1 ocsp.h

     1 /* ocsp.h */

     2 /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL

     3  * project. */

     4 

     5 /* History:

     6    This file was transfered to Richard Levitte from CertCo by Kathy

     7    Weinhold in mid-spring 2000 to be included in OpenSSL or released

     8    as a patch kit. */

     9 

    10 /* ====================================================================

    11  * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

    12  *

    13  * Redistribution and use in source and binary forms, with or without

    14  * modification, are permitted provided that the following conditions

    15  * are met:

    16  *

    17  * 1. Redistributions of source code must retain the above copyright

    18  *    notice, this list of conditions and the following disclaimer. 

    19  *

    20  * 2. Redistributions in binary form must reproduce the above copyright

    21  *    notice, this list of conditions and the following disclaimer in

    22  *    the documentation and/or other materials provided with the

    23  *    distribution.

    24  *

    25  * 3. All advertising materials mentioning features or use of this

    26  *    software must display the following acknowledgment:

    27  *    "This product includes software developed by the OpenSSL Project

    28  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

    29  *

    30  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

    31  *    endorse or promote products derived from this software without

    32  *    prior written permission. For written permission, please contact

    33  *    openssl-core@openssl.org.

    34  *

    35  * 5. Products derived from this software may not be called "OpenSSL"

    36  *    nor may "OpenSSL" appear in their names without prior written

    37  *    permission of the OpenSSL Project.

    38  *

    39  * 6. Redistributions of any form whatsoever must retain the following

    40  *    acknowledgment:

    41  *    "This product includes software developed by the OpenSSL Project

    42  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

    43  *

    44  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

    45  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

    46  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

    47  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

    48  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

    49  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

    50  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

    51  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

    52  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

    53  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

    54  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

    55  * OF THE POSSIBILITY OF SUCH DAMAGE.

    56  * ====================================================================

    57  *

    58  * This product includes cryptographic software written by Eric Young

    59  * (eay@cryptsoft.com).  This product includes software written by Tim

    60  * Hudson (tjh@cryptsoft.com).

    61  *

    62  */

    63 /*

    64  © Portions copyright (c) 2006 Nokia Corporation.  All rights reserved.

    65  */

    66 

    67 #ifndef HEADER_OCSP_H

    68 #define HEADER_OCSP_H

    69 

    70 #if (defined(__SYMBIAN32__) && !defined(SYMBIAN))

    71 #define SYMBIAN

    72 #endif

    73 

    74 #ifdef SYMBIAN

    75 #include <e32def.h>

    76 #endif

    77 #include <openssl/x509.h>

    78 #include <openssl/x509v3.h>

    79 #include <openssl/safestack.h>

    80 

    81 #ifdef  __cplusplus

    82 extern "C" {

    83 #endif

    84 

    85 /* Various flags and values */

    86 

    87 #define OCSP_DEFAULT_NONCE_LENGTH	16

    88 

    89 #define OCSP_NOCERTS			0x1

    90 #define OCSP_NOINTERN			0x2

    91 #define OCSP_NOSIGS			0x4

    92 #define OCSP_NOCHAIN			0x8

    93 #define OCSP_NOVERIFY			0x10

    94 #define OCSP_NOEXPLICIT			0x20

    95 #define OCSP_NOCASIGN			0x40

    96 #define OCSP_NODELEGATED		0x80

    97 #define OCSP_NOCHECKS			0x100

    98 #define OCSP_TRUSTOTHER			0x200

    99 #define OCSP_RESPID_KEY			0x400

   100 #define OCSP_NOTIME			0x800

   101 

   102 /*   CertID ::= SEQUENCE {

   103  *       hashAlgorithm            AlgorithmIdentifier,

   104  *       issuerNameHash     OCTET STRING, -- Hash of Issuer's DN

   105  *       issuerKeyHash      OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)

   106  *       serialNumber       CertificateSerialNumber }

   107  */

   108 typedef struct ocsp_cert_id_st

   109 	{

   110 	X509_ALGOR *hashAlgorithm;

   111 	ASN1_OCTET_STRING *issuerNameHash;

   112 	ASN1_OCTET_STRING *issuerKeyHash;

   113 	ASN1_INTEGER *serialNumber;

   114 	} OCSP_CERTID;

   115 

   116 DECLARE_STACK_OF(OCSP_CERTID)

   117 

   118 /*   Request ::=     SEQUENCE {

   119  *       reqCert                    CertID,

   120  *       singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }

   121  */

   122 typedef struct ocsp_one_request_st

   123 	{

   124 	OCSP_CERTID *reqCert;

   125 	STACK_OF(X509_EXTENSION) *singleRequestExtensions;

   126 	} OCSP_ONEREQ;

   127 

   128 DECLARE_STACK_OF(OCSP_ONEREQ)

   129 DECLARE_ASN1_SET_OF(OCSP_ONEREQ)

   130 

   131 

   132 /*   TBSRequest      ::=     SEQUENCE {

   133  *       version             [0] EXPLICIT Version DEFAULT v1,

   134  *       requestorName       [1] EXPLICIT GeneralName OPTIONAL,

   135  *       requestList             SEQUENCE OF Request,

   136  *       requestExtensions   [2] EXPLICIT Extensions OPTIONAL }

   137  */

   138 typedef struct ocsp_req_info_st

   139 	{

   140 	ASN1_INTEGER *version;

   141 	GENERAL_NAME *requestorName;

   142 	STACK_OF(OCSP_ONEREQ) *requestList;

   143 	STACK_OF(X509_EXTENSION) *requestExtensions;

   144 	} OCSP_REQINFO;

   145 

   146 /*   Signature       ::=     SEQUENCE {

   147  *       signatureAlgorithm   AlgorithmIdentifier,

   148  *       signature            BIT STRING,

   149  *       certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }

   150  */

   151 typedef struct ocsp_signature_st

   152 	{

   153 	X509_ALGOR *signatureAlgorithm;

   154 	ASN1_BIT_STRING *signature;

   155 	STACK_OF(X509) *certs;

   156 	} OCSP_SIGNATURE;

   157 

   158 /*   OCSPRequest     ::=     SEQUENCE {

   159  *       tbsRequest                  TBSRequest,

   160  *       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }

   161  */

   162 typedef struct ocsp_request_st

   163 	{

   164 	OCSP_REQINFO *tbsRequest;

   165 	OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */

   166 	} OCSP_REQUEST;

   167 

   168 /*   OCSPResponseStatus ::= ENUMERATED {

   169  *       successful            (0),      --Response has valid confirmations

   170  *       malformedRequest      (1),      --Illegal confirmation request

   171  *       internalError         (2),      --Internal error in issuer

   172  *       tryLater              (3),      --Try again later

   173  *                                       --(4) is not used

   174  *       sigRequired           (5),      --Must sign the request

   175  *       unauthorized          (6)       --Request unauthorized

   176  *   }

   177  */

   178 #define OCSP_RESPONSE_STATUS_SUCCESSFUL          0

   179 #define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST     1

   180 #define OCSP_RESPONSE_STATUS_INTERNALERROR        2

   181 #define OCSP_RESPONSE_STATUS_TRYLATER             3

   182 #define OCSP_RESPONSE_STATUS_SIGREQUIRED          5

   183 #define OCSP_RESPONSE_STATUS_UNAUTHORIZED         6

   184 

   185 /*   ResponseBytes ::=       SEQUENCE {

   186  *       responseType   OBJECT IDENTIFIER,

   187  *       response       OCTET STRING }

   188  */

   189 typedef struct ocsp_resp_bytes_st

   190 	{

   191 	ASN1_OBJECT *responseType;

   192 	ASN1_OCTET_STRING *response;

   193 	} OCSP_RESPBYTES;

   194 

   195 /*   OCSPResponse ::= SEQUENCE {

   196  *      responseStatus         OCSPResponseStatus,

   197  *      responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }

   198  */

   199 typedef struct ocsp_response_st

   200 	{

   201 	ASN1_ENUMERATED *responseStatus;

   202 	OCSP_RESPBYTES  *responseBytes;

   203 	} OCSP_RESPONSE;

   204 

   205 /*   ResponderID ::= CHOICE {

   206  *      byName   [1] Name,

   207  *      byKey    [2] KeyHash }

   208  */

   209 #define V_OCSP_RESPID_NAME 0

   210 #define V_OCSP_RESPID_KEY  1

   211 typedef struct ocsp_responder_id_st

   212 	{

   213 	int type;

   214 	union   {

   215 		X509_NAME* byName;

   216         	ASN1_OCTET_STRING *byKey;

   217 		} value;

   218 	} OCSP_RESPID;

   219 /*   KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key

   220  *                            --(excluding the tag and length fields)

   221  */

   222 

   223 /*   RevokedInfo ::= SEQUENCE {

   224  *       revocationTime              GeneralizedTime,

   225  *       revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }

   226  */

   227 typedef struct ocsp_revoked_info_st

   228 	{

   229 	ASN1_GENERALIZEDTIME *revocationTime;

   230 	ASN1_ENUMERATED *revocationReason;

   231 	} OCSP_REVOKEDINFO;

   232 

   233 /*   CertStatus ::= CHOICE {

   234  *       good                [0]     IMPLICIT NULL,

   235  *       revoked             [1]     IMPLICIT RevokedInfo,

   236  *       unknown             [2]     IMPLICIT UnknownInfo }

   237  */

   238 #define V_OCSP_CERTSTATUS_GOOD    0

   239 #define V_OCSP_CERTSTATUS_REVOKED 1

   240 #define V_OCSP_CERTSTATUS_UNKNOWN 2

   241 typedef struct ocsp_cert_status_st

   242 	{

   243 	int type;

   244 	union	{

   245 		ASN1_NULL *good;

   246 		OCSP_REVOKEDINFO *revoked;

   247 		ASN1_NULL *unknown;

   248 		} value;

   249 	} OCSP_CERTSTATUS;

   250 

   251 /*   SingleResponse ::= SEQUENCE {

   252  *      certID                       CertID,

   253  *      certStatus                   CertStatus,

   254  *      thisUpdate                   GeneralizedTime,

   255  *      nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,

   256  *      singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }

   257  */

   258 typedef struct ocsp_single_response_st

   259 	{

   260 	OCSP_CERTID *certId;

   261 	OCSP_CERTSTATUS *certStatus;

   262 	ASN1_GENERALIZEDTIME *thisUpdate;

   263 	ASN1_GENERALIZEDTIME *nextUpdate;

   264 	STACK_OF(X509_EXTENSION) *singleExtensions;

   265 	} OCSP_SINGLERESP;

   266 

   267 DECLARE_STACK_OF(OCSP_SINGLERESP)

   268 DECLARE_ASN1_SET_OF(OCSP_SINGLERESP)

   269 

   270 /*   ResponseData ::= SEQUENCE {

   271  *      version              [0] EXPLICIT Version DEFAULT v1,

   272  *      responderID              ResponderID,

   273  *      producedAt               GeneralizedTime,

   274  *      responses                SEQUENCE OF SingleResponse,

   275  *      responseExtensions   [1] EXPLICIT Extensions OPTIONAL }

   276  */

   277 typedef struct ocsp_response_data_st

   278 	{

   279 	ASN1_INTEGER *version;

   280 	OCSP_RESPID  *responderId;

   281 	ASN1_GENERALIZEDTIME *producedAt;

   282 	STACK_OF(OCSP_SINGLERESP) *responses;

   283 	STACK_OF(X509_EXTENSION) *responseExtensions;

   284 	} OCSP_RESPDATA;

   285 

   286 /*   BasicOCSPResponse       ::= SEQUENCE {

   287  *      tbsResponseData      ResponseData,

   288  *      signatureAlgorithm   AlgorithmIdentifier,

   289  *      signature            BIT STRING,

   290  *      certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }

   291  */

   292   /* Note 1:

   293      The value for "signature" is specified in the OCSP rfc2560 as follows:

   294      "The value for the signature SHALL be computed on the hash of the DER

   295      encoding ResponseData."  This means that you must hash the DER-encoded

   296      tbsResponseData, and then run it through a crypto-signing function, which

   297      will (at least w/RSA) do a hash-'n'-private-encrypt operation.  This seems

   298      a bit odd, but that's the spec.  Also note that the data structures do not

   299      leave anywhere to independently specify the algorithm used for the initial

   300      hash. So, we look at the signature-specification algorithm, and try to do

   301      something intelligent.	-- Kathy Weinhold, CertCo */

   302   /* Note 2:

   303      It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open

   304      for interpretation.  I've done tests against another responder, and found

   305      that it doesn't do the double hashing that the RFC seems to say one

   306      should.  Therefore, all relevant functions take a flag saying which

   307      variant should be used.	-- Richard Levitte, OpenSSL team and CeloCom */

   308 typedef struct ocsp_basic_response_st

   309 	{

   310 	OCSP_RESPDATA *tbsResponseData;

   311 	X509_ALGOR *signatureAlgorithm;

   312 	ASN1_BIT_STRING *signature;

   313 	STACK_OF(X509) *certs;

   314 	} OCSP_BASICRESP;

   315 

   316 /*

   317  *   CRLReason ::= ENUMERATED {

   318  *        unspecified             (0),

   319  *        keyCompromise           (1),

   320  *        cACompromise            (2),

   321  *        affiliationChanged      (3),

   322  *        superseded              (4),

   323  *        cessationOfOperation    (5),

   324  *        certificateHold         (6),

   325  *        removeFromCRL           (8) }

   326  */

   327 #define OCSP_REVOKED_STATUS_NOSTATUS               -1

   328 #define OCSP_REVOKED_STATUS_UNSPECIFIED             0

   329 #define OCSP_REVOKED_STATUS_KEYCOMPROMISE           1

   330 #define OCSP_REVOKED_STATUS_CACOMPROMISE            2

   331 #define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED      3

   332 #define OCSP_REVOKED_STATUS_SUPERSEDED              4

   333 #define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION    5

   334 #define OCSP_REVOKED_STATUS_CERTIFICATEHOLD         6

   335 #define OCSP_REVOKED_STATUS_REMOVEFROMCRL           8

   336 

   337 /* CrlID ::= SEQUENCE {

   338  *     crlUrl               [0]     EXPLICIT IA5String OPTIONAL,

   339  *     crlNum               [1]     EXPLICIT INTEGER OPTIONAL,

   340  *     crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }

   341  */

   342 typedef struct ocsp_crl_id_st

   343         {

   344 	ASN1_IA5STRING *crlUrl;

   345 	ASN1_INTEGER *crlNum;

   346 	ASN1_GENERALIZEDTIME *crlTime;

   347         } OCSP_CRLID;

   348 

   349 /* ServiceLocator ::= SEQUENCE {

   350  *      issuer    Name,

   351  *      locator   AuthorityInfoAccessSyntax OPTIONAL }

   352  */

   353 typedef struct ocsp_service_locator_st

   354         {

   355 	X509_NAME* issuer;

   356 	STACK_OF(ACCESS_DESCRIPTION) *locator;

   357         } OCSP_SERVICELOC;

   358  

   359 #define PEM_STRING_OCSP_REQUEST	"OCSP REQUEST"

   360 #define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"

   361 

   362 #define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p)

   363 

   364 #define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p)

   365 

   366 #define	PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \

   367      (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)

   368 

   369 #define	PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\

   370      (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)

   371 

   372 #define PEM_write_bio_OCSP_REQUEST(bp,o) \

   373     PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\

   374 			bp,(char *)o, NULL,NULL,0,NULL,NULL)

   375 

   376 #define PEM_write_bio_OCSP_RESPONSE(bp,o) \

   377     PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\

   378 			bp,(char *)o, NULL,NULL,0,NULL,NULL)

   379 

   380 #define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o)

   381 

   382 #define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o)

   383 

   384 #define OCSP_REQUEST_sign(o,pkey,md) \

   385 	ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\

   386 		o->optionalSignature->signatureAlgorithm,NULL,\

   387 	        o->optionalSignature->signature,o->tbsRequest,pkey,md)

   388 

   389 #define OCSP_BASICRESP_sign(o,pkey,md,d) \

   390 	ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\

   391 		o->signature,o->tbsResponseData,pkey,md)

   392 

   393 #define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\

   394         a->optionalSignature->signatureAlgorithm,\

   395 	a->optionalSignature->signature,a->tbsRequest,r)

   396 

   397 #define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\

   398 	a->signatureAlgorithm,a->signature,a->tbsResponseData,r)

   399 

   400 #define ASN1_BIT_STRING_digest(data,type,md,len) \

   401 	ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)

   402 

   403 #define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid)

   404 

   405 #define OCSP_CERTSTATUS_dup(cs)\

   406                 (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\

   407 		(char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))

   408 

   409 IMPORT_C OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);

   410 

   411 IMPORT_C OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);

   412 

   413 IMPORT_C OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, 

   414 			      X509_NAME *issuerName, 

   415 			      ASN1_BIT_STRING* issuerKey, 

   416 			      ASN1_INTEGER *serialNumber);

   417 

   418 IMPORT_C OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);

   419 

   420 IMPORT_C int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);

   421 IMPORT_C int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);

   422 IMPORT_C int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);

   423 IMPORT_C int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);

   424 

   425 IMPORT_C int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);

   426 IMPORT_C int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);

   427 

   428 IMPORT_C int OCSP_request_sign(OCSP_REQUEST   *req,

   429 		      X509           *signer,

   430 		      EVP_PKEY       *key,

   431 		      const EVP_MD   *dgst,

   432 		      STACK_OF(X509) *certs,

   433 		      unsigned long flags);

   434 

   435 IMPORT_C int OCSP_response_status(OCSP_RESPONSE *resp);

   436 IMPORT_C OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);

   437 

   438 IMPORT_C int OCSP_resp_count(OCSP_BASICRESP *bs);

   439 IMPORT_C OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);

   440 IMPORT_C int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);

   441 IMPORT_C int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,

   442 				ASN1_GENERALIZEDTIME **revtime,

   443 				ASN1_GENERALIZEDTIME **thisupd,

   444 				ASN1_GENERALIZEDTIME **nextupd);

   445 IMPORT_C int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,

   446 				int *reason,

   447 				ASN1_GENERALIZEDTIME **revtime,

   448 				ASN1_GENERALIZEDTIME **thisupd,

   449 				ASN1_GENERALIZEDTIME **nextupd);

   450 IMPORT_C int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,

   451 			ASN1_GENERALIZEDTIME *nextupd,

   452 			long sec, long maxsec);

   453 

   454 IMPORT_C int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags);

   455 

   456 IMPORT_C int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl);

   457 

   458 IMPORT_C int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);

   459 IMPORT_C int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);

   460 

   461 IMPORT_C int OCSP_request_onereq_count(OCSP_REQUEST *req);

   462 IMPORT_C OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);

   463 IMPORT_C OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one);

   464 IMPORT_C int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,

   465 			ASN1_OCTET_STRING **pikeyHash,

   466 			ASN1_INTEGER **pserial, OCSP_CERTID *cid);

   467 IMPORT_C int OCSP_request_is_signed(OCSP_REQUEST *req);

   468 IMPORT_C OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);

   469 IMPORT_C OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,

   470 						OCSP_CERTID *cid,

   471 						int status, int reason,

   472 						ASN1_TIME *revtime,

   473 					ASN1_TIME *thisupd, ASN1_TIME *nextupd);

   474 IMPORT_C int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);

   475 IMPORT_C int OCSP_basic_sign(OCSP_BASICRESP *brsp, 

   476 			X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,

   477 			STACK_OF(X509) *certs, unsigned long flags);

   478 

   479 IMPORT_C ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,

   480 				void *data, STACK_OF(ASN1_OBJECT) *sk);

   481 #define ASN1_STRING_encode_of(type,s,i2d,data,sk) \

   482 	ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk)

   483 

   484 IMPORT_C X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);

   485 

   486 IMPORT_C X509_EXTENSION *OCSP_accept_responses_new(char **oids);

   487 

   488 IMPORT_C X509_EXTENSION *OCSP_archive_cutoff_new(char* tim);

   489 

   490 IMPORT_C X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls);

   491 

   492 IMPORT_C int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);

   493 IMPORT_C int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);

   494 IMPORT_C int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos);

   495 IMPORT_C int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos);

   496 IMPORT_C X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc);

   497 IMPORT_C X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc);

   498 IMPORT_C void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx);

   499 IMPORT_C int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,

   500 							unsigned long flags);

   501 IMPORT_C int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc);

   502 

   503 IMPORT_C int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);

   504 IMPORT_C int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);

   505 IMPORT_C int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos);

   506 IMPORT_C int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);

   507 IMPORT_C X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);

   508 IMPORT_C X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc);

   509 IMPORT_C void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx);

   510 IMPORT_C int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,

   511 							unsigned long flags);

   512 IMPORT_C int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc);

   513 

   514 IMPORT_C int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);

   515 IMPORT_C int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);

   516 IMPORT_C int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos);

   517 IMPORT_C int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos);

   518 IMPORT_C X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc);

   519 IMPORT_C X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc);

   520 IMPORT_C void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx);

   521 IMPORT_C int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit,

   522 							unsigned long flags);

   523 IMPORT_C int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc);

   524 

   525 IMPORT_C int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);

   526 IMPORT_C int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos);

   527 IMPORT_C int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos);

   528 IMPORT_C int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos);

   529 IMPORT_C X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);

   530 IMPORT_C X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc);

   531 IMPORT_C void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx);

   532 IMPORT_C int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit,

   533 							unsigned long flags);

   534 IMPORT_C int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc);

   535 

   536 DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)

   537 DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS)

   538 DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)

   539 DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP)

   540 DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA)

   541 DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)

   542 DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE)

   543 DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES)

   544 DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ)

   545 DECLARE_ASN1_FUNCTIONS(OCSP_CERTID)

   546 DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST)

   547 DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE)

   548 DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)

   549 DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)

   550 DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)

   551 

   552 IMPORT_C char *OCSP_response_status_str(long s);

   553 IMPORT_C char *OCSP_cert_status_str(long s);

   554 IMPORT_C char *OCSP_crl_reason_str(long s);

   555 

   556 IMPORT_C int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);

   557 IMPORT_C int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);

   558 

   559 IMPORT_C int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,

   560 				X509_STORE *st, unsigned long flags);

   561 

   562 /* BEGIN ERROR CODES */

   563 /* The following lines are auto generated by the script mkerr.pl. Any changes

   564  * made after this point may be overwritten when the script is next run.

   565  */

   566 IMPORT_C void ERR_load_OCSP_strings(void);

   567 

   568 /* Error codes for the OCSP functions. */

   569 

   570 /* Function codes. */

   571 #define OCSP_F_ASN1_STRING_ENCODE			 100

   572 #define OCSP_F_D2I_OCSP_NONCE				 102

   573 #define OCSP_F_OCSP_BASIC_ADD1_STATUS			 103

   574 #define OCSP_F_OCSP_BASIC_SIGN				 104

   575 #define OCSP_F_OCSP_BASIC_VERIFY			 105

   576 #define OCSP_F_OCSP_CERT_ID_NEW				 101

   577 #define OCSP_F_OCSP_CHECK_DELEGATED			 106

   578 #define OCSP_F_OCSP_CHECK_IDS				 107

   579 #define OCSP_F_OCSP_CHECK_ISSUER			 108

   580 #define OCSP_F_OCSP_CHECK_VALIDITY			 115

   581 #define OCSP_F_OCSP_MATCH_ISSUERID			 109

   582 #define OCSP_F_OCSP_PARSE_URL				 114

   583 #define OCSP_F_OCSP_REQUEST_SIGN			 110

   584 #define OCSP_F_OCSP_REQUEST_VERIFY			 116

   585 #define OCSP_F_OCSP_RESPONSE_GET1_BASIC			 111

   586 #define OCSP_F_OCSP_SENDREQ_BIO				 112

   587 #define OCSP_F_REQUEST_VERIFY				 113

   588 

   589 /* Reason codes. */

   590 #define OCSP_R_BAD_DATA					 100

   591 #define OCSP_R_CERTIFICATE_VERIFY_ERROR			 101

   592 #define OCSP_R_DIGEST_ERR				 102

   593 #define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD		 122

   594 #define OCSP_R_ERROR_IN_THISUPDATE_FIELD		 123

   595 #define OCSP_R_ERROR_PARSING_URL			 121

   596 #define OCSP_R_MISSING_OCSPSIGNING_USAGE		 103

   597 #define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE		 124

   598 #define OCSP_R_NOT_BASIC_RESPONSE			 104

   599 #define OCSP_R_NO_CERTIFICATES_IN_CHAIN			 105

   600 #define OCSP_R_NO_CONTENT				 106

   601 #define OCSP_R_NO_PUBLIC_KEY				 107

   602 #define OCSP_R_NO_RESPONSE_DATA				 108

   603 #define OCSP_R_NO_REVOKED_TIME				 109

   604 #define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE	 110

   605 #define OCSP_R_REQUEST_NOT_SIGNED			 128

   606 #define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA	 111

   607 #define OCSP_R_ROOT_CA_NOT_TRUSTED			 112

   608 #define OCSP_R_SERVER_READ_ERROR			 113

   609 #define OCSP_R_SERVER_RESPONSE_ERROR			 114

   610 #define OCSP_R_SERVER_RESPONSE_PARSE_ERROR		 115

   611 #define OCSP_R_SERVER_WRITE_ERROR			 116

   612 #define OCSP_R_SIGNATURE_FAILURE			 117

   613 #define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND		 118

   614 #define OCSP_R_STATUS_EXPIRED				 125

   615 #define OCSP_R_STATUS_NOT_YET_VALID			 126

   616 #define OCSP_R_STATUS_TOO_OLD				 127

   617 #define OCSP_R_UNKNOWN_MESSAGE_DIGEST			 119

   618 #define OCSP_R_UNKNOWN_NID				 120

   619 #define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE		 129

   620 

   621 #ifdef  __cplusplus

   622 }

   623 #endif

   624 #endif