summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ocsp/ocsp.h
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/ocsp/ocsp.h357
1 files changed, 175 insertions, 182 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp.h b/src/lib/libcrypto/ocsp/ocsp.h
index 31e45744ba..9401f7db2f 100644
--- a/src/lib/libcrypto/ocsp/ocsp.h
+++ b/src/lib/libcrypto/ocsp/ocsp.h
@@ -96,13 +96,12 @@ extern "C" {
96 * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) 96 * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)
97 * serialNumber CertificateSerialNumber } 97 * serialNumber CertificateSerialNumber }
98 */ 98 */
99typedef struct ocsp_cert_id_st 99typedef struct ocsp_cert_id_st {
100 {
101 X509_ALGOR *hashAlgorithm; 100 X509_ALGOR *hashAlgorithm;
102 ASN1_OCTET_STRING *issuerNameHash; 101 ASN1_OCTET_STRING *issuerNameHash;
103 ASN1_OCTET_STRING *issuerKeyHash; 102 ASN1_OCTET_STRING *issuerKeyHash;
104 ASN1_INTEGER *serialNumber; 103 ASN1_INTEGER *serialNumber;
105 } OCSP_CERTID; 104} OCSP_CERTID;
106 105
107DECLARE_STACK_OF(OCSP_CERTID) 106DECLARE_STACK_OF(OCSP_CERTID)
108 107
@@ -110,11 +109,10 @@ DECLARE_STACK_OF(OCSP_CERTID)
110 * reqCert CertID, 109 * reqCert CertID,
111 * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } 110 * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
112 */ 111 */
113typedef struct ocsp_one_request_st 112typedef struct ocsp_one_request_st {
114 {
115 OCSP_CERTID *reqCert; 113 OCSP_CERTID *reqCert;
116 STACK_OF(X509_EXTENSION) *singleRequestExtensions; 114 STACK_OF(X509_EXTENSION) *singleRequestExtensions;
117 } OCSP_ONEREQ; 115} OCSP_ONEREQ;
118 116
119DECLARE_STACK_OF(OCSP_ONEREQ) 117DECLARE_STACK_OF(OCSP_ONEREQ)
120DECLARE_ASN1_SET_OF(OCSP_ONEREQ) 118DECLARE_ASN1_SET_OF(OCSP_ONEREQ)
@@ -126,35 +124,32 @@ DECLARE_ASN1_SET_OF(OCSP_ONEREQ)
126 * requestList SEQUENCE OF Request, 124 * requestList SEQUENCE OF Request,
127 * requestExtensions [2] EXPLICIT Extensions OPTIONAL } 125 * requestExtensions [2] EXPLICIT Extensions OPTIONAL }
128 */ 126 */
129typedef struct ocsp_req_info_st 127typedef struct ocsp_req_info_st {
130 {
131 ASN1_INTEGER *version; 128 ASN1_INTEGER *version;
132 GENERAL_NAME *requestorName; 129 GENERAL_NAME *requestorName;
133 STACK_OF(OCSP_ONEREQ) *requestList; 130 STACK_OF(OCSP_ONEREQ) *requestList;
134 STACK_OF(X509_EXTENSION) *requestExtensions; 131 STACK_OF(X509_EXTENSION) *requestExtensions;
135 } OCSP_REQINFO; 132} OCSP_REQINFO;
136 133
137/* Signature ::= SEQUENCE { 134/* Signature ::= SEQUENCE {
138 * signatureAlgorithm AlgorithmIdentifier, 135 * signatureAlgorithm AlgorithmIdentifier,
139 * signature BIT STRING, 136 * signature BIT STRING,
140 * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } 137 * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
141 */ 138 */
142typedef struct ocsp_signature_st 139typedef struct ocsp_signature_st {
143 {
144 X509_ALGOR *signatureAlgorithm; 140 X509_ALGOR *signatureAlgorithm;
145 ASN1_BIT_STRING *signature; 141 ASN1_BIT_STRING *signature;
146 STACK_OF(X509) *certs; 142 STACK_OF(X509) *certs;
147 } OCSP_SIGNATURE; 143} OCSP_SIGNATURE;
148 144
149/* OCSPRequest ::= SEQUENCE { 145/* OCSPRequest ::= SEQUENCE {
150 * tbsRequest TBSRequest, 146 * tbsRequest TBSRequest,
151 * optionalSignature [0] EXPLICIT Signature OPTIONAL } 147 * optionalSignature [0] EXPLICIT Signature OPTIONAL }
152 */ 148 */
153typedef struct ocsp_request_st 149typedef struct ocsp_request_st {
154 {
155 OCSP_REQINFO *tbsRequest; 150 OCSP_REQINFO *tbsRequest;
156 OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ 151 OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
157 } OCSP_REQUEST; 152} OCSP_REQUEST;
158 153
159/* OCSPResponseStatus ::= ENUMERATED { 154/* OCSPResponseStatus ::= ENUMERATED {
160 * successful (0), --Response has valid confirmations 155 * successful (0), --Response has valid confirmations
@@ -166,32 +161,30 @@ typedef struct ocsp_request_st
166 * unauthorized (6) --Request unauthorized 161 * unauthorized (6) --Request unauthorized
167 * } 162 * }
168 */ 163 */
169#define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 164#define OCSP_RESPONSE_STATUS_SUCCESSFUL 0
170#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 165#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1
171#define OCSP_RESPONSE_STATUS_INTERNALERROR 2 166#define OCSP_RESPONSE_STATUS_INTERNALERROR 2
172#define OCSP_RESPONSE_STATUS_TRYLATER 3 167#define OCSP_RESPONSE_STATUS_TRYLATER 3
173#define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 168#define OCSP_RESPONSE_STATUS_SIGREQUIRED 5
174#define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 169#define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6
175 170
176/* ResponseBytes ::= SEQUENCE { 171/* ResponseBytes ::= SEQUENCE {
177 * responseType OBJECT IDENTIFIER, 172 * responseType OBJECT IDENTIFIER,
178 * response OCTET STRING } 173 * response OCTET STRING }
179 */ 174 */
180typedef struct ocsp_resp_bytes_st 175typedef struct ocsp_resp_bytes_st {
181 {
182 ASN1_OBJECT *responseType; 176 ASN1_OBJECT *responseType;
183 ASN1_OCTET_STRING *response; 177 ASN1_OCTET_STRING *response;
184 } OCSP_RESPBYTES; 178} OCSP_RESPBYTES;
185 179
186/* OCSPResponse ::= SEQUENCE { 180/* OCSPResponse ::= SEQUENCE {
187 * responseStatus OCSPResponseStatus, 181 * responseStatus OCSPResponseStatus,
188 * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } 182 * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
189 */ 183 */
190struct ocsp_response_st 184struct ocsp_response_st {
191 {
192 ASN1_ENUMERATED *responseStatus; 185 ASN1_ENUMERATED *responseStatus;
193 OCSP_RESPBYTES *responseBytes; 186 OCSP_RESPBYTES *responseBytes;
194 }; 187};
195 188
196/* ResponderID ::= CHOICE { 189/* ResponderID ::= CHOICE {
197 * byName [1] Name, 190 * byName [1] Name,
@@ -199,14 +192,13 @@ struct ocsp_response_st
199 */ 192 */
200#define V_OCSP_RESPID_NAME 0 193#define V_OCSP_RESPID_NAME 0
201#define V_OCSP_RESPID_KEY 1 194#define V_OCSP_RESPID_KEY 1
202struct ocsp_responder_id_st 195struct ocsp_responder_id_st {
203 {
204 int type; 196 int type;
205 union { 197 union {
206 X509_NAME* byName; 198 X509_NAME* byName;
207 ASN1_OCTET_STRING *byKey; 199 ASN1_OCTET_STRING *byKey;
208 } value; 200 } value;
209 }; 201};
210 202
211DECLARE_STACK_OF(OCSP_RESPID) 203DECLARE_STACK_OF(OCSP_RESPID)
212DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) 204DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
@@ -219,11 +211,10 @@ DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
219 * revocationTime GeneralizedTime, 211 * revocationTime GeneralizedTime,
220 * revocationReason [0] EXPLICIT CRLReason OPTIONAL } 212 * revocationReason [0] EXPLICIT CRLReason OPTIONAL }
221 */ 213 */
222typedef struct ocsp_revoked_info_st 214typedef struct ocsp_revoked_info_st {
223 {
224 ASN1_GENERALIZEDTIME *revocationTime; 215 ASN1_GENERALIZEDTIME *revocationTime;
225 ASN1_ENUMERATED *revocationReason; 216 ASN1_ENUMERATED *revocationReason;
226 } OCSP_REVOKEDINFO; 217} OCSP_REVOKEDINFO;
227 218
228/* CertStatus ::= CHOICE { 219/* CertStatus ::= CHOICE {
229 * good [0] IMPLICIT NULL, 220 * good [0] IMPLICIT NULL,
@@ -233,15 +224,14 @@ typedef struct ocsp_revoked_info_st
233#define V_OCSP_CERTSTATUS_GOOD 0 224#define V_OCSP_CERTSTATUS_GOOD 0
234#define V_OCSP_CERTSTATUS_REVOKED 1 225#define V_OCSP_CERTSTATUS_REVOKED 1
235#define V_OCSP_CERTSTATUS_UNKNOWN 2 226#define V_OCSP_CERTSTATUS_UNKNOWN 2
236typedef struct ocsp_cert_status_st 227typedef struct ocsp_cert_status_st {
237 {
238 int type; 228 int type;
239 union { 229 union {
240 ASN1_NULL *good; 230 ASN1_NULL *good;
241 OCSP_REVOKEDINFO *revoked; 231 OCSP_REVOKEDINFO *revoked;
242 ASN1_NULL *unknown; 232 ASN1_NULL *unknown;
243 } value; 233 } value;
244 } OCSP_CERTSTATUS; 234} OCSP_CERTSTATUS;
245 235
246/* SingleResponse ::= SEQUENCE { 236/* SingleResponse ::= SEQUENCE {
247 * certID CertID, 237 * certID CertID,
@@ -250,14 +240,13 @@ typedef struct ocsp_cert_status_st
250 * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, 240 * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
251 * singleExtensions [1] EXPLICIT Extensions OPTIONAL } 241 * singleExtensions [1] EXPLICIT Extensions OPTIONAL }
252 */ 242 */
253typedef struct ocsp_single_response_st 243typedef struct ocsp_single_response_st {
254 {
255 OCSP_CERTID *certId; 244 OCSP_CERTID *certId;
256 OCSP_CERTSTATUS *certStatus; 245 OCSP_CERTSTATUS *certStatus;
257 ASN1_GENERALIZEDTIME *thisUpdate; 246 ASN1_GENERALIZEDTIME *thisUpdate;
258 ASN1_GENERALIZEDTIME *nextUpdate; 247 ASN1_GENERALIZEDTIME *nextUpdate;
259 STACK_OF(X509_EXTENSION) *singleExtensions; 248 STACK_OF(X509_EXTENSION) *singleExtensions;
260 } OCSP_SINGLERESP; 249} OCSP_SINGLERESP;
261 250
262DECLARE_STACK_OF(OCSP_SINGLERESP) 251DECLARE_STACK_OF(OCSP_SINGLERESP)
263DECLARE_ASN1_SET_OF(OCSP_SINGLERESP) 252DECLARE_ASN1_SET_OF(OCSP_SINGLERESP)
@@ -269,14 +258,13 @@ DECLARE_ASN1_SET_OF(OCSP_SINGLERESP)
269 * responses SEQUENCE OF SingleResponse, 258 * responses SEQUENCE OF SingleResponse,
270 * responseExtensions [1] EXPLICIT Extensions OPTIONAL } 259 * responseExtensions [1] EXPLICIT Extensions OPTIONAL }
271 */ 260 */
272typedef struct ocsp_response_data_st 261typedef struct ocsp_response_data_st {
273 {
274 ASN1_INTEGER *version; 262 ASN1_INTEGER *version;
275 OCSP_RESPID *responderId; 263 OCSP_RESPID *responderId;
276 ASN1_GENERALIZEDTIME *producedAt; 264 ASN1_GENERALIZEDTIME *producedAt;
277 STACK_OF(OCSP_SINGLERESP) *responses; 265 STACK_OF(OCSP_SINGLERESP) *responses;
278 STACK_OF(X509_EXTENSION) *responseExtensions; 266 STACK_OF(X509_EXTENSION) *responseExtensions;
279 } OCSP_RESPDATA; 267} OCSP_RESPDATA;
280 268
281/* BasicOCSPResponse ::= SEQUENCE { 269/* BasicOCSPResponse ::= SEQUENCE {
282 * tbsResponseData ResponseData, 270 * tbsResponseData ResponseData,
@@ -300,13 +288,12 @@ typedef struct ocsp_response_data_st
300 that it doesn't do the double hashing that the RFC seems to say one 288 that it doesn't do the double hashing that the RFC seems to say one
301 should. Therefore, all relevant functions take a flag saying which 289 should. Therefore, all relevant functions take a flag saying which
302 variant should be used. -- Richard Levitte, OpenSSL team and CeloCom */ 290 variant should be used. -- Richard Levitte, OpenSSL team and CeloCom */
303typedef struct ocsp_basic_response_st 291typedef struct ocsp_basic_response_st {
304 {
305 OCSP_RESPDATA *tbsResponseData; 292 OCSP_RESPDATA *tbsResponseData;
306 X509_ALGOR *signatureAlgorithm; 293 X509_ALGOR *signatureAlgorithm;
307 ASN1_BIT_STRING *signature; 294 ASN1_BIT_STRING *signature;
308 STACK_OF(X509) *certs; 295 STACK_OF(X509) *certs;
309 } OCSP_BASICRESP; 296} OCSP_BASICRESP;
310 297
311/* 298/*
312 * CRLReason ::= ENUMERATED { 299 * CRLReason ::= ENUMERATED {
@@ -319,164 +306,159 @@ typedef struct ocsp_basic_response_st
319 * certificateHold (6), 306 * certificateHold (6),
320 * removeFromCRL (8) } 307 * removeFromCRL (8) }
321 */ 308 */
322#define OCSP_REVOKED_STATUS_NOSTATUS -1 309#define OCSP_REVOKED_STATUS_NOSTATUS -1
323#define OCSP_REVOKED_STATUS_UNSPECIFIED 0 310#define OCSP_REVOKED_STATUS_UNSPECIFIED 0
324#define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 311#define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1
325#define OCSP_REVOKED_STATUS_CACOMPROMISE 2 312#define OCSP_REVOKED_STATUS_CACOMPROMISE 2
326#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 313#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3
327#define OCSP_REVOKED_STATUS_SUPERSEDED 4 314#define OCSP_REVOKED_STATUS_SUPERSEDED 4
328#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 315#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5
329#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 316#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6
330#define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 317#define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8
331 318
332/* CrlID ::= SEQUENCE { 319/* CrlID ::= SEQUENCE {
333 * crlUrl [0] EXPLICIT IA5String OPTIONAL, 320 * crlUrl [0] EXPLICIT IA5String OPTIONAL,
334 * crlNum [1] EXPLICIT INTEGER OPTIONAL, 321 * crlNum [1] EXPLICIT INTEGER OPTIONAL,
335 * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } 322 * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL }
336 */ 323 */
337typedef struct ocsp_crl_id_st 324typedef struct ocsp_crl_id_st {
338 {
339 ASN1_IA5STRING *crlUrl; 325 ASN1_IA5STRING *crlUrl;
340 ASN1_INTEGER *crlNum; 326 ASN1_INTEGER *crlNum;
341 ASN1_GENERALIZEDTIME *crlTime; 327 ASN1_GENERALIZEDTIME *crlTime;
342 } OCSP_CRLID; 328} OCSP_CRLID;
343 329
344/* ServiceLocator ::= SEQUENCE { 330/* ServiceLocator ::= SEQUENCE {
345 * issuer Name, 331 * issuer Name,
346 * locator AuthorityInfoAccessSyntax OPTIONAL } 332 * locator AuthorityInfoAccessSyntax OPTIONAL }
347 */ 333 */
348typedef struct ocsp_service_locator_st 334typedef struct ocsp_service_locator_st {
349 {
350 X509_NAME* issuer; 335 X509_NAME* issuer;
351 STACK_OF(ACCESS_DESCRIPTION) *locator; 336 STACK_OF(ACCESS_DESCRIPTION) *locator;
352 } OCSP_SERVICELOC; 337} OCSP_SERVICELOC;
353 338
354#define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" 339#define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
355#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" 340#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
356 341
357#define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p) 342#define d2i_OCSP_REQUEST_bio(bp,p) \
343 ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p)
358 344
359#define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p) 345#define d2i_OCSP_RESPONSE_bio(bp,p) \
346 ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p)
360 347
361#define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ 348#define PEM_read_bio_OCSP_REQUEST(bp,x,cb) \
362 (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL) 349 (OCSP_REQUEST *)PEM_ASN1_read_bio((char *(*)())d2i_OCSP_REQUEST, \
350 PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)
363 351
364#define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\ 352#define PEM_read_bio_OCSP_RESPONSE(bp,x,cb) \
365 (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL) 353 (OCSP_RESPONSE *)PEM_ASN1_read_bio((char *(*)())d2i_OCSP_RESPONSE, \
354 PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)
366 355
367#define PEM_write_bio_OCSP_REQUEST(bp,o) \ 356#define PEM_write_bio_OCSP_REQUEST(bp,o) \
368 PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\ 357 PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\
369 bp,(char *)o, NULL,NULL,0,NULL,NULL) 358 bp,(char *)o, NULL,NULL,0,NULL,NULL)
370 359
371#define PEM_write_bio_OCSP_RESPONSE(bp,o) \ 360#define PEM_write_bio_OCSP_RESPONSE(bp,o) \
372 PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ 361 PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
373 bp,(char *)o, NULL,NULL,0,NULL,NULL) 362 bp,(char *)o, NULL,NULL,0,NULL,NULL)
374 363
375#define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o) 364#define i2d_OCSP_RESPONSE_bio(bp,o) \
365 ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o)
376 366
377#define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) 367#define i2d_OCSP_REQUEST_bio(bp,o) \
368 ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o)
378 369
379#define OCSP_REQUEST_sign(o,pkey,md) \ 370#define OCSP_REQUEST_sign(o,pkey,md) \
380 ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ 371 ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO), \
381 o->optionalSignature->signatureAlgorithm,NULL,\ 372 o->optionalSignature->signatureAlgorithm,NULL, \
382 o->optionalSignature->signature,o->tbsRequest,pkey,md) 373 o->optionalSignature->signature,o->tbsRequest,pkey,md)
383 374
384#define OCSP_BASICRESP_sign(o,pkey,md,d) \ 375#define OCSP_BASICRESP_sign(o,pkey,md,d) \
385 ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\ 376 ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL, \
386 o->signature,o->tbsResponseData,pkey,md) 377 o->signature,o->tbsResponseData,pkey,md)
387 378
388#define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ 379#define OCSP_REQUEST_verify(a,r) \
389 a->optionalSignature->signatureAlgorithm,\ 380 ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO), \
381 a->optionalSignature->signatureAlgorithm, \
390 a->optionalSignature->signature,a->tbsRequest,r) 382 a->optionalSignature->signature,a->tbsRequest,r)
391 383
392#define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\ 384#define OCSP_BASICRESP_verify(a,r,d) \
385 ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA), \
393 a->signatureAlgorithm,a->signature,a->tbsResponseData,r) 386 a->signatureAlgorithm,a->signature,a->tbsResponseData,r)
394 387
395#define ASN1_BIT_STRING_digest(data,type,md,len) \ 388#define ASN1_BIT_STRING_digest(data,type,md,len) \
396 ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) 389 ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
397 390
398#define OCSP_CERTSTATUS_dup(cs)\ 391#define OCSP_CERTSTATUS_dup(cs)\
399 (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ 392 (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
400 (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) 393 (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
401 394
402OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id); 395OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);
403 396
404OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req); 397OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
405OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req, 398OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
406 int maxline); 399 int maxline);
407int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); 400int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
408void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); 401void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
409int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); 402int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
410int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, 403int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, const char *name,
411 const char *name, const char *value); 404 const char *value);
412 405
413OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer); 406OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
414 407
415OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, 408OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName,
416 X509_NAME *issuerName, 409 ASN1_BIT_STRING* issuerKey, ASN1_INTEGER *serialNumber);
417 ASN1_BIT_STRING* issuerKey,
418 ASN1_INTEGER *serialNumber);
419 410
420OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); 411OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
421 412
422int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); 413int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
423int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); 414int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);
424int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs); 415int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);
425int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); 416int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
426 417
427int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm); 418int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);
428int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); 419int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
429 420
430int OCSP_request_sign(OCSP_REQUEST *req, 421int OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key,
431 X509 *signer, 422 const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags);
432 EVP_PKEY *key,
433 const EVP_MD *dgst,
434 STACK_OF(X509) *certs,
435 unsigned long flags);
436 423
437int OCSP_response_status(OCSP_RESPONSE *resp); 424int OCSP_response_status(OCSP_RESPONSE *resp);
438OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); 425OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
439 426
440int OCSP_resp_count(OCSP_BASICRESP *bs); 427int OCSP_resp_count(OCSP_BASICRESP *bs);
441OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); 428OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
442int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); 429int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
443int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, 430int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
444 ASN1_GENERALIZEDTIME **revtime, 431 ASN1_GENERALIZEDTIME **revtime, ASN1_GENERALIZEDTIME **thisupd,
445 ASN1_GENERALIZEDTIME **thisupd, 432 ASN1_GENERALIZEDTIME **nextupd);
446 ASN1_GENERALIZEDTIME **nextupd); 433int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
447int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, 434 int *reason, ASN1_GENERALIZEDTIME **revtime,
448 int *reason, 435 ASN1_GENERALIZEDTIME **thisupd, ASN1_GENERALIZEDTIME **nextupd);
449 ASN1_GENERALIZEDTIME **revtime, 436int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
450 ASN1_GENERALIZEDTIME **thisupd, 437 ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec);
451 ASN1_GENERALIZEDTIME **nextupd); 438
452int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, 439int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
453 ASN1_GENERALIZEDTIME *nextupd, 440 X509_STORE *store, unsigned long flags);
454 long sec, long maxsec); 441
455 442int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath,
456int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags); 443 int *pssl);
457 444
458int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl); 445int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
459 446int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
460int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b); 447
461int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b); 448int OCSP_request_onereq_count(OCSP_REQUEST *req);
462
463int OCSP_request_onereq_count(OCSP_REQUEST *req);
464OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); 449OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
465OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one); 450OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one);
466int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, 451int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
467 ASN1_OCTET_STRING **pikeyHash, 452 ASN1_OCTET_STRING **pikeyHash, ASN1_INTEGER **pserial,
468 ASN1_INTEGER **pserial, OCSP_CERTID *cid); 453 OCSP_CERTID *cid);
469int OCSP_request_is_signed(OCSP_REQUEST *req); 454int OCSP_request_is_signed(OCSP_REQUEST *req);
470OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); 455OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
471OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, 456OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid,
472 OCSP_CERTID *cid, 457 int status, int reason, ASN1_TIME *revtime, ASN1_TIME *thisupd,
473 int status, int reason, 458 ASN1_TIME *nextupd);
474 ASN1_TIME *revtime, 459int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
475 ASN1_TIME *thisupd, ASN1_TIME *nextupd); 460int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,
476int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); 461 const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags);
477int OCSP_basic_sign(OCSP_BASICRESP *brsp,
478 X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
479 STACK_OF(X509) *certs, unsigned long flags);
480 462
481X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim); 463X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
482 464
@@ -486,49 +468,60 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char* tim);
486 468
487X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls); 469X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls);
488 470
489int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x); 471int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);
490int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); 472int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);
491int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos); 473int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj,
492int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos); 474 int lastpos);
475int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit,
476 int lastpos);
493X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc); 477X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc);
494X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc); 478X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc);
495void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx); 479void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx);
496int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, 480int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value,
497 unsigned long flags); 481 int crit, unsigned long flags);
498int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc); 482int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc);
499 483
500int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x); 484int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);
501int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos); 485int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);
502int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos); 486int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj,
503int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos); 487 int lastpos);
488int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);
504X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc); 489X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);
505X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc); 490X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc);
506void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx); 491void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx);
507int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, 492int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
508 unsigned long flags); 493 unsigned long flags);
509int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc); 494int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc);
510 495
511int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x); 496int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);
512int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos); 497int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);
513int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos); 498int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj,
514int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos); 499 int lastpos);
500int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
501 int lastpos);
515X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc); 502X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc);
516X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc); 503X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc);
517void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx); 504void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit,
518int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit, 505 int *idx);
519 unsigned long flags); 506int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value,
520int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc); 507 int crit, unsigned long flags);
521 508int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc);
522int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x); 509
523int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos); 510int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);
524int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos); 511int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid,
525int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos); 512 int lastpos);
513int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj,
514 int lastpos);
515int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit,
516 int lastpos);
526X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc); 517X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);
527X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc); 518X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc);
528void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx); 519void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit,
529int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit, 520 int *idx);
530 unsigned long flags); 521int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value,
531int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc); 522 int crit, unsigned long flags);
523int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex,
524 int loc);
532 525
533DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP) 526DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
534DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS) 527DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
@@ -550,11 +543,11 @@ const char *OCSP_response_status_str(long s);
550const char *OCSP_cert_status_str(long s); 543const char *OCSP_cert_status_str(long s);
551const char *OCSP_crl_reason_str(long s); 544const char *OCSP_crl_reason_str(long s);
552 545
553int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags); 546int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);
554int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags); 547int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);
555 548
556int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, 549int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
557 X509_STORE *st, unsigned long flags); 550 X509_STORE *st, unsigned long flags);
558 551
559/* BEGIN ERROR CODES */ 552/* BEGIN ERROR CODES */
560/* The following lines are auto generated by the script mkerr.pl. Any changes 553/* The following lines are auto generated by the script mkerr.pl. Any changes
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 10:57:16 +0000