1 files changed, 0 insertions, 316 deletions
diff --git a/src/lib/libcrypto/ts/ts_local.h b/src/lib/libcrypto/ts/ts_local.h
deleted file mode 100644
index 07c9861e02..0000000000
--- a/src/lib/libcrypto/ts/ts_local.h
+++ /dev/null
@@ -1,316 +0,0 @@
-/* $OpenBSD: ts_local.h,v 1.3 2022/11/26 17:23:18 tb Exp $ */
-/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL
- * project 2002, 2003, 2004.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef HEADER_TS_LOCAL_H
-#define HEADER_TS_LOCAL_H
-__BEGIN_HIDDEN_DECLS
-/*
- * MessageImprint ::= SEQUENCE  {
- *      hashAlgorithm                AlgorithmIdentifier,
- *      hashedMessage                OCTET STRING  }
- */
-struct TS_msg_imprint_st {
-        X509_ALGOR *hash_algo;
-        ASN1_OCTET_STRING *hashed_msg;
-};
-/*
- * TimeStampReq ::= SEQUENCE  {
- *    version                  INTEGER  { v1(1) },
- *    messageImprint           MessageImprint,
- *      --a hash algorithm OID and the hash value of the data to be
- *      --time-stamped
- *    reqPolicy                TSAPolicyId                OPTIONAL,
- *    nonce                    INTEGER                    OPTIONAL,
- *    certReq                  BOOLEAN                    DEFAULT FALSE,
- *    extensions               [0] IMPLICIT Extensions    OPTIONAL  }
- */
-struct TS_req_st {
-        ASN1_INTEGER *version;
-        TS_MSG_IMPRINT *msg_imprint;
-        ASN1_OBJECT *policy_id;         /* OPTIONAL */
-        ASN1_INTEGER *nonce;            /* OPTIONAL */
-        ASN1_BOOLEAN cert_req;          /* DEFAULT FALSE */
-        STACK_OF(X509_EXTENSION) *extensions;   /* [0] OPTIONAL */
-};
-/*
- * Accuracy ::= SEQUENCE {
- *                 seconds        INTEGER           OPTIONAL,
- *                 millis     [0] INTEGER  (1..999) OPTIONAL,
- *                 micros     [1] INTEGER  (1..999) OPTIONAL  }
- */
-struct TS_accuracy_st {
-        ASN1_INTEGER *seconds;
-        ASN1_INTEGER *millis;
-        ASN1_INTEGER *micros;
-};
-/*
- * TSTInfo ::= SEQUENCE  {
- *     version                      INTEGER  { v1(1) },
- *     policy                       TSAPolicyId,
- *     messageImprint               MessageImprint,
- *       -- MUST have the same value as the similar field in
- *       -- TimeStampReq
- *     serialNumber                 INTEGER,
- *      -- Time-Stamping users MUST be ready to accommodate integers
- *      -- up to 160 bits.
- *     genTime                      GeneralizedTime,
- *     accuracy                     Accuracy                 OPTIONAL,
- *     ordering                     BOOLEAN             DEFAULT FALSE,
- *     nonce                        INTEGER                  OPTIONAL,
- *       -- MUST be present if the similar field was present
- *       -- in TimeStampReq.  In that case it MUST have the same value.
- *     tsa                          [0] GeneralName          OPTIONAL,
- *     extensions                   [1] IMPLICIT Extensions  OPTIONAL   }
- */
-struct TS_tst_info_st {
-        ASN1_INTEGER *version;
-        ASN1_OBJECT *policy_id;
-        TS_MSG_IMPRINT *msg_imprint;
-        ASN1_INTEGER *serial;
-        ASN1_GENERALIZEDTIME *time;
-        TS_ACCURACY *accuracy;
-        ASN1_BOOLEAN ordering;
-        ASN1_INTEGER *nonce;
-        GENERAL_NAME *tsa;
-        STACK_OF(X509_EXTENSION) *extensions;
-};
-/*
- * PKIStatusInfo ::= SEQUENCE {
- *     status        PKIStatus,
- *     statusString  PKIFreeText     OPTIONAL,
- *     failInfo      PKIFailureInfo  OPTIONAL  }
- *
- * From RFC 1510 - section 3.1.1:
- * PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
- *      -- text encoded as UTF-8 String (note:  each UTF8String SHOULD
- *      -- include an RFC 1766 language tag to indicate the language
- *      -- of the contained text)
- */
-struct TS_status_info_st {
-        ASN1_INTEGER *status;
-        STACK_OF(ASN1_UTF8STRING) *text;
-        ASN1_BIT_STRING *failure_info;
-};
-/*
- * TimeStampResp ::= SEQUENCE  {
- *      status                  PKIStatusInfo,
- *      timeStampToken          TimeStampToken     OPTIONAL }
- */
-struct TS_resp_st {
-        TS_STATUS_INFO *status_info;
-        PKCS7 *token;
-        TS_TST_INFO *tst_info;
-};
-/* The structure below would belong to the ESS component. */
-/*
- * IssuerSerial ::= SEQUENCE {
- *      issuer                   GeneralNames,
- *      serialNumber             CertificateSerialNumber
- *      }
- */
-struct ESS_issuer_serial {
-        STACK_OF(GENERAL_NAME)  *issuer;
-        ASN1_INTEGER            *serial;
-};
-/*
- * ESSCertID ::=  SEQUENCE {
- *      certHash                 Hash,
- *      issuerSerial             IssuerSerial OPTIONAL
- * }
- */
-struct ESS_cert_id {
-        ASN1_OCTET_STRING *hash;        /* Always SHA-1 digest. */
-        ESS_ISSUER_SERIAL *issuer_serial;
-};
-/*
- * SigningCertificate ::=  SEQUENCE {
- *        certs        SEQUENCE OF ESSCertID,
- *        policies     SEQUENCE OF PolicyInformation OPTIONAL
- * }
- */
-struct ESS_signing_cert {
-        STACK_OF(ESS_CERT_ID) *cert_ids;
-        STACK_OF(POLICYINFO) *policy_info;
-};
-/*
- * ESSCertIDv2 ::=  SEQUENCE {
- *     hashAlgorithm           AlgorithmIdentifier
- *            DEFAULT {algorithm id-sha256},
- *     certHash                 Hash,
- *     issuerSerial             IssuerSerial OPTIONAL }
- */
-struct ESS_cert_id_v2 {
-        X509_ALGOR *hash_alg;   /* Default SHA-256. */
-        ASN1_OCTET_STRING *hash;
-        ESS_ISSUER_SERIAL *issuer_serial;
-};
-/*
- * SigningCertificateV2 ::=  SEQUENCE {
- *     certs        SEQUENCE OF ESSCertIDv2,
- *     policies     SEQUENCE OF PolicyInformation OPTIONAL }
- */
-struct ESS_signing_cert_v2 {
-        STACK_OF(ESS_CERT_ID_V2) *cert_ids;
-        STACK_OF(POLICYINFO) *policy_info;
-};
-struct TS_resp_ctx {
-        X509            *signer_cert;
-        EVP_PKEY        *signer_key;
-        STACK_OF(X509)  *certs; /* Certs to include in signed data. */
-        STACK_OF(ASN1_OBJECT)   *policies;      /* Acceptable policies. */
-        ASN1_OBJECT     *default_policy; /* It may appear in policies, too. */
-        STACK_OF(EVP_MD)        *mds;   /* Acceptable message digests. */
-        ASN1_INTEGER    *seconds;       /* accuracy, 0 means not specified. */
-        ASN1_INTEGER    *millis;        /* accuracy, 0 means not specified. */
-        ASN1_INTEGER    *micros;        /* accuracy, 0 means not specified. */
-        unsigned        clock_precision_digits; /* fraction of seconds in
-                                                   time stamp token. */
-        unsigned        flags;          /* Optional info, see values above. */
-        /* Callback functions. */
-        TS_serial_cb serial_cb;
-        void *serial_cb_data;   /* User data for serial_cb. */
-        TS_time_cb time_cb;
-        void *time_cb_data;     /* User data for time_cb. */
-        TS_extension_cb extension_cb;
-        void *extension_cb_data;        /* User data for extension_cb. */
-        /* These members are used only while creating the response. */
-        TS_REQ          *request;
-        TS_RESP         *response;
-        TS_TST_INFO     *tst_info;
-};
-/* Context structure for the generic verify method. */
-struct TS_verify_ctx {
-        /* Set this to the union of TS_VFY_... flags you want to carry out. */
-        unsigned        flags;
-        /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */
-        X509_STORE      *store;
-        STACK_OF(X509)  *certs;
-        /* Must be set only with TS_VFY_POLICY. */
-        ASN1_OBJECT     *policy;
-        /* Must be set only with TS_VFY_IMPRINT. If md_alg is NULL,
-           the algorithm from the response is used. */
-        X509_ALGOR      *md_alg;
-        unsigned char   *imprint;
-        unsigned        imprint_len;
-        /* Must be set only with TS_VFY_DATA. */
-        BIO             *data;
-        /* Must be set only with TS_VFY_TSA_NAME. */
-        ASN1_INTEGER    *nonce;
-        /* Must be set only with TS_VFY_TSA_NAME. */
-        GENERAL_NAME    *tsa_name;
-};
-/*
- * Public OpenSSL API that we do not currently want to expose.
- */
-ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new(void);
-void ESS_CERT_ID_V2_free(ESS_CERT_ID_V2 *a);
-int i2d_ESS_CERT_ID_V2(const ESS_CERT_ID_V2 *a, unsigned char **pp);
-ESS_CERT_ID_V2 *d2i_ESS_CERT_ID_V2(ESS_CERT_ID_V2 **a, const unsigned char **pp,
-    long length);
-ESS_CERT_ID_V2 *ESS_CERT_ID_V2_dup(ESS_CERT_ID_V2 *a);
-ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new(void);
-void ESS_SIGNING_CERT_V2_free(ESS_SIGNING_CERT_V2 *a);
-int i2d_ESS_SIGNING_CERT_V2(const ESS_SIGNING_CERT_V2 *a,
-    unsigned char **pp);
-ESS_SIGNING_CERT_V2 *d2i_ESS_SIGNING_CERT_V2(ESS_SIGNING_CERT_V2 **a,
-    const unsigned char **pp, long length);
-ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_dup(ESS_SIGNING_CERT_V2 *a);
-__END_HIDDEN_DECLS
-#endif /* !HEADER_TS_LOCAL_H */

diff --git a/src/lib/libcrypto/ts/ts_local.h b/src/lib/libcrypto/ts/ts_local.h deleted file mode 100644 index 07c9861e02..0000000000 --- a/src/lib/libcrypto/ts/ts_local.h +++ /dev/null
@@ -1,316 +0,0 @@
1	/* $OpenBSD: ts_local.h,v 1.3 2022/11/26 17:23:18 tb Exp $ */
2	/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL
3	* project 2002, 2003, 2004.
4	*/
5	/* ====================================================================
6	* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in
17	* the documentation and/or other materials provided with the
18	* distribution.
19	*
20	* 3. All advertising materials mentioning features or use of this
21	* software must display the following acknowledgment:
22	* "This product includes software developed by the OpenSSL Project
23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24	*
25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26	* endorse or promote products derived from this software without
27	* prior written permission. For written permission, please contact
28	* licensing@OpenSSL.org.
29	*
30	* 5. Products derived from this software may not be called "OpenSSL"
31	* nor may "OpenSSL" appear in their names without prior written
32	* permission of the OpenSSL Project.
33	*
34	* 6. Redistributions of any form whatsoever must retain the following
35	* acknowledgment:
36	* "This product includes software developed by the OpenSSL Project
37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38	*
39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	* OF THE POSSIBILITY OF SUCH DAMAGE.
51	* ====================================================================
52	*
53	* This product includes cryptographic software written by Eric Young
54	* (eay@cryptsoft.com). This product includes software written by Tim
55	* Hudson (tjh@cryptsoft.com).
56	*
57	*/
58
59	#ifndef HEADER_TS_LOCAL_H
60	#define HEADER_TS_LOCAL_H
61
62	__BEGIN_HIDDEN_DECLS
63
64	/*
65	* MessageImprint ::= SEQUENCE {
66	* hashAlgorithm AlgorithmIdentifier,
67	* hashedMessage OCTET STRING }
68	*/
69
70	struct TS_msg_imprint_st {
71	X509_ALGOR *hash_algo;
72	ASN1_OCTET_STRING *hashed_msg;
73	};
74
75	/*
76	* TimeStampReq ::= SEQUENCE {
77	* version INTEGER { v1(1) },
78	* messageImprint MessageImprint,
79	* --a hash algorithm OID and the hash value of the data to be
80	* --time-stamped
81	* reqPolicy TSAPolicyId OPTIONAL,
82	* nonce INTEGER OPTIONAL,
83	* certReq BOOLEAN DEFAULT FALSE,
84	* extensions [0] IMPLICIT Extensions OPTIONAL }
85	*/
86
87	struct TS_req_st {
88	ASN1_INTEGER *version;
89	TS_MSG_IMPRINT *msg_imprint;
90	ASN1_OBJECT policy_id; / OPTIONAL */
91	ASN1_INTEGER nonce; / OPTIONAL */
92	ASN1_BOOLEAN cert_req; /* DEFAULT FALSE */
93	STACK_OF(X509_EXTENSION) extensions; / [0] OPTIONAL */
94	};
95
96	/*
97	* Accuracy ::= SEQUENCE {
98	* seconds INTEGER OPTIONAL,
99	* millis [0] INTEGER (1..999) OPTIONAL,
100	* micros [1] INTEGER (1..999) OPTIONAL }
101	*/
102
103	struct TS_accuracy_st {
104	ASN1_INTEGER *seconds;
105	ASN1_INTEGER *millis;
106	ASN1_INTEGER *micros;
107	};
108
109	/*
110	* TSTInfo ::= SEQUENCE {
111	* version INTEGER { v1(1) },
112	* policy TSAPolicyId,
113	* messageImprint MessageImprint,
114	* -- MUST have the same value as the similar field in
115	* -- TimeStampReq
116	* serialNumber INTEGER,
117	* -- Time-Stamping users MUST be ready to accommodate integers
118	* -- up to 160 bits.
119	* genTime GeneralizedTime,
120	* accuracy Accuracy OPTIONAL,
121	* ordering BOOLEAN DEFAULT FALSE,
122	* nonce INTEGER OPTIONAL,
123	* -- MUST be present if the similar field was present
124	* -- in TimeStampReq. In that case it MUST have the same value.
125	* tsa [0] GeneralName OPTIONAL,
126	* extensions [1] IMPLICIT Extensions OPTIONAL }
127	*/
128
129	struct TS_tst_info_st {
130	ASN1_INTEGER *version;
131	ASN1_OBJECT *policy_id;
132	TS_MSG_IMPRINT *msg_imprint;
133	ASN1_INTEGER *serial;
134	ASN1_GENERALIZEDTIME *time;
135	TS_ACCURACY *accuracy;
136	ASN1_BOOLEAN ordering;
137	ASN1_INTEGER *nonce;
138	GENERAL_NAME *tsa;
139	STACK_OF(X509_EXTENSION) *extensions;
140	};
141
142	/*
143	* PKIStatusInfo ::= SEQUENCE {
144	* status PKIStatus,
145	* statusString PKIFreeText OPTIONAL,
146	* failInfo PKIFailureInfo OPTIONAL }
147	*
148	* From RFC 1510 - section 3.1.1:
149	* PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
150	* -- text encoded as UTF-8 String (note: each UTF8String SHOULD
151	* -- include an RFC 1766 language tag to indicate the language
152	* -- of the contained text)
153	*/
154
155	struct TS_status_info_st {
156	ASN1_INTEGER *status;
157	STACK_OF(ASN1_UTF8STRING) *text;
158	ASN1_BIT_STRING *failure_info;
159	};
160
161	/*
162	* TimeStampResp ::= SEQUENCE {
163	* status PKIStatusInfo,
164	* timeStampToken TimeStampToken OPTIONAL }
165	*/
166
167	struct TS_resp_st {
168	TS_STATUS_INFO *status_info;
169	PKCS7 *token;
170	TS_TST_INFO *tst_info;
171	};
172
173	/* The structure below would belong to the ESS component. */
174
175	/*
176	* IssuerSerial ::= SEQUENCE {
177	* issuer GeneralNames,
178	* serialNumber CertificateSerialNumber
179	* }
180	*/
181
182	struct ESS_issuer_serial {
183	STACK_OF(GENERAL_NAME) *issuer;
184	ASN1_INTEGER *serial;
185	};
186
187	/*
188	* ESSCertID ::= SEQUENCE {
189	* certHash Hash,
190	* issuerSerial IssuerSerial OPTIONAL
191	* }
192	*/
193
194	struct ESS_cert_id {
195	ASN1_OCTET_STRING hash; / Always SHA-1 digest. */
196	ESS_ISSUER_SERIAL *issuer_serial;
197	};
198
199	/*
200	* SigningCertificate ::= SEQUENCE {
201	* certs SEQUENCE OF ESSCertID,
202	* policies SEQUENCE OF PolicyInformation OPTIONAL
203	* }
204	*/
205
206	struct ESS_signing_cert {
207	STACK_OF(ESS_CERT_ID) *cert_ids;
208	STACK_OF(POLICYINFO) *policy_info;
209	};
210
211	/*
212	* ESSCertIDv2 ::= SEQUENCE {
213	* hashAlgorithm AlgorithmIdentifier
214	* DEFAULT {algorithm id-sha256},
215	* certHash Hash,
216	* issuerSerial IssuerSerial OPTIONAL }
217	*/
218
219	struct ESS_cert_id_v2 {
220	X509_ALGOR hash_alg; / Default SHA-256. */
221	ASN1_OCTET_STRING *hash;
222	ESS_ISSUER_SERIAL *issuer_serial;
223	};
224
225	/*
226	* SigningCertificateV2 ::= SEQUENCE {
227	* certs SEQUENCE OF ESSCertIDv2,
228	* policies SEQUENCE OF PolicyInformation OPTIONAL }
229	*/
230
231	struct ESS_signing_cert_v2 {
232	STACK_OF(ESS_CERT_ID_V2) *cert_ids;
233	STACK_OF(POLICYINFO) *policy_info;
234	};
235
236	struct TS_resp_ctx {
237	X509 *signer_cert;
238	EVP_PKEY *signer_key;
239	STACK_OF(X509) certs; / Certs to include in signed data. */
240	STACK_OF(ASN1_OBJECT) policies; / Acceptable policies. */
241	ASN1_OBJECT default_policy; / It may appear in policies, too. */
242	STACK_OF(EVP_MD) mds; / Acceptable message digests. */
243	ASN1_INTEGER seconds; / accuracy, 0 means not specified. */
244	ASN1_INTEGER millis; / accuracy, 0 means not specified. */
245	ASN1_INTEGER micros; / accuracy, 0 means not specified. */
246	unsigned clock_precision_digits; /* fraction of seconds in
247	time stamp token. */
248	unsigned flags; /* Optional info, see values above. */
249
250	/* Callback functions. */
251	TS_serial_cb serial_cb;
252	void serial_cb_data; / User data for serial_cb. */
253
254	TS_time_cb time_cb;
255	void time_cb_data; / User data for time_cb. */
256
257	TS_extension_cb extension_cb;
258	void extension_cb_data; / User data for extension_cb. */
259
260	/* These members are used only while creating the response. */
261	TS_REQ *request;
262	TS_RESP *response;
263	TS_TST_INFO *tst_info;
264	};
265
266	/* Context structure for the generic verify method. */
267
268	struct TS_verify_ctx {
269	/* Set this to the union of TS_VFY_... flags you want to carry out. */
270	unsigned flags;
271
272	/* Must be set only with TS_VFY_SIGNATURE. certs is optional. */
273	X509_STORE *store;
274	STACK_OF(X509) *certs;
275
276	/* Must be set only with TS_VFY_POLICY. */
277	ASN1_OBJECT *policy;
278
279	/* Must be set only with TS_VFY_IMPRINT. If md_alg is NULL,
280	the algorithm from the response is used. */
281	X509_ALGOR *md_alg;
282	unsigned char *imprint;
283	unsigned imprint_len;
284
285	/* Must be set only with TS_VFY_DATA. */
286	BIO *data;
287
288	/* Must be set only with TS_VFY_TSA_NAME. */
289	ASN1_INTEGER *nonce;
290
291	/* Must be set only with TS_VFY_TSA_NAME. */
292	GENERAL_NAME *tsa_name;
293	};
294
295	/*
296	* Public OpenSSL API that we do not currently want to expose.
297	*/
298
299	ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new(void);
300	void ESS_CERT_ID_V2_free(ESS_CERT_ID_V2 *a);
301	int i2d_ESS_CERT_ID_V2(const ESS_CERT_ID_V2 a, unsigned char *pp);
302	ESS_CERT_ID_V2 d2i_ESS_CERT_ID_V2(ESS_CERT_ID_V2 a, const unsigned char *pp,
303	long length);
304	ESS_CERT_ID_V2 ESS_CERT_ID_V2_dup(ESS_CERT_ID_V2 a);
305
306	ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new(void);
307	void ESS_SIGNING_CERT_V2_free(ESS_SIGNING_CERT_V2 *a);
308	int i2d_ESS_SIGNING_CERT_V2(const ESS_SIGNING_CERT_V2 *a,
309	unsigned char **pp);
310	ESS_SIGNING_CERT_V2 d2i_ESS_SIGNING_CERT_V2(ESS_SIGNING_CERT_V2 *a,
311	const unsigned char **pp, long length);
312	ESS_SIGNING_CERT_V2 ESS_SIGNING_CERT_V2_dup(ESS_SIGNING_CERT_V2 a);
313
314	__END_HIDDEN_DECLS
315
316	#endif /* !HEADER_TS_LOCAL_H */