1 /* ocsp.h */

     2 /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL

     3  * project. */

     4 

     5 /* History:

     6    This file was transfered to Richard Levitte from CertCo by Kathy

     7    Weinhold in mid-spring 2000 to be included in OpenSSL or released

     8    as a patch kit. */

     9 

    10 /* ====================================================================

    11  * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

    12  *

    13  * Redistribution and use in source and binary forms, with or without

    14  * modification, are permitted provided that the following conditions

    15  * are met:

    16  *

    17  * 1. Redistributions of source code must retain the above copyright

    18  *    notice, this list of conditions and the following disclaimer. 

    19  *

    20  * 2. Redistributions in binary form must reproduce the above copyright

    21  *    notice, this list of conditions and the following disclaimer in

    22  *    the documentation and/or other materials provided with the

    23  *    distribution.

    24  *

    25  * 3. All advertising materials mentioning features or use of this

    26  *    software must display the following acknowledgment:

    27  *    "This product includes software developed by the OpenSSL Project

    28  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

    29  *

    30  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

    31  *    endorse or promote products derived from this software without

    32  *    prior written permission. For written permission, please contact

    33  *    openssl-core@openssl.org.

    34  *

    35  * 5. Products derived from this software may not be called "OpenSSL"

    36  *    nor may "OpenSSL" appear in their names without prior written

    37  *    permission of the OpenSSL Project.

    38  *

    39  * 6. Redistributions of any form whatsoever must retain the following

    40  *    acknowledgment:

    41  *    "This product includes software developed by the OpenSSL Project

    42  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

    43  *

    44  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

    45  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

    46  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

    47  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

    48  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

    49  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

    50  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

    51  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

    52  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

    53  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

    54  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

    55  * OF THE POSSIBILITY OF SUCH DAMAGE.

    56  * ====================================================================

    57  *

    58  * This product includes cryptographic software written by Eric Young

    59  * (eay@cryptsoft.com).  This product includes software written by Tim

    60  * Hudson (tjh@cryptsoft.com).

    61  *

    62  */

    63 /*

    64  © Portions copyright (c) 2006 Nokia Corporation.  All rights reserved.

    65  */

    66 

    67 #ifndef HEADER_OCSP_H

    68 #define HEADER_OCSP_H

    69 #ifdef SYMBIAN

    70 #include <e32def.h>

    71 #endif

    72 #include <openssl/x509.h>

    73 #include <openssl/x509v3.h>

    74 #include <openssl/safestack.h>

    75 

    76 #ifdef  __cplusplus

    77 extern "C" {

    78 #endif

    79 

    80 /* Various flags and values */

    81 

    82 #define OCSP_DEFAULT_NONCE_LENGTH	16

    83 

    84 #define OCSP_NOCERTS			0x1

    85 #define OCSP_NOINTERN			0x2

    86 #define OCSP_NOSIGS			0x4

    87 #define OCSP_NOCHAIN			0x8

    88 #define OCSP_NOVERIFY			0x10

    89 #define OCSP_NOEXPLICIT			0x20

    90 #define OCSP_NOCASIGN			0x40

    91 #define OCSP_NODELEGATED		0x80

    92 #define OCSP_NOCHECKS			0x100

    93 #define OCSP_TRUSTOTHER			0x200

    94 #define OCSP_RESPID_KEY			0x400

    95 #define OCSP_NOTIME			0x800

    96 

    97 /*   CertID ::= SEQUENCE {

    98  *       hashAlgorithm            AlgorithmIdentifier,

    99  *       issuerNameHash     OCTET STRING, -- Hash of Issuer's DN

   100  *       issuerKeyHash      OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)

   101  *       serialNumber       CertificateSerialNumber }

   102  */

   103 typedef struct ocsp_cert_id_st

   104 	{

   105 	X509_ALGOR *hashAlgorithm;

   106 	ASN1_OCTET_STRING *issuerNameHash;

   107 	ASN1_OCTET_STRING *issuerKeyHash;

   108 	ASN1_INTEGER *serialNumber;

   109 	} OCSP_CERTID;

   110 

   111 DECLARE_STACK_OF(OCSP_CERTID)

   112 

   113 /*   Request ::=     SEQUENCE {

   114  *       reqCert                    CertID,

   115  *       singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }

   116  */

   117 typedef struct ocsp_one_request_st

   118 	{

   119 	OCSP_CERTID *reqCert;

   120 	STACK_OF(X509_EXTENSION) *singleRequestExtensions;

   121 	} OCSP_ONEREQ;

   122 

   123 DECLARE_STACK_OF(OCSP_ONEREQ)

   124 DECLARE_ASN1_SET_OF(OCSP_ONEREQ)

   125 

   126 

   127 /*   TBSRequest      ::=     SEQUENCE {

   128  *       version             [0] EXPLICIT Version DEFAULT v1,

   129  *       requestorName       [1] EXPLICIT GeneralName OPTIONAL,

   130  *       requestList             SEQUENCE OF Request,

   131  *       requestExtensions   [2] EXPLICIT Extensions OPTIONAL }

   132  */

   133 typedef struct ocsp_req_info_st

   134 	{

   135 	ASN1_INTEGER *version;

   136 	GENERAL_NAME *requestorName;

   137 	STACK_OF(OCSP_ONEREQ) *requestList;

   138 	STACK_OF(X509_EXTENSION) *requestExtensions;

   139 	} OCSP_REQINFO;

   140 

   141 /*   Signature       ::=     SEQUENCE {

   142  *       signatureAlgorithm   AlgorithmIdentifier,

   143  *       signature            BIT STRING,

   144  *       certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }

   145  */

   146 typedef struct ocsp_signature_st

   147 	{

   148 	X509_ALGOR *signatureAlgorithm;

   149 	ASN1_BIT_STRING *signature;

   150 	STACK_OF(X509) *certs;

   151 	} OCSP_SIGNATURE;

   152 

   153 /*   OCSPRequest     ::=     SEQUENCE {

   154  *       tbsRequest                  TBSRequest,

   155  *       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }

   156  */

   157 typedef struct ocsp_request_st

   158 	{

   159 	OCSP_REQINFO *tbsRequest;

   160 	OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */

   161 	} OCSP_REQUEST;

   162 

   163 /*   OCSPResponseStatus ::= ENUMERATED {

   164  *       successful            (0),      --Response has valid confirmations

   165  *       malformedRequest      (1),      --Illegal confirmation request

   166  *       internalError         (2),      --Internal error in issuer

   167  *       tryLater              (3),      --Try again later

   168  *                                       --(4) is not used

   169  *       sigRequired           (5),      --Must sign the request

   170  *       unauthorized          (6)       --Request unauthorized

   171  *   }

   172  */

   173 #define OCSP_RESPONSE_STATUS_SUCCESSFUL          0

   174 #define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST     1

   175 #define OCSP_RESPONSE_STATUS_INTERNALERROR        2

   176 #define OCSP_RESPONSE_STATUS_TRYLATER             3

   177 #define OCSP_RESPONSE_STATUS_SIGREQUIRED          5

   178 #define OCSP_RESPONSE_STATUS_UNAUTHORIZED         6

   179 

   180 /*   ResponseBytes ::=       SEQUENCE {

   181  *       responseType   OBJECT IDENTIFIER,

   182  *       response       OCTET STRING }

   183  */

   184 typedef struct ocsp_resp_bytes_st

   185 	{

   186 	ASN1_OBJECT *responseType;

   187 	ASN1_OCTET_STRING *response;

   188 	} OCSP_RESPBYTES;

   189 

   190 /*   OCSPResponse ::= SEQUENCE {

   191  *      responseStatus         OCSPResponseStatus,

   192  *      responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }

   193  */

   194 typedef struct ocsp_response_st

   195 	{

   196 	ASN1_ENUMERATED *responseStatus;

   197 	OCSP_RESPBYTES  *responseBytes;

   198 	} OCSP_RESPONSE;

   199 

   200 /*   ResponderID ::= CHOICE {

   201  *      byName   [1] Name,

   202  *      byKey    [2] KeyHash }

   203  */

   204 #define V_OCSP_RESPID_NAME 0

   205 #define V_OCSP_RESPID_KEY  1

   206 typedef struct ocsp_responder_id_st

   207 	{

   208 	int type;

   209 	union   {

   210 		X509_NAME* byName;

   211         	ASN1_OCTET_STRING *byKey;

   212 		} value;

   213 	} OCSP_RESPID;

   214 /*   KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key

   215  *                            --(excluding the tag and length fields)

   216  */

   217 

   218 /*   RevokedInfo ::= SEQUENCE {

   219  *       revocationTime              GeneralizedTime,

   220  *       revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }

   221  */

   222 typedef struct ocsp_revoked_info_st

   223 	{

   224 	ASN1_GENERALIZEDTIME *revocationTime;

   225 	ASN1_ENUMERATED *revocationReason;

   226 	} OCSP_REVOKEDINFO;

   227 

   228 /*   CertStatus ::= CHOICE {

   229  *       good                [0]     IMPLICIT NULL,

   230  *       revoked             [1]     IMPLICIT RevokedInfo,

   231  *       unknown             [2]     IMPLICIT UnknownInfo }

   232  */

   233 #define V_OCSP_CERTSTATUS_GOOD    0

   234 #define V_OCSP_CERTSTATUS_REVOKED 1

   235 #define V_OCSP_CERTSTATUS_UNKNOWN 2

   236 typedef struct ocsp_cert_status_st

   237 	{

   238 	int type;

   239 	union	{

   240 		ASN1_NULL *good;

   241 		OCSP_REVOKEDINFO *revoked;

   242 		ASN1_NULL *unknown;

   243 		} value;

   244 	} OCSP_CERTSTATUS;

   245 

   246 /*   SingleResponse ::= SEQUENCE {

   247  *      certID                       CertID,

   248  *      certStatus                   CertStatus,

   249  *      thisUpdate                   GeneralizedTime,

   250  *      nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,

   251  *      singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }

   252  */

   253 typedef struct ocsp_single_response_st

   254 	{

   255 	OCSP_CERTID *certId;

   256 	OCSP_CERTSTATUS *certStatus;

   257 	ASN1_GENERALIZEDTIME *thisUpdate;

   258 	ASN1_GENERALIZEDTIME *nextUpdate;

   259 	STACK_OF(X509_EXTENSION) *singleExtensions;

   260 	} OCSP_SINGLERESP;

   261 

   262 DECLARE_STACK_OF(OCSP_SINGLERESP)

   263 DECLARE_ASN1_SET_OF(OCSP_SINGLERESP)

   264 

   265 /*   ResponseData ::= SEQUENCE {

   266  *      version              [0] EXPLICIT Version DEFAULT v1,

   267  *      responderID              ResponderID,

   268  *      producedAt               GeneralizedTime,

   269  *      responses                SEQUENCE OF SingleResponse,

   270  *      responseExtensions   [1] EXPLICIT Extensions OPTIONAL }

   271  */

   272 typedef struct ocsp_response_data_st

   273 	{

   274 	ASN1_INTEGER *version;

   275 	OCSP_RESPID  *responderId;

   276 	ASN1_GENERALIZEDTIME *producedAt;

   277 	STACK_OF(OCSP_SINGLERESP) *responses;

   278 	STACK_OF(X509_EXTENSION) *responseExtensions;

   279 	} OCSP_RESPDATA;

   280 

   281 /*   BasicOCSPResponse       ::= SEQUENCE {

   282  *      tbsResponseData      ResponseData,

   283  *      signatureAlgorithm   AlgorithmIdentifier,

   284  *      signature            BIT STRING,

   285  *      certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }

   286  */

   287   /* Note 1:

   288      The value for "signature" is specified in the OCSP rfc2560 as follows:

   289      "The value for the signature SHALL be computed on the hash of the DER

   290      encoding ResponseData."  This means that you must hash the DER-encoded

   291      tbsResponseData, and then run it through a crypto-signing function, which

   292      will (at least w/RSA) do a hash-'n'-private-encrypt operation.  This seems

   293      a bit odd, but that's the spec.  Also note that the data structures do not

   294      leave anywhere to independently specify the algorithm used for the initial

   295      hash. So, we look at the signature-specification algorithm, and try to do

   296      something intelligent.	-- Kathy Weinhold, CertCo */

   297   /* Note 2:

   298      It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open

   299      for interpretation.  I've done tests against another responder, and found

   300      that it doesn't do the double hashing that the RFC seems to say one

   301      should.  Therefore, all relevant functions take a flag saying which

   302      variant should be used.	-- Richard Levitte, OpenSSL team and CeloCom */

   303 typedef struct ocsp_basic_response_st

   304 	{

   305 	OCSP_RESPDATA *tbsResponseData;

   306 	X509_ALGOR *signatureAlgorithm;

   307 	ASN1_BIT_STRING *signature;

   308 	STACK_OF(X509) *certs;

   309 	} OCSP_BASICRESP;

   310 

   311 /*

   312  *   CRLReason ::= ENUMERATED {

   313  *        unspecified             (0),

   314  *        keyCompromise           (1),

   315  *        cACompromise            (2),

   316  *        affiliationChanged      (3),

   317  *        superseded              (4),

   318  *        cessationOfOperation    (5),

   319  *        certificateHold         (6),

   320  *        removeFromCRL           (8) }

   321  */

   322 #define OCSP_REVOKED_STATUS_NOSTATUS               -1

   323 #define OCSP_REVOKED_STATUS_UNSPECIFIED             0

   324 #define OCSP_REVOKED_STATUS_KEYCOMPROMISE           1

   325 #define OCSP_REVOKED_STATUS_CACOMPROMISE            2

   326 #define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED      3

   327 #define OCSP_REVOKED_STATUS_SUPERSEDED              4

   328 #define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION    5

   329 #define OCSP_REVOKED_STATUS_CERTIFICATEHOLD         6

   330 #define OCSP_REVOKED_STATUS_REMOVEFROMCRL           8

   331 

   332 /* CrlID ::= SEQUENCE {

   333  *     crlUrl               [0]     EXPLICIT IA5String OPTIONAL,

   334  *     crlNum               [1]     EXPLICIT INTEGER OPTIONAL,

   335  *     crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }

   336  */

   337 typedef struct ocsp_crl_id_st

   338         {

   339 	ASN1_IA5STRING *crlUrl;

   340 	ASN1_INTEGER *crlNum;

   341 	ASN1_GENERALIZEDTIME *crlTime;

   342         } OCSP_CRLID;

   343 

   344 /* ServiceLocator ::= SEQUENCE {

   345  *      issuer    Name,

   346  *      locator   AuthorityInfoAccessSyntax OPTIONAL }

   347  */

   348 typedef struct ocsp_service_locator_st

   349         {

   350 	X509_NAME* issuer;

   351 	STACK_OF(ACCESS_DESCRIPTION) *locator;

   352         } OCSP_SERVICELOC;

   353  

   354 #define PEM_STRING_OCSP_REQUEST	"OCSP REQUEST"

   355 #define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"

   356 

   357 #define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p)

   358 

   359 #define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p)

   360 

   361 #define	PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \

   362      (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)

   363 

   364 #define	PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\

   365      (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)

   366 

   367 #define PEM_write_bio_OCSP_REQUEST(bp,o) \

   368     PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\

   369 			bp,(char *)o, NULL,NULL,0,NULL,NULL)

   370 

   371 #define PEM_write_bio_OCSP_RESPONSE(bp,o) \

   372     PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\

   373 			bp,(char *)o, NULL,NULL,0,NULL,NULL)

   374 

   375 #define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o)

   376 

   377 #define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o)

   378 

   379 #define OCSP_REQUEST_sign(o,pkey,md) \

   380 	ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\

   381 		o->optionalSignature->signatureAlgorithm,NULL,\

   382 	        o->optionalSignature->signature,o->tbsRequest,pkey,md)

   383 

   384 #define OCSP_BASICRESP_sign(o,pkey,md,d) \

   385 	ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\

   386 		o->signature,o->tbsResponseData,pkey,md)

   387 

   388 #define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\

   389         a->optionalSignature->signatureAlgorithm,\

   390 	a->optionalSignature->signature,a->tbsRequest,r)

   391 

   392 #define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\

   393 	a->signatureAlgorithm,a->signature,a->tbsResponseData,r)

   394 

   395 #define ASN1_BIT_STRING_digest(data,type,md,len) \

   396 	ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)

   397 

   398 #define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid)

   399 

   400 #define OCSP_CERTSTATUS_dup(cs)\

   401                 (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\

   402 		(char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))

   403 

   404 IMPORT_C OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);

   405 

   406 IMPORT_C OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);

   407 

   408 IMPORT_C OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, 

   409 			      X509_NAME *issuerName, 

   410 			      ASN1_BIT_STRING* issuerKey, 

   411 			      ASN1_INTEGER *serialNumber);

   412 

   413 IMPORT_C OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);

   414 

   415 IMPORT_C int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);

   416 IMPORT_C int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);

   417 IMPORT_C int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);

   418 IMPORT_C int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);

   419 

   420 IMPORT_C int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);

   421 IMPORT_C int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);

   422 

   423 IMPORT_C int OCSP_request_sign(OCSP_REQUEST   *req,

   424 		      X509           *signer,

   425 		      EVP_PKEY       *key,

   426 		      const EVP_MD   *dgst,

   427 		      STACK_OF(X509) *certs,

   428 		      unsigned long flags);

   429 

   430 IMPORT_C int OCSP_response_status(OCSP_RESPONSE *resp);

   431 IMPORT_C OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);

   432 

   433 IMPORT_C int OCSP_resp_count(OCSP_BASICRESP *bs);

   434 IMPORT_C OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);

   435 IMPORT_C int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);

   436 IMPORT_C int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,

   437 				ASN1_GENERALIZEDTIME **revtime,

   438 				ASN1_GENERALIZEDTIME **thisupd,

   439 				ASN1_GENERALIZEDTIME **nextupd);

   440 IMPORT_C int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,

   441 				int *reason,

   442 				ASN1_GENERALIZEDTIME **revtime,

   443 				ASN1_GENERALIZEDTIME **thisupd,

   444 				ASN1_GENERALIZEDTIME **nextupd);

   445 IMPORT_C int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,

   446 			ASN1_GENERALIZEDTIME *nextupd,

   447 			long sec, long maxsec);

   448 

   449 IMPORT_C int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags);

   450 

   451 IMPORT_C int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl);

   452 

   453 IMPORT_C int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);

   454 IMPORT_C int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);

   455 

   456 IMPORT_C int OCSP_request_onereq_count(OCSP_REQUEST *req);

   457 IMPORT_C OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);

   458 IMPORT_C OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one);

   459 IMPORT_C int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,

   460 			ASN1_OCTET_STRING **pikeyHash,

   461 			ASN1_INTEGER **pserial, OCSP_CERTID *cid);

   462 IMPORT_C int OCSP_request_is_signed(OCSP_REQUEST *req);

   463 IMPORT_C OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);

   464 IMPORT_C OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,

   465 						OCSP_CERTID *cid,

   466 						int status, int reason,

   467 						ASN1_TIME *revtime,

   468 					ASN1_TIME *thisupd, ASN1_TIME *nextupd);

   469 IMPORT_C int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);

   470 IMPORT_C int OCSP_basic_sign(OCSP_BASICRESP *brsp, 

   471 			X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,

   472 			STACK_OF(X509) *certs, unsigned long flags);

   473 

   474 IMPORT_C ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,

   475 				void *data, STACK_OF(ASN1_OBJECT) *sk);

   476 #define ASN1_STRING_encode_of(type,s,i2d,data,sk) \

   477 	ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk)

   478 

   479 IMPORT_C X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);

   480 

   481 IMPORT_C X509_EXTENSION *OCSP_accept_responses_new(char **oids);

   482 

   483 IMPORT_C X509_EXTENSION *OCSP_archive_cutoff_new(char* tim);

   484 

   485 IMPORT_C X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls);

   486 

   487 IMPORT_C int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);

   488 IMPORT_C int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);

   489 IMPORT_C int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos);

   490 IMPORT_C int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos);

   491 IMPORT_C X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc);

   492 IMPORT_C X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc);

   493 IMPORT_C void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx);

   494 IMPORT_C int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,

   495 							unsigned long flags);

   496 IMPORT_C int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc);

   497 

   498 IMPORT_C int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);

   499 IMPORT_C int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);

   500 IMPORT_C int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos);

   501 IMPORT_C int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);

   502 IMPORT_C X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);

   503 IMPORT_C X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc);

   504 IMPORT_C void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx);

   505 IMPORT_C int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,

   506 							unsigned long flags);

   507 IMPORT_C int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc);

   508 

   509 IMPORT_C int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);

   510 IMPORT_C int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);

   511 IMPORT_C int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos);

   512 IMPORT_C int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos);

   513 IMPORT_C X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc);

   514 IMPORT_C X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc);

   515 IMPORT_C void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx);

   516 IMPORT_C int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit,

   517 							unsigned long flags);

   518 IMPORT_C int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc);

   519 

   520 IMPORT_C int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);

   521 IMPORT_C int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos);

   522 IMPORT_C int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos);

   523 IMPORT_C int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos);

   524 IMPORT_C X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);

   525 IMPORT_C X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc);

   526 IMPORT_C void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx);

   527 IMPORT_C int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit,

   528 							unsigned long flags);

   529 IMPORT_C int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc);

   530 

   531 DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)

   532 DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS)

   533 DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)

   534 DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP)

   535 DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA)

   536 DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)

   537 DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE)

   538 DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES)

   539 DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ)

   540 DECLARE_ASN1_FUNCTIONS(OCSP_CERTID)

   541 DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST)

   542 DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE)

   543 DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)

   544 DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)

   545 DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)

   546 

   547 IMPORT_C char *OCSP_response_status_str(long s);

   548 IMPORT_C char *OCSP_cert_status_str(long s);

   549 IMPORT_C char *OCSP_crl_reason_str(long s);

   550 

   551 IMPORT_C int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);

   552 IMPORT_C int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);

   553 

   554 IMPORT_C int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,

   555 				X509_STORE *st, unsigned long flags);

   556 

   557 /* BEGIN ERROR CODES */

   558 /* The following lines are auto generated by the script mkerr.pl. Any changes

   559  * made after this point may be overwritten when the script is next run.

   560  */

   561 IMPORT_C void ERR_load_OCSP_strings(void);

   562 

   563 /* Error codes for the OCSP functions. */

   564 

   565 /* Function codes. */

   566 #define OCSP_F_ASN1_STRING_ENCODE			 100

   567 #define OCSP_F_D2I_OCSP_NONCE				 102

   568 #define OCSP_F_OCSP_BASIC_ADD1_STATUS			 103

   569 #define OCSP_F_OCSP_BASIC_SIGN				 104

   570 #define OCSP_F_OCSP_BASIC_VERIFY			 105

   571 #define OCSP_F_OCSP_CERT_ID_NEW				 101

   572 #define OCSP_F_OCSP_CHECK_DELEGATED			 106

   573 #define OCSP_F_OCSP_CHECK_IDS				 107

   574 #define OCSP_F_OCSP_CHECK_ISSUER			 108

   575 #define OCSP_F_OCSP_CHECK_VALIDITY			 115

   576 #define OCSP_F_OCSP_MATCH_ISSUERID			 109

   577 #define OCSP_F_OCSP_PARSE_URL				 114

   578 #define OCSP_F_OCSP_REQUEST_SIGN			 110

   579 #define OCSP_F_OCSP_REQUEST_VERIFY			 116

   580 #define OCSP_F_OCSP_RESPONSE_GET1_BASIC			 111

   581 #define OCSP_F_OCSP_SENDREQ_BIO				 112

   582 #define OCSP_F_REQUEST_VERIFY				 113

   583 

   584 /* Reason codes. */

   585 #define OCSP_R_BAD_DATA					 100

   586 #define OCSP_R_CERTIFICATE_VERIFY_ERROR			 101

   587 #define OCSP_R_DIGEST_ERR				 102

   588 #define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD		 122

   589 #define OCSP_R_ERROR_IN_THISUPDATE_FIELD		 123

   590 #define OCSP_R_ERROR_PARSING_URL			 121

   591 #define OCSP_R_MISSING_OCSPSIGNING_USAGE		 103

   592 #define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE		 124

   593 #define OCSP_R_NOT_BASIC_RESPONSE			 104

   594 #define OCSP_R_NO_CERTIFICATES_IN_CHAIN			 105

   595 #define OCSP_R_NO_CONTENT				 106

   596 #define OCSP_R_NO_PUBLIC_KEY				 107

   597 #define OCSP_R_NO_RESPONSE_DATA				 108

   598 #define OCSP_R_NO_REVOKED_TIME				 109

   599 #define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE	 110

   600 #define OCSP_R_REQUEST_NOT_SIGNED			 128

   601 #define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA	 111

   602 #define OCSP_R_ROOT_CA_NOT_TRUSTED			 112

   603 #define OCSP_R_SERVER_READ_ERROR			 113

   604 #define OCSP_R_SERVER_RESPONSE_ERROR			 114

   605 #define OCSP_R_SERVER_RESPONSE_PARSE_ERROR		 115

   606 #define OCSP_R_SERVER_WRITE_ERROR			 116

   607 #define OCSP_R_SIGNATURE_FAILURE			 117

   608 #define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND		 118

   609 #define OCSP_R_STATUS_EXPIRED				 125

   610 #define OCSP_R_STATUS_NOT_YET_VALID			 126

   611 #define OCSP_R_STATUS_TOO_OLD				 127

   612 #define OCSP_R_UNKNOWN_MESSAGE_DIGEST			 119

   613 #define OCSP_R_UNKNOWN_NID				 120

   614 #define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE		 129

   615 

   616 #ifdef  __cplusplus

   617 }

   618 #endif

   619 #endif