62 #include <openssl/opensslconf.h>
63 #include <openssl/symhacks.h>
64 #ifndef OPENSSL_NO_BUFFER
65 #include <openssl/buffer.h>
67 #ifndef OPENSSL_NO_EVP
68 #include <openssl/evp.h>
70 #ifndef OPENSSL_NO_BIO
71 #include <openssl/bio.h>
73 #include <openssl/stack.h>
74 #include <openssl/asn1.h>
75 #include <openssl/safestack.h>
77 #ifndef OPENSSL_NO_RSA
78 #include <openssl/rsa.h>
81 #ifndef OPENSSL_NO_DSA
82 #include <openssl/dsa.h>
86 #include <openssl/dh.h>
98 #include <openssl/x509.h>
99 #include <openssl/x509v3.h>
131 ASN1_BOOLEAN cert_req;
177 ASN1_BOOLEAN ordering;
198 #define TS_STATUS_GRANTED 0
199 #define TS_STATUS_GRANTED_WITH_MODS 1
200 #define TS_STATUS_REJECTION 2
201 #define TS_STATUS_WAITING 3
202 #define TS_STATUS_REVOCATION_WARNING 4
203 #define TS_STATUS_REVOCATION_NOTIFICATION 5
207 #define TS_INFO_BAD_ALG 0
208 #define TS_INFO_BAD_REQUEST 2
209 #define TS_INFO_BAD_DATA_FORMAT 5
210 #define TS_INFO_TIME_NOT_AVAILABLE 14
211 #define TS_INFO_UNACCEPTED_POLICY 15
212 #define TS_INFO_UNACCEPTED_EXTENSION 16
213 #define TS_INFO_ADD_INFO_NOT_AVAILABLE 17
214 #define TS_INFO_SYSTEM_FAILURE 25
285 void TS_REQ_free(
TS_REQ *a);
286 int i2d_TS_REQ(
const TS_REQ *a,
unsigned char **pp);
287 TS_REQ *d2i_TS_REQ(
TS_REQ **a,
const unsigned char **pp,
long length);
292 int i2d_TS_REQ_fp(FILE *fp,
TS_REQ *a);
298 int i2d_TS_MSG_IMPRINT(
const TS_MSG_IMPRINT *a,
unsigned char **pp);
300 const unsigned char **pp,
long length);
311 int i2d_TS_RESP(
const TS_RESP *a,
unsigned char **pp);
312 TS_RESP *d2i_TS_RESP(
TS_RESP **a,
const unsigned char **pp,
long length);
317 int i2d_TS_RESP_fp(FILE *fp,
TS_RESP *a);
323 int i2d_TS_STATUS_INFO(
const TS_STATUS_INFO *a,
unsigned char **pp);
325 const unsigned char **pp,
long length);
330 int i2d_TS_TST_INFO(
const TS_TST_INFO *a,
unsigned char **pp);
342 int i2d_TS_ACCURACY(
const TS_ACCURACY *a,
unsigned char **pp);
352 const unsigned char **pp,
long length);
357 int i2d_ESS_CERT_ID(
const ESS_CERT_ID *a,
unsigned char **pp);
367 const unsigned char **pp,
long length);
370 void ERR_load_TS_strings(
void);
372 int TS_REQ_set_version(
TS_REQ *a,
long version);
373 long TS_REQ_get_version(
const TS_REQ *a);
381 int TS_MSG_IMPRINT_set_msg(
TS_MSG_IMPRINT *a,
unsigned char *d,
int len);
390 int TS_REQ_set_cert_req(
TS_REQ *a,
int cert_req);
391 int TS_REQ_get_cert_req(
const TS_REQ *a);
394 void TS_REQ_ext_free(
TS_REQ *a);
395 int TS_REQ_get_ext_count(
TS_REQ *a);
396 int TS_REQ_get_ext_by_NID(
TS_REQ *a,
int nid,
int lastpos);
398 int TS_REQ_get_ext_by_critical(
TS_REQ *a,
int crit,
int lastpos);
402 void *TS_REQ_get_ext_d2i(
TS_REQ *a,
int nid,
int *crit,
int *idx);
406 int TS_REQ_print_bio(
BIO *bio,
TS_REQ *a);
418 int TS_TST_INFO_set_version(
TS_TST_INFO *a,
long version);
419 long TS_TST_INFO_get_version(
const TS_TST_INFO *a);
445 int TS_TST_INFO_set_ordering(
TS_TST_INFO *a,
int ordering);
446 int TS_TST_INFO_get_ordering(
const TS_TST_INFO *a);
457 int TS_TST_INFO_get_ext_by_NID(
TS_TST_INFO *a,
int nid,
int lastpos);
459 int TS_TST_INFO_get_ext_by_critical(
TS_TST_INFO *a,
int crit,
int lastpos);
463 void *TS_TST_INFO_get_ext_d2i(
TS_TST_INFO *a,
int nid,
int *crit,
int *idx);
470 #define TS_TSA_NAME 0x01
473 #define TS_ORDERING 0x02
480 #define TS_ESS_CERT_ID_CHAIN 0x04
491 typedef int (*TS_time_cb)(
struct TS_resp_ctx *,
void *,
long *sec,
long *usec);
504 STACK_OF(
X509) *certs;
511 unsigned clock_precision_digits;
516 TS_serial_cb serial_cb;
517 void *serial_cb_data;
522 TS_extension_cb extension_cb;
523 void *extension_cb_data;
532 DECLARE_ASN1_SET_OF(
EVP_MD)
560 int secs,
int millis,
int micros);
564 int TS_RESP_CTX_set_clock_precision_digits(
TS_RESP_CTX *ctx,
565 unsigned clock_precision_digits);
567 #define TS_MAX_CLOCK_PRECISION_DIGITS 6
570 void TS_RESP_CTX_add_flags(
TS_RESP_CTX *ctx,
int flags);
573 void TS_RESP_CTX_set_serial_cb(
TS_RESP_CTX *ctx, TS_serial_cb cb,
void *data);
576 void TS_RESP_CTX_set_time_cb(
TS_RESP_CTX *ctx, TS_time_cb cb,
void *data);
581 void TS_RESP_CTX_set_extension_cb(
TS_RESP_CTX *ctx,
582 TS_extension_cb cb,
void *data);
586 int status,
const char *text);
589 int TS_RESP_CTX_set_status_info_cond(
TS_RESP_CTX *ctx,
590 int status,
const char *text);
592 int TS_RESP_CTX_add_failure_info(
TS_RESP_CTX *ctx,
int failure);
611 int TS_RESP_verify_signature(
PKCS7 *token, STACK_OF(
X509) *certs,
617 #define TS_VFY_SIGNATURE (1u << 0)
619 #define TS_VFY_VERSION (1u << 1)
621 #define TS_VFY_POLICY (1u << 2)
624 #define TS_VFY_IMPRINT (1u << 3)
628 #define TS_VFY_DATA (1u << 4)
630 #define TS_VFY_NONCE (1u << 5)
632 #define TS_VFY_SIGNER (1u << 6)
634 #define TS_VFY_TSA_NAME (1u << 7)
637 #define TS_VFY_ALL_IMPRINT (TS_VFY_SIGNATURE \
644 #define TS_VFY_ALL_DATA (TS_VFY_SIGNATURE \
659 STACK_OF(
X509) *certs;
667 unsigned char *imprint;
668 unsigned imprint_len;
722 int TS_ext_print_bio(
BIO *bio,
const STACK_OF(X509_EXTENSION) *extensions);
723 int TS_X509_ALGOR_print_bio(
BIO *bio,
const X509_ALGOR *alg);
729 X509 *TS_CONF_load_cert(
const char *file);
730 STACK_OF(
X509) *TS_CONF_load_certs(
const char *file);
731 EVP_PKEY *TS_CONF_load_key(
const char *file,
const char *pass);
732 const char *TS_CONF_get_tsa_section(
CONF *conf,
const char *section);
733 int TS_CONF_set_serial(
CONF *conf,
const char *section, TS_serial_cb cb,
735 int TS_CONF_set_crypto_device(
CONF *conf,
const char *section,
737 int TS_CONF_set_default_engine(
const char *name);
738 int TS_CONF_set_signer_cert(
CONF *conf,
const char *section,
740 int TS_CONF_set_certs(
CONF *conf,
const char *section,
const char *certs,
742 int TS_CONF_set_signer_key(
CONF *conf,
const char *section,
743 const char *key,
const char *pass,
TS_RESP_CTX *ctx);
744 int TS_CONF_set_def_policy(
CONF *conf,
const char *section,
746 int TS_CONF_set_policies(
CONF *conf,
const char *section,
TS_RESP_CTX *ctx);
747 int TS_CONF_set_digests(
CONF *conf,
const char *section,
TS_RESP_CTX *ctx);
748 int TS_CONF_set_accuracy(
CONF *conf,
const char *section,
TS_RESP_CTX *ctx);
749 int TS_CONF_set_clock_precision_digits(
CONF *conf,
const char *section,
751 int TS_CONF_set_ordering(
CONF *conf,
const char *section,
TS_RESP_CTX *ctx);
752 int TS_CONF_set_tsa_name(
CONF *conf,
const char *section,
TS_RESP_CTX *ctx);
753 int TS_CONF_set_ess_cert_id_chain(
CONF *conf,
const char *section,
761 void ERR_load_TS_strings(
void);
766 #define TS_F_D2I_TS_RESP 147
767 #define TS_F_DEF_SERIAL_CB 110
768 #define TS_F_DEF_TIME_CB 111
769 #define TS_F_ESS_ADD_SIGNING_CERT 112
770 #define TS_F_ESS_CERT_ID_NEW_INIT 113
771 #define TS_F_ESS_SIGNING_CERT_NEW_INIT 114
772 #define TS_F_INT_TS_RESP_VERIFY_TOKEN 149
773 #define TS_F_PKCS7_TO_TS_TST_INFO 148
774 #define TS_F_TS_ACCURACY_SET_MICROS 115
775 #define TS_F_TS_ACCURACY_SET_MILLIS 116
776 #define TS_F_TS_ACCURACY_SET_SECONDS 117
777 #define TS_F_TS_CHECK_IMPRINTS 100
778 #define TS_F_TS_CHECK_NONCES 101
779 #define TS_F_TS_CHECK_POLICY 102
780 #define TS_F_TS_CHECK_SIGNING_CERTS 103
781 #define TS_F_TS_CHECK_STATUS_INFO 104
782 #define TS_F_TS_COMPUTE_IMPRINT 145
783 #define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146
784 #define TS_F_TS_GET_STATUS_TEXT 105
785 #define TS_F_TS_MSG_IMPRINT_SET_ALGO 118
786 #define TS_F_TS_REQ_SET_MSG_IMPRINT 119
787 #define TS_F_TS_REQ_SET_NONCE 120
788 #define TS_F_TS_REQ_SET_POLICY_ID 121
789 #define TS_F_TS_RESP_CREATE_RESPONSE 122
790 #define TS_F_TS_RESP_CREATE_TST_INFO 123
791 #define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 124
792 #define TS_F_TS_RESP_CTX_ADD_MD 125
793 #define TS_F_TS_RESP_CTX_ADD_POLICY 126
794 #define TS_F_TS_RESP_CTX_NEW 127
795 #define TS_F_TS_RESP_CTX_SET_ACCURACY 128
796 #define TS_F_TS_RESP_CTX_SET_CERTS 129
797 #define TS_F_TS_RESP_CTX_SET_DEF_POLICY 130
798 #define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 131
799 #define TS_F_TS_RESP_CTX_SET_STATUS_INFO 132
800 #define TS_F_TS_RESP_GET_POLICY 133
801 #define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 134
802 #define TS_F_TS_RESP_SET_STATUS_INFO 135
803 #define TS_F_TS_RESP_SET_TST_INFO 150
804 #define TS_F_TS_RESP_SIGN 136
805 #define TS_F_TS_RESP_VERIFY_SIGNATURE 106
806 #define TS_F_TS_RESP_VERIFY_TOKEN 107
807 #define TS_F_TS_TST_INFO_SET_ACCURACY 137
808 #define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138
809 #define TS_F_TS_TST_INFO_SET_NONCE 139
810 #define TS_F_TS_TST_INFO_SET_POLICY_ID 140
811 #define TS_F_TS_TST_INFO_SET_SERIAL 141
812 #define TS_F_TS_TST_INFO_SET_TIME 142
813 #define TS_F_TS_TST_INFO_SET_TSA 143
814 #define TS_F_TS_VERIFY 108
815 #define TS_F_TS_VERIFY_CERT 109
816 #define TS_F_TS_VERIFY_CTX_NEW 144
819 #define TS_R_BAD_PKCS7_TYPE 132
820 #define TS_R_BAD_TYPE 133
821 #define TS_R_CERTIFICATE_VERIFY_ERROR 100
822 #define TS_R_COULD_NOT_SET_ENGINE 127
823 #define TS_R_COULD_NOT_SET_TIME 115
824 #define TS_R_D2I_TS_RESP_INT_FAILED 128
825 #define TS_R_DETACHED_CONTENT 134
826 #define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116
827 #define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101
828 #define TS_R_INVALID_NULL_POINTER 102
829 #define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117
830 #define TS_R_MESSAGE_IMPRINT_MISMATCH 103
831 #define TS_R_NONCE_MISMATCH 104
832 #define TS_R_NONCE_NOT_RETURNED 105
833 #define TS_R_NO_CONTENT 106
834 #define TS_R_NO_TIME_STAMP_TOKEN 107
835 #define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118
836 #define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119
837 #define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129
838 #define TS_R_POLICY_MISMATCH 108
839 #define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120
840 #define TS_R_RESPONSE_SETUP_ERROR 121
841 #define TS_R_SIGNATURE_FAILURE 109
842 #define TS_R_THERE_MUST_BE_ONE_SIGNER 110
843 #define TS_R_TIME_SYSCALL_ERROR 122
844 #define TS_R_TOKEN_NOT_PRESENT 130
845 #define TS_R_TOKEN_PRESENT 131
846 #define TS_R_TSA_NAME_MISMATCH 111
847 #define TS_R_TSA_UNTRUSTED 112
848 #define TS_R_TST_INFO_SETUP_ERROR 123
849 #define TS_R_TS_DATASIGN 124
850 #define TS_R_UNACCEPTABLE_POLICY 125
851 #define TS_R_UNSUPPORTED_MD_ALGORITHM 126
852 #define TS_R_UNSUPPORTED_VERSION 113
853 #define TS_R_WRONG_CONTENT_TYPE 114
Definition: x509_vfy.h:183