• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
4
5from __future__ import absolute_import, division, print_function
6
7INCLUDES = """
8#include <openssl/ocsp.h>
9"""
10
11TYPES = """
12typedef ... OCSP_REQUEST;
13typedef ... OCSP_ONEREQ;
14typedef ... OCSP_RESPONSE;
15typedef ... OCSP_BASICRESP;
16typedef ... OCSP_SINGLERESP;
17typedef ... OCSP_CERTID;
18typedef ... OCSP_RESPDATA;
19static const long OCSP_NOCERTS;
20static const long OCSP_RESPID_KEY;
21"""
22
23FUNCTIONS = """
24int OCSP_response_status(OCSP_RESPONSE *);
25OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *);
26int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *);
27const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *);
28Cryptography_STACK_OF_X509 *OCSP_resp_get0_certs(const OCSP_BASICRESP *);
29const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(
30    const OCSP_BASICRESP *);
31const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *);
32int OCSP_resp_get0_id(const OCSP_BASICRESP *, const ASN1_OCTET_STRING **,
33                      const X509_NAME **);
34const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *);
35const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *);
36X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *, int);
37int OCSP_resp_count(OCSP_BASICRESP *);
38OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *, int);
39int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *);
40X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *, int);
41
42int OCSP_single_get0_status(OCSP_SINGLERESP *, int *, ASN1_GENERALIZEDTIME **,
43                            ASN1_GENERALIZEDTIME **, ASN1_GENERALIZEDTIME **);
44
45int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *);
46X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *, int);
47int OCSP_request_onereq_count(OCSP_REQUEST *);
48OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *, int);
49OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *);
50OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *, OCSP_CERTID *);
51OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *, const X509 *, const X509 *);
52void OCSP_CERTID_free(OCSP_CERTID *);
53
54
55OCSP_BASICRESP *OCSP_BASICRESP_new(void);
56void OCSP_BASICRESP_free(OCSP_BASICRESP *);
57OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *, OCSP_CERTID *, int,
58                                        int, ASN1_TIME *, ASN1_TIME *,
59                                        ASN1_TIME *);
60int OCSP_basic_add1_cert(OCSP_BASICRESP *, X509 *);
61int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *, X509_EXTENSION *, int);
62int OCSP_basic_sign(OCSP_BASICRESP *, X509 *, EVP_PKEY *, const EVP_MD *,
63                    Cryptography_STACK_OF_X509 *, unsigned long);
64OCSP_RESPONSE *OCSP_response_create(int, OCSP_BASICRESP *);
65void OCSP_RESPONSE_free(OCSP_RESPONSE *);
66
67OCSP_REQUEST *OCSP_REQUEST_new(void);
68void OCSP_REQUEST_free(OCSP_REQUEST *);
69int OCSP_REQUEST_add_ext(OCSP_REQUEST *, X509_EXTENSION *, int);
70int OCSP_id_get0_info(ASN1_OCTET_STRING **, ASN1_OBJECT **,
71                      ASN1_OCTET_STRING **, ASN1_INTEGER **, OCSP_CERTID *);
72OCSP_REQUEST *d2i_OCSP_REQUEST_bio(BIO *, OCSP_REQUEST **);
73OCSP_RESPONSE *d2i_OCSP_RESPONSE_bio(BIO *, OCSP_RESPONSE **);
74int i2d_OCSP_REQUEST_bio(BIO *, OCSP_REQUEST *);
75int i2d_OCSP_RESPONSE_bio(BIO *, OCSP_RESPONSE *);
76int i2d_OCSP_RESPDATA(OCSP_RESPDATA *, unsigned char **);
77"""
78
79CUSTOMIZATIONS = """
80#if ( \
81    !CRYPTOGRAPHY_IS_LIBRESSL && \
82    CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \
83    )
84/* These structs come from ocsp_lcl.h and are needed to de-opaque the struct
85   for the getters in OpenSSL 1.1.0 through 1.1.0i */
86struct ocsp_responder_id_st {
87    int type;
88    union {
89        X509_NAME *byName;
90        ASN1_OCTET_STRING *byKey;
91    } value;
92};
93struct ocsp_response_data_st {
94    ASN1_INTEGER *version;
95    OCSP_RESPID responderId;
96    ASN1_GENERALIZEDTIME *producedAt;
97    STACK_OF(OCSP_SINGLERESP) *responses;
98    STACK_OF(X509_EXTENSION) *responseExtensions;
99};
100struct ocsp_basic_response_st {
101    OCSP_RESPDATA tbsResponseData;
102    X509_ALGOR signatureAlgorithm;
103    ASN1_BIT_STRING *signature;
104    STACK_OF(X509) *certs;
105};
106#endif
107
108#if CRYPTOGRAPHY_IS_LIBRESSL
109/* These functions are all taken from ocsp_cl.c in OpenSSL 1.1.0 */
110const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single)
111{
112    return single->certId;
113}
114const Cryptography_STACK_OF_X509 *OCSP_resp_get0_certs(
115    const OCSP_BASICRESP *bs)
116{
117    return bs->certs;
118}
119int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
120                      const ASN1_OCTET_STRING **pid,
121                      const X509_NAME **pname)
122{
123    const OCSP_RESPID *rid = bs->tbsResponseData->responderId;
124
125    if (rid->type == V_OCSP_RESPID_NAME) {
126        *pname = rid->value.byName;
127        *pid = NULL;
128    } else if (rid->type == V_OCSP_RESPID_KEY) {
129        *pid = rid->value.byKey;
130        *pname = NULL;
131    } else {
132        return 0;
133    }
134    return 1;
135}
136const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(
137    const OCSP_BASICRESP* bs)
138{
139    return bs->tbsResponseData->producedAt;
140}
141const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs)
142{
143    return bs->signature;
144}
145#endif
146
147#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J
148const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs)
149{
150#if CRYPTOGRAPHY_IS_LIBRESSL
151    return bs->signatureAlgorithm;
152#else
153    return &bs->signatureAlgorithm;
154#endif
155}
156
157const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs)
158{
159#if CRYPTOGRAPHY_IS_LIBRESSL
160    return bs->tbsResponseData;
161#else
162    return &bs->tbsResponseData;
163#endif
164}
165#endif
166"""
167