110	//
111	// TODO(davidben): Make this private.
112	#define V_ASN1_MAX_UNIVERSAL 0xff
113
114	// V_ASN1_UNDEF is used in some APIs to indicate an ASN.1 element is omitted.
115	#define V_ASN1_UNDEF (-1)
116
117	// V_ASN1_OTHER is used in |ASN1_TYPE| to indicate a non-universal ASN.1 type.
118	#define V_ASN1_OTHER (-3)
119
120	// V_ASN1_ANY is used by the ASN.1 templates to indicate an ANY type.
121	#define V_ASN1_ANY (-4)
122
123	// The following constants are tag numbers for universal types.
124	#define V_ASN1_EOC 0
125	#define V_ASN1_BOOLEAN 1
126	#define V_ASN1_INTEGER 2
127	#define V_ASN1_BIT_STRING 3
128	#define V_ASN1_OCTET_STRING 4
129	#define V_ASN1_NULL 5
130	#define V_ASN1_OBJECT 6
131	#define V_ASN1_OBJECT_DESCRIPTOR 7
132	#define V_ASN1_EXTERNAL 8
133	#define V_ASN1_REAL 9
134	#define V_ASN1_ENUMERATED 10
135	#define V_ASN1_UTF8STRING 12
136	#define V_ASN1_SEQUENCE 16
137	#define V_ASN1_SET 17
138	#define V_ASN1_NUMERICSTRING 18
139	#define V_ASN1_PRINTABLESTRING 19
140	#define V_ASN1_T61STRING 20
141	#define V_ASN1_TELETEXSTRING 20
142	#define V_ASN1_VIDEOTEXSTRING 21
143	#define V_ASN1_IA5STRING 22
144	#define V_ASN1_UTCTIME 23
145	#define V_ASN1_GENERALIZEDTIME 24
146	#define V_ASN1_GRAPHICSTRING 25
147	#define V_ASN1_ISO64STRING 26
148	#define V_ASN1_VISIBLESTRING 26
149	#define V_ASN1_GENERALSTRING 27
150	#define V_ASN1_UNIVERSALSTRING 28
151	#define V_ASN1_BMPSTRING 30
152
153	// The following constants are used for |ASN1_STRING| values that represent
154	// negative INTEGER and ENUMERATED values. See |ASN1_STRING| for more details.
155	#define V_ASN1_NEG 0x100
156	#define V_ASN1_NEG_INTEGER (V_ASN1_INTEGER | V_ASN1_NEG)
157	#define V_ASN1_NEG_ENUMERATED (V_ASN1_ENUMERATED | V_ASN1_NEG)
158
159	// The following constants are bitmask representations of ASN.1 types.
160	#define B_ASN1_NUMERICSTRING 0x0001
161	#define B_ASN1_PRINTABLESTRING 0x0002
162	#define B_ASN1_T61STRING 0x0004
163	#define B_ASN1_TELETEXSTRING 0x0004
164	#define B_ASN1_VIDEOTEXSTRING 0x0008
165	#define B_ASN1_IA5STRING 0x0010
166	#define B_ASN1_GRAPHICSTRING 0x0020
167	#define B_ASN1_ISO64STRING 0x0040
168	#define B_ASN1_VISIBLESTRING 0x0040
169	#define B_ASN1_GENERALSTRING 0x0080
170	#define B_ASN1_UNIVERSALSTRING 0x0100
171	#define B_ASN1_OCTET_STRING 0x0200
172	#define B_ASN1_BIT_STRING 0x0400
173	#define B_ASN1_BMPSTRING 0x0800
174	#define B_ASN1_UNKNOWN 0x1000
175	#define B_ASN1_UTF8STRING 0x2000
176	#define B_ASN1_UTCTIME 0x4000
177	#define B_ASN1_GENERALIZEDTIME 0x8000
178	#define B_ASN1_SEQUENCE 0x10000
179
180	// ASN1_tag2bit converts |tag| from the tag number of a universal type to a
181	// corresponding |B_ASN1_*| constant, |B_ASN1_UNKNOWN|, or zero. If the
182	// |B_ASN1_*| constant above is defined, it will map the corresponding
183	// |V_ASN1_*| constant to it. Otherwise, whether it returns |B_ASN1_UNKNOWN| or
184	// zero is ill-defined and callers should not rely on it.
185	//
186	// TODO(https://crbug.com/boringssl/412): Figure out what |B_ASN1_UNNOWN| vs
187	// zero is meant to be. The main impact is what values go in |B_ASN1_PRINTABLE|.
188	// To that end, we must return zero on types that can't go in |ASN1_STRING|.
189	OPENSSL_EXPORT unsigned long ASN1_tag2bit(int tag);
190
191	// ASN1_tag2str returns a string representation of |tag|, interpret as a tag
192	// number for a universal type, or |V_ASN1_NEG_*|.
193	OPENSSL_EXPORT const char *ASN1_tag2str(int tag);
194
195
196	// API conventions.
197	//
198	// The following sample functions document the calling conventions used by
199	// legacy ASN.1 APIs.
200
201	#if 0 // Sample functions
202
203	// d2i_SAMPLE parses a structure from up to |len| bytes at |*inp|. On success,
204	// it advances |*inp| by the number of bytes read and returns a newly-allocated
205	// |SAMPLE| object containing the parsed structure. If |out| is non-NULL, it
206	// additionally frees the previous value at |*out| and updates |*out| to the
207	// result. If parsing or allocating the result fails, it returns NULL.
208	//
209	// This function does not reject trailing data in the input. This allows the
210	// caller to parse a sequence of concatenated structures. Callers parsing only
211	// one structure should check for trailing data by comparing the updated |*inp|
212	// with the end of the input.
213	//
214	// Note: If |out| and |*out| are both non-NULL, the object at |*out| is not
215	// updated in-place. Instead, it is freed, and the pointer is updated to the
216	// new object. This differs from OpenSSL. Callers are recommended to set |out|
217	// to NULL and instead use the return value.
218	SAMPLE *d2i_SAMPLE(SAMPLE **out, const uint8_t **inp, long len);
219
220	// i2d_SAMPLE marshals |in|. On error, it returns a negative value. On success,
221	// it returns the length of the result and outputs it via |outp| as follows:
222	//
223	// If |outp| is NULL, the function writes nothing. This mode can be used to size
224	// buffers.
225	//
226	// If |outp| is non-NULL but |*outp| is NULL, the function sets |*outp| to a
227	// newly-allocated buffer containing the result. The caller is responsible for
228	// releasing |*outp| with |OPENSSL_free|. This mode is recommended for most
229	// callers.
230	//
231	// If |outp| and |*outp| are non-NULL, the function writes the result to
232	// |*outp|, which must have enough space available, and advances |*outp| just
233	// past the output.
234	//
235	// WARNING: In the third mode, the function does not internally check output
236	// bounds. Failing to correctly size the buffer will result in a potentially
237	// exploitable memory error.
238	int i2d_SAMPLE(const SAMPLE *in, uint8_t **outp);
239
240	#endif // Sample functions
241
242	// The following typedefs are sometimes used for pointers to functions like
243	// |d2i_SAMPLE| and |i2d_SAMPLE|. Note, however, that these act on |void*|.
244	// Calling a function with a different pointer type is undefined in C, so this
245	// is only valid with a wrapper.
246	typedef void *d2i_of_void(void **, const unsigned char **, long);
247	typedef int i2d_of_void(const void *, unsigned char **);
248
249
250	// ASN.1 types.
251	//
252	// An |ASN1_ITEM| represents an ASN.1 type and allows working with ASN.1 types
253	// generically.
254	//
255	// |ASN1_ITEM|s use a different namespace from C types and are accessed via
256	// |ASN1_ITEM_*| macros. So, for example, |ASN1_OCTET_STRING| is both a C type
257	// and the name of an |ASN1_ITEM|, referenced as
258	// |ASN1_ITEM_rptr(ASN1_OCTET_STRING)|.
259	//
260	// Each |ASN1_ITEM| has a corresponding C type, typically with the same name,
261	// which represents values in the ASN.1 type. This type is either a pointer type
262	// or |ASN1_BOOLEAN|. When it is a pointer, NULL pointers represent omitted
263	// values. For example, an OCTET STRING value is declared with the C type
264	// |ASN1_OCTET_STRING*| and uses the |ASN1_ITEM| named |ASN1_OCTET_STRING|. An
265	// OPTIONAL OCTET STRING uses the same C type and represents an omitted value
266	// with a NULL pointer. |ASN1_BOOLEAN| is described in a later section.
267
268	// DECLARE_ASN1_ITEM declares an |ASN1_ITEM| with name |name|. The |ASN1_ITEM|
269	// may be referenced with |ASN1_ITEM_rptr|. Uses of this macro should document
270	// the corresponding ASN.1 and C types.
271	#define DECLARE_ASN1_ITEM(name) extern OPENSSL_EXPORT const ASN1_ITEM name##_it;
272
273	// ASN1_ITEM_rptr returns the |const ASN1_ITEM *| named |name|.
274	#define ASN1_ITEM_rptr(name) (&(name##_it))
275
276	// ASN1_ITEM_EXP is an abstraction for referencing an |ASN1_ITEM| in a
277	// constant-initialized structure, such as a method table. It exists because, on
278	// some OpenSSL platforms, |ASN1_ITEM| references are indirected through
279	// functions. Structures reference the |ASN1_ITEM| by declaring a field like
280	// |ASN1_ITEM_EXP *item| and initializing it with |ASN1_ITEM_ref|.
281	typedef const ASN1_ITEM ASN1_ITEM_EXP;
282
283	// ASN1_ITEM_ref returns an |ASN1_ITEM_EXP*| for the |ASN1_ITEM| named |name|.
284	#define ASN1_ITEM_ref(name) (&(name##_it))
285
286	// ASN1_ITEM_ptr converts |iptr|, which must be an |ASN1_ITEM_EXP*| to a
287	// |const ASN1_ITEM*|.
288	#define ASN1_ITEM_ptr(iptr) (iptr)
289
290	// ASN1_VALUE_st (aka |ASN1_VALUE|) is an opaque type used as a placeholder for
291	// the C type corresponding to an |ASN1_ITEM|.
292	typedef struct ASN1_VALUE_st ASN1_VALUE;
293
294	// ASN1_item_new allocates a new value of the C type corresponding to |it|, or
295	// NULL on error. On success, the caller must release the value with
296	// |ASN1_item_free|, or the corresponding C type's free function, when done. The
297	// new value will initialize fields of the value to some default state, such as
298	// an empty string. Note, however, that this default state sometimes omits
299	// required values, such as with CHOICE types.
300	//
301	// This function may not be used with |ASN1_ITEM|s whose C type is
302	// |ASN1_BOOLEAN|.
303	//
304	// WARNING: Casting the result of this function to the wrong type is a
305	// potentially exploitable memory error. Callers must ensure the value is used
306	// consistently with |it|. Prefer using type-specific functions such as
307	// |ASN1_OCTET_STRING_new|.
308	OPENSSL_EXPORT ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
309
310	// ASN1_item_free releases memory associated with |val|, which must be an object
311	// of the C type corresponding to |it|.
312	//
313	// This function may not be used with |ASN1_ITEM|s whose C type is
314	// |ASN1_BOOLEAN|.
315	//
316	// WARNING: Passing a pointer of the wrong type into this function is a
317	// potentially exploitable memory error. Callers must ensure |val| is consistent
318	// with |it|. Prefer using type-specific functions such as
319	// |ASN1_OCTET_STRING_free|.
320	OPENSSL_EXPORT void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
321
322	// ASN1_item_d2i parses the ASN.1 type |it| from up to |len| bytes at |*inp|.
323	// It behaves like |d2i_SAMPLE|, except that |out| and the return value are cast
324	// to |ASN1_VALUE| pointers.
325	//
326	// TODO(https://crbug.com/boringssl/444): C strict aliasing forbids type-punning
327	// |T*| and |ASN1_VALUE*| the way this function signature does. When that bug is
328	// resolved, we will need to pick which type |*out| is (probably |T*|). Do not
329	// use a non-NULL |out| to avoid ending up on the wrong side of this question.
330	//
331	// This function may not be used with |ASN1_ITEM|s whose C type is
332	// |ASN1_BOOLEAN|.
333	//
334	// WARNING: Casting the result of this function to the wrong type, or passing a
335	// pointer of the wrong type into this function, are potentially exploitable
336	// memory errors. Callers must ensure |out| is consistent with |it|. Prefer
337	// using type-specific functions such as |d2i_ASN1_OCTET_STRING|.
338	OPENSSL_EXPORT ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **out,
339	const unsigned char **inp, long len,
340	const ASN1_ITEM *it);
341
342	// ASN1_item_i2d marshals |val| as the ASN.1 type associated with |it|, as
343	// described in |i2d_SAMPLE|.
344	//
345	// This function may not be used with |ASN1_ITEM|s whose C type is
346	// |ASN1_BOOLEAN|.
347	//
348	// WARNING: Passing a pointer of the wrong type into this function is a
349	// potentially exploitable memory error. Callers must ensure |val| is consistent
350	// with |it|. Prefer using type-specific functions such as
351	// |i2d_ASN1_OCTET_STRING|.
352	OPENSSL_EXPORT int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **outp,
353	const ASN1_ITEM *it);
354
355	// ASN1_item_dup returns a newly-allocated copy of |x|, or NULL on error. |x|
356	// must be an object of |it|'s C type.
357	//
358	// This function may not be used with |ASN1_ITEM|s whose C type is
359	// |ASN1_BOOLEAN|.
360	//
361	// WARNING: Casting the result of this function to the wrong type, or passing a
362	// pointer of the wrong type into this function, are potentially exploitable
363	// memory errors. Prefer using type-specific functions such as
364	// |ASN1_STRING_dup|.
365	OPENSSL_EXPORT void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
366
367	// The following functions behave like |ASN1_item_d2i| but read from |in|
368	// instead. |out| is the same parameter as in |ASN1_item_d2i|, but written with
369	// |void*| instead. The return values similarly match.
370	//
371	// These functions may not be used with |ASN1_ITEM|s whose C type is
372	// |ASN1_BOOLEAN|.
373	//
374	// WARNING: These functions do not bound how much data is read from |in|.
375	// Parsing an untrusted input could consume unbounded memory.
376	OPENSSL_EXPORT void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *out);
377	OPENSSL_EXPORT void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *out);
378
379	// The following functions behave like |ASN1_item_i2d| but write to |out|
380	// instead. |in| is the same parameter as in |ASN1_item_i2d|, but written with
381	// |void*| instead.
382	//
383	// These functions may not be used with |ASN1_ITEM|s whose C type is
384	// |ASN1_BOOLEAN|.
385	OPENSSL_EXPORT int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *in);
386	OPENSSL_EXPORT int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *in);
387
388	// ASN1_item_unpack parses |oct|'s contents as |it|'s ASN.1 type. It returns a
389	// newly-allocated instance of |it|'s C type on success, or NULL on error.
390	//
391	// This function may not be used with |ASN1_ITEM|s whose C type is
392	// |ASN1_BOOLEAN|.
393	//
394	// WARNING: Casting the result of this function to the wrong type is a
395	// potentially exploitable memory error. Callers must ensure the value is used
396	// consistently with |it|.
397	OPENSSL_EXPORT void *ASN1_item_unpack(const ASN1_STRING *oct,
398	const ASN1_ITEM *it);
399
400	// ASN1_item_pack marshals |obj| as |it|'s ASN.1 type. If |out| is NULL, it
401	// returns a newly-allocated |ASN1_STRING| with the result, or NULL on error.
402	// If |out| is non-NULL, but |*out| is NULL, it does the same but additionally
403	// sets |*out| to the result. If both |out| and |*out| are non-NULL, it writes
404	// the result to |*out| and returns |*out| on success or NULL on error.
405	//
406	// This function may not be used with |ASN1_ITEM|s whose C type is
407	// |ASN1_BOOLEAN|.
408	//
409	// WARNING: Passing a pointer of the wrong type into this function is a
410	// potentially exploitable memory error. Callers must ensure |val| is consistent
411	// with |it|.
412	OPENSSL_EXPORT ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
413	ASN1_STRING **out);
414
415
416	// Booleans.
417	//
418	// This library represents ASN.1 BOOLEAN values with |ASN1_BOOLEAN|, which is an
419	// integer type. FALSE is zero, TRUE is 0xff, and an omitted OPTIONAL BOOLEAN is
420	// -1.
421
422	// ASN1_BOOLEAN_FALSE is FALSE as an |ASN1_BOOLEAN|.
423	#define ASN1_BOOLEAN_FALSE 0
424
425	// ASN1_BOOLEAN_TRUE is TRUE as an |ASN1_BOOLEAN|. Some code incorrectly uses
426	// 1, so prefer |b != ASN1_BOOLEAN_FALSE| over |b == ASN1_BOOLEAN_TRUE|.
427	#define ASN1_BOOLEAN_TRUE 0xff
428
429	// ASN1_BOOLEAN_NONE, in contexts where the |ASN1_BOOLEAN| represents an
430	// OPTIONAL BOOLEAN, is an omitted value. Using this value in other contexts is
431	// undefined and may be misinterpreted as TRUE.
432	#define ASN1_BOOLEAN_NONE (-1)
433
434	// d2i_ASN1_BOOLEAN parses a DER-encoded ASN.1 BOOLEAN from up to |len| bytes at
435	// |*inp|. On success, it advances |*inp| by the number of bytes read and
436	// returns the result. If |out| is non-NULL, it additionally writes the result
437	// to |*out|. On error, it returns |ASN1_BOOLEAN_NONE|.
438	//
439	// This function does not reject trailing data in the input. This allows the
440	// caller to parse a sequence of concatenated structures. Callers parsing only
441	// one structure should check for trailing data by comparing the updated |*inp|
442	// with the end of the input.
443	//
444	// WARNING: This function's is slightly different from other |d2i_*| functions
445	// because |ASN1_BOOLEAN| is not a pointer type.
446	//
447	// TODO(https://crbug.com/boringssl/354): This function currently also accepts
448	// BER, but this will be removed in the future.
449	OPENSSL_EXPORT ASN1_BOOLEAN d2i_ASN1_BOOLEAN(ASN1_BOOLEAN *out,
450	const unsigned char **inp,
451	long len);
452
453	// i2d_ASN1_BOOLEAN marshals |a| as a DER-encoded ASN.1 BOOLEAN, as described in
454	// |i2d_SAMPLE|.
455	OPENSSL_EXPORT int i2d_ASN1_BOOLEAN(ASN1_BOOLEAN a, unsigned char **outp);
456
457	// The following |ASN1_ITEM|s have ASN.1 type BOOLEAN and C type |ASN1_BOOLEAN|.
458	// |ASN1_TBOOLEAN| and |ASN1_FBOOLEAN| must be marked OPTIONAL. When omitted,
459	// they are parsed as TRUE and FALSE, respectively, rather than
460	// |ASN1_BOOLEAN_NONE|.
461	DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
462	DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)
463	DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
464
465
466	// Strings.
467	//
468	// ASN.1 contains a myriad of string types, as well as types that contain data
469	// that may be encoded into a string. This library uses a single type,
470	// |ASN1_STRING|, to represent most values.
471
472	// An asn1_string_st (aka |ASN1_STRING|) represents a value of a string-like
473	// ASN.1 type. It contains a type field, and a byte string data field with a
474	// type-specific representation.
475	//
476	// When representing a string value, the type field is one of
477	// |V_ASN1_OCTET_STRING|, |V_ASN1_UTF8STRING|, |V_ASN1_NUMERICSTRING|,
478	// |V_ASN1_PRINTABLESTRING|, |V_ASN1_T61STRING|, |V_ASN1_VIDEOTEXSTRING|,
479	// |V_ASN1_IA5STRING|, |V_ASN1_GRAPHICSTRING|, |V_ASN1_ISO64STRING|,
480	// |V_ASN1_VISIBLESTRING|, |V_ASN1_GENERALSTRING|, |V_ASN1_UNIVERSALSTRING|, or
481	// |V_ASN1_BMPSTRING|. The data contains the byte representation of of the
482	// string.
483	//
484	// When representing a BIT STRING value, the type field is |V_ASN1_BIT_STRING|.
485	// See bit string documentation below for how the data and flags are used.
486	//
487	// When representing an INTEGER or ENUMERATED value, the type field is one of
488	// |V_ASN1_INTEGER|, |V_ASN1_NEG_INTEGER|, |V_ASN1_ENUMERATED|, or
489	// |V_ASN1_NEG_ENUMERATED|. See integer documentation below for details.
490	//
491	// When representing a GeneralizedTime or UTCTime value, the type field is
492	// |V_ASN1_GENERALIZEDTIME| or |V_ASN1_UTCTIME|, respectively. The data contains
493	// the DER encoding of the value. For example, the UNIX epoch would be
494	// "19700101000000Z" for a GeneralizedTime and "700101000000Z" for a UTCTime.
495	//
496	// |ASN1_STRING|, when stored in an |ASN1_TYPE|, may also represent an element
497	// with tag not directly supported by this library. See |ASN1_TYPE| for details.
498	//
499	// |ASN1_STRING| additionally has the following typedefs: |ASN1_BIT_STRING|,
500	// |ASN1_BMPSTRING|, |ASN1_ENUMERATED|, |ASN1_GENERALIZEDTIME|,
501	// |ASN1_GENERALSTRING|, |ASN1_IA5STRING|, |ASN1_INTEGER|, |ASN1_OCTET_STRING|,
502	// |ASN1_PRINTABLESTRING|, |ASN1_T61STRING|, |ASN1_TIME|,
503	// |ASN1_UNIVERSALSTRING|, |ASN1_UTCTIME|, |ASN1_UTF8STRING|, and
504	// |ASN1_VISIBLESTRING|. Other than |ASN1_TIME|, these correspond to universal
505	// ASN.1 types. |ASN1_TIME| represents a CHOICE of UTCTime and GeneralizedTime,
506	// with a cutoff of 2049, as used in Section 4.1.2.5 of RFC 5280.
507	//
508	// For clarity, callers are encouraged to use the appropriate typedef when
509	// available. They are the same type as |ASN1_STRING|, so a caller may freely
510	// pass them into functions expecting |ASN1_STRING|, such as
511	// |ASN1_STRING_length|.
512	//
513	// If a function returns an |ASN1_STRING| where the typedef or ASN.1 structure
514	// implies constraints on the type field, callers may assume that the type field
515	// is correct. However, if a function takes an |ASN1_STRING| as input, callers
516	// must ensure the type field matches. These invariants are not captured by the
517	// C type system and may not be checked at runtime. For example, callers may
518	// assume the output of |X509_get0_serialNumber| has type |V_ASN1_INTEGER| or
519	// |V_ASN1_NEG_INTEGER|. Callers must not pass a string of type
520	// |V_ASN1_OCTET_STRING| to |X509_set_serialNumber|. Doing so may break
521	// invariants on the |X509| object and break the |X509_get0_serialNumber|
522	// invariant.
523	//
524	// TODO(https://crbug.com/boringssl/445): This is very unfriendly. Getting the
525	// type field wrong should not cause memory errors, but it may do strange
526	// things. We should add runtime checks to anything that consumes |ASN1_STRING|s
527	// from the caller.
528	struct asn1_string_st {
529	int length;
530	int type;
531	unsigned char *data;
532	long flags;
533	};
534
535	// ASN1_STRING_FLAG_BITS_LEFT indicates, in a BIT STRING |ASN1_STRING|, that
536	// flags & 0x7 contains the number of padding bits added to the BIT STRING
537	// value. When not set, all trailing zero bits in the last byte are implicitly
538	// treated as padding. This behavior is deprecated and should not be used.
539	#define ASN1_STRING_FLAG_BITS_LEFT 0x08
540
541	// ASN1_STRING_type_new returns a newly-allocated empty |ASN1_STRING| object of
542	// type |type|, or NULL on error.
543	OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_type_new(int type);
544
545	// ASN1_STRING_new returns a newly-allocated empty |ASN1_STRING| object with an
546	// arbitrary type. Prefer one of the type-specific constructors, such as
547	// |ASN1_OCTET_STRING_new|, or |ASN1_STRING_type_new|.
548	OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_new(void);
549
550	// ASN1_STRING_free releases memory associated with |str|.
551	OPENSSL_EXPORT void ASN1_STRING_free(ASN1_STRING *str);
552
553	// ASN1_STRING_copy sets |dst| to a copy of |str|. It returns one on success and
554	// zero on error.
555	OPENSSL_EXPORT int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str);
556
557	// ASN1_STRING_dup returns a newly-allocated copy of |str|, or NULL on error.
558	OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str);
559
560	// ASN1_STRING_type returns the type of |str|. This value will be one of the
561	// |V_ASN1_*| constants.
562	OPENSSL_EXPORT int ASN1_STRING_type(const ASN1_STRING *str);
563
564	// ASN1_STRING_get0_data returns a pointer to |str|'s contents. Callers should
565	// use |ASN1_STRING_length| to determine the length of the string. The string
566	// may have embedded NUL bytes and may not be NUL-terminated.
567	OPENSSL_EXPORT const unsigned char *ASN1_STRING_get0_data(
568	const ASN1_STRING *str);
569
570	// ASN1_STRING_data returns a mutable pointer to |str|'s contents. Callers
571	// should use |ASN1_STRING_length| to determine the length of the string. The
572	// string may have embedded NUL bytes and may not be NUL-terminated.
573	//
574	// Prefer |ASN1_STRING_get0_data|.
575	OPENSSL_EXPORT unsigned char *ASN1_STRING_data(ASN1_STRING *str);
576
577	// ASN1_STRING_length returns the length of |str|, in bytes.
578	OPENSSL_EXPORT int ASN1_STRING_length(const ASN1_STRING *str);
579
580	// ASN1_STRING_cmp compares |a| and |b|'s type and contents. It returns an
581	// integer equal to, less than, or greater than zero if |a| is equal to, less
582	// than, or greater than |b|, respectively. This function compares by length,
583	// then data, then type. Note the data compared is the |ASN1_STRING| internal
584	// representation and the type order is arbitrary. While this comparison is
585	// suitable for sorting, callers should not rely on the exact order when |a|
586	// and |b| are different types.
587	//
588	// Note that, if |a| and |b| are INTEGERs, this comparison does not order the
589	// values numerically. For a numerical comparison, use |ASN1_INTEGER_cmp|.
590	OPENSSL_EXPORT int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b);
591
592	// ASN1_STRING_set sets the contents of |str| to a copy of |len| bytes from
593	// |data|. It returns one on success and zero on error. If |data| is NULL, it
594	// updates the length and allocates the buffer as needed, but does not
595	// initialize the contents.
596	OPENSSL_EXPORT int ASN1_STRING_set(ASN1_STRING *str, const void *data,
597	ossl_ssize_t len);
598
599	// ASN1_STRING_set0 sets the contents of |str| to |len| bytes from |data|. It
600	// takes ownership of |data|, which must have been allocated with
601	// |OPENSSL_malloc|.
602	OPENSSL_EXPORT void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
603
604	// The following functions call |ASN1_STRING_type_new| with the corresponding
605	// |V_ASN1_*| constant.
606	OPENSSL_EXPORT ASN1_BMPSTRING *ASN1_BMPSTRING_new(void);
607	OPENSSL_EXPORT ASN1_GENERALSTRING *ASN1_GENERALSTRING_new(void);
608	OPENSSL_EXPORT ASN1_IA5STRING *ASN1_IA5STRING_new(void);
609	OPENSSL_EXPORT ASN1_OCTET_STRING *ASN1_OCTET_STRING_new(void);
610	OPENSSL_EXPORT ASN1_PRINTABLESTRING *ASN1_PRINTABLESTRING_new(void);
611	OPENSSL_EXPORT ASN1_T61STRING *ASN1_T61STRING_new(void);
612	OPENSSL_EXPORT ASN1_UNIVERSALSTRING *ASN1_UNIVERSALSTRING_new(void);
613	OPENSSL_EXPORT ASN1_UTF8STRING *ASN1_UTF8STRING_new(void);
614	OPENSSL_EXPORT ASN1_VISIBLESTRING *ASN1_VISIBLESTRING_new(void);
615
616	// The following functions call |ASN1_STRING_free|.
617	OPENSSL_EXPORT void ASN1_BMPSTRING_free(ASN1_BMPSTRING *str);
618	OPENSSL_EXPORT void ASN1_GENERALSTRING_free(ASN1_GENERALSTRING *str);
619	OPENSSL_EXPORT void ASN1_IA5STRING_free(ASN1_IA5STRING *str);
620	OPENSSL_EXPORT void ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *str);
621	OPENSSL_EXPORT void ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *str);
622	OPENSSL_EXPORT void ASN1_T61STRING_free(ASN1_T61STRING *str);
623	OPENSSL_EXPORT void ASN1_UNIVERSALSTRING_free(ASN1_UNIVERSALSTRING *str);
624	OPENSSL_EXPORT void ASN1_UTF8STRING_free(ASN1_UTF8STRING *str);
625	OPENSSL_EXPORT void ASN1_VISIBLESTRING_free(ASN1_VISIBLESTRING *str);
626
627	// The following functions parse up to |len| bytes from |*inp| as a
628	// DER-encoded ASN.1 value of the corresponding type, as described in
629	// |d2i_SAMPLE|.
630	//
631	// TODO(https://crbug.com/boringssl/354): This function currently also accepts
632	// BER, but this will be removed in the future.
633	OPENSSL_EXPORT ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **out,
634	const uint8_t **inp,
635	long len);
636	OPENSSL_EXPORT ASN1_GENERALSTRING *d2i_ASN1_GENERALSTRING(
637	ASN1_GENERALSTRING **out, const uint8_t **inp, long len);
638	OPENSSL_EXPORT ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **out,
639	const uint8_t **inp,
640	long len);
641	OPENSSL_EXPORT ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **out,
642	const uint8_t **inp,
643	long len);
644	OPENSSL_EXPORT ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(
645	ASN1_PRINTABLESTRING **out, const uint8_t **inp, long len);
646	OPENSSL_EXPORT ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **out,
647	const uint8_t **inp,
648	long len);
649	OPENSSL_EXPORT ASN1_UNIVERSALSTRING *d2i_ASN1_UNIVERSALSTRING(
650	ASN1_UNIVERSALSTRING **out, const uint8_t **inp, long len);
651	OPENSSL_EXPORT ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **out,
652	const uint8_t **inp,
653	long len);
654	OPENSSL_EXPORT ASN1_VISIBLESTRING *d2i_ASN1_VISIBLESTRING(
655	ASN1_VISIBLESTRING **out, const uint8_t **inp, long len);
656
657	// The following functions marshal |in| as a DER-encoded ASN.1 value of the
658	// corresponding type, as described in |i2d_SAMPLE|.
659	OPENSSL_EXPORT int i2d_ASN1_BMPSTRING(const ASN1_BMPSTRING *in, uint8_t **outp);
660	OPENSSL_EXPORT int i2d_ASN1_GENERALSTRING(const ASN1_GENERALSTRING *in,
661	uint8_t **outp);
662	OPENSSL_EXPORT int i2d_ASN1_IA5STRING(const ASN1_IA5STRING *in, uint8_t **outp);
663	OPENSSL_EXPORT int i2d_ASN1_OCTET_STRING(const ASN1_OCTET_STRING *in,
664	uint8_t **outp);
665	OPENSSL_EXPORT int i2d_ASN1_PRINTABLESTRING(const ASN1_PRINTABLESTRING *in,
666	uint8_t **outp);
667	OPENSSL_EXPORT int i2d_ASN1_T61STRING(const ASN1_T61STRING *in, uint8_t **outp);
668	OPENSSL_EXPORT int i2d_ASN1_UNIVERSALSTRING(const ASN1_UNIVERSALSTRING *in,
669	uint8_t **outp);
670	OPENSSL_EXPORT int i2d_ASN1_UTF8STRING(const ASN1_UTF8STRING *in,
671	uint8_t **outp);
672	OPENSSL_EXPORT int i2d_ASN1_VISIBLESTRING(const ASN1_VISIBLESTRING *in,
673	uint8_t **outp);
674
675	// The following |ASN1_ITEM|s have the ASN.1 type referred to in their name and
676	// C type |ASN1_STRING*|. The C type may also be written as the corresponding
677	// typedef.
678	DECLARE_ASN1_ITEM(ASN1_BMPSTRING)
679	DECLARE_ASN1_ITEM(ASN1_GENERALSTRING)
680	DECLARE_ASN1_ITEM(ASN1_IA5STRING)
681	DECLARE_ASN1_ITEM(ASN1_OCTET_STRING)
682	DECLARE_ASN1_ITEM(ASN1_PRINTABLESTRING)
683	DECLARE_ASN1_ITEM(ASN1_T61STRING)
684	DECLARE_ASN1_ITEM(ASN1_UNIVERSALSTRING)
685	DECLARE_ASN1_ITEM(ASN1_UTF8STRING)
686	DECLARE_ASN1_ITEM(ASN1_VISIBLESTRING)
687
688	// ASN1_OCTET_STRING_dup calls |ASN1_STRING_dup|.
689	OPENSSL_EXPORT ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(
690	const ASN1_OCTET_STRING *a);
691
692	// ASN1_OCTET_STRING_cmp calls |ASN1_STRING_cmp|.
693	OPENSSL_EXPORT int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
694	const ASN1_OCTET_STRING *b);
695
696	// ASN1_OCTET_STRING_set calls |ASN1_STRING_set|.
697	OPENSSL_EXPORT int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str,
698	const unsigned char *data, int len);
699
700	// ASN1_STRING_to_UTF8 converts |in| to UTF-8. On success, sets |*out| to a
701	// newly-allocated buffer containing the resulting string and returns the length
702	// of the string. The caller must call |OPENSSL_free| to release |*out| when
703	// done. On error, it returns a negative number.
704	OPENSSL_EXPORT int ASN1_STRING_to_UTF8(unsigned char **out,
705	const ASN1_STRING *in);
706
707	// The following formats define encodings for use with functions like
708	// |ASN1_mbstring_copy|. Note |MBSTRING_ASC| refers to Latin-1, not ASCII.
709	#define MBSTRING_FLAG 0x1000
710	#define MBSTRING_UTF8 (MBSTRING_FLAG)
711	#define MBSTRING_ASC (MBSTRING_FLAG | 1)
712	#define MBSTRING_BMP (MBSTRING_FLAG | 2)
713	#define MBSTRING_UNIV (MBSTRING_FLAG | 4)
714
715	// DIRSTRING_TYPE contains the valid string types in an X.509 DirectoryString.
716	#define DIRSTRING_TYPE \
717	(B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_BMPSTRING | \
718	B_ASN1_UTF8STRING)
719
720	// PKCS9STRING_TYPE contains the valid string types in a PKCS9String.
721	#define PKCS9STRING_TYPE (DIRSTRING_TYPE | B_ASN1_IA5STRING)
722
723	// ASN1_mbstring_copy converts |len| bytes from |in| to an ASN.1 string. If
724	// |len| is -1, |in| must be NUL-terminated and the length is determined by
725	// |strlen|. |in| is decoded according to |inform|, which must be one of
726	// |MBSTRING_*|. |mask| determines the set of valid output types and is a
727	// bitmask containing a subset of |B_ASN1_PRINTABLESTRING|, |B_ASN1_IA5STRING|,
728	// |B_ASN1_T61STRING|, |B_ASN1_BMPSTRING|, |B_ASN1_UNIVERSALSTRING|, and
729	// |B_ASN1_UTF8STRING|, in that preference order. This function chooses the
730	// first output type in |mask| which can represent |in|. It interprets T61String
731	// as Latin-1, rather than T.61.
732	//
733	// If |mask| is zero, |DIRSTRING_TYPE| is used by default.
734	//
735	// On success, this function returns the |V_ASN1_*| constant corresponding to
736	// the selected output type and, if |out| and |*out| are both non-NULL, updates
737	// the object at |*out| with the result. If |out| is non-NULL and |*out| is
738	// NULL, it instead sets |*out| to a newly-allocated |ASN1_STRING| containing
739	// the result. If |out| is NULL, it returns the selected output type without
740	// constructing an |ASN1_STRING|. On error, this function returns -1.
741	OPENSSL_EXPORT int ASN1_mbstring_copy(ASN1_STRING **out, const uint8_t *in,
742	int len, int inform, unsigned long mask);
743
744	// ASN1_mbstring_ncopy behaves like |ASN1_mbstring_copy| but returns an error if
745	// the input is less than |minsize| or greater than |maxsize| codepoints long. A
746	// |maxsize| value of zero is ignored. Note the sizes are measured in
747	// codepoints, not output bytes.
748	OPENSSL_EXPORT int ASN1_mbstring_ncopy(ASN1_STRING **out, const uint8_t *in,
749	int len, int inform, unsigned long mask,
750	long minsize, long maxsize);
751
752	// ASN1_STRING_set_by_NID behaves like |ASN1_mbstring_ncopy|, but determines
753	// |mask|, |minsize|, and |maxsize| based on |nid|. When |nid| is a recognized
754	// X.509 attribute type, it will pick a suitable ASN.1 string type and bounds.
755	// For most attribute types, it preferentially chooses UTF8String. If |nid| is
756	// unrecognized, it uses UTF8String by default.
757	//
758	// Slightly unlike |ASN1_mbstring_ncopy|, this function interprets |out| and
759	// returns its result as follows: If |out| is NULL, it returns a newly-allocated
760	// |ASN1_STRING| containing the result. If |out| is non-NULL and
761	// |*out| is NULL, it additionally sets |*out| to the result. If both |out| and
762	// |*out| are non-NULL, it instead updates the object at |*out| and returns
763	// |*out|. In all cases, it returns NULL on error.
764	//
765	// This function supports the following NIDs: |NID_countryName|,
766	// |NID_dnQualifier|, |NID_domainComponent|, |NID_friendlyName|,
767	// |NID_givenName|, |NID_initials|, |NID_localityName|, |NID_ms_csp_name|,
768	// |NID_name|, |NID_organizationalUnitName|, |NID_organizationName|,
769	// |NID_pkcs9_challengePassword|, |NID_pkcs9_emailAddress|,
770	// |NID_pkcs9_unstructuredAddress|, |NID_pkcs9_unstructuredName|,
771	// |NID_serialNumber|, |NID_stateOrProvinceName|, and |NID_surname|. Additional
772	// NIDs may be registered with |ASN1_STRING_set_by_NID|, but it is recommended
773	// to call |ASN1_mbstring_ncopy| directly instead.
774	OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
775	const unsigned char *in,
776	int len, int inform,
777	int nid);
778
779	// STABLE_NO_MASK causes |ASN1_STRING_TABLE_add| to allow types other than
780	// UTF8String.
781	#define STABLE_NO_MASK 0x02
782
783	// ASN1_STRING_TABLE_add registers the corresponding parameters with |nid|, for
784	// use with |ASN1_STRING_set_by_NID|. It returns one on success and zero on
785	// error. It is an error to call this function if |nid| is a built-in NID, or
786	// was already registered by a previous call.
787	//
788	// WARNING: This function affects global state in the library. If two libraries
789	// in the same address space register information for the same OID, one call
790	// will fail. Prefer directly passing the desired parametrs to
791	// |ASN1_mbstring_copy| or |ASN1_mbstring_ncopy| instead.
792	OPENSSL_EXPORT int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize,
793	unsigned long mask,
794	unsigned long flags);
795
796
797	// Multi-strings.
798	//
799	// A multi-string, or "MSTRING", is an |ASN1_STRING| that represents a CHOICE of
800	// several string or string-like types, such as X.509's DirectoryString. The
801	// |ASN1_STRING|'s type field determines which type is used.
802	//
803	// Multi-string types are associated with a bitmask, using the |B_ASN1_*|
804	// constants, which defines which types are valid.
805
806	// B_ASN1_DIRECTORYSTRING is a bitmask of types allowed in an X.509
807	// DirectoryString (RFC 5280).
808	#define B_ASN1_DIRECTORYSTRING \
809	(B_ASN1_PRINTABLESTRING | B_ASN1_TELETEXSTRING | B_ASN1_BMPSTRING | \
810	B_ASN1_UNIVERSALSTRING | B_ASN1_UTF8STRING)
811
812	// DIRECTORYSTRING_new returns a newly-allocated |ASN1_STRING| with type -1, or
813	// NULL on error. The resulting |ASN1_STRING| is not a valid X.509
814	// DirectoryString until initialized with a value.
815	OPENSSL_EXPORT ASN1_STRING *DIRECTORYSTRING_new(void);
816
817	// DIRECTORYSTRING_free calls |ASN1_STRING_free|.
818	OPENSSL_EXPORT void DIRECTORYSTRING_free(ASN1_STRING *str);
819
820	// d2i_DIRECTORYSTRING parses up to |len| bytes from |*inp| as a DER-encoded
821	// X.509 DirectoryString (RFC 5280), as described in |d2i_SAMPLE|.
822	//
823	// TODO(https://crbug.com/boringssl/354): This function currently also accepts
824	// BER, but this will be removed in the future.
825	//
826	// TODO(https://crbug.com/boringssl/449): DirectoryString's non-empty string
827	// requirement is not currently enforced.
828	OPENSSL_EXPORT ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **out,
829	const uint8_t **inp, long len);
830
831	// i2d_DIRECTORYSTRING marshals |in| as a DER-encoded X.509 DirectoryString (RFC
832	// 5280), as described in |i2d_SAMPLE|.
833	OPENSSL_EXPORT int i2d_DIRECTORYSTRING(const ASN1_STRING *in, uint8_t **outp);
834
835	// DIRECTORYSTRING is an |ASN1_ITEM| whose ASN.1 type is X.509 DirectoryString
836	// (RFC 5280) and C type is |ASN1_STRING*|.
837	DECLARE_ASN1_ITEM(DIRECTORYSTRING)
838
839	// B_ASN1_DISPLAYTEXT is a bitmask of types allowed in an X.509 DisplayText (RFC
840	// 5280).
841	#define B_ASN1_DISPLAYTEXT \
842	(B_ASN1_IA5STRING | B_ASN1_VISIBLESTRING | B_ASN1_BMPSTRING | \
843	B_ASN1_UTF8STRING)
844
845	// DISPLAYTEXT_new returns a newly-allocated |ASN1_STRING| with type -1, or NULL
846	// on error. The resulting |ASN1_STRING| is not a valid X.509 DisplayText until
847	// initialized with a value.
848	OPENSSL_EXPORT ASN1_STRING *DISPLAYTEXT_new(void);
849
850	// DISPLAYTEXT_free calls |ASN1_STRING_free|.
851	OPENSSL_EXPORT void DISPLAYTEXT_free(ASN1_STRING *str);
852
853	// d2i_DISPLAYTEXT parses up to |len| bytes from |*inp| as a DER-encoded X.509
854	// DisplayText (RFC 5280), as described in |d2i_SAMPLE|.
855	//
856	// TODO(https://crbug.com/boringssl/354): This function currently also accepts
857	// BER, but this will be removed in the future.
858	//
859	// TODO(https://crbug.com/boringssl/449): DisplayText's size limits are not
860	// currently enforced.
861	OPENSSL_EXPORT ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **out,
862	const uint8_t **inp, long len);
863
864	// i2d_DISPLAYTEXT marshals |in| as a DER-encoded X.509 DisplayText (RFC 5280),
865	// as described in |i2d_SAMPLE|.
866	OPENSSL_EXPORT int i2d_DISPLAYTEXT(const ASN1_STRING *in, uint8_t **outp);
867
868	// DISPLAYTEXT is an |ASN1_ITEM| whose ASN.1 type is X.509 DisplayText (RFC
869	// 5280) and C type is |ASN1_STRING*|.
870	DECLARE_ASN1_ITEM(DISPLAYTEXT)
871
872
873	// Bit strings.
874	//
875	// An ASN.1 BIT STRING type represents a string of bits. The string may not
876	// necessarily be a whole number of bytes. BIT STRINGs occur in ASN.1 structures
877	// in several forms:
878	//
879	// Some BIT STRINGs represent a bitmask of named bits, such as the X.509 key
880	// usage extension in RFC 5280, section 4.2.1.3. For such bit strings, DER
881	// imposes an additional restriction that trailing zero bits are removed. Some
882	// functions like |ASN1_BIT_STRING_set_bit| help in maintaining this.
883	//
884	// Other BIT STRINGs are arbitrary strings of bits used as identifiers and do
885	// not have this constraint, such as the X.509 issuerUniqueID field.
886	//
887	// Finally, some structures use BIT STRINGs as a container for byte strings. For
888	// example, the signatureValue field in X.509 and the subjectPublicKey field in
889	// SubjectPublicKeyInfo are defined as BIT STRINGs with a value specific to the
890	// AlgorithmIdentifier. While some unknown algorithm could choose to store
891	// arbitrary bit strings, all supported algorithms use a byte string, with bit
892	// order matching the DER encoding. Callers interpreting a BIT STRING as a byte
893	// string should use |ASN1_BIT_STRING_num_bytes| instead of |ASN1_STRING_length|
894	// and reject bit strings that are not a whole number of bytes.
895	//
896	// This library represents BIT STRINGs as |ASN1_STRING|s with type
897	// |V_ASN1_BIT_STRING|. The data contains the encoded form of the BIT STRING,
898	// including any padding bits added to round to a whole number of bytes, but
899	// excluding the leading byte containing the number of padding bits. If
900	// |ASN1_STRING_FLAG_BITS_LEFT| is set, the bottom three bits contains the
901	// number of padding bits. For example, DER encodes the BIT STRING {1, 0} as
902	// {0x06, 0x80 = 0b10_000000}. The |ASN1_STRING| representation has data of
903	// {0x80} and flags of ASN1_STRING_FLAG_BITS_LEFT | 6. If
904	// |ASN1_STRING_FLAG_BITS_LEFT| is unset, trailing zero bits are implicitly
905	// removed. Callers should not rely this representation when constructing bit
906	// strings. The padding bits in the |ASN1_STRING| data must be zero.
907
908	// ASN1_BIT_STRING_new calls |ASN1_STRING_type_new| with |V_ASN1_BIT_STRING|.
909	OPENSSL_EXPORT ASN1_BIT_STRING *ASN1_BIT_STRING_new(void);
910
911	// ASN1_BIT_STRING_free calls |ASN1_STRING_free|.
912	OPENSSL_EXPORT void ASN1_BIT_STRING_free(ASN1_BIT_STRING *str);
913
914	// d2i_ASN1_BIT_STRING parses up to |len| bytes from |*inp| as a DER-encoded
915	// ASN.1 BIT STRING, as described in |d2i_SAMPLE|.
916	//
917	// TODO(https://crbug.com/boringssl/354): This function currently also accepts
918	// BER, but this will be removed in the future.
919	OPENSSL_EXPORT ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **out,
920	const uint8_t **inp,
921	long len);
922
923	// i2d_ASN1_BIT_STRING marshals |in| as a DER-encoded ASN.1 BIT STRING, as
924	// described in |i2d_SAMPLE|.
925	OPENSSL_EXPORT int i2d_ASN1_BIT_STRING(const ASN1_BIT_STRING *in,
926	uint8_t **outp);
927
928	// c2i_ASN1_BIT_STRING decodes |len| bytes from |*inp| as the contents of a
929	// DER-encoded BIT STRING, excluding the tag and length. It behaves like
930	// |d2i_SAMPLE| except, on success, it always consumes all |len| bytes.
931	//
932	// TODO(https://crbug.com/boringssl/354): This function currently also accepts
933	// BER, but this will be removed in the future.
934	OPENSSL_EXPORT ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **out,
935	const uint8_t **inp,
936	long len);
937
938	// i2c_ASN1_BIT_STRING encodes |in| as the contents of a DER-encoded BIT STRING,
939	// excluding the tag and length. If |outp| is non-NULL, it writes the result to
940	// |*outp|, advances |*outp| just past the output, and returns the number of
941	// bytes written. |*outp| must have space available for the result. If |outp| is
942	// NULL, it returns the number of bytes without writing anything. On error, it
943	// returns a value <= 0.
944	//
945	// Note this function differs slightly from |i2d_SAMPLE|. If |outp| is non-NULL
946	// and |*outp| is NULL, it does not allocate a new buffer.
947	//
948	// TODO(davidben): This function currently returns zero on error instead of -1,
949	// but it is also mostly infallible. I've currently documented <= 0 to suggest
950	// callers work with both.
951	OPENSSL_EXPORT int i2c_ASN1_BIT_STRING(const ASN1_BIT_STRING *in,
952	uint8_t **outp);
953
954	// ASN1_BIT_STRING is an |ASN1_ITEM| with ASN.1 type BIT STRING and C type
955	// |ASN1_BIT_STRING*|.
956	DECLARE_ASN1_ITEM(ASN1_BIT_STRING)
957
958	// ASN1_BIT_STRING_num_bytes computes the length of |str| in bytes. If |str|'s
959	// bit length is a multiple of 8, it sets |*out| to the byte length and returns
960	// one. Otherwise, it returns zero.
961	//
962	// This function may be used with |ASN1_STRING_get0_data| to interpret |str| as
963	// a byte string.
964	OPENSSL_EXPORT int ASN1_BIT_STRING_num_bytes(const ASN1_BIT_STRING *str,
965	size_t *out);
966
967	// ASN1_BIT_STRING_set calls |ASN1_STRING_set|. It leaves flags unchanged, so
968	// the caller must set the number of unused bits.
969	//
970	// TODO(davidben): Maybe it should? Wrapping a byte string in a bit string is a
971	// common use case.
972	OPENSSL_EXPORT int ASN1_BIT_STRING_set(ASN1_BIT_STRING *str,
973	const unsigned char *d,
974	ossl_ssize_t length);
975
976	// ASN1_BIT_STRING_set_bit sets bit |n| of |str| to one if |value| is non-zero
977	// and zero if |value| is zero, resizing |str| as needed. It then truncates
978	// trailing zeros in |str| to align with the DER represention for a bit string
979	// with named bits. It returns one on success and zero on error. |n| is indexed
980	// beginning from zero.
981	OPENSSL_EXPORT int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *str, int n,
982	int value);
983
984	// ASN1_BIT_STRING_get_bit returns one if bit |n| of |a| is in bounds and set,
985	// and zero otherwise. |n| is indexed beginning from zero.
986	OPENSSL_EXPORT int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *str, int n);
987
988	// ASN1_BIT_STRING_check returns one if |str| only contains bits that are set in
989	// the |flags_len| bytes pointed by |flags|. Otherwise it returns zero. Bits in
990	// |flags| are arranged according to the DER representation, so bit 0
991	// corresponds to the MSB of |flags[0]|.
992	OPENSSL_EXPORT int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *str,
993	const unsigned char *flags,
994	int flags_len);
995
996
997	// Integers and enumerated values.
998	//
999	// INTEGER and ENUMERATED values are represented as |ASN1_STRING|s where the
1000	// data contains the big-endian encoding of the absolute value of the integer.
1001	// The sign bit is encoded in the type: non-negative values have a type of
1002	// |V_ASN1_INTEGER| or |V_ASN1_ENUMERATED|, while negative values have a type of
1003	// |V_ASN1_NEG_INTEGER| or |V_ASN1_NEG_ENUMERATED|. Note this differs from DER's
1004	// two's complement representation.
1005	//
1006	// The data in the |ASN1_STRING| may not have leading zeros. Note this means
1007	// zero is represented as the empty string. Parsing functions will never return
1008	// invalid representations. If an invalid input is constructed, the marshaling
1009	// functions will skip leading zeros, however other functions, such as
1010	// |ASN1_INTEGER_cmp| or |ASN1_INTEGER_get|, may not return the correct result.
1011
1012	DEFINE_STACK_OF(ASN1_INTEGER)
1013
1014	// ASN1_INTEGER_new calls |ASN1_STRING_type_new| with |V_ASN1_INTEGER|. The
1015	// resulting object has value zero.
1016	OPENSSL_EXPORT ASN1_INTEGER *ASN1_INTEGER_new(void);
1017
1018	// ASN1_INTEGER_free calls |ASN1_STRING_free|.
1019	OPENSSL_EXPORT void ASN1_INTEGER_free(ASN1_INTEGER *str);
1020
1021	// ASN1_INTEGER_dup calls |ASN1_STRING_dup|.
1022	OPENSSL_EXPORT ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x);
1023
1024	// d2i_ASN1_INTEGER parses up to |len| bytes from |*inp| as a DER-encoded
1025	// ASN.1 INTEGER, as described in |d2i_SAMPLE|.
1026	//
1027	// TODO(https://crbug.com/boringssl/354): This function currently also accepts
1028	// BER, but this will be removed in the future.
1029	OPENSSL_EXPORT ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **out,
1030	const uint8_t **inp, long len);
1031
1032	// i2d_ASN1_INTEGER marshals |in| as a DER-encoded ASN.1 INTEGER, as
1033	// described in |i2d_SAMPLE|.
1034	OPENSSL_EXPORT int i2d_ASN1_INTEGER(const ASN1_INTEGER *in, uint8_t **outp);
1035
1036	// c2i_ASN1_INTEGER decodes |len| bytes from |*inp| as the contents of a
1037	// DER-encoded INTEGER, excluding the tag and length. It behaves like
1038	// |d2i_SAMPLE| except, on success, it always consumes all |len| bytes.
1039	//
1040	// TODO(https://crbug.com/boringssl/354): This function currently also accepts
1041	// some invalid inputs, but this will be removed in the future.
1042	OPENSSL_EXPORT ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **in,
1043	const uint8_t **outp, long len);
1044
1045	// i2c_ASN1_INTEGER encodes |in| as the contents of a DER-encoded INTEGER,
1046	// excluding the tag and length. If |outp| is non-NULL, it writes the result to
1047	// |*outp|, advances |*outp| just past the output, and returns the number of
1048	// bytes written. |*outp| must have space available for the result. If |outp| is
1049	// NULL, it returns the number of bytes without writing anything. On error, it
1050	// returns a value <= 0.
1051	//
1052	// Note this function differs slightly from |i2d_SAMPLE|. If |outp| is non-NULL
1053	// and |*outp| is NULL, it does not allocate a new buffer.
1054	//
1055	// TODO(davidben): This function currently returns zero on error instead of -1,
1056	// but it is also mostly infallible. I've currently documented <= 0 to suggest
1057	// callers work with both.
1058	OPENSSL_EXPORT int i2c_ASN1_INTEGER(const ASN1_INTEGER *in, uint8_t **outp);
1059
1060	// ASN1_INTEGER is an |ASN1_ITEM| with ASN.1 type INTEGER and C type
1061	// |ASN1_INTEGER*|.
1062	DECLARE_ASN1_ITEM(ASN1_INTEGER)
1063
1064	// ASN1_INTEGER_set_uint64 sets |a| to an INTEGER with value |v|. It returns one
1065	// on success and zero on error.
1066	OPENSSL_EXPORT int ASN1_INTEGER_set_uint64(ASN1_INTEGER *out, uint64_t v);
1067
1068	// ASN1_INTEGER_set_int64 sets |a| to an INTEGER with value |v|. It returns one
1069	// on success and zero on error.
1070	OPENSSL_EXPORT int ASN1_INTEGER_set_int64(ASN1_INTEGER *out, int64_t v);
1071
1072	// ASN1_INTEGER_get_uint64 converts |a| to a |uint64_t|. On success, it returns
1073	// one and sets |*out| to the result. If |a| did not fit or has the wrong type,
1074	// it returns zero.
1075	OPENSSL_EXPORT int ASN1_INTEGER_get_uint64(uint64_t *out,
1076	const ASN1_INTEGER *a);
1077
1078	// ASN1_INTEGER_get_int64 converts |a| to a |int64_t|. On success, it returns
1079	// one and sets |*out| to the result. If |a| did not fit or has the wrong type,
1080	// it returns zero.
1081	OPENSSL_EXPORT int ASN1_INTEGER_get_int64(int64_t *out, const ASN1_INTEGER *a);
1082
1083	// BN_to_ASN1_INTEGER sets |ai| to an INTEGER with value |bn| and returns |ai|
1084	// on success or NULL or error. If |ai| is NULL, it returns a newly-allocated
1085	// |ASN1_INTEGER| on success instead, which the caller must release with
1086	// |ASN1_INTEGER_free|.
1087	OPENSSL_EXPORT ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn,
1088	ASN1_INTEGER *ai);
1089
1090	// ASN1_INTEGER_to_BN sets |bn| to the value of |ai| and returns |bn| on success
1091	// or NULL or error. If |bn| is NULL, it returns a newly-allocated |BIGNUM| on
1092	// success instead, which the caller must release with |BN_free|.
1093	OPENSSL_EXPORT BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn);
1094
1095	// ASN1_INTEGER_cmp compares the values of |x| and |y|. It returns an integer
1096	// equal to, less than, or greater than zero if |x| is equal to, less than, or
1097	// greater than |y|, respectively.
1098	OPENSSL_EXPORT int ASN1_INTEGER_cmp(const ASN1_INTEGER *x,
1099	const ASN1_INTEGER *y);
1100
1101	// ASN1_ENUMERATED_new calls |ASN1_STRING_type_new| with |V_ASN1_ENUMERATED|.
1102	// The resulting object has value zero.
1103	OPENSSL_EXPORT ASN1_ENUMERATED *ASN1_ENUMERATED_new(void);
1104
1105	// ASN1_ENUMERATED_free calls |ASN1_STRING_free|.
1106	OPENSSL_EXPORT void ASN1_ENUMERATED_free(ASN1_ENUMERATED *str);
1107
1108	// d2i_ASN1_ENUMERATED parses up to |len| bytes from |*inp| as a DER-encoded
1109	// ASN.1 ENUMERATED, as described in |d2i_SAMPLE|.
1110	//
1111	// TODO(https://crbug.com/boringssl/354): This function currently also accepts
1112	// BER, but this will be removed in the future.
1113	OPENSSL_EXPORT ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **out,
1114	const uint8_t **inp,
1115	long len);
1116
1117	// i2d_ASN1_ENUMERATED marshals |in| as a DER-encoded ASN.1 ENUMERATED, as
1118	// described in |i2d_SAMPLE|.
1119	OPENSSL_EXPORT int i2d_ASN1_ENUMERATED(const ASN1_ENUMERATED *in,
1120	uint8_t **outp);
1121
1122	// ASN1_ENUMERATED is an |ASN1_ITEM| with ASN.1 type ENUMERATED and C type
1123	// |ASN1_ENUMERATED*|.
1124	DECLARE_ASN1_ITEM(ASN1_ENUMERATED)
1125
1126	// ASN1_ENUMERATED_set_uint64 sets |a| to an ENUMERATED with value |v|. It
1127	// returns one on success and zero on error.
1128	OPENSSL_EXPORT int ASN1_ENUMERATED_set_uint64(ASN1_ENUMERATED *out, uint64_t v);
1129
1130	// ASN1_ENUMERATED_set_int64 sets |a| to an ENUMERATED with value |v|. It
1131	// returns one on success and zero on error.
1132	OPENSSL_EXPORT int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *out, int64_t v);
1133
1134	// ASN1_ENUMERATED_get_uint64 converts |a| to a |uint64_t|. On success, it
1135	// returns one and sets |*out| to the result. If |a| did not fit or has the
1136	// wrong type, it returns zero.
1137	OPENSSL_EXPORT int ASN1_ENUMERATED_get_uint64(uint64_t *out,
1138	const ASN1_ENUMERATED *a);
1139
1140	// ASN1_ENUMERATED_get_int64 converts |a| to a |int64_t|. On success, it
1141	// returns one and sets |*out| to the result. If |a| did not fit or has the
1142	// wrong type, it returns zero.
1143	OPENSSL_EXPORT int ASN1_ENUMERATED_get_int64(int64_t *out,
1144	const ASN1_ENUMERATED *a);
1145
1146	// BN_to_ASN1_ENUMERATED sets |ai| to an ENUMERATED with value |bn| and returns
1147	// |ai| on success or NULL or error. If |ai| is NULL, it returns a
1148	// newly-allocated |ASN1_ENUMERATED| on success instead, which the caller must
1149	// release with |ASN1_ENUMERATED_free|.
1150	OPENSSL_EXPORT ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn,
1151	ASN1_ENUMERATED *ai);
1152
1153	// ASN1_ENUMERATED_to_BN sets |bn| to the value of |ai| and returns |bn| on
1154	// success or NULL or error. If |bn| is NULL, it returns a newly-allocated
1155	// |BIGNUM| on success instead, which the caller must release with |BN_free|.
1156	OPENSSL_EXPORT BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai,
1157	BIGNUM *bn);
1158
1159
1160	// Time.
1161	//
1162	// GeneralizedTime and UTCTime values are represented as |ASN1_STRING|s. The
1163	// type field is |V_ASN1_GENERALIZEDTIME| or |V_ASN1_UTCTIME|, respectively. The
1164	// data field contains the DER encoding of the value. For example, the UNIX
1165	// epoch would be "19700101000000Z" for a GeneralizedTime and "700101000000Z"
1166	// for a UTCTime.
1167	//
1168	// ASN.1 does not define how to interpret UTCTime's two-digit year. RFC 5280
1169	// defines it as a range from 1950 to 2049 for X.509. The library uses the
1170	// RFC 5280 interpretation. It does not currently enforce the restrictions from
1171	// BER, and the additional restrictions from RFC 5280, but future versions may.
1172	// Callers should not rely on fractional seconds and non-UTC time zones.
1173	//
1174	// The |ASN1_TIME| typedef is a multi-string representing the X.509 Time type,
1175	// which is a CHOICE of GeneralizedTime and UTCTime, using UTCTime when the
1176	// value is in range.
1177
1178	// ASN1_UTCTIME_new calls |ASN1_STRING_type_new| with |V_ASN1_UTCTIME|. The
1179	// resulting object contains empty contents and must be initialized to be a
1180	// valid UTCTime.
1181	OPENSSL_EXPORT ASN1_UTCTIME *ASN1_UTCTIME_new(void);
1182
1183	// ASN1_UTCTIME_free calls |ASN1_STRING_free|.
1184	OPENSSL_EXPORT void ASN1_UTCTIME_free(ASN1_UTCTIME *str);
1185
1186	// d2i_ASN1_UTCTIME parses up to |len| bytes from |*inp| as a DER-encoded
1187	// ASN.1 UTCTime, as described in |d2i_SAMPLE|.
1188	//
1189	// TODO(https://crbug.com/boringssl/354): This function currently also accepts
1190	// BER, but this will be removed in the future.
1191	OPENSSL_EXPORT ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **out,
1192	const uint8_t **inp, long len);
1193
1194	// i2d_ASN1_UTCTIME marshals |in| as a DER-encoded ASN.1 UTCTime, as
1195	// described in |i2d_SAMPLE|.
1196	OPENSSL_EXPORT int i2d_ASN1_UTCTIME(const ASN1_UTCTIME *in, uint8_t **outp);
1197
1198	// ASN1_UTCTIME is an |ASN1_ITEM| with ASN.1 type UTCTime and C type
1199	// |ASN1_UTCTIME*|.
1200	DECLARE_ASN1_ITEM(ASN1_UTCTIME)
1201
1202	// ASN1_UTCTIME_check returns one if |a| is a valid UTCTime and zero otherwise.
1203	OPENSSL_EXPORT int ASN1_UTCTIME_check(const ASN1_UTCTIME *a);
1204
1205	// ASN1_UTCTIME_set represents |posix_time| as a UTCTime and writes the result
1206	// to |s|. It returns |s| on success and NULL on error. If |s| is NULL, it
1207	// returns a newly-allocated |ASN1_UTCTIME| instead.
1208	//
1209	// Note this function may fail if the time is out of range for UTCTime.
1210	OPENSSL_EXPORT ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,
1211	int64_t posix_time);
1212
1213	// ASN1_UTCTIME_adj adds |offset_day| days and |offset_sec| seconds to
1214	// |posix_time| and writes the result to |s| as a UTCTime. It returns |s| on
1215	// success and NULL on error. If |s| is NULL, it returns a newly-allocated
1216	// |ASN1_UTCTIME| instead.
1217	//
1218	// Note this function may fail if the time overflows or is out of range for
1219	// UTCTime.
1220	OPENSSL_EXPORT ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s,
1221	int64_t posix_time,
1222	int offset_day, long offset_sec);
1223
1224	// ASN1_UTCTIME_set_string sets |s| to a UTCTime whose contents are a copy of
1225	// |str|. It returns one on success and zero on error or if |str| is not a valid
1226	// UTCTime.
1227	//
1228	// If |s| is NULL, this function validates |str| without copying it.
1229	OPENSSL_EXPORT int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
1230
1231	// ASN1_UTCTIME_cmp_time_t compares |s| to |t|. It returns -1 if |s| < |t|, 0 if
1232	// they are equal, 1 if |s| > |t|, and -2 on error.
1233	OPENSSL_EXPORT int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
1234
1235	// ASN1_GENERALIZEDTIME_new calls |ASN1_STRING_type_new| with
1236	// |V_ASN1_GENERALIZEDTIME|. The resulting object contains empty contents and
1237	// must be initialized to be a valid GeneralizedTime.
1238	OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_new(void);
1239
1240	// ASN1_GENERALIZEDTIME_free calls |ASN1_STRING_free|.
1241	OPENSSL_EXPORT void ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *str);
1242
1243	// d2i_ASN1_GENERALIZEDTIME parses up to |len| bytes from |*inp| as a
1244	// DER-encoded ASN.1 GeneralizedTime, as described in |d2i_SAMPLE|.
1245	//
1246	// TODO(https://crbug.com/boringssl/354): This function currently also accepts
1247	// BER, but this will be removed in the future.
1248	OPENSSL_EXPORT ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(
1249	ASN1_GENERALIZEDTIME **out, const uint8_t **inp, long len);
1250
1251	// i2d_ASN1_GENERALIZEDTIME marshals |in| as a DER-encoded ASN.1
1252	// GeneralizedTime, as described in |i2d_SAMPLE|.
1253	OPENSSL_EXPORT int i2d_ASN1_GENERALIZEDTIME(const ASN1_GENERALIZEDTIME *in,
1254	uint8_t **outp);
1255
1256	// ASN1_GENERALIZEDTIME is an |ASN1_ITEM| with ASN.1 type GeneralizedTime and C
1257	// type |ASN1_GENERALIZEDTIME*|.
1258	DECLARE_ASN1_ITEM(ASN1_GENERALIZEDTIME)
1259
1260	// ASN1_GENERALIZEDTIME_check returns one if |a| is a valid GeneralizedTime and
1261	// zero otherwise.
1262	OPENSSL_EXPORT int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a);
1263
1264	// ASN1_GENERALIZEDTIME_set represents |posix_time| as a GeneralizedTime and
1265	// writes the result to |s|. It returns |s| on success and NULL on error. If |s|
1266	// is NULL, it returns a newly-allocated |ASN1_GENERALIZEDTIME| instead.
1267	//
1268	// Note this function may fail if the time is out of range for GeneralizedTime.
1269	OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(
1270	ASN1_GENERALIZEDTIME *s, int64_t posix_time);
1271
1272	// ASN1_GENERALIZEDTIME_adj adds |offset_day| days and |offset_sec| seconds to
1273	// |posix_time| and writes the result to |s| as a GeneralizedTime. It returns
1274	// |s| on success and NULL on error. If |s| is NULL, it returns a
1275	// newly-allocated |ASN1_GENERALIZEDTIME| instead.
1276	//
1277	// Note this function may fail if the time overflows or is out of range for
1278	// GeneralizedTime.
1279	OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(
1280	ASN1_GENERALIZEDTIME *s, int64_t posix_time, int offset_day,
1281	long offset_sec);
1282
1283	// ASN1_GENERALIZEDTIME_set_string sets |s| to a GeneralizedTime whose contents
1284	// are a copy of |str|. It returns one on success and zero on error or if |str|
1285	// is not a valid GeneralizedTime.
1286	//
1287	// If |s| is NULL, this function validates |str| without copying it.
1288	OPENSSL_EXPORT int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s,
1289	const char *str);
1290
1291	// B_ASN1_TIME is a bitmask of types allowed in an X.509 Time.
1292	#define B_ASN1_TIME (B_ASN1_UTCTIME | B_ASN1_GENERALIZEDTIME)
1293
1294	// ASN1_TIME_new returns a newly-allocated |ASN1_TIME| with type -1, or NULL on
1295	// error. The resulting |ASN1_TIME| is not a valid X.509 Time until initialized
1296	// with a value.
1297	OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_new(void);
1298
1299	// ASN1_TIME_free releases memory associated with |str|.
1300	OPENSSL_EXPORT void ASN1_TIME_free(ASN1_TIME *str);
1301
1302	// d2i_ASN1_TIME parses up to |len| bytes from |*inp| as a DER-encoded X.509
1303	// Time (RFC 5280), as described in |d2i_SAMPLE|.
1304	//
1305	// TODO(https://crbug.com/boringssl/354): This function currently also accepts
1306	// BER, but this will be removed in the future.
1307	OPENSSL_EXPORT ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **out, const uint8_t **inp,
1308	long len);
1309
1310	// i2d_ASN1_TIME marshals |in| as a DER-encoded X.509 Time (RFC 5280), as
1311	// described in |i2d_SAMPLE|.
1312	OPENSSL_EXPORT int i2d_ASN1_TIME(const ASN1_TIME *in, uint8_t **outp);
1313
1314	// ASN1_TIME is an |ASN1_ITEM| whose ASN.1 type is X.509 Time (RFC 5280) and C
1315	// type is |ASN1_TIME*|.
1316	DECLARE_ASN1_ITEM(ASN1_TIME)
1317
1318	// ASN1_TIME_diff computes |to| - |from|. On success, it sets |*out_days| to the
1319	// difference in days, rounded towards zero, sets |*out_seconds| to the
1320	// remainder, and returns one. On error, it returns zero.
1321	//
1322	// If |from| is before |to|, both outputs will be <= 0, with at least one
1323	// negative. If |from| is after |to|, both will be >= 0, with at least one
1324	// positive. If they are equal, ignoring fractional seconds, both will be zero.
1325	//
1326	// Note this function may fail on overflow, or if |from| or |to| cannot be
1327	// decoded.
1328	OPENSSL_EXPORT int ASN1_TIME_diff(int *out_days, int *out_seconds,
1329	const ASN1_TIME *from, const ASN1_TIME *to);
1330
1331	// ASN1_TIME_set_posix represents |posix_time| as a GeneralizedTime or UTCTime
1332	// and writes the result to |s|. As in RFC 5280, section 4.1.2.5, it uses
1333	// UTCTime when the time fits and GeneralizedTime otherwise. It returns |s| on
1334	// success and NULL on error. If |s| is NULL, it returns a newly-allocated
1335	// |ASN1_TIME| instead.
1336	//
1337	// Note this function may fail if the time is out of range for GeneralizedTime.
1338	OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_set_posix(ASN1_TIME *s, int64_t posix_time);
1339
1340	// ASN1_TIME_set is exactly the same as |ASN1_TIME_set_posix| but with a
1341	// time_t as input for compatibility.
1342	OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t time);
1343
1344	// ASN1_TIME_adj adds |offset_day| days and |offset_sec| seconds to
1345	// |posix_time| and writes the result to |s|. As in RFC 5280, section 4.1.2.5,
1346	// it uses UTCTime when the time fits and GeneralizedTime otherwise. It returns
1347	// |s| on success and NULL on error. If |s| is NULL, it returns a
1348	// newly-allocated |ASN1_GENERALIZEDTIME| instead.
1349	//
1350	// Note this function may fail if the time overflows or is out of range for
1351	// GeneralizedTime.
1352	OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, int64_t posix_time,
1353	int offset_day, long offset_sec);
1354
1355	// ASN1_TIME_check returns one if |t| is a valid UTCTime or GeneralizedTime, and
1356	// zero otherwise. |t|'s type determines which check is performed. This
1357	// function does not enforce that UTCTime was used when possible.
1358	OPENSSL_EXPORT int ASN1_TIME_check(const ASN1_TIME *t);
1359
1360	// ASN1_TIME_to_generalizedtime converts |t| to a GeneralizedTime. If |out| is
1361	// NULL, it returns a newly-allocated |ASN1_GENERALIZEDTIME| on success, or NULL
1362	// on error. If |out| is non-NULL and |*out| is NULL, it additionally sets
1363	// |*out| to the result. If |out| and |*out| are non-NULL, it instead updates
1364	// the object pointed by |*out| and returns |*out| on success or NULL on error.
1365	OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(
1366	const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
1367
1368	// ASN1_TIME_set_string behaves like |ASN1_UTCTIME_set_string| if |str| is a
1369	// valid UTCTime, and |ASN1_GENERALIZEDTIME_set_string| if |str| is a valid
1370	// GeneralizedTime. If |str| is neither, it returns zero.
1371	OPENSSL_EXPORT int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
1372
1373	// ASN1_TIME_to_time_t converts |t| to a time_t value in |out|. On
1374	// success, one is returned. On failure zero is returned. This function
1375	// will fail if the time can not be represented in a time_t.
1376	OPENSSL_EXPORT int ASN1_TIME_to_time_t(const ASN1_TIME *t, time_t *out);
1377
1378	// ASN1_TIME_to_posix converts |t| to a POSIX time value in |out|. On
1379	// success, one is returned. On failure zero is returned.
1380	OPENSSL_EXPORT int ASN1_TIME_to_posix(const ASN1_TIME *t, int64_t *out);
1381
1382	// TODO(davidben): Expand and document function prototypes generated in macros.
1383
1384
1385	// NULL values.
1386	//
1387	// This library represents the ASN.1 NULL value by a non-NULL pointer to the
1388	// opaque type |ASN1_NULL|. An omitted OPTIONAL ASN.1 NULL value is a NULL
1389	// pointer. Unlike other pointer types, it is not necessary to free |ASN1_NULL|
1390	// pointers, but it is safe to do so.
1391
1392	// ASN1_NULL_new returns an opaque, non-NULL pointer. It is safe to call
1393	// |ASN1_NULL_free| on the result, but not necessary.
1394	OPENSSL_EXPORT ASN1_NULL *ASN1_NULL_new(void);
1395
1396	// ASN1_NULL_free does nothing.
1397	OPENSSL_EXPORT void ASN1_NULL_free(ASN1_NULL *null);
1398
1399	// d2i_ASN1_NULL parses a DER-encoded ASN.1 NULL value from up to |len| bytes
1400	// at |*inp|, as described in |d2i_SAMPLE|.
1401	//
1402	// TODO(https://crbug.com/boringssl/354): This function currently also accepts
1403	// BER, but this will be removed in the future.
1404	OPENSSL_EXPORT ASN1_NULL *d2i_ASN1_NULL(ASN1_NULL **out, const uint8_t **inp,
1405	long len);
1406
1407	// i2d_ASN1_NULL marshals |in| as a DER-encoded ASN.1 NULL value, as described
1408	// in |i2d_SAMPLE|.
1409	OPENSSL_EXPORT int i2d_ASN1_NULL(const ASN1_NULL *in, uint8_t **outp);
1410
1411	// ASN1_NULL is an |ASN1_ITEM| with ASN.1 type NULL and C type |ASN1_NULL*|.
1412	DECLARE_ASN1_ITEM(ASN1_NULL)
1413
1414
1415	// Object identifiers.
1416	//
1417	// An |ASN1_OBJECT| represents a ASN.1 OBJECT IDENTIFIER. See also obj.h for
1418	// additional functions relating to |ASN1_OBJECT|.
1419	//
1420	// TODO(davidben): What's the relationship between asn1.h and obj.h? Most of
1421	// obj.h deals with the large NID table, but then functions like |OBJ_get0_data|
1422	// or |OBJ_dup| are general |ASN1_OBJECT| functions.
1423
1424	DEFINE_STACK_OF(ASN1_OBJECT)
1425
1426	// ASN1_OBJECT_create returns a newly-allocated |ASN1_OBJECT| with |len| bytes
1427	// from |data| as the encoded OID, or NULL on error. |data| should contain the
1428	// DER-encoded identifier, excluding the tag and length.
1429	//
1430	// |nid| should be |NID_undef|. Passing a NID value that does not match |data|
1431	// will cause some functions to misbehave. |sn| and |ln| should be NULL. If
1432	// non-NULL, they are stored as short and long names, respectively, but these
1433	// values have no effect for |ASN1_OBJECT|s created through this function.
1434	//
1435	// TODO(davidben): Should we just ignore all those parameters? NIDs and names
1436	// are only relevant for |ASN1_OBJECT|s in the obj.h table.
1437	OPENSSL_EXPORT ASN1_OBJECT *ASN1_OBJECT_create(int nid, const uint8_t *data,
1438	int len, const char *sn,
1439	const char *ln);
1440
1441	// ASN1_OBJECT_free releases memory associated with |a|. If |a| is a static
1442	// |ASN1_OBJECT|, returned from |OBJ_nid2obj|, this function does nothing.
1443	OPENSSL_EXPORT void ASN1_OBJECT_free(ASN1_OBJECT *a);
1444
1445	// d2i_ASN1_OBJECT parses a DER-encoded ASN.1 OBJECT IDENTIFIER from up to |len|
1446	// bytes at |*inp|, as described in |d2i_SAMPLE|.
1447	//
1448	// TODO(https://crbug.com/boringssl/354): This function currently also accepts
1449	// BER, but this will be removed in the future.
1450	OPENSSL_EXPORT ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **out,
1451	const uint8_t **inp, long len);
1452
1453	// i2d_ASN1_OBJECT marshals |in| as a DER-encoded ASN.1 OBJECT IDENTIFIER, as
1454	// described in |i2d_SAMPLE|.
1455	OPENSSL_EXPORT int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, uint8_t **outp);
1456
1457	// c2i_ASN1_OBJECT decodes |len| bytes from |*inp| as the contents of a
1458	// DER-encoded OBJECT IDENTIFIER, excluding the tag and length. It behaves like
1459	// |d2i_SAMPLE| except, on success, it always consumes all |len| bytes.
1460	OPENSSL_EXPORT ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **out,
1461	const uint8_t **inp, long len);
1462
1463	// ASN1_OBJECT is an |ASN1_ITEM| with ASN.1 type OBJECT IDENTIFIER and C type
1464	// |ASN1_OBJECT*|.
1465	DECLARE_ASN1_ITEM(ASN1_OBJECT)
1466
1467
1468	// Arbitrary elements.
1469
1470	// An asn1_type_st (aka |ASN1_TYPE|) represents an arbitrary ASN.1 element,
1471	// typically used for ANY types. It contains a |type| field and a |value| union
1472	// dependent on |type|.
1473	//
1474	// WARNING: This struct has a complex representation. Callers must not construct
1475	// |ASN1_TYPE| values manually. Use |ASN1_TYPE_set| and |ASN1_TYPE_set1|
1476	// instead. Additionally, callers performing non-trivial operations on this type
1477	// are encouraged to use |CBS| and |CBB| from <openssl/bytestring.h>, and
1478	// convert to or from |ASN1_TYPE| with |d2i_ASN1_TYPE| or |i2d_ASN1_TYPE|.
1479	//
1480	// The |type| field corresponds to the tag of the ASN.1 element being
1481	// represented:
1482	//
1483	// If |type| is a |V_ASN1_*| constant for an ASN.1 string-like type, as defined
1484	// by |ASN1_STRING|, the tag matches the constant. |value| contains an
1485	// |ASN1_STRING| pointer (equivalently, one of the more specific typedefs). See
1486	// |ASN1_STRING| for details on the representation. Unlike |ASN1_STRING|,
1487	// |ASN1_TYPE| does not use the |V_ASN1_NEG| flag for negative INTEGER and
1488	// ENUMERATE values. For a negative value, the |ASN1_TYPE|'s |type| will be
1489	// |V_ASN1_INTEGER| or |V_ASN1_ENUMERATED|, but |value| will an |ASN1_STRING|
1490	// whose |type| is |V_ASN1_NEG_INTEGER| or |V_ASN1_NEG_ENUMERATED|.
1491	//
1492	// If |type| is |V_ASN1_OBJECT|, the tag is OBJECT IDENTIFIER and |value|
1493	// contains an |ASN1_OBJECT| pointer.
1494	//
1495	// If |type| is |V_ASN1_NULL|, the tag is NULL. |value| contains a NULL pointer.
1496	//
1497	// If |type| is |V_ASN1_BOOLEAN|, the tag is BOOLEAN. |value| contains an
1498	// |ASN1_BOOLEAN|.
1499	//
1500	// If |type| is |V_ASN1_SEQUENCE|, |V_ASN1_SET|, or |V_ASN1_OTHER|, the tag is
1501	// SEQUENCE, SET, or some non-universal tag, respectively. |value| is an
1502	// |ASN1_STRING| containing the entire element, including the tag and length.
1503	// The |ASN1_STRING|'s |type| field matches the containing |ASN1_TYPE|'s |type|.
1504	//
1505	// Other positive values of |type|, up to |V_ASN1_MAX_UNIVERSAL|, correspond to
1506	// universal primitive tags not directly supported by this library. |value| is
1507	// an |ASN1_STRING| containing the body of the element, excluding the tag
1508	// and length. The |ASN1_STRING|'s |type| field matches the containing
1509	// |ASN1_TYPE|'s |type|.
1510	struct asn1_type_st {
1511	int type;
1512	union {
1513	char *ptr;
1514	ASN1_BOOLEAN boolean;
1515	ASN1_STRING *asn1_string;
1516	ASN1_OBJECT *object;
1517	ASN1_INTEGER *integer;
1518	ASN1_ENUMERATED *enumerated;
1519	ASN1_BIT_STRING *bit_string;
1520	ASN1_OCTET_STRING *octet_string;
1521	ASN1_PRINTABLESTRING *printablestring;
1522	ASN1_T61STRING *t61string;
1523	ASN1_IA5STRING *ia5string;
1524	ASN1_GENERALSTRING *generalstring;
1525	ASN1_BMPSTRING *bmpstring;
1526	ASN1_UNIVERSALSTRING *universalstring;
1527	ASN1_UTCTIME *utctime;
1528	ASN1_GENERALIZEDTIME *generalizedtime;
1529	ASN1_VISIBLESTRING *visiblestring;
1530	ASN1_UTF8STRING *utf8string;
1531	// set and sequence are left complete and still contain the entire element.
1532	ASN1_STRING *set;
1533	ASN1_STRING *sequence;
1534	ASN1_VALUE *asn1_value;
1535	} value;
1536	};
1537
1538	DEFINE_STACK_OF(ASN1_TYPE)
1539
1540	// ASN1_TYPE_new returns a newly-allocated |ASN1_TYPE|, or NULL on allocation
1541	// failure. The resulting object has type -1 and must be initialized to be
1542	// a valid ANY value.
1543	OPENSSL_EXPORT ASN1_TYPE *ASN1_TYPE_new(void);
1544
1545	// ASN1_TYPE_free releases memory associated with |a|.
1546	OPENSSL_EXPORT void ASN1_TYPE_free(ASN1_TYPE *a);
1547
1548	// d2i_ASN1_TYPE parses up to |len| bytes from |*inp| as an ASN.1 value of any
1549	// type, as described in |d2i_SAMPLE|. Note this function only validates
1550	// primitive, universal types supported by this library. Values of type
1551	// |V_ASN1_SEQUENCE|, |V_ASN1_SET|, |V_ASN1_OTHER|, or an unsupported primitive
1552	// type must be validated by the caller when interpreting.
1553	//
1554	// TODO(https://crbug.com/boringssl/354): This function currently also accepts
1555	// BER, but this will be removed in the future.
1556	OPENSSL_EXPORT ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **out, const uint8_t **inp,
1557	long len);
1558
1559	// i2d_ASN1_TYPE marshals |in| as DER, as described in |i2d_SAMPLE|.
1560	OPENSSL_EXPORT int i2d_ASN1_TYPE(const ASN1_TYPE *in, uint8_t **outp);
1561
1562	// ASN1_ANY is an |ASN1_ITEM| with ASN.1 type ANY and C type |ASN1_TYPE*|. Note
1563	// the |ASN1_ITEM| name and C type do not match.
1564	DECLARE_ASN1_ITEM(ASN1_ANY)
1565
1566	// ASN1_TYPE_get returns the type of |a|, which will be one of the |V_ASN1_*|
1567	// constants, or zero if |a| is not fully initialized.
1568	OPENSSL_EXPORT int ASN1_TYPE_get(const ASN1_TYPE *a);
1569
1570	// ASN1_TYPE_set sets |a| to an |ASN1_TYPE| of type |type| and value |value|,
1571	// releasing the previous contents of |a|.
1572	//
1573	// If |type| is |V_ASN1_BOOLEAN|, |a| is set to FALSE if |value| is NULL and
1574	// TRUE otherwise. If setting |a| to TRUE, |value| may be an invalid pointer,
1575	// such as (void*)1.
1576	//
1577	// If |type| is |V_ASN1_NULL|, |value| must be NULL.
1578	//
1579	// For other values of |type|, this function takes ownership of |value|, which
1580	// must point to an object of the corresponding type. See |ASN1_TYPE| for
1581	// details.
1582	OPENSSL_EXPORT void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
1583
1584	// ASN1_TYPE_set1 behaves like |ASN1_TYPE_set| except it does not take ownership
1585	// of |value|. It returns one on success and zero on error.
1586	OPENSSL_EXPORT int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
1587
1588	// ASN1_TYPE_cmp returns zero if |a| and |b| are equal and some non-zero value
1589	// otherwise. Note this function can only be used for equality checks, not an
1590	// ordering.
1591	OPENSSL_EXPORT int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
1592
1593	typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;
1594
1595	// d2i_ASN1_SEQUENCE_ANY parses up to |len| bytes from |*inp| as a DER-encoded
1596	// ASN.1 SEQUENCE OF ANY structure, as described in |d2i_SAMPLE|. The resulting
1597	// |ASN1_SEQUENCE_ANY| owns its contents and thus must be released with
1598	// |sk_ASN1_TYPE_pop_free| and |ASN1_TYPE_free|, not |sk_ASN1_TYPE_free|.
1599	//
1600	// TODO(https://crbug.com/boringssl/354): This function currently also accepts
1601	// BER, but this will be removed in the future.
1602	OPENSSL_EXPORT ASN1_SEQUENCE_ANY *d2i_ASN1_SEQUENCE_ANY(ASN1_SEQUENCE_ANY **out,
1603	const uint8_t **inp,
1604	long len);
1605
1606	// i2d_ASN1_SEQUENCE_ANY marshals |in| as a DER-encoded SEQUENCE OF ANY
1607	// structure, as described in |i2d_SAMPLE|.
1608	OPENSSL_EXPORT int i2d_ASN1_SEQUENCE_ANY(const ASN1_SEQUENCE_ANY *in,
1609	uint8_t **outp);
1610
1611	// d2i_ASN1_SET_ANY parses up to |len| bytes from |*inp| as a DER-encoded ASN.1
1612	// SET OF ANY structure, as described in |d2i_SAMPLE|. The resulting
1613	// |ASN1_SEQUENCE_ANY| owns its contents and thus must be released with
1614	// |sk_ASN1_TYPE_pop_free| and |ASN1_TYPE_free|, not |sk_ASN1_TYPE_free|.
1615	//
1616	// TODO(https://crbug.com/boringssl/354): This function currently also accepts
1617	// BER, but this will be removed in the future.
1618	OPENSSL_EXPORT ASN1_SEQUENCE_ANY *d2i_ASN1_SET_ANY(ASN1_SEQUENCE_ANY **out,
1619	const uint8_t **inp,
1620	long len);
1621
1622	// i2d_ASN1_SET_ANY marshals |in| as a DER-encoded SET OF ANY structure, as
1623	// described in |i2d_SAMPLE|.
1624	OPENSSL_EXPORT int i2d_ASN1_SET_ANY(const ASN1_SEQUENCE_ANY *in,
1625	uint8_t **outp);
1626
1627
1628	// Human-readable output.
1629	//
1630	// The following functions output types in some human-readable format. These
1631	// functions may be used for debugging and logging. However, the output should
1632	// not be consumed programmatically. They may be ambiguous or lose information.
1633
1634	// ASN1_UTCTIME_print writes a human-readable representation of |a| to |out|. It
1635	// returns one on success and zero on error.
1636	OPENSSL_EXPORT int ASN1_UTCTIME_print(BIO *out, const ASN1_UTCTIME *a);
1637
1638	// ASN1_GENERALIZEDTIME_print writes a human-readable representation of |a| to
1639	// |out|. It returns one on success and zero on error.
1640	OPENSSL_EXPORT int ASN1_GENERALIZEDTIME_print(BIO *out,
1641	const ASN1_GENERALIZEDTIME *a);
1642
1643	// ASN1_TIME_print writes a human-readable representation of |a| to |out|. It
1644	// returns one on success and zero on error.
1645	OPENSSL_EXPORT int ASN1_TIME_print(BIO *out, const ASN1_TIME *a);
1646
1647	// ASN1_STRING_print writes a human-readable representation of |str| to |out|.
1648	// It returns one on success and zero on error. Unprintable characters are
1649	// replaced with '.'.
1650	OPENSSL_EXPORT int ASN1_STRING_print(BIO *out, const ASN1_STRING *str);
1651
1652	// The following flags must not collide with |XN_FLAG_*|.
1653
1654	// ASN1_STRFLGS_ESC_2253 causes characters to be escaped as in RFC 2253, section
1655	// 2.4.
1656	#define ASN1_STRFLGS_ESC_2253 1
1657
1658	// ASN1_STRFLGS_ESC_CTRL causes all control characters to be escaped.
1659	#define ASN1_STRFLGS_ESC_CTRL 2
1660
1661	// ASN1_STRFLGS_ESC_MSB causes all characters above 127 to be escaped.
1662	#define ASN1_STRFLGS_ESC_MSB 4
1663
1664	// ASN1_STRFLGS_ESC_QUOTE causes the string to be surrounded by quotes, rather
1665	// than using backslashes, when characters are escaped. Fewer characters will
1666	// require escapes in this case.
1667	#define ASN1_STRFLGS_ESC_QUOTE 8
1668
1669	// ASN1_STRFLGS_UTF8_CONVERT causes the string to be encoded as UTF-8, with each
1670	// byte in the UTF-8 encoding treated as an individual character for purposes of
1671	// escape sequences. If not set, each Unicode codepoint in the string is treated
1672	// as a character, with wide characters escaped as "\Uxxxx" or "\Wxxxxxxxx".
1673	// Note this can be ambiguous if |ASN1_STRFLGS_ESC_*| are all unset. In that
1674	// case, backslashes are not escaped, but wide characters are.
1675	#define ASN1_STRFLGS_UTF8_CONVERT 0x10
1676
1677	// ASN1_STRFLGS_IGNORE_TYPE causes the string type to be ignored. The
1678	// |ASN1_STRING| in-memory representation will be printed directly.
1679	#define ASN1_STRFLGS_IGNORE_TYPE 0x20
1680
1681	// ASN1_STRFLGS_SHOW_TYPE causes the string type to be included in the output.
1682	#define ASN1_STRFLGS_SHOW_TYPE 0x40
1683
1684	// ASN1_STRFLGS_DUMP_ALL causes all strings to be printed as a hexdump, using
1685	// RFC 2253 hexstring notation, such as "#0123456789ABCDEF".
1686	#define ASN1_STRFLGS_DUMP_ALL 0x80
1687
1688	// ASN1_STRFLGS_DUMP_UNKNOWN behaves like |ASN1_STRFLGS_DUMP_ALL| but only
1689	// applies to values of unknown type. If unset, unknown values will print
1690	// their contents as single-byte characters with escape sequences.
1691	#define ASN1_STRFLGS_DUMP_UNKNOWN 0x100
1692
1693	// ASN1_STRFLGS_DUMP_DER causes hexdumped strings (as determined by
1694	// |ASN1_STRFLGS_DUMP_ALL| or |ASN1_STRFLGS_DUMP_UNKNOWN|) to print the entire
1695	// DER element as in RFC 2253, rather than only the contents of the
1696	// |ASN1_STRING|.
1697	#define ASN1_STRFLGS_DUMP_DER 0x200
1698
1699	// ASN1_STRFLGS_RFC2253 causes the string to be escaped as in RFC 2253,
1700	// additionally escaping control characters.
1701	#define ASN1_STRFLGS_RFC2253 \
1702	(ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | \
1703	ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_DUMP_UNKNOWN | \
1704	ASN1_STRFLGS_DUMP_DER)
1705
1706	// ASN1_STRING_print_ex writes a human-readable representation of |str| to
1707	// |out|. It returns the number of bytes written on success and -1 on error. If
1708	// |out| is NULL, it returns the number of bytes it would have written, without
1709	// writing anything.
1710	//
1711	// The |flags| should be a combination of combination of |ASN1_STRFLGS_*|
1712	// constants. See the documentation for each flag for how it controls the
1713	// output. If unsure, use |ASN1_STRFLGS_RFC2253|.
1714	OPENSSL_EXPORT int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str,
1715	unsigned long flags);
1716
1717	// ASN1_STRING_print_ex_fp behaves like |ASN1_STRING_print_ex| but writes to a
1718	// |FILE| rather than a |BIO|.
1719	OPENSSL_EXPORT int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str,
1720	unsigned long flags);
1721
1722	// i2a_ASN1_INTEGER writes a human-readable representation of |a| to |bp|. It
1723	// returns the number of bytes written on success, or a negative number on
1724	// error. On error, this function may have written a partial output to |bp|.
1725	OPENSSL_EXPORT int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a);
1726
1727	// i2a_ASN1_ENUMERATED writes a human-readable representation of |a| to |bp|. It
1728	// returns the number of bytes written on success, or a negative number on
1729	// error. On error, this function may have written a partial output to |bp|.
1730	OPENSSL_EXPORT int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a);
1731
1732	// i2a_ASN1_OBJECT writes a human-readable representation of |a| to |bp|. It
1733	// returns the number of bytes written on success, or a negative number on
1734	// error. On error, this function may have written a partial output to |bp|.
1735	OPENSSL_EXPORT int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a);
1736
1737	// i2a_ASN1_STRING writes a text representation of |a|'s contents to |bp|. It
1738	// returns the number of bytes written on success, or a negative number on
1739	// error. On error, this function may have written a partial output to |bp|.
1740	// |type| is ignored.
1741	//
1742	// This function does not decode |a| into a Unicode string. It only hex-encodes
1743	// the internal representation of |a|. This is suitable for printing an OCTET
1744	// STRING, but may not be human-readable for any other string type.
1745	OPENSSL_EXPORT int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type);
1746
1747	// i2t_ASN1_OBJECT calls |OBJ_obj2txt| with |always_return_oid| set to zero.
1748	OPENSSL_EXPORT int i2t_ASN1_OBJECT(char *buf, int buf_len,
1749	const ASN1_OBJECT *a);
1750
1751
1752	// Low-level encoding functions.
1753
1754	// ASN1_get_object parses a BER element from up to |max_len| bytes at |*inp|. It
1755	// returns |V_ASN1_CONSTRUCTED| if it successfully parsed a constructed element,
1756	// zero if it successfully parsed a primitive element, and 0x80 on error. On
1757	// success, it additionally advances |*inp| to the element body, sets
1758	// |*out_length|, |*out_tag|, and |*out_class| to the element's length, tag
1759	// number, and tag class, respectively,
1760	//
1761	// Unlike OpenSSL, this function does not support indefinite-length elements.
1762	//
1763	// This function is difficult to use correctly. Use |CBS_get_asn1| and related
1764	// functions from bytestring.h.
1765	//
1766	// TODO(https://crbug.com/boringssl/354): Remove support for non-minimal
1767	// lengths.
1768	OPENSSL_EXPORT int ASN1_get_object(const unsigned char **inp, long *out_length,
1769	int *out_tag, int *out_class, long max_len);
1770
1771	// ASN1_put_object writes the header for a DER or BER element to |*outp| and
1772	// advances |*outp| by the number of bytes written. The caller is responsible
1773	// for ensuring |*outp| has enough space for the output. The header describes an
1774	// element with length |length|, tag number |tag|, and class |xclass|. |xclass|
1775	// should be one of the |V_ASN1_*| tag class constants. The element is primitive
1776	// if |constructed| is zero and constructed if it is one or two. If
1777	// |constructed| is two, |length| is ignored and the element uses
1778	// indefinite-length encoding.
1779	//
1780	// Use |CBB_add_asn1| instead.
1781	OPENSSL_EXPORT void ASN1_put_object(unsigned char **outp, int constructed,
1782	int length, int tag, int xclass);
1783
1784	// ASN1_put_eoc writes two zero bytes to |*outp|, advances |*outp| to point past
1785	// those bytes, and returns two.
1786	//
1787	// Use definite-length encoding instead.
1788	OPENSSL_EXPORT int ASN1_put_eoc(unsigned char **outp);
1789
1790	// ASN1_object_size returns the number of bytes needed to encode a DER or BER
1791	// value with length |length| and tag number |tag|, or -1 on error. |tag| should
1792	// not include the constructed bit or tag class. If |constructed| is zero or
1793	// one, the result uses a definite-length encoding with minimally-encoded
1794	// length, as in DER. If |constructed| is two, the result uses BER
1795	// indefinite-length encoding.
1796	//
1797	// Use |CBB_add_asn1| instead.
1798	OPENSSL_EXPORT int ASN1_object_size(int constructed, int length, int tag);
1799
1800
1801	// Function declaration macros.
1802	//
1803	// The following macros declare functions for ASN.1 types. Prefer writing the
1804	// prototypes directly. Particularly when |type|, |itname|, or |name| differ,
1805	// the macros can be difficult to understand.
1806
1807	#define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
1808
1809	#define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \
1810	DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type)
1811
1812	#define DECLARE_ASN1_FUNCTIONS_name(type, name) \
1813	DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
1814	DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
1815
1816	#define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
1817	DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
1818	DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
1819
1820	#define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
1821	OPENSSL_EXPORT type *d2i_##name(type **a, const unsigned char **in, \
1822	long len); \
1823	OPENSSL_EXPORT int i2d_##name(type *a, unsigned char **out); \
1824	DECLARE_ASN1_ITEM(itname)
1825
1826	#define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \
1827	OPENSSL_EXPORT type *d2i_##name(type **a, const unsigned char **in, \
1828	long len); \
1829	OPENSSL_EXPORT int i2d_##name(const type *a, unsigned char **out); \
1830	DECLARE_ASN1_ITEM(name)
1831
1832	#define DECLARE_ASN1_FUNCTIONS_const(name) \
1833	DECLARE_ASN1_ALLOC_FUNCTIONS(name) \
1834	DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name)
1835
1836	#define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
1837	OPENSSL_EXPORT type *name##_new(void); \
1838	OPENSSL_EXPORT void name##_free(type *a);
1839
1840
1841	// Deprecated functions.
1842
1843	// ASN1_STRING_set_default_mask does nothing.
1844	OPENSSL_EXPORT void ASN1_STRING_set_default_mask(unsigned long mask);
1845
1846	// ASN1_STRING_set_default_mask_asc returns one.
1847	OPENSSL_EXPORT int ASN1_STRING_set_default_mask_asc(const char *p);
1848
1849	// ASN1_STRING_get_default_mask returns |B_ASN1_UTF8STRING|.
1850	OPENSSL_EXPORT unsigned long ASN1_STRING_get_default_mask(void);
1851
1852	// ASN1_STRING_TABLE_cleanup does nothing.
1853	OPENSSL_EXPORT void ASN1_STRING_TABLE_cleanup(void);
1854
1855	// M_ASN1_* are legacy aliases for various |ASN1_STRING| functions. Use the
1856	// functions themselves.
1857	#define M_ASN1_STRING_length(x) ASN1_STRING_length(x)
1858	#define M_ASN1_STRING_type(x) ASN1_STRING_type(x)
1859	#define M_ASN1_STRING_data(x) ASN1_STRING_data(x)
1860	#define M_ASN1_BIT_STRING_new() ASN1_BIT_STRING_new()
1861	#define M_ASN1_BIT_STRING_free(a) ASN1_BIT_STRING_free(a)
1862	#define M_ASN1_BIT_STRING_dup(a) ASN1_STRING_dup(a)
1863	#define M_ASN1_BIT_STRING_cmp(a, b) ASN1_STRING_cmp(a, b)
1864	#define M_ASN1_BIT_STRING_set(a, b, c) ASN1_BIT_STRING_set(a, b, c)
1865	#define M_ASN1_INTEGER_new() ASN1_INTEGER_new()
1866	#define M_ASN1_INTEGER_free(a) ASN1_INTEGER_free(a)
1867	#define M_ASN1_INTEGER_dup(a) ASN1_INTEGER_dup(a)
1868	#define M_ASN1_INTEGER_cmp(a, b) ASN1_INTEGER_cmp(a, b)
1869	#define M_ASN1_ENUMERATED_new() ASN1_ENUMERATED_new()
1870	#define M_ASN1_ENUMERATED_free(a) ASN1_ENUMERATED_free(a)
1871	#define M_ASN1_ENUMERATED_dup(a) ASN1_STRING_dup(a)
1872	#define M_ASN1_ENUMERATED_cmp(a, b) ASN1_STRING_cmp(a, b)
1873	#define M_ASN1_OCTET_STRING_new() ASN1_OCTET_STRING_new()
1874	#define M_ASN1_OCTET_STRING_free(a) ASN1_OCTET_STRING_free()
1875	#define M_ASN1_OCTET_STRING_dup(a) ASN1_OCTET_STRING_dup(a)
1876	#define M_ASN1_OCTET_STRING_cmp(a, b) ASN1_OCTET_STRING_cmp(a, b)
1877	#define M_ASN1_OCTET_STRING_set(a, b, c) ASN1_OCTET_STRING_set(a, b, c)
1878	#define M_ASN1_OCTET_STRING_print(a, b) ASN1_STRING_print(a, b)
1879	#define M_ASN1_PRINTABLESTRING_new() ASN1_PRINTABLESTRING_new()
1880	#define M_ASN1_PRINTABLESTRING_free(a) ASN1_PRINTABLESTRING_free(a)
1881	#define M_ASN1_IA5STRING_new() ASN1_IA5STRING_new()
1882	#define M_ASN1_IA5STRING_free(a) ASN1_IA5STRING_free(a)
1883	#define M_ASN1_IA5STRING_dup(a) ASN1_STRING_dup(a)
1884	#define M_ASN1_UTCTIME_new() ASN1_UTCTIME_new()
1885	#define M_ASN1_UTCTIME_free(a) ASN1_UTCTIME_free(a)
1886	#define M_ASN1_UTCTIME_dup(a) ASN1_STRING_dup(a)
1887	#define M_ASN1_T61STRING_new() ASN1_T61STRING_new()
1888	#define M_ASN1_T61STRING_free(a) ASN1_T61STRING_free(a)
1889	#define M_ASN1_GENERALIZEDTIME_new() ASN1_GENERALIZEDTIME_new()
1890	#define M_ASN1_GENERALIZEDTIME_free(a) ASN1_GENERALIZEDTIME_free(a)
1891	#define M_ASN1_GENERALIZEDTIME_dup(a) ASN1_STRING_dup(a)
1892	#define M_ASN1_GENERALSTRING_new() ASN1_GENERALSTRING_new()
1893	#define M_ASN1_GENERALSTRING_free(a) ASN1_GENERALSTRING_free(a)
1894	#define M_ASN1_UNIVERSALSTRING_new() ASN1_UNIVERSALSTRING_new()
1895	#define M_ASN1_UNIVERSALSTRING_free(a) ASN1_UNIVERSALSTRING_free(a)
1896	#define M_ASN1_BMPSTRING_new() ASN1_BMPSTRING_new()
1897	#define M_ASN1_BMPSTRING_free(a) ASN1_BMPSTRING_free(a)
1898	#define M_ASN1_VISIBLESTRING_new() ASN1_VISIBLESTRING_new()
1899	#define M_ASN1_VISIBLESTRING_free(a) ASN1_VISIBLESTRING_free(a)
1900	#define M_ASN1_UTF8STRING_new() ASN1_UTF8STRING_new()
1901	#define M_ASN1_UTF8STRING_free(a) ASN1_UTF8STRING_free(a)
1902
1903	// B_ASN1_PRINTABLE is a bitmask for an ad-hoc subset of string-like types. Note
1904	// the presence of |B_ASN1_UNKNOWN| means it includes types which |ASN1_tag2bit|
1905	// maps to |B_ASN1_UNKNOWN|.
1906	//
1907	// Do not use this. Despite the name, it has no connection to PrintableString or
1908	// printable characters. See https://crbug.com/boringssl/412.
1909	#define B_ASN1_PRINTABLE \
1910	(B_ASN1_NUMERICSTRING | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | \
1911	B_ASN1_IA5STRING | B_ASN1_BIT_STRING | B_ASN1_UNIVERSALSTRING | \
1912	B_ASN1_BMPSTRING | B_ASN1_UTF8STRING | B_ASN1_SEQUENCE | B_ASN1_UNKNOWN)
1913
1914	// ASN1_PRINTABLE_new returns a newly-allocated |ASN1_STRING| with type -1, or
1915	// NULL on error. The resulting |ASN1_STRING| is not a valid ASN.1 value until
1916	// initialized with a value.
1917	OPENSSL_EXPORT ASN1_STRING *ASN1_PRINTABLE_new(void);
1918
1919	// ASN1_PRINTABLE_free calls |ASN1_STRING_free|.
1920	OPENSSL_EXPORT void ASN1_PRINTABLE_free(ASN1_STRING *str);
1921
1922	// d2i_ASN1_PRINTABLE parses up to |len| bytes from |*inp| as a DER-encoded
1923	// CHOICE of an ad-hoc subset of string-like types, as described in
1924	// |d2i_SAMPLE|.
1925	//
1926	// Do not use this. Despite, the name it has no connection to PrintableString or
1927	// printable characters. See https://crbug.com/boringssl/412.
1928	//
1929	// TODO(https://crbug.com/boringssl/354): This function currently also accepts
1930	// BER, but this will be removed in the future.
1931	OPENSSL_EXPORT ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **out,
1932	const uint8_t **inp, long len);
1933
1934	// i2d_ASN1_PRINTABLE marshals |in| as DER, as described in |i2d_SAMPLE|.
1935	//
1936	// Do not use this. Despite the name, it has no connection to PrintableString or
1937	// printable characters. See https://crbug.com/boringssl/412.
1938	OPENSSL_EXPORT int i2d_ASN1_PRINTABLE(const ASN1_STRING *in, uint8_t **outp);
1939
1940	// ASN1_PRINTABLE is an |ASN1_ITEM| whose ASN.1 type is a CHOICE of an ad-hoc
1941	// subset of string-like types, and whose C type is |ASN1_STRING*|.
1942	//
1943	// Do not use this. Despite the name, it has no connection to PrintableString or
1944	// printable characters. See https://crbug.com/boringssl/412.
1945	DECLARE_ASN1_ITEM(ASN1_PRINTABLE)
1946
1947	// ASN1_INTEGER_set sets |a| to an INTEGER with value |v|. It returns one on
1948	// success and zero on error.
1949	//
1950	// Use |ASN1_INTEGER_set_uint64| and |ASN1_INTEGER_set_int64| instead.
1951	OPENSSL_EXPORT int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
1952
1953	// ASN1_ENUMERATED_set sets |a| to an ENUMERATED with value |v|. It returns one
1954	// on success and zero on error.
1955	//
1956	// Use |ASN1_ENUMERATED_set_uint64| and |ASN1_ENUMERATED_set_int64| instead.
1957	OPENSSL_EXPORT int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
1958
1959	// ASN1_INTEGER_get returns the value of |a| as a |long|, or -1 if |a| is out of
1960	// range or the wrong type.
1961	//
1962	// WARNING: This function's return value cannot distinguish errors from -1.
1963	// Use |ASN1_INTEGER_get_uint64| and |ASN1_INTEGER_get_int64| instead.
1964	OPENSSL_EXPORT long ASN1_INTEGER_get(const ASN1_INTEGER *a);
1965
1966	// ASN1_ENUMERATED_get returns the value of |a| as a |long|, or -1 if |a| is out
1967	// of range or the wrong type.
1968	//
1969	// WARNING: This function's return value cannot distinguish errors from -1.
1970	// Use |ASN1_ENUMERATED_get_uint64| and |ASN1_ENUMERATED_get_int64| instead.
1971	OPENSSL_EXPORT long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a);
1972
1973
1974	#if defined(__cplusplus)
1975	} // extern C
1976
1977	extern "C++" {
1978
1979	BSSL_NAMESPACE_BEGIN
1980
1981	BORINGSSL_MAKE_DELETER(ASN1_OBJECT, ASN1_OBJECT_free)
1982	BORINGSSL_MAKE_DELETER(ASN1_STRING, ASN1_STRING_free)
1983	BORINGSSL_MAKE_DELETER(ASN1_TYPE, ASN1_TYPE_free)
1984
1985	BSSL_NAMESPACE_END
1986
1987	} // extern C++
1988
1989	#endif
1990
1991	#define ASN1_R_ASN1_LENGTH_MISMATCH 100
1992	#define ASN1_R_AUX_ERROR 101
1993	#define ASN1_R_BAD_GET_ASN1_OBJECT_CALL 102
1994	#define ASN1_R_BAD_OBJECT_HEADER 103
1995	#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 104
1996	#define ASN1_R_BN_LIB 105
1997	#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106
1998	#define ASN1_R_BUFFER_TOO_SMALL 107
1999	#define ASN1_R_CONTEXT_NOT_INITIALISED 108
2000	#define ASN1_R_DECODE_ERROR 109
2001	#define ASN1_R_DEPTH_EXCEEDED 110
2002	#define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 111
2003	#define ASN1_R_ENCODE_ERROR 112
2004	#define ASN1_R_ERROR_GETTING_TIME 113
2005	#define ASN1_R_EXPECTING_AN_ASN1_SEQUENCE 114
2006	#define ASN1_R_EXPECTING_AN_INTEGER 115
2007	#define ASN1_R_EXPECTING_AN_OBJECT 116
2008	#define ASN1_R_EXPECTING_A_BOOLEAN 117
2009	#define ASN1_R_EXPECTING_A_TIME 118
2010	#define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119
2011	#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120
2012	#define ASN1_R_FIELD_MISSING 121
2013	#define ASN1_R_FIRST_NUM_TOO_LARGE 122
2014	#define ASN1_R_HEADER_TOO_LONG 123
2015	#define ASN1_R_ILLEGAL_BITSTRING_FORMAT 124
2016	#define ASN1_R_ILLEGAL_BOOLEAN 125
2017	#define ASN1_R_ILLEGAL_CHARACTERS 126
2018	#define ASN1_R_ILLEGAL_FORMAT 127
2019	#define ASN1_R_ILLEGAL_HEX 128
2020	#define ASN1_R_ILLEGAL_IMPLICIT_TAG 129
2021	#define ASN1_R_ILLEGAL_INTEGER 130
2022	#define ASN1_R_ILLEGAL_NESTED_TAGGING 131
2023	#define ASN1_R_ILLEGAL_NULL 132
2024	#define ASN1_R_ILLEGAL_NULL_VALUE 133
2025	#define ASN1_R_ILLEGAL_OBJECT 134
2026	#define ASN1_R_ILLEGAL_OPTIONAL_ANY 135
2027	#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 136
2028	#define ASN1_R_ILLEGAL_TAGGED_ANY 137
2029	#define ASN1_R_ILLEGAL_TIME_VALUE 138
2030	#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 139
2031	#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 140
2032	#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 141
2033	#define ASN1_R_INVALID_BMPSTRING 142
2034	#define ASN1_R_INVALID_DIGIT 143
2035	#define ASN1_R_INVALID_MODIFIER 144
2036	#define ASN1_R_INVALID_NUMBER 145
2037	#define ASN1_R_INVALID_OBJECT_ENCODING 146
2038	#define ASN1_R_INVALID_SEPARATOR 147
2039	#define ASN1_R_INVALID_TIME_FORMAT 148
2040	#define ASN1_R_INVALID_UNIVERSALSTRING 149
2041	#define ASN1_R_INVALID_UTF8STRING 150
2042	#define ASN1_R_LIST_ERROR 151
2043	#define ASN1_R_MISSING_ASN1_EOS 152
2044	#define ASN1_R_MISSING_EOC 153
2045	#define ASN1_R_MISSING_SECOND_NUMBER 154
2046	#define ASN1_R_MISSING_VALUE 155
2047	#define ASN1_R_MSTRING_NOT_UNIVERSAL 156
2048	#define ASN1_R_MSTRING_WRONG_TAG 157
2049	#define ASN1_R_NESTED_ASN1_ERROR 158
2050	#define ASN1_R_NESTED_ASN1_STRING 159
2051	#define ASN1_R_NON_HEX_CHARACTERS 160
2052	#define ASN1_R_NOT_ASCII_FORMAT 161
2053	#define ASN1_R_NOT_ENOUGH_DATA 162
2054	#define ASN1_R_NO_MATCHING_CHOICE_TYPE 163
2055	#define ASN1_R_NULL_IS_WRONG_LENGTH 164
2056	#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 165
2057	#define ASN1_R_ODD_NUMBER_OF_CHARS 166
2058	#define ASN1_R_SECOND_NUMBER_TOO_LARGE 167
2059	#define ASN1_R_SEQUENCE_LENGTH_MISMATCH 168
2060	#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 169
2061	#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 170
2062	#define ASN1_R_SHORT_LINE 171
2063	#define ASN1_R_STREAMING_NOT_SUPPORTED 172
2064	#define ASN1_R_STRING_TOO_LONG 173
2065	#define ASN1_R_STRING_TOO_SHORT 174
2066	#define ASN1_R_TAG_VALUE_TOO_HIGH 175
2067	#define ASN1_R_TIME_NOT_ASCII_FORMAT 176
2068	#define ASN1_R_TOO_LONG 177
2069	#define ASN1_R_TYPE_NOT_CONSTRUCTED 178
2070	#define ASN1_R_TYPE_NOT_PRIMITIVE 179
2071	#define ASN1_R_UNEXPECTED_EOC 180
2072	#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 181
2073	#define ASN1_R_UNKNOWN_FORMAT 182
2074	#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 183
2075	#define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 184
2076	#define ASN1_R_UNKNOWN_TAG 185
2077	#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 186
2078	#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 187
2079	#define ASN1_R_UNSUPPORTED_TYPE 188
2080	#define ASN1_R_WRONG_PUBLIC_KEY_TYPE 189
2081	#define ASN1_R_WRONG_TAG 190
2082	#define ASN1_R_WRONG_TYPE 191
2083	#define ASN1_R_NESTED_TOO_DEEP 192
2084	#define ASN1_R_BAD_TEMPLATE 193
2085	#define ASN1_R_INVALID_BIT_STRING_PADDING 194
2086	#define ASN1_R_WRONG_INTEGER_TYPE 195
2087	#define ASN1_R_INVALID_INTEGER 196
2088
2089	#endif // OPENSSL_HEADER_ASN1_H
2090