/* ocsp.h * * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ /* wolfSSL OCSP API */ #ifndef WOLFSSL_OCSP_H #define WOLFSSL_OCSP_H #ifdef HAVE_OCSP #include #include #ifdef __cplusplus extern "C" { #endif typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) ||\ defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) typedef struct OcspResponse WOLFSSL_OCSP_BASICRESP; typedef struct OcspEntry WOLFSSL_OCSP_CERTID; typedef struct OcspEntry WOLFSSL_OCSP_SINGLERESP; typedef struct OcspRequest WOLFSSL_OCSP_ONEREQ; typedef struct OcspRequest WOLFSSL_OCSP_REQUEST; #endif WOLFSSL_LOCAL int InitOCSP(WOLFSSL_OCSP*, WOLFSSL_CERT_MANAGER*); WOLFSSL_LOCAL void FreeOCSP(WOLFSSL_OCSP*, int dynamic); WOLFSSL_LOCAL int CheckCertOCSP(WOLFSSL_OCSP*, DecodedCert*, WOLFSSL_BUFFER_INFO* responseBuffer); WOLFSSL_LOCAL int CheckCertOCSP_ex(WOLFSSL_OCSP*, DecodedCert*, WOLFSSL_BUFFER_INFO* responseBuffer, WOLFSSL* ssl); WOLFSSL_LOCAL int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, WOLFSSL_BUFFER_INFO* responseBuffer); WOLFSSL_LOCAL int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz, WOLFSSL_BUFFER_INFO *responseBuffer, CertStatus *status, OcspEntry *entry, OcspRequest *ocspRequest); #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIGHTY) WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, WOLFSSL_OCSP_CERTID *id, int *status, int *reason, WOLFSSL_ASN1_TIME **revtime, WOLFSSL_ASN1_TIME **thisupd, WOLFSSL_ASN1_TIME **nextupd); WOLFSSL_API const char *wolfSSL_OCSP_cert_status_str(long s); WOLFSSL_API int wolfSSL_OCSP_check_validity(WOLFSSL_ASN1_TIME* thisupd, WOLFSSL_ASN1_TIME* nextupd, long sec, long maxsec); WOLFSSL_API void wolfSSL_OCSP_CERTID_free(WOLFSSL_OCSP_CERTID* certId); WOLFSSL_API WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id( const WOLFSSL_EVP_MD *dgst, const WOLFSSL_X509 *subject, const WOLFSSL_X509 *issuer); WOLFSSL_API void wolfSSL_OCSP_BASICRESP_free(WOLFSSL_OCSP_BASICRESP* basicResponse); WOLFSSL_API int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs, WOLF_STACK_OF(WOLFSSL_X509) *certs, WOLFSSL_X509_STORE *st, unsigned long flags); WOLFSSL_API void wolfSSL_OCSP_RESPONSE_free(OcspResponse* response); #ifndef NO_BIO WOLFSSL_API OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio, OcspResponse** response); #endif WOLFSSL_API OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response, const unsigned char** data, int len); WOLFSSL_API int wolfSSL_i2d_OCSP_RESPONSE(OcspResponse* response, unsigned char** data); WOLFSSL_API int wolfSSL_OCSP_response_status(OcspResponse *response); WOLFSSL_API const char *wolfSSL_OCSP_response_status_str(long s); WOLFSSL_API WOLFSSL_OCSP_BASICRESP* wolfSSL_OCSP_response_get1_basic( OcspResponse* response); WOLFSSL_API OcspRequest* wolfSSL_OCSP_REQUEST_new(void); WOLFSSL_API void wolfSSL_OCSP_REQUEST_free(OcspRequest* request); WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request, unsigned char** data); WOLFSSL_API WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req, WOLFSSL_OCSP_CERTID *cid); WOLFSSL_API WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_CERTID_dup(WOLFSSL_OCSP_CERTID*); #ifndef NO_BIO WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out, WOLFSSL_OCSP_REQUEST *req); #endif WOLFSSL_API int wolfSSL_i2d_OCSP_CERTID(WOLFSSL_OCSP_CERTID *, unsigned char **); WOLFSSL_API const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single); WOLFSSL_API int wolfSSL_OCSP_single_get0_status(WOLFSSL_OCSP_SINGLERESP *single, int *reason, WOLFSSL_ASN1_TIME **revtime, WOLFSSL_ASN1_TIME **thisupd, WOLFSSL_ASN1_TIME **nextupd); WOLFSSL_API int wolfSSL_OCSP_resp_count(WOLFSSL_OCSP_BASICRESP *bs); WOLFSSL_API WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0(WOLFSSL_OCSP_BASICRESP *bs, int idx); #endif #ifdef OPENSSL_EXTRA WOLFSSL_API int wolfSSL_OCSP_REQUEST_add_ext(OcspRequest* req, WOLFSSL_X509_EXTENSION* ext, int idx); WOLFSSL_API OcspResponse* wolfSSL_OCSP_response_create(int status, WOLFSSL_OCSP_BASICRESP* bs); WOLFSSL_API const char* wolfSSL_OCSP_crl_reason_str(long s); WOLFSSL_API int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING**, WOLFSSL_ASN1_OBJECT**, WOLFSSL_ASN1_STRING**, WOLFSSL_ASN1_INTEGER**, WOLFSSL_OCSP_CERTID*); WOLFSSL_API int wolfSSL_OCSP_request_add1_nonce(OcspRequest* req, unsigned char* val, int sz); WOLFSSL_API int wolfSSL_OCSP_check_nonce(OcspRequest* req, WOLFSSL_OCSP_BASICRESP* bs); #endif #ifdef __cplusplus } /* extern "C" */ #endif #endif /* HAVE_OCSP */ #endif /* WOLFSSL_OCSP_H */