Initial indirect CRL support.

[openssl.git] / crypto / asn1 / asn1_locl.h

diff --git a/crypto/asn1/asn1_locl.h b/crypto/asn1/asn1_locl.h
index 3acb4392d57024971933db663c44f48387e60ba4..7d10700fe192f93dbcb62dda9c65671bbf0c81e1 100644 (file)
--- a/crypto/asn1/asn1_locl.h
+++ b/crypto/asn1/asn1_locl.h
@@ -1,9 +1,9 @@
 /* asn1t.h */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2005.
+ * project 2006.
  */
 /* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -71,9 +71,6 @@ struct asn1_pctx_st
 
 /* ASN1 public key method structure */
 
-#define ASN1_PKEY_ALIAS                0x1
-#define ASN1_PKEY_DYNAMIC      0x2
-
 struct evp_pkey_asn1_method_st
        {
        int pkey_id;
@@ -97,8 +94,9 @@ struct evp_pkey_asn1_method_st
        int (*pkey_size)(const EVP_PKEY *pk);
        int (*pkey_bits)(const EVP_PKEY *pk);
 
-       int (*param_decode)(const EVP_PKEY *pk, X509_PUBKEY *pub);
-       int (*param_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk);
+       int (*param_decode)(EVP_PKEY *pkey,
+                               const unsigned char **pder, int derlen);
+       int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder);
        int (*param_missing)(const EVP_PKEY *pk);
        int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from);
        int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);
@@ -106,7 +104,7 @@ struct evp_pkey_asn1_method_st
                                                        ASN1_PCTX *pctx);
 
        void (*pkey_free)(EVP_PKEY *pkey);
-       void (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2);
+       int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2);
 
        /* Legacy functions for old PEM */
 
@@ -115,3 +113,22 @@ struct evp_pkey_asn1_method_st
        int (*old_priv_encode)(const EVP_PKEY *pkey, unsigned char **pder);
 
        } /* EVP_PKEY_ASN1_METHOD */;
+
+/* Method to handle CRL access.
+ * In general a CRL could be very large (several Mb) and can consume large
+ * amounts of resources if stored in memory by multiple processes.
+ * This method allows general CRL operations to be redirected to more
+ * efficient callbacks: for example a CRL entry database.
+ */
+
+#define X509_CRL_METHOD_DYNAMIC                1
+
+struct x509_crl_method_st
+       {
+       int flags;
+       int (*crl_init)(X509_CRL *crl);
+       int (*crl_free)(X509_CRL *crl);
+       int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
+                               ASN1_INTEGER *ser, X509_NAME *issuer);
+       int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk);
+       };