]>
Commit | Line | Data |
---|---|---|
eb64730b RL |
1 | /* ocsp.h */ |
2 | /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL | |
3 | * project. */ | |
4 | ||
5 | /* History: | |
6 | This file was transfered to Richard Levitte from CertCo by Kathy | |
7 | Weinhold in mid-spring 2000 to be included in OpenSSL or released | |
8 | as a patch kit. */ | |
9 | ||
10 | /* ==================================================================== | |
11 | * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. | |
12 | * | |
13 | * Redistribution and use in source and binary forms, with or without | |
14 | * modification, are permitted provided that the following conditions | |
15 | * are met: | |
16 | * | |
17 | * 1. Redistributions of source code must retain the above copyright | |
18 | * notice, this list of conditions and the following disclaimer. | |
19 | * | |
20 | * 2. Redistributions in binary form must reproduce the above copyright | |
21 | * notice, this list of conditions and the following disclaimer in | |
22 | * the documentation and/or other materials provided with the | |
23 | * distribution. | |
24 | * | |
25 | * 3. All advertising materials mentioning features or use of this | |
26 | * software must display the following acknowledgment: | |
27 | * "This product includes software developed by the OpenSSL Project | |
28 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
29 | * | |
30 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
31 | * endorse or promote products derived from this software without | |
32 | * prior written permission. For written permission, please contact | |
33 | * openssl-core@openssl.org. | |
34 | * | |
35 | * 5. Products derived from this software may not be called "OpenSSL" | |
36 | * nor may "OpenSSL" appear in their names without prior written | |
37 | * permission of the OpenSSL Project. | |
38 | * | |
39 | * 6. Redistributions of any form whatsoever must retain the following | |
40 | * acknowledgment: | |
41 | * "This product includes software developed by the OpenSSL Project | |
42 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
43 | * | |
44 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
45 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
46 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
47 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
48 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
49 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
50 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
51 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
52 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
53 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
54 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
55 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
56 | * ==================================================================== | |
57 | * | |
58 | * This product includes cryptographic software written by Eric Young | |
59 | * (eay@cryptsoft.com). This product includes software written by Tim | |
60 | * Hudson (tjh@cryptsoft.com). | |
61 | * | |
62 | */ | |
63 | ||
64 | #ifndef HEADER_OCSP_H | |
65 | #define HEADER_OCSP_H | |
66 | ||
67 | #include <openssl/x509.h> | |
68 | #include <openssl/x509v3.h> | |
69 | #include <openssl/safestack.h> | |
70 | ||
71 | #ifdef __cplusplus | |
72 | extern "C" { | |
73 | #endif | |
74 | ||
75 | /* CertID ::= SEQUENCE { | |
76 | * hashAlgorithm AlgorithmIdentifier, | |
77 | * issuerNameHash OCTET STRING, -- Hash of Issuer's DN | |
78 | * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) | |
79 | * serialNumber CertificateSerialNumber } | |
80 | */ | |
81 | typedef struct ocsp_cert_id_st | |
82 | { | |
83 | X509_ALGOR *hashAlgorithm; | |
84 | ASN1_OCTET_STRING *issuerNameHash; | |
85 | ASN1_OCTET_STRING *issuerKeyHash; | |
86 | ASN1_INTEGER *serialNumber; | |
87 | } OCSP_CERTID; | |
88 | ||
89 | /* Request ::= SEQUENCE { | |
90 | * reqCert CertID, | |
91 | * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } | |
92 | */ | |
93 | typedef struct ocsp_one_request_st | |
94 | { | |
95 | OCSP_CERTID *reqCert; | |
96 | STACK_OF(X509_EXTENSION) *singleRequestExtensions; | |
97 | } OCSP_ONEREQ; | |
98 | ||
99 | DECLARE_STACK_OF(OCSP_ONEREQ) | |
100 | DECLARE_ASN1_SET_OF(OCSP_ONEREQ) | |
101 | ||
102 | ||
103 | /* TBSRequest ::= SEQUENCE { | |
104 | * version [0] EXPLICIT Version DEFAULT v1, | |
105 | * requestorName [1] EXPLICIT GeneralName OPTIONAL, | |
106 | * requestList SEQUENCE OF Request, | |
107 | * requestExtensions [2] EXPLICIT Extensions OPTIONAL } | |
108 | */ | |
109 | typedef struct ocsp_req_info_st | |
110 | { | |
111 | ASN1_INTEGER *version; | |
112 | GENERAL_NAME *requestorName; | |
113 | STACK_OF(OCSP_ONEREQ) *requestList; | |
114 | STACK_OF(X509_EXTENSION) *requestExtensions; | |
115 | } OCSP_REQINFO; | |
116 | ||
117 | /* Signature ::= SEQUENCE { | |
118 | * signatureAlgorithm AlgorithmIdentifier, | |
119 | * signature BIT STRING, | |
120 | * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } | |
121 | */ | |
122 | typedef struct ocsp_signature_st | |
123 | { | |
124 | X509_ALGOR *signatureAlgorithm; | |
125 | ASN1_BIT_STRING *signature; | |
126 | STACK_OF(X509) *certs; | |
127 | } OCSP_SIGNATURE; | |
128 | ||
129 | /* OCSPRequest ::= SEQUENCE { | |
130 | * tbsRequest TBSRequest, | |
131 | * optionalSignature [0] EXPLICIT Signature OPTIONAL } | |
132 | */ | |
133 | typedef struct ocsp_request_st | |
134 | { | |
135 | OCSP_REQINFO *tbsRequest; | |
136 | OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ | |
137 | } OCSP_REQUEST; | |
138 | ||
139 | /* OCSPResponseStatus ::= ENUMERATED { | |
140 | * successful (0), --Response has valid confirmations | |
141 | * malformedRequest (1), --Illegal confirmation request | |
142 | * internalError (2), --Internal error in issuer | |
143 | * tryLater (3), --Try again later | |
144 | * --(4) is not used | |
145 | * sigRequired (5), --Must sign the request | |
146 | * unauthorized (6) --Request unauthorized | |
147 | * } | |
148 | */ | |
149 | #define OCSP_RESPONSE_STATUS_SUCCESSFULL 0 | |
150 | #define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 | |
151 | #define OCSP_RESPONSE_STATUS_INTERNALERROR 2 | |
152 | #define OCSP_RESPONSE_STATUS_TRYLATER 3 | |
153 | #define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 | |
154 | #define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 | |
155 | ||
156 | /* ResponseBytes ::= SEQUENCE { | |
157 | * responseType OBJECT IDENTIFIER, | |
158 | * response OCTET STRING } | |
159 | */ | |
160 | typedef struct ocsp_resp_bytes_st | |
161 | { | |
162 | ASN1_OBJECT *responseType; | |
163 | ASN1_OCTET_STRING *response; | |
164 | } OCSP_RESPBYTES; | |
165 | ||
166 | /* OCSPResponse ::= SEQUENCE { | |
167 | * responseStatus OCSPResponseStatus, | |
168 | * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } | |
169 | */ | |
170 | typedef struct ocsp_response_st | |
171 | { | |
172 | ASN1_ENUMERATED *responseStatus; | |
173 | OCSP_RESPBYTES *responseBytes; | |
174 | } OCSP_RESPONSE; | |
175 | ||
176 | /* ResponderID ::= CHOICE { | |
177 | * byName [1] Name, | |
178 | * byKey [2] KeyHash } | |
179 | */ | |
36f554d4 DSH |
180 | #define V_OCSP_RESPID_NAME 0 |
181 | #define V_OCSP_RESPID_KEY 1 | |
eb64730b RL |
182 | typedef struct ocsp_responder_id_st |
183 | { | |
36f554d4 | 184 | int type; |
eb64730b RL |
185 | union { |
186 | X509_NAME* byName; | |
187 | ASN1_OCTET_STRING *byKey; | |
188 | } value; | |
189 | } OCSP_RESPID; | |
190 | /* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key | |
191 | * --(excluding the tag and length fields) | |
192 | */ | |
193 | ||
194 | /* RevokedInfo ::= SEQUENCE { | |
195 | * revocationTime GeneralizedTime, | |
196 | * revocationReason [0] EXPLICIT CRLReason OPTIONAL } | |
197 | */ | |
198 | typedef struct ocsp_revoked_info_st | |
199 | { | |
200 | ASN1_GENERALIZEDTIME *revocationTime; | |
201 | ASN1_ENUMERATED *revocationReason; | |
202 | } OCSP_REVOKEDINFO; | |
203 | ||
204 | /* CertStatus ::= CHOICE { | |
205 | * good [0] IMPLICIT NULL, | |
206 | * revoked [1] IMPLICIT RevokedInfo, | |
207 | * unknown [2] IMPLICIT UnknownInfo } | |
208 | */ | |
209 | #define V_OCSP_CERTSTATUS_GOOD 0 | |
210 | #define V_OCSP_CERTSTATUS_REVOKED 1 | |
211 | #define V_OCSP_CERTSTATUS_UNKNOWN 2 | |
212 | typedef struct ocsp_cert_status_st | |
213 | { | |
36f554d4 DSH |
214 | int type; |
215 | union { | |
216 | ASN1_NULL *good; | |
217 | OCSP_REVOKEDINFO *revoked; | |
218 | ASN1_NULL *unknown; | |
219 | } value; | |
eb64730b RL |
220 | } OCSP_CERTSTATUS; |
221 | ||
222 | /* SingleResponse ::= SEQUENCE { | |
223 | * certID CertID, | |
224 | * certStatus CertStatus, | |
225 | * thisUpdate GeneralizedTime, | |
226 | * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, | |
227 | * singleExtensions [1] EXPLICIT Extensions OPTIONAL } | |
228 | */ | |
229 | typedef struct ocsp_single_response_st | |
230 | { | |
231 | OCSP_CERTID *certId; | |
232 | OCSP_CERTSTATUS *certStatus; | |
233 | ASN1_GENERALIZEDTIME *thisUpdate; | |
234 | ASN1_GENERALIZEDTIME *nextUpdate; | |
235 | STACK_OF(X509_EXTENSION) *singleExtensions; | |
236 | } OCSP_SINGLERESP; | |
237 | ||
238 | DECLARE_STACK_OF(OCSP_SINGLERESP) | |
239 | DECLARE_ASN1_SET_OF(OCSP_SINGLERESP) | |
240 | ||
241 | /* ResponseData ::= SEQUENCE { | |
242 | * version [0] EXPLICIT Version DEFAULT v1, | |
243 | * responderID ResponderID, | |
244 | * producedAt GeneralizedTime, | |
245 | * responses SEQUENCE OF SingleResponse, | |
246 | * responseExtensions [1] EXPLICIT Extensions OPTIONAL } | |
247 | */ | |
248 | typedef struct ocsp_response_data_st | |
249 | { | |
250 | ASN1_INTEGER *version; | |
251 | OCSP_RESPID *responderId; | |
252 | ASN1_GENERALIZEDTIME *producedAt; | |
253 | STACK_OF(OCSP_SINGLERESP) *responses; | |
254 | STACK_OF(X509_EXTENSION) *responseExtensions; | |
255 | } OCSP_RESPDATA; | |
256 | ||
257 | /* BasicOCSPResponse ::= SEQUENCE { | |
258 | * tbsResponseData ResponseData, | |
259 | * signatureAlgorithm AlgorithmIdentifier, | |
260 | * signature BIT STRING, | |
261 | * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } | |
262 | */ | |
263 | /* Note 1: | |
264 | The value for "signature" is specified in the OCSP rfc2560 as follows: | |
265 | "The value for the signature SHALL be computed on the hash of the DER | |
266 | encoding ResponseData." This means that you must hash the DER-encoded | |
267 | tbsResponseData, and then run it through a crypto-signing function, which | |
268 | will (at least w/RSA) do a hash-'n'-private-encrypt operation. This seems | |
269 | a bit odd, but that's the spec. Also note that the data structures do not | |
270 | leave anywhere to independently specify the algorithm used for the initial | |
271 | hash. So, we look at the signature-specification algorithm, and try to do | |
272 | something intelligent. -- Kathy Weinhold, CertCo */ | |
273 | /* Note 2: | |
274 | It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open | |
275 | for interpretation. I've done tests against another responder, and found | |
276 | that it doesn't do the double hashing that the RFC seems to say one | |
277 | should. Therefore, all relevant functions take a flag saying which | |
278 | variant should be used. -- Richard Levitte, OpenSSL team and CeloCom */ | |
279 | typedef struct ocsp_basic_response_st | |
280 | { | |
281 | OCSP_RESPDATA *tbsResponseData; | |
282 | X509_ALGOR *signatureAlgorithm; | |
283 | ASN1_BIT_STRING *signature; | |
284 | STACK_OF(X509) *certs; | |
285 | } OCSP_BASICRESP; | |
286 | ||
287 | /* | |
288 | * CRLReason ::= ENUMERATED { | |
289 | * unspecified (0), | |
290 | * keyCompromise (1), | |
291 | * cACompromise (2), | |
292 | * affiliationChanged (3), | |
293 | * superseded (4), | |
294 | * cessationOfOperation (5), | |
295 | * certificateHold (6), | |
296 | * removeFromCRL (8) } | |
297 | */ | |
298 | #define OCSP_REVOKED_STATUS_NOSTATUS -1 | |
299 | #define OCSP_REVOKED_STATUS_UNSPECIFIED 0 | |
300 | #define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 | |
301 | #define OCSP_REVOKED_STATUS_CACOMPROMISE 2 | |
302 | #define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 | |
303 | #define OCSP_REVOKED_STATUS_SUPERSEDED 4 | |
304 | #define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 | |
305 | #define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 | |
306 | #define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 | |
307 | ||
308 | /* CrlID ::= SEQUENCE { | |
309 | * crlUrl [0] EXPLICIT IA5String OPTIONAL, | |
310 | * crlNum [1] EXPLICIT INTEGER OPTIONAL, | |
311 | * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } | |
312 | */ | |
313 | typedef struct ocsp_crl_id_st | |
314 | { | |
315 | ASN1_IA5STRING *crlUrl; | |
316 | ASN1_INTEGER *crlNum; | |
317 | ASN1_GENERALIZEDTIME *crlTime; | |
318 | } OCSP_CRLID; | |
319 | ||
320 | /* ServiceLocator ::= SEQUENCE { | |
321 | * issuer Name, | |
322 | * locator AuthorityInfoAccessSyntax OPTIONAL } | |
323 | */ | |
324 | typedef struct ocsp_service_locator_st | |
325 | { | |
326 | X509_NAME* issuer; | |
327 | STACK_OF(ACCESS_DESCRIPTION) *locator; | |
328 | } OCSP_SERVICELOC; | |
329 | ||
330 | #define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" | |
331 | #define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" | |
332 | ||
333 | #define d2i_OCSP_REQUEST_bio(bp,p) (OCSP_REQUEST*)ASN1_d2i_bio((char*(*)()) \ | |
334 | OCSP_REQUEST_new,(char *(*)())d2i_OCSP_REQUEST, (bp),\ | |
335 | (unsigned char **)(p)) | |
336 | ||
337 | #define d2i_OCSP_RESPONSE_bio(bp,p) (OCSP_RESPONSE*)ASN1_d2i_bio((char*(*)())\ | |
338 | OCSP_REQUEST_new,(char *(*)())d2i_OCSP_RESPONSE, (bp),\ | |
339 | (unsigned char **)(p)) | |
340 | ||
341 | #define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ | |
342 | (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL) | |
343 | ||
344 | #define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\ | |
345 | (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL) | |
346 | ||
347 | #define PEM_write_bio_OCSP_REQUEST(bp,o) \ | |
348 | PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\ | |
349 | bp,(char *)o, NULL,NULL,0,NULL,NULL) | |
350 | ||
351 | #define PEM_write_bio_OCSP_RESPONSE(bp,o) \ | |
352 | PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ | |
353 | bp,(char *)o, NULL,NULL,0,NULL,NULL) | |
354 | ||
355 | #define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_RESPONSE,bp,\ | |
356 | (unsigned char *)o) | |
357 | ||
358 | #define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_REQUEST,bp,\ | |
359 | (unsigned char *)o) | |
360 | ||
361 | #define OCSP_REQUEST_sign(o,pkey,md) \ | |
362 | ASN1_sign((int(*)())i2d_OCSP_REQINFO,\ | |
363 | o->optionalSignature->signatureAlgorithm,NULL,\ | |
364 | o->optionalSignature->signature,(char *)o->tbsRequest,pkey,md) | |
365 | ||
366 | #define OCSP_BASICRESP_sign(o,pkey,md,d) \ | |
367 | ASN1_sign((int(*)())i2d_OCSP_RESPDATA,o->signatureAlgorithm,NULL,\ | |
368 | o->signature,(char *)o->tbsResponseData,pkey,md) | |
369 | ||
370 | #define OCSP_REQUEST_verify(a,r) ASN1_verify((int (*)())i2d_OCSP_REQINFO,\ | |
371 | a->optionalSignature->signatureAlgorithm,\ | |
372 | a->optionalSignature->signature,(char *)a->tbsRequest,r) | |
373 | ||
374 | #define OCSP_BASICRESP_verify(a,r,d) ASN1_verify((int (*)())i2d_OCSP_RESPDATA,\ | |
375 | a->signatureAlgorithm,a->signature,(char *)a->tbsResponseData,r) | |
376 | ||
377 | #define ASN1_BIT_STRING_digest(data,type,md,len) \ | |
378 | ASN1_digest((int (*)())i2d_ASN1_BIT_STRING,type,(char *)data,md,len) | |
379 | ||
380 | #define OCSP_CERTID_dup(cid) (OCSP_CERTID*)ASN1_dup((int(*)())i2d_OCSP_CERTID,\ | |
381 | (char *(*)())d2i_OCSP_CERTID,(char *)(cid)) | |
382 | ||
383 | #define OCSP_CERTSTATUS_dup(cs)\ | |
384 | (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ | |
385 | (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) | |
386 | ||
387 | OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, | |
388 | X509_NAME *issuerName, | |
389 | ASN1_BIT_STRING* issuerKey, | |
390 | ASN1_INTEGER *serialNumber); | |
391 | ||
392 | OCSP_CERTSTATUS *OCSP_cert_status_new(int status, int reason, char *tim); | |
393 | ||
394 | OCSP_REQUEST *OCSP_request_new(X509_NAME* name, | |
395 | STACK_OF(X509_EXTENSION) *extensions); | |
396 | ||
397 | int OCSP_request_add(OCSP_REQUEST *req, | |
398 | OCSP_CERTID *cid, | |
399 | STACK_OF(X509_EXTENSION) *extensions); | |
400 | ||
401 | int OCSP_request_sign(OCSP_REQUEST *req, | |
402 | EVP_PKEY *key, | |
403 | const EVP_MD *dgst, | |
404 | STACK_OF(X509) *certs); | |
405 | ||
406 | int OCSP_request_verify(OCSP_REQUEST *req, EVP_PKEY *pkey); | |
407 | ||
408 | OCSP_BASICRESP *OCSP_basic_response_new(int tag, | |
409 | X509* cert, | |
410 | STACK_OF(X509_EXTENSION) *extensions); | |
411 | ||
412 | int OCSP_basic_response_add(OCSP_BASICRESP *rsp, | |
413 | OCSP_CERTID *cid, | |
414 | OCSP_CERTSTATUS *cst, | |
415 | char *thisUpdate, | |
416 | char *nextUpdate, | |
417 | STACK_OF(X509_EXTENSION) *extensions); | |
418 | ||
419 | int OCSP_basic_response_sign(OCSP_BASICRESP *brsp, | |
420 | EVP_PKEY *key, | |
421 | const EVP_MD *dgst, | |
422 | STACK_OF(X509) *certs); | |
423 | ||
424 | int OCSP_response_verify(OCSP_RESPONSE *rsp, EVP_PKEY *pkey); | |
425 | ||
426 | int OCSP_basic_response_verify(OCSP_BASICRESP *rsp, EVP_PKEY *pkey); | |
427 | ||
428 | ||
429 | OCSP_RESPONSE *OCSP_response_new(int status, | |
430 | int nid, | |
431 | int (*i2d)(), | |
432 | char *data); | |
433 | ||
434 | ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), | |
2f9f0c72 | 435 | char *data, STACK_OF(ASN1_OBJECT) *sk); |
eb64730b RL |
436 | |
437 | X509_EXTENSION *OCSP_nonce_new(void *p, unsigned int len); | |
438 | ||
439 | X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim); | |
440 | ||
441 | X509_EXTENSION *OCSP_accept_responses_new(char **oids); | |
442 | ||
443 | X509_EXTENSION *OCSP_archive_cutoff_new(char* tim); | |
444 | ||
445 | X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls); | |
446 | ||
447 | OCSP_SINGLERESP *OCSP_SINGLERESP_new(void); | |
448 | void OCSP_SINGLERESP_free(OCSP_SINGLERESP *a); | |
449 | int i2d_OCSP_SINGLERESP(OCSP_SINGLERESP *a, unsigned char **pp); | |
450 | OCSP_SINGLERESP *d2i_OCSP_SINGLERESP(OCSP_SINGLERESP **a, unsigned char **pp, long length); | |
451 | int i2a_OCSP_SINGLERESP(BIO *bp, OCSP_SINGLERESP* a); | |
452 | ||
453 | OCSP_CERTSTATUS *OCSP_CERTSTATUS_new(void); | |
454 | void OCSP_CERTSTATUS_free(OCSP_CERTSTATUS *a); | |
455 | int i2d_OCSP_CERTSTATUS(OCSP_CERTSTATUS *a, unsigned char **pp); | |
456 | OCSP_CERTSTATUS *d2i_OCSP_CERTSTATUS(OCSP_CERTSTATUS **a, unsigned char **pp, long length); | |
457 | int i2a_OCSP_CERTSTATUS(BIO *bp, OCSP_CERTSTATUS* a); | |
458 | ||
459 | OCSP_REVOKEDINFO *OCSP_REVOKEDINFO_new(void); | |
460 | void OCSP_REVOKEDINFO_free(OCSP_REVOKEDINFO *a); | |
461 | int i2d_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO *a, unsigned char **pp); | |
462 | OCSP_REVOKEDINFO *d2i_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO **a, unsigned char **pp, long length); | |
463 | int i2a_OCSP_REVOKEDINFO(BIO *bp, OCSP_REVOKEDINFO* a); | |
464 | ||
465 | OCSP_BASICRESP *OCSP_BASICRESP_new(void); | |
466 | void OCSP_BASICRESP_free(OCSP_BASICRESP *a); | |
467 | int i2d_OCSP_BASICRESP(OCSP_BASICRESP *a, unsigned char **pp); | |
468 | OCSP_BASICRESP *d2i_OCSP_BASICRESP(OCSP_BASICRESP **a, unsigned char **pp, long length); | |
469 | int i2a_OCSP_BASICRESP(BIO *bp, OCSP_BASICRESP* a); | |
470 | ||
471 | OCSP_RESPDATA *OCSP_RESPDATA_new(void); | |
472 | void OCSP_RESPDATA_free(OCSP_RESPDATA *a); | |
473 | int i2d_OCSP_RESPDATA(OCSP_RESPDATA *a, unsigned char **pp); | |
474 | OCSP_RESPDATA *d2i_OCSP_RESPDATA(OCSP_RESPDATA **a, unsigned char **pp, long length); | |
475 | int i2a_OCSP_RESPDATA(BIO *bp, OCSP_RESPDATA* a); | |
476 | ||
477 | OCSP_RESPID *OCSP_RESPID_new(void); | |
478 | void OCSP_RESPID_free(OCSP_RESPID *a); | |
479 | int i2d_OCSP_RESPID(OCSP_RESPID *a, unsigned char **pp); | |
480 | OCSP_RESPID *d2i_OCSP_RESPID(OCSP_RESPID **a, unsigned char **pp, long length); | |
481 | int i2a_OCSP_RESPID(BIO *bp, OCSP_RESPID* a); | |
482 | ||
483 | OCSP_RESPONSE *OCSP_RESPONSE_new(void); | |
484 | void OCSP_RESPONSE_free(OCSP_RESPONSE *a); | |
485 | int i2d_OCSP_RESPONSE(OCSP_RESPONSE *a, unsigned char **pp); | |
486 | OCSP_RESPONSE *d2i_OCSP_RESPONSE(OCSP_RESPONSE **a, unsigned char **pp, long length); | |
487 | int i2a_OCSP_RESPONSE(BIO *bp, OCSP_RESPONSE* a); | |
488 | int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* a); | |
489 | ||
490 | OCSP_RESPBYTES *OCSP_RESPBYTES_new(void); | |
491 | void OCSP_RESPBYTES_free(OCSP_RESPBYTES *a); | |
492 | int i2d_OCSP_RESPBYTES(OCSP_RESPBYTES *a, unsigned char **pp); | |
493 | OCSP_RESPBYTES *d2i_OCSP_RESPBYTES(OCSP_RESPBYTES **a, unsigned char **pp, long length); | |
494 | int i2a_OCSP_RESPBYTES(BIO *bp, OCSP_RESPBYTES* a); | |
495 | ||
496 | OCSP_ONEREQ *OCSP_ONEREQ_new(void); | |
497 | void OCSP_ONEREQ_free(OCSP_ONEREQ *a); | |
498 | int i2d_OCSP_ONEREQ(OCSP_ONEREQ *a, unsigned char **pp); | |
499 | OCSP_ONEREQ *d2i_OCSP_ONEREQ(OCSP_ONEREQ **a, unsigned char **pp, long length); | |
500 | int i2a_OCSP_ONEREQ(BIO *bp, OCSP_ONEREQ* a); | |
501 | ||
502 | OCSP_CERTID *OCSP_CERTID_new(void); | |
503 | void OCSP_CERTID_free(OCSP_CERTID *a); | |
504 | int i2d_OCSP_CERTID(OCSP_CERTID *a, unsigned char **pp); | |
505 | OCSP_CERTID *d2i_OCSP_CERTID(OCSP_CERTID **a, unsigned char **pp, long length); | |
506 | int i2a_OCSP_CERTID(BIO *bp, OCSP_CERTID* a); | |
507 | ||
508 | OCSP_REQUEST *OCSP_REQUEST_new(void); | |
509 | void OCSP_REQUEST_free(OCSP_REQUEST *a); | |
510 | int i2d_OCSP_REQUEST(OCSP_REQUEST *a, unsigned char **pp); | |
511 | OCSP_REQUEST *d2i_OCSP_REQUEST(OCSP_REQUEST **a, unsigned char **pp, long length); | |
512 | int i2a_OCSP_REQUEST(BIO *bp, OCSP_REQUEST* a); | |
513 | int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a); | |
514 | ||
515 | OCSP_SIGNATURE *OCSP_SIGNATURE_new(void); | |
516 | void OCSP_SIGNATURE_free(OCSP_SIGNATURE *a); | |
517 | int i2d_OCSP_SIGNATURE(OCSP_SIGNATURE *a, unsigned char **pp); | |
518 | OCSP_SIGNATURE *d2i_OCSP_SIGNATURE(OCSP_SIGNATURE **a, unsigned char **pp, long length); | |
519 | int i2a_OCSP_SIGNATURE(BIO *bp, OCSP_SIGNATURE* a); | |
520 | ||
521 | OCSP_REQINFO *OCSP_REQINFO_new(void); | |
522 | void OCSP_REQINFO_free(OCSP_REQINFO *a); | |
523 | int i2d_OCSP_REQINFO(OCSP_REQINFO *a, unsigned char **pp); | |
524 | OCSP_REQINFO *d2i_OCSP_REQINFO(OCSP_REQINFO **a, unsigned char **pp, long length); | |
525 | int i2a_OCSP_REQINFO(BIO *bp, OCSP_REQINFO* a); | |
526 | ||
527 | OCSP_CRLID *OCSP_CRLID_new(void); | |
528 | void OCSP_CRLID_free(OCSP_CRLID *a); | |
529 | int i2d_OCSP_CRLID(OCSP_CRLID *a, unsigned char **pp); | |
530 | OCSP_CRLID *d2i_OCSP_CRLID(OCSP_CRLID **a, unsigned char **pp, long length); | |
531 | int i2a_OCSP_CRLID(BIO *bp, OCSP_CRLID* a); | |
532 | int OCSP_CRLID_print(BIO *bp, OCSP_CRLID *a, int ind); | |
533 | ||
534 | OCSP_SERVICELOC *OCSP_SERVICELOC_new(void); | |
535 | void OCSP_SERVICELOC_free(OCSP_SERVICELOC *a); | |
536 | int i2d_OCSP_SERVICELOC(OCSP_SERVICELOC *a, unsigned char **pp); | |
537 | OCSP_SERVICELOC *d2i_OCSP_SERVICELOC(OCSP_SERVICELOC **a, unsigned char **pp, long length); | |
538 | int i2a_OCSP_SERVICELOC(BIO *bp, OCSP_SERVICELOC* a); | |
539 | int OCSP_SERVICELOC_print(BIO *bp, OCSP_SERVICELOC* a, int ind); | |
540 | ||
541 | int OCSP_extensions_print(BIO *bp, STACK_OF(X509_EXTENSION) *sk, char *title); | |
542 | int OCSP_extension_print(BIO *bp, X509_EXTENSION *x, int ind); | |
543 | ||
544 | void ERR_load_OCSP_strings(void); | |
545 | ||
cd1bf28e | 546 | #if 0 /* Not yet implemented */ |
eb64730b | 547 | X509_EXTENSION *OCSP_nochain_new(void); |
cd1bf28e | 548 | #endif |
eb64730b RL |
549 | |
550 | char* ocspResponseStatus2string(long s); | |
551 | char* ocspCertStatus2string(long s); | |
552 | char * cRLReason2string(long s); | |
553 | ||
cd1bf28e | 554 | #if 0 /* Not yet implemented */ |
eb64730b | 555 | void OCSP_add_standard_extension(void); |
cd1bf28e | 556 | #endif |
eb64730b RL |
557 | |
558 | /* BEGIN ERROR CODES */ | |
559 | /* The following lines are auto generated by the script mkerr.pl. Any changes | |
560 | * made after this point may be overwritten when the script is next run. | |
561 | */ | |
562 | ||
563 | /* Error codes for the OCSP functions. */ | |
564 | ||
565 | /* Function codes. */ | |
566 | #define OCSP_F_ASN1_STRING_ENCODE 106 | |
567 | #define OCSP_F_BASIC_RESPONSE_NEW 100 | |
568 | #define OCSP_F_BASIC_RESPONSE_VERIFY 101 | |
569 | #define OCSP_F_CERT_ID_NEW 102 | |
570 | #define OCSP_F_CERT_STATUS_NEW 103 | |
571 | #define OCSP_F_REQUEST_VERIFY 104 | |
572 | #define OCSP_F_RESPONSE_VERIFY 105 | |
573 | #define OCSP_F_S2I_OCSP_NONCE 107 | |
574 | #define OCSP_F_V2I_OCSP_CRLID 108 | |
575 | ||
576 | /* Reason codes. */ | |
577 | #define OCSP_R_BAD_DATA 108 | |
578 | #define OCSP_R_BAD_TAG 100 | |
579 | #define OCSP_R_DIGEST_ERR 101 | |
580 | #define OCSP_R_FAILED_TO_OPEN 109 | |
581 | #define OCSP_R_FAILED_TO_READ 110 | |
582 | #define OCSP_R_FAILED_TO_STAT 111 | |
583 | #define OCSP_R_MISSING_VALUE 112 | |
584 | #define OCSP_R_NO_CERTIFICATE 102 | |
585 | #define OCSP_R_NO_PUBLIC_KEY 103 | |
586 | #define OCSP_R_NO_RESPONSE_DATA 104 | |
587 | #define OCSP_R_NO_SIGNATURE 105 | |
588 | #define OCSP_R_REVOKED_NO_TIME 106 | |
589 | #define OCSP_R_UNKNOWN_NID 107 | |
590 | #define OCSP_R_UNSUPPORTED_OPTION 113 | |
591 | #define OCSP_R_VALUE_ALREADY 114 | |
592 | ||
593 | #ifdef __cplusplus | |
594 | } | |
595 | #endif | |
596 | #endif | |
597 |