X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Focsp%2Focsp.h;h=fab3c0318215160e28a1b9650d5b845dba88c359;hp=4826a709f01e010b9cec60b85921859a1340051d;hb=5dbd3efce784cb5621de8402430eda23d1762568;hpb=26e083ccb72f0bfabb443c67b121ad8f9192217e diff --git a/crypto/ocsp/ocsp.h b/crypto/ocsp/ocsp.h index 4826a709f0..fab3c03182 100644 --- a/crypto/ocsp/ocsp.h +++ b/crypto/ocsp/ocsp.h @@ -378,23 +378,23 @@ typedef struct ocsp_service_locator_st (unsigned char *)o) #define OCSP_REQUEST_sign(o,pkey,md) \ - ASN1_item_sign(&OCSP_REQINFO_it,\ + ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ o->optionalSignature->signatureAlgorithm,NULL,\ o->optionalSignature->signature,o->tbsRequest,pkey,md) #define OCSP_BASICRESP_sign(o,pkey,md,d) \ - ASN1_item_sign(&OCSP_RESPDATA_it,o->signatureAlgorithm,NULL,\ + ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\ o->signature,o->tbsResponseData,pkey,md) -#define OCSP_REQUEST_verify(a,r) ASN1_item_verify(&OCSP_REQINFO_it,\ +#define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ a->optionalSignature->signatureAlgorithm,\ a->optionalSignature->signature,a->tbsRequest,r) -#define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(&OCSP_RESPDATA_it,\ +#define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\ a->signatureAlgorithm,a->signature,a->tbsResponseData,r) #define ASN1_BIT_STRING_digest(data,type,md,len) \ - ASN1_item_digest(&ASN1_BIT_STRING_it,type,data,md,len) + ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) #define OCSP_CERTID_dup(cid) (OCSP_CERTID*)ASN1_dup((int(*)())i2d_OCSP_CERTID,\ (char *(*)())d2i_OCSP_CERTID,(char *)(cid)) @@ -415,6 +415,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); +int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs); int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); @@ -443,8 +444,13 @@ int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, ASN1_GENERALIZEDTIME **revtime, ASN1_GENERALIZEDTIME **thisupd, ASN1_GENERALIZEDTIME **nextupd); +int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, + ASN1_GENERALIZEDTIME *nextupd, + long sec, long maxsec); -int OCSP_request_verify(OCSP_REQUEST *req, EVP_PKEY *pkey); +int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags); + +int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl); int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b); int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b); @@ -455,6 +461,7 @@ OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one); int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, ASN1_OCTET_STRING **pikeyHash, ASN1_INTEGER **pserial, OCSP_CERTID *cid); +int OCSP_request_is_signed(OCSP_REQUEST *req); OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, @@ -547,76 +554,66 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags); int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags); -void ERR_load_OCSP_strings(void); - /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ +void ERR_load_OCSP_strings(void); /* Error codes for the OCSP functions. */ /* Function codes. */ -#define OCSP_F_ASN1_STRING_ENCODE 106 -#define OCSP_F_BASIC_RESPONSE_NEW 100 -#define OCSP_F_BASIC_RESPONSE_VERIFY 101 -#define OCSP_F_CERT_ID_NEW 102 -#define OCSP_F_CERT_STATUS_NEW 103 -#define OCSP_F_D2I_OCSP_NONCE 109 -#define OCSP_F_OCSP_BASIC_ADD1_STATUS 118 -#define OCSP_F_OCSP_BASIC_SIGN 119 -#define OCSP_F_OCSP_BASIC_VERIFY 113 -#define OCSP_F_OCSP_CHECK_DELEGATED 117 -#define OCSP_F_OCSP_CHECK_IDS 114 -#define OCSP_F_OCSP_CHECK_ISSUER 115 -#define OCSP_F_OCSP_CHECK_NONCE 112 -#define OCSP_F_OCSP_MATCH_ISSUERID 116 -#define OCSP_F_OCSP_REQUEST_SIGN 120 +#define OCSP_F_ASN1_STRING_ENCODE 100 +#define OCSP_F_CERT_ID_NEW 101 +#define OCSP_F_D2I_OCSP_NONCE 102 +#define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 +#define OCSP_F_OCSP_BASIC_SIGN 104 +#define OCSP_F_OCSP_BASIC_VERIFY 105 +#define OCSP_F_OCSP_CHECK_DELEGATED 106 +#define OCSP_F_OCSP_CHECK_IDS 107 +#define OCSP_F_OCSP_CHECK_ISSUER 108 +#define OCSP_F_OCSP_CHECK_VALIDITY 115 +#define OCSP_F_OCSP_MATCH_ISSUERID 109 +#define OCSP_F_OCSP_PARSE_URL 114 +#define OCSP_F_OCSP_REQUEST_SIGN 110 +#define OCSP_F_OCSP_REQUEST_VERIFY 116 #define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 -#define OCSP_F_OCSP_SENDREQ_BIO 110 -#define OCSP_F_REQUEST_VERIFY 104 -#define OCSP_F_RESPONSE_VERIFY 105 -#define OCSP_F_S2I_OCSP_NONCE 107 -#define OCSP_F_V2I_OCSP_CRLID 108 +#define OCSP_F_OCSP_SENDREQ_BIO 112 +#define OCSP_F_REQUEST_VERIFY 113 /* Reason codes. */ -#define OCSP_R_BAD_DATA 108 -#define OCSP_R_BAD_TAG 100 -#define OCSP_R_CERTIFICATE_VERIFY_ERROR 126 -#define OCSP_R_DIGEST_ERR 101 -#define OCSP_R_FAILED_TO_OPEN 109 -#define OCSP_R_FAILED_TO_READ 110 -#define OCSP_R_FAILED_TO_STAT 111 -#define OCSP_R_MISSING_OCSPSIGNING_USAGE 131 -#define OCSP_R_MISSING_VALUE 112 -#define OCSP_R_NONCE_MISSING_IN_RESPONSE 121 -#define OCSP_R_NONCE_VALUE_MISMATCH 122 -#define OCSP_R_NOT_BASIC_RESPONSE 120 -#define OCSP_R_NO_CERTIFICATE 102 -#define OCSP_R_NO_CERTIFICATES_IN_CHAIN 128 -#define OCSP_R_NO_CONTENT 115 -#define OCSP_R_NO_PUBLIC_KEY 103 -#define OCSP_R_NO_RESPONSE_DATA 104 -#define OCSP_R_NO_REVOKED_TIME 132 -#define OCSP_R_NO_SIGNATURE 105 -#define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 133 -#define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 129 -#define OCSP_R_REVOKED_NO_TIME 106 -#define OCSP_R_ROOT_CA_NOT_TRUSTED 127 -#define OCSP_R_SERVER_READ_ERROR 116 -#define OCSP_R_SERVER_RESPONSE_ERROR 117 -#define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 118 -#define OCSP_R_SERVER_WRITE_ERROR 119 -#define OCSP_R_SIGNATURE_FAILURE 124 -#define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 125 -#define OCSP_R_UNEXPECTED_NONCE_IN_RESPONSE 123 -#define OCSP_R_UNKNOWN_MESSAGE_DIGEST 130 -#define OCSP_R_UNKNOWN_NID 107 -#define OCSP_R_UNSUPPORTED_OPTION 113 -#define OCSP_R_VALUE_ALREADY 114 +#define OCSP_R_BAD_DATA 100 +#define OCSP_R_CERTIFICATE_VERIFY_ERROR 101 +#define OCSP_R_DIGEST_ERR 102 +#define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122 +#define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123 +#define OCSP_R_ERROR_PARSING_URL 121 +#define OCSP_R_MISSING_OCSPSIGNING_USAGE 103 +#define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124 +#define OCSP_R_NOT_BASIC_RESPONSE 104 +#define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105 +#define OCSP_R_NO_CONTENT 106 +#define OCSP_R_NO_PUBLIC_KEY 107 +#define OCSP_R_NO_RESPONSE_DATA 108 +#define OCSP_R_NO_REVOKED_TIME 109 +#define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110 +#define OCSP_R_REQUEST_NOT_SIGNED 128 +#define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111 +#define OCSP_R_ROOT_CA_NOT_TRUSTED 112 +#define OCSP_R_SERVER_READ_ERROR 113 +#define OCSP_R_SERVER_RESPONSE_ERROR 114 +#define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115 +#define OCSP_R_SERVER_WRITE_ERROR 116 +#define OCSP_R_SIGNATURE_FAILURE 117 +#define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118 +#define OCSP_R_STATUS_EXPIRED 125 +#define OCSP_R_STATUS_NOT_YET_VALID 126 +#define OCSP_R_STATUS_TOO_OLD 127 +#define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119 +#define OCSP_R_UNKNOWN_NID 120 +#define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129 #ifdef __cplusplus } #endif #endif -