1# This file is dual licensed under the terms of the Apache License, Version 2# 2.0, and the BSD License. See the LICENSE file in the root of this repository 3# for complete details. 4 5from __future__ import absolute_import, division, print_function 6 7INCLUDES = """ 8#include <openssl/ocsp.h> 9""" 10 11TYPES = """ 12typedef ... OCSP_REQUEST; 13typedef ... OCSP_ONEREQ; 14typedef ... OCSP_RESPONSE; 15typedef ... OCSP_BASICRESP; 16typedef ... OCSP_SINGLERESP; 17typedef ... OCSP_CERTID; 18typedef ... OCSP_RESPDATA; 19static const long OCSP_NOCERTS; 20static const long OCSP_RESPID_KEY; 21""" 22 23FUNCTIONS = """ 24int OCSP_response_status(OCSP_RESPONSE *); 25OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *); 26int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *); 27const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *); 28Cryptography_STACK_OF_X509 *OCSP_resp_get0_certs(const OCSP_BASICRESP *); 29const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at( 30 const OCSP_BASICRESP *); 31const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *); 32int OCSP_resp_get0_id(const OCSP_BASICRESP *, const ASN1_OCTET_STRING **, 33 const X509_NAME **); 34const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *); 35const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *); 36X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *, int); 37int OCSP_resp_count(OCSP_BASICRESP *); 38OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *, int); 39int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *); 40X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *, int); 41 42int OCSP_single_get0_status(OCSP_SINGLERESP *, int *, ASN1_GENERALIZEDTIME **, 43 ASN1_GENERALIZEDTIME **, ASN1_GENERALIZEDTIME **); 44 45int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *); 46X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *, int); 47int OCSP_request_onereq_count(OCSP_REQUEST *); 48OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *, int); 49int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *); 50X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *, int); 51OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *); 52OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *, OCSP_CERTID *); 53OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *, const X509 *, const X509 *); 54void OCSP_CERTID_free(OCSP_CERTID *); 55 56 57OCSP_BASICRESP *OCSP_BASICRESP_new(void); 58void OCSP_BASICRESP_free(OCSP_BASICRESP *); 59OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *, OCSP_CERTID *, int, 60 int, ASN1_TIME *, ASN1_TIME *, 61 ASN1_TIME *); 62int OCSP_basic_add1_nonce(OCSP_BASICRESP *, unsigned char *, int); 63int OCSP_basic_add1_cert(OCSP_BASICRESP *, X509 *); 64int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *, X509_EXTENSION *, int); 65int OCSP_basic_sign(OCSP_BASICRESP *, X509 *, EVP_PKEY *, const EVP_MD *, 66 Cryptography_STACK_OF_X509 *, unsigned long); 67OCSP_RESPONSE *OCSP_response_create(int, OCSP_BASICRESP *); 68void OCSP_RESPONSE_free(OCSP_RESPONSE *); 69 70OCSP_REQUEST *OCSP_REQUEST_new(void); 71void OCSP_REQUEST_free(OCSP_REQUEST *); 72int OCSP_request_add1_nonce(OCSP_REQUEST *, unsigned char *, int); 73int OCSP_REQUEST_add_ext(OCSP_REQUEST *, X509_EXTENSION *, int); 74int OCSP_id_get0_info(ASN1_OCTET_STRING **, ASN1_OBJECT **, 75 ASN1_OCTET_STRING **, ASN1_INTEGER **, OCSP_CERTID *); 76OCSP_REQUEST *d2i_OCSP_REQUEST_bio(BIO *, OCSP_REQUEST **); 77OCSP_RESPONSE *d2i_OCSP_RESPONSE_bio(BIO *, OCSP_RESPONSE **); 78int i2d_OCSP_REQUEST_bio(BIO *, OCSP_REQUEST *); 79int i2d_OCSP_RESPONSE_bio(BIO *, OCSP_RESPONSE *); 80int i2d_OCSP_RESPDATA(OCSP_RESPDATA *, unsigned char **); 81""" 82 83CUSTOMIZATIONS = """ 84#if ( \ 85 CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && \ 86 CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \ 87 ) 88/* These structs come from ocsp_lcl.h and are needed to de-opaque the struct 89 for the getters in OpenSSL 1.1.0 through 1.1.0i */ 90struct ocsp_responder_id_st { 91 int type; 92 union { 93 X509_NAME *byName; 94 ASN1_OCTET_STRING *byKey; 95 } value; 96}; 97struct ocsp_response_data_st { 98 ASN1_INTEGER *version; 99 OCSP_RESPID responderId; 100 ASN1_GENERALIZEDTIME *producedAt; 101 STACK_OF(OCSP_SINGLERESP) *responses; 102 STACK_OF(X509_EXTENSION) *responseExtensions; 103}; 104struct ocsp_basic_response_st { 105 OCSP_RESPDATA tbsResponseData; 106 X509_ALGOR signatureAlgorithm; 107 ASN1_BIT_STRING *signature; 108 STACK_OF(X509) *certs; 109}; 110#endif 111 112#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 113/* These functions are all taken from ocsp_cl.c in OpenSSL 1.1.0 */ 114const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single) 115{ 116 return single->certId; 117} 118const Cryptography_STACK_OF_X509 *OCSP_resp_get0_certs( 119 const OCSP_BASICRESP *bs) 120{ 121 return bs->certs; 122} 123int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, 124 const ASN1_OCTET_STRING **pid, 125 const X509_NAME **pname) 126{ 127 const OCSP_RESPID *rid = bs->tbsResponseData->responderId; 128 129 if (rid->type == V_OCSP_RESPID_NAME) { 130 *pname = rid->value.byName; 131 *pid = NULL; 132 } else if (rid->type == V_OCSP_RESPID_KEY) { 133 *pid = rid->value.byKey; 134 *pname = NULL; 135 } else { 136 return 0; 137 } 138 return 1; 139} 140const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at( 141 const OCSP_BASICRESP* bs) 142{ 143 return bs->tbsResponseData->producedAt; 144} 145const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs) 146{ 147 return bs->signature; 148} 149#endif 150 151#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J 152const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs) 153{ 154#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 155 return bs->signatureAlgorithm; 156#else 157 return &bs->signatureAlgorithm; 158#endif 159} 160 161const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs) 162{ 163#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 164 return bs->tbsResponseData; 165#else 166 return &bs->tbsResponseData; 167#endif 168} 169#endif 170""" 171