1 files changed, 0 insertions, 291 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp_local.h b/src/lib/libcrypto/ocsp/ocsp_local.h
deleted file mode 100644
index bd933b1915..0000000000
--- a/src/lib/libcrypto/ocsp/ocsp_local.h
+++ /dev/null
@@ -1,291 +0,0 @@
-/* $OpenBSD: ocsp_local.h,v 1.2 2022/01/14 08:32:26 tb Exp $ */
-/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
- * project. */
-/* History:
-   This file was transfered to Richard Levitte from CertCo by Kathy
-   Weinhold in mid-spring 2000 to be included in OpenSSL or released
-   as a patch kit. */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef HEADER_OCSP_LOCAL_H
-#define HEADER_OCSP_LOCAL_H
-__BEGIN_HIDDEN_DECLS
-/*   CertID ::= SEQUENCE {
- *       hashAlgorithm            AlgorithmIdentifier,
- *       issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
- *       issuerKeyHash      OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)
- *       serialNumber       CertificateSerialNumber }
- */
-struct ocsp_cert_id_st {
-        X509_ALGOR *hashAlgorithm;
-        ASN1_OCTET_STRING *issuerNameHash;
-        ASN1_OCTET_STRING *issuerKeyHash;
-        ASN1_INTEGER *serialNumber;
-} /* OCSP_CERTID */;
-/*   Request ::=     SEQUENCE {
- *       reqCert                    CertID,
- *       singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
- */
-struct ocsp_one_request_st {
-        OCSP_CERTID *reqCert;
-        STACK_OF(X509_EXTENSION) *singleRequestExtensions;
-} /* OCSP_ONEREQ */;
-/*   TBSRequest      ::=     SEQUENCE {
- *       version             [0] EXPLICIT Version DEFAULT v1,
- *       requestorName       [1] EXPLICIT GeneralName OPTIONAL,
- *       requestList             SEQUENCE OF Request,
- *       requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
- */
-struct ocsp_req_info_st {
-        ASN1_INTEGER *version;
-        GENERAL_NAME *requestorName;
-        STACK_OF(OCSP_ONEREQ) *requestList;
-        STACK_OF(X509_EXTENSION) *requestExtensions;
-} /* OCSP_REQINFO */;
-/*   Signature       ::=     SEQUENCE {
- *       signatureAlgorithm   AlgorithmIdentifier,
- *       signature            BIT STRING,
- *       certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
- */
-struct ocsp_signature_st {
-        X509_ALGOR *signatureAlgorithm;
-        ASN1_BIT_STRING *signature;
-        STACK_OF(X509) *certs;
-} /* OCSP_SIGNATURE */;
-/*   OCSPRequest     ::=     SEQUENCE {
- *       tbsRequest                  TBSRequest,
- *       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
- */
-struct ocsp_request_st {
-        OCSP_REQINFO *tbsRequest;
-        OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
-} /* OCSP_REQUEST */;
-/*   OCSPResponseStatus ::= ENUMERATED {
- *       successful            (0),      --Response has valid confirmations
- *       malformedRequest      (1),      --Illegal confirmation request
- *       internalError         (2),      --Internal error in issuer
- *       tryLater              (3),      --Try again later
- *                                       --(4) is not used
- *       sigRequired           (5),      --Must sign the request
- *       unauthorized          (6)       --Request unauthorized
- *   }
- */
-/*   ResponseBytes ::=       SEQUENCE {
- *       responseType   OBJECT IDENTIFIER,
- *       response       OCTET STRING }
- */
-struct ocsp_resp_bytes_st {
-        ASN1_OBJECT *responseType;
-        ASN1_OCTET_STRING *response;
-} /* OCSP_RESPBYTES */;
-/*   OCSPResponse ::= SEQUENCE {
- *      responseStatus         OCSPResponseStatus,
- *      responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
- */
-struct ocsp_response_st {
-        ASN1_ENUMERATED *responseStatus;
-        OCSP_RESPBYTES  *responseBytes;
-};
-/*   ResponderID ::= CHOICE {
- *      byName   [1] Name,
- *      byKey    [2] KeyHash }
- */
-struct ocsp_responder_id_st {
-        int type;
-        union {
-                X509_NAME* byName;
-                ASN1_OCTET_STRING *byKey;
-        } value;
-};
-/*   KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
- *                            --(excluding the tag and length fields)
- */
-/*   RevokedInfo ::= SEQUENCE {
- *       revocationTime              GeneralizedTime,
- *       revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
- */
-struct ocsp_revoked_info_st {
-        ASN1_GENERALIZEDTIME *revocationTime;
-        ASN1_ENUMERATED *revocationReason;
-} /* OCSP_REVOKEDINFO */;
-/*   CertStatus ::= CHOICE {
- *       good                [0]     IMPLICIT NULL,
- *       revoked             [1]     IMPLICIT RevokedInfo,
- *       unknown             [2]     IMPLICIT UnknownInfo }
- */
-struct ocsp_cert_status_st {
-        int type;
-        union {
-                ASN1_NULL *good;
-                OCSP_REVOKEDINFO *revoked;
-                ASN1_NULL *unknown;
-        } value;
-} /* OCSP_CERTSTATUS */;
-/*   SingleResponse ::= SEQUENCE {
- *      certID                       CertID,
- *      certStatus                   CertStatus,
- *      thisUpdate                   GeneralizedTime,
- *      nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
- *      singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
- */
-struct ocsp_single_response_st {
-        OCSP_CERTID *certId;
-        OCSP_CERTSTATUS *certStatus;
-        ASN1_GENERALIZEDTIME *thisUpdate;
-        ASN1_GENERALIZEDTIME *nextUpdate;
-        STACK_OF(X509_EXTENSION) *singleExtensions;
-} /* OCSP_SINGLERESP */;
-/*   ResponseData ::= SEQUENCE {
- *      version              [0] EXPLICIT Version DEFAULT v1,
- *      responderID              ResponderID,
- *      producedAt               GeneralizedTime,
- *      responses                SEQUENCE OF SingleResponse,
- *      responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
- */
-struct ocsp_response_data_st {
-        ASN1_INTEGER *version;
-        OCSP_RESPID  *responderId;
-        ASN1_GENERALIZEDTIME *producedAt;
-        STACK_OF(OCSP_SINGLERESP) *responses;
-        STACK_OF(X509_EXTENSION) *responseExtensions;
-} /* OCSP_RESPDATA */;
-/*   BasicOCSPResponse       ::= SEQUENCE {
- *      tbsResponseData      ResponseData,
- *      signatureAlgorithm   AlgorithmIdentifier,
- *      signature            BIT STRING,
- *      certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
- */
-  /* Note 1:
-     The value for "signature" is specified in the OCSP rfc2560 as follows:
-     "The value for the signature SHALL be computed on the hash of the DER
-     encoding ResponseData."  This means that you must hash the DER-encoded
-     tbsResponseData, and then run it through a crypto-signing function, which
-     will (at least w/RSA) do a hash-'n'-private-encrypt operation.  This seems
-     a bit odd, but that's the spec.  Also note that the data structures do not
-     leave anywhere to independently specify the algorithm used for the initial
-     hash. So, we look at the signature-specification algorithm, and try to do
-     something intelligent.     -- Kathy Weinhold, CertCo */
-  /* Note 2:
-     It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open
-     for interpretation.  I've done tests against another responder, and found
-     that it doesn't do the double hashing that the RFC seems to say one
-     should.  Therefore, all relevant functions take a flag saying which
-     variant should be used.    -- Richard Levitte, OpenSSL team and CeloCom */
-struct ocsp_basic_response_st {
-        OCSP_RESPDATA *tbsResponseData;
-        X509_ALGOR *signatureAlgorithm;
-        ASN1_BIT_STRING *signature;
-        STACK_OF(X509) *certs;
-} /* OCSP_BASICRESP */;
-/* CrlID ::= SEQUENCE {
- *     crlUrl               [0]     EXPLICIT IA5String OPTIONAL,
- *     crlNum               [1]     EXPLICIT INTEGER OPTIONAL,
- *     crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }
- */
-struct ocsp_crl_id_st {
-        ASN1_IA5STRING *crlUrl;
-        ASN1_INTEGER *crlNum;
-        ASN1_GENERALIZEDTIME *crlTime;
-} /* OCSP_CRLID */;
-/* ServiceLocator ::= SEQUENCE {
- *      issuer    Name,
- *      locator   AuthorityInfoAccessSyntax OPTIONAL }
- */
-struct ocsp_service_locator_st {
-        X509_NAME* issuer;
-        STACK_OF(ACCESS_DESCRIPTION) *locator;
-} /* OCSP_SERVICELOC */;
-#define OCSP_REQUEST_sign(o,pkey,md) \
-    ASN1_item_sign(&OCSP_REQINFO_it, \
-        (o)->optionalSignature->signatureAlgorithm, NULL, \
-        (o)->optionalSignature->signature,o->tbsRequest, (pkey), (md))
-#define OCSP_BASICRESP_sign(o,pkey,md,d) \
-    ASN1_item_sign(&OCSP_RESPDATA_it,o->signatureAlgorithm,NULL, \
-        (o)->signature,(o)->tbsResponseData,(pkey),(md))
-#define OCSP_REQUEST_verify(a,r) \
-    ASN1_item_verify(&OCSP_REQINFO_it, \
-        (a)->optionalSignature->signatureAlgorithm, \
-        (a)->optionalSignature->signature, (a)->tbsRequest, (r))
-#define OCSP_BASICRESP_verify(a,r,d) \
-    ASN1_item_verify(&OCSP_RESPDATA_it, \
-        (a)->signatureAlgorithm, (a)->signature, (a)->tbsResponseData, (r))
-__END_HIDDEN_DECLS
-#endif /* !HEADER_OCSP_LOCAL_H */

diff --git a/src/lib/libcrypto/ocsp/ocsp_local.h b/src/lib/libcrypto/ocsp/ocsp_local.h deleted file mode 100644 index bd933b1915..0000000000 --- a/src/lib/libcrypto/ocsp/ocsp_local.h +++ /dev/null
@@ -1,291 +0,0 @@
1	/* $OpenBSD: ocsp_local.h,v 1.2 2022/01/14 08:32:26 tb Exp $ */
2	/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
3	* project. */
4
5	/* History:
6	This file was transfered to Richard Levitte from CertCo by Kathy
7	Weinhold in mid-spring 2000 to be included in OpenSSL or released
8	as a patch kit. */
9
10	/* ====================================================================
11	* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
12	*
13	* Redistribution and use in source and binary forms, with or without
14	* modification, are permitted provided that the following conditions
15	* are met:
16	*
17	* 1. Redistributions of source code must retain the above copyright
18	* notice, this list of conditions and the following disclaimer.
19	*
20	* 2. Redistributions in binary form must reproduce the above copyright
21	* notice, this list of conditions and the following disclaimer in
22	* the documentation and/or other materials provided with the
23	* distribution.
24	*
25	* 3. All advertising materials mentioning features or use of this
26	* software must display the following acknowledgment:
27	* "This product includes software developed by the OpenSSL Project
28	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
29	*
30	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
31	* endorse or promote products derived from this software without
32	* prior written permission. For written permission, please contact
33	* openssl-core@openssl.org.
34	*
35	* 5. Products derived from this software may not be called "OpenSSL"
36	* nor may "OpenSSL" appear in their names without prior written
37	* permission of the OpenSSL Project.
38	*
39	* 6. Redistributions of any form whatsoever must retain the following
40	* acknowledgment:
41	* "This product includes software developed by the OpenSSL Project
42	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
43	*
44	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
45	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
46	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
47	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
48	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
49	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
50	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
51	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
53	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
54	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
55	* OF THE POSSIBILITY OF SUCH DAMAGE.
56	* ====================================================================
57	*
58	* This product includes cryptographic software written by Eric Young
59	* (eay@cryptsoft.com). This product includes software written by Tim
60	* Hudson (tjh@cryptsoft.com).
61	*
62	*/
63
64	#ifndef HEADER_OCSP_LOCAL_H
65	#define HEADER_OCSP_LOCAL_H
66
67	__BEGIN_HIDDEN_DECLS
68
69	/* CertID ::= SEQUENCE {
70	* hashAlgorithm AlgorithmIdentifier,
71	* issuerNameHash OCTET STRING, -- Hash of Issuer's DN
72	* issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)
73	* serialNumber CertificateSerialNumber }
74	*/
75	struct ocsp_cert_id_st {
76	X509_ALGOR *hashAlgorithm;
77	ASN1_OCTET_STRING *issuerNameHash;
78	ASN1_OCTET_STRING *issuerKeyHash;
79	ASN1_INTEGER *serialNumber;
80	} /* OCSP_CERTID */;
81
82	/* Request ::= SEQUENCE {
83	* reqCert CertID,
84	* singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
85	*/
86	struct ocsp_one_request_st {
87	OCSP_CERTID *reqCert;
88	STACK_OF(X509_EXTENSION) *singleRequestExtensions;
89	} /* OCSP_ONEREQ */;
90
91	/* TBSRequest ::= SEQUENCE {
92	* version [0] EXPLICIT Version DEFAULT v1,
93	* requestorName [1] EXPLICIT GeneralName OPTIONAL,
94	* requestList SEQUENCE OF Request,
95	* requestExtensions [2] EXPLICIT Extensions OPTIONAL }
96	*/
97	struct ocsp_req_info_st {
98	ASN1_INTEGER *version;
99	GENERAL_NAME *requestorName;
100	STACK_OF(OCSP_ONEREQ) *requestList;
101	STACK_OF(X509_EXTENSION) *requestExtensions;
102	} /* OCSP_REQINFO */;
103
104	/* Signature ::= SEQUENCE {
105	* signatureAlgorithm AlgorithmIdentifier,
106	* signature BIT STRING,
107	* certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
108	*/
109	struct ocsp_signature_st {
110	X509_ALGOR *signatureAlgorithm;
111	ASN1_BIT_STRING *signature;
112	STACK_OF(X509) *certs;
113	} /* OCSP_SIGNATURE */;
114
115	/* OCSPRequest ::= SEQUENCE {
116	* tbsRequest TBSRequest,
117	* optionalSignature [0] EXPLICIT Signature OPTIONAL }
118	*/
119	struct ocsp_request_st {
120	OCSP_REQINFO *tbsRequest;
121	OCSP_SIGNATURE optionalSignature; / OPTIONAL */
122	} /* OCSP_REQUEST */;
123
124	/* OCSPResponseStatus ::= ENUMERATED {
125	* successful (0), --Response has valid confirmations
126	* malformedRequest (1), --Illegal confirmation request
127	* internalError (2), --Internal error in issuer
128	* tryLater (3), --Try again later
129	* --(4) is not used
130	* sigRequired (5), --Must sign the request
131	* unauthorized (6) --Request unauthorized
132	* }
133	*/
134
135	/* ResponseBytes ::= SEQUENCE {
136	* responseType OBJECT IDENTIFIER,
137	* response OCTET STRING }
138	*/
139	struct ocsp_resp_bytes_st {
140	ASN1_OBJECT *responseType;
141	ASN1_OCTET_STRING *response;
142	} /* OCSP_RESPBYTES */;
143
144	/* OCSPResponse ::= SEQUENCE {
145	* responseStatus OCSPResponseStatus,
146	* responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
147	*/
148	struct ocsp_response_st {
149	ASN1_ENUMERATED *responseStatus;
150	OCSP_RESPBYTES *responseBytes;
151	};
152
153	/* ResponderID ::= CHOICE {
154	* byName [1] Name,
155	* byKey [2] KeyHash }
156	*/
157	struct ocsp_responder_id_st {
158	int type;
159	union {
160	X509_NAME* byName;
161	ASN1_OCTET_STRING *byKey;
162	} value;
163	};
164
165	/* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
166	* --(excluding the tag and length fields)
167	*/
168
169	/* RevokedInfo ::= SEQUENCE {
170	* revocationTime GeneralizedTime,
171	* revocationReason [0] EXPLICIT CRLReason OPTIONAL }
172	*/
173	struct ocsp_revoked_info_st {
174	ASN1_GENERALIZEDTIME *revocationTime;
175	ASN1_ENUMERATED *revocationReason;
176	} /* OCSP_REVOKEDINFO */;
177
178	/* CertStatus ::= CHOICE {
179	* good [0] IMPLICIT NULL,
180	* revoked [1] IMPLICIT RevokedInfo,
181	* unknown [2] IMPLICIT UnknownInfo }
182	*/
183	struct ocsp_cert_status_st {
184	int type;
185	union {
186	ASN1_NULL *good;
187	OCSP_REVOKEDINFO *revoked;
188	ASN1_NULL *unknown;
189	} value;
190	} /* OCSP_CERTSTATUS */;
191
192	/* SingleResponse ::= SEQUENCE {
193	* certID CertID,
194	* certStatus CertStatus,
195	* thisUpdate GeneralizedTime,
196	* nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
197	* singleExtensions [1] EXPLICIT Extensions OPTIONAL }
198	*/
199	struct ocsp_single_response_st {
200	OCSP_CERTID *certId;
201	OCSP_CERTSTATUS *certStatus;
202	ASN1_GENERALIZEDTIME *thisUpdate;
203	ASN1_GENERALIZEDTIME *nextUpdate;
204	STACK_OF(X509_EXTENSION) *singleExtensions;
205	} /* OCSP_SINGLERESP */;
206
207	/* ResponseData ::= SEQUENCE {
208	* version [0] EXPLICIT Version DEFAULT v1,
209	* responderID ResponderID,
210	* producedAt GeneralizedTime,
211	* responses SEQUENCE OF SingleResponse,
212	* responseExtensions [1] EXPLICIT Extensions OPTIONAL }
213	*/
214	struct ocsp_response_data_st {
215	ASN1_INTEGER *version;
216	OCSP_RESPID *responderId;
217	ASN1_GENERALIZEDTIME *producedAt;
218	STACK_OF(OCSP_SINGLERESP) *responses;
219	STACK_OF(X509_EXTENSION) *responseExtensions;
220	} /* OCSP_RESPDATA */;
221
222	/* BasicOCSPResponse ::= SEQUENCE {
223	* tbsResponseData ResponseData,
224	* signatureAlgorithm AlgorithmIdentifier,
225	* signature BIT STRING,
226	* certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
227	*/
228	/* Note 1:
229	The value for "signature" is specified in the OCSP rfc2560 as follows:
230	"The value for the signature SHALL be computed on the hash of the DER
231	encoding ResponseData." This means that you must hash the DER-encoded
232	tbsResponseData, and then run it through a crypto-signing function, which
233	will (at least w/RSA) do a hash-'n'-private-encrypt operation. This seems
234	a bit odd, but that's the spec. Also note that the data structures do not
235	leave anywhere to independently specify the algorithm used for the initial
236	hash. So, we look at the signature-specification algorithm, and try to do
237	something intelligent. -- Kathy Weinhold, CertCo */
238	/* Note 2:
239	It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open
240	for interpretation. I've done tests against another responder, and found
241	that it doesn't do the double hashing that the RFC seems to say one
242	should. Therefore, all relevant functions take a flag saying which
243	variant should be used. -- Richard Levitte, OpenSSL team and CeloCom */
244	struct ocsp_basic_response_st {
245	OCSP_RESPDATA *tbsResponseData;
246	X509_ALGOR *signatureAlgorithm;
247	ASN1_BIT_STRING *signature;
248	STACK_OF(X509) *certs;
249	} /* OCSP_BASICRESP */;
250
251	/* CrlID ::= SEQUENCE {
252	* crlUrl [0] EXPLICIT IA5String OPTIONAL,
253	* crlNum [1] EXPLICIT INTEGER OPTIONAL,
254	* crlTime [2] EXPLICIT GeneralizedTime OPTIONAL }
255	*/
256	struct ocsp_crl_id_st {
257	ASN1_IA5STRING *crlUrl;
258	ASN1_INTEGER *crlNum;
259	ASN1_GENERALIZEDTIME *crlTime;
260	} /* OCSP_CRLID */;
261
262	/* ServiceLocator ::= SEQUENCE {
263	* issuer Name,
264	* locator AuthorityInfoAccessSyntax OPTIONAL }
265	*/
266	struct ocsp_service_locator_st {
267	X509_NAME* issuer;
268	STACK_OF(ACCESS_DESCRIPTION) *locator;
269	} /* OCSP_SERVICELOC */;
270
271	#define OCSP_REQUEST_sign(o,pkey,md) \
272	ASN1_item_sign(&OCSP_REQINFO_it, \
273	(o)->optionalSignature->signatureAlgorithm, NULL, \
274	(o)->optionalSignature->signature,o->tbsRequest, (pkey), (md))
275
276	#define OCSP_BASICRESP_sign(o,pkey,md,d) \
277	ASN1_item_sign(&OCSP_RESPDATA_it,o->signatureAlgorithm,NULL, \
278	(o)->signature,(o)->tbsResponseData,(pkey),(md))
279
280	#define OCSP_REQUEST_verify(a,r) \
281	ASN1_item_verify(&OCSP_REQINFO_it, \
282	(a)->optionalSignature->signatureAlgorithm, \
283	(a)->optionalSignature->signature, (a)->tbsRequest, (r))
284
285	#define OCSP_BASICRESP_verify(a,r,d) \
286	ASN1_item_verify(&OCSP_RESPDATA_it, \
287	(a)->signatureAlgorithm, (a)->signature, (a)->tbsResponseData, (r))
288
289	__END_HIDDEN_DECLS
290
291	#endif /* !HEADER_OCSP_LOCAL_H */