diff options
| author | Peter Jones <pjones@redhat.com> | 2017-08-31 13:57:30 -0400 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2017-08-31 15:13:58 -0400 |
| commit | 1d39ada8cb336d9e7c156be7526b674851fbdd40 (patch) | |
| tree | dc497e33b1d4830bf58d79dedc3026087f31f044 /Cryptlib/Include/openssl/ts.h | |
| parent | eae64276ffe0361d2b4087c48390d12f157f65f0 (diff) | |
| download | efi-boot-shim-1d39ada8cb336d9e7c156be7526b674851fbdd40.tar.gz efi-boot-shim-1d39ada8cb336d9e7c156be7526b674851fbdd40.zip | |
Revert lots of Cryptlib updates.
OpenSSL changes quite a bit of the key validation, and most of the keys
I can find in the wild aren't marked as trusted by the new checker.
Intel noticed this too: https://github.com/vathpela/edk2/commit/f536d7c3ed
but instead of fixing the compatibility error, they switched their test
data to match the bug.
So that's pretty broken.
For now, I'm reverting OpenSSL 1.1.0e, because we need those certs in
the wild to work.
This reverts commit 513cbe2aea689bf968f171f894f3d4cdb43524d5.
This reverts commit e9cc33d6f2b7f35c6f5e349fd83fb9ae0bc66226.
This reverts commit 80d49f758ead0180bfe6161931838e0578248303.
This reverts commit 9bc647e2b23bcfd69a0077c0717fbc454c919a57.
This reverts commit ae75df6232ad30f3e8736e9449692d58a7439260.
This reverts commit e883479f35644d17db7efed710657c8543cfcb68.
This reverts commit 97469449fda5ba933a64280917e776487301a127.
This reverts commit e39692647f78e13d757ddbfdd36f440d5f526050.
This reverts commit 0f3dfc01e2d5e7df882c963dd8dc4a0dfbfc96ad.
This reverts commit 4da6ac819510c7cc4ba21d7a735d69b45daa5873.
This reverts commit d064bd7eef201f26cb926450a76260b5187ac689.
This reverts commit 9bc86cfd6f9387f0da9d5c0102b6aa5627e91c91.
This reverts commit ab9a05a10f16b33f7ee1e9da360c7801eebdb9d2.
Signed-off-by: Peter Jones <pjones@redhat.com>
Diffstat (limited to 'Cryptlib/Include/openssl/ts.h')
| -rw-r--r-- | Cryptlib/Include/openssl/ts.h | 379 |
1 files changed, 311 insertions, 68 deletions
diff --git a/Cryptlib/Include/openssl/ts.h b/Cryptlib/Include/openssl/ts.h index a5659825..5205bc53 100644 --- a/Cryptlib/Include/openssl/ts.h +++ b/Cryptlib/Include/openssl/ts.h @@ -1,41 +1,197 @@ +/* crypto/ts/ts.h */ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL project + * 2002, 2003, 2004. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #ifndef HEADER_TS_H # define HEADER_TS_H # include <openssl/opensslconf.h> - -# ifndef OPENSSL_NO_TS # include <openssl/symhacks.h> -# include <openssl/buffer.h> -# include <openssl/evp.h> -# include <openssl/bio.h> +# ifndef OPENSSL_NO_BUFFER +# include <openssl/buffer.h> +# endif +# ifndef OPENSSL_NO_EVP +# include <openssl/evp.h> +# endif +# ifndef OPENSSL_NO_BIO +# include <openssl/bio.h> +# endif # include <openssl/stack.h> # include <openssl/asn1.h> # include <openssl/safestack.h> -# include <openssl/rsa.h> -# include <openssl/dsa.h> -# include <openssl/dh.h> -# ifdef __cplusplus + +# ifndef OPENSSL_NO_RSA +# include <openssl/rsa.h> +# endif + +# ifndef OPENSSL_NO_DSA +# include <openssl/dsa.h> +# endif + +# ifndef OPENSSL_NO_DH +# include <openssl/dh.h> +# endif + +#ifdef __cplusplus extern "C" { +#endif + +# ifdef WIN32 +/* Under Win32 this is defined in wincrypt.h */ +# undef X509_NAME # endif # include <openssl/x509.h> # include <openssl/x509v3.h> -typedef struct TS_msg_imprint_st TS_MSG_IMPRINT; -typedef struct TS_req_st TS_REQ; -typedef struct TS_accuracy_st TS_ACCURACY; -typedef struct TS_tst_info_st TS_TST_INFO; +/*- +MessageImprint ::= SEQUENCE { + hashAlgorithm AlgorithmIdentifier, + hashedMessage OCTET STRING } +*/ + +typedef struct TS_msg_imprint_st { + X509_ALGOR *hash_algo; + ASN1_OCTET_STRING *hashed_msg; +} TS_MSG_IMPRINT; + +/*- +TimeStampReq ::= SEQUENCE { + version INTEGER { v1(1) }, + messageImprint MessageImprint, + --a hash algorithm OID and the hash value of the data to be + --time-stamped + reqPolicy TSAPolicyId OPTIONAL, + nonce INTEGER OPTIONAL, + certReq BOOLEAN DEFAULT FALSE, + extensions [0] IMPLICIT Extensions OPTIONAL } +*/ + +typedef struct TS_req_st { + ASN1_INTEGER *version; + TS_MSG_IMPRINT *msg_imprint; + ASN1_OBJECT *policy_id; /* OPTIONAL */ + ASN1_INTEGER *nonce; /* OPTIONAL */ + ASN1_BOOLEAN cert_req; /* DEFAULT FALSE */ + STACK_OF(X509_EXTENSION) *extensions; /* [0] OPTIONAL */ +} TS_REQ; + +/*- +Accuracy ::= SEQUENCE { + seconds INTEGER OPTIONAL, + millis [0] INTEGER (1..999) OPTIONAL, + micros [1] INTEGER (1..999) OPTIONAL } +*/ + +typedef struct TS_accuracy_st { + ASN1_INTEGER *seconds; + ASN1_INTEGER *millis; + ASN1_INTEGER *micros; +} TS_ACCURACY; + +/*- +TSTInfo ::= SEQUENCE { + version INTEGER { v1(1) }, + policy TSAPolicyId, + messageImprint MessageImprint, + -- MUST have the same value as the similar field in + -- TimeStampReq + serialNumber INTEGER, + -- Time-Stamping users MUST be ready to accommodate integers + -- up to 160 bits. + genTime GeneralizedTime, + accuracy Accuracy OPTIONAL, + ordering BOOLEAN DEFAULT FALSE, + nonce INTEGER OPTIONAL, + -- MUST be present if the similar field was present + -- in TimeStampReq. In that case it MUST have the same value. + tsa [0] GeneralName OPTIONAL, + extensions [1] IMPLICIT Extensions OPTIONAL } +*/ + +typedef struct TS_tst_info_st { + ASN1_INTEGER *version; + ASN1_OBJECT *policy_id; + TS_MSG_IMPRINT *msg_imprint; + ASN1_INTEGER *serial; + ASN1_GENERALIZEDTIME *time; + TS_ACCURACY *accuracy; + ASN1_BOOLEAN ordering; + ASN1_INTEGER *nonce; + GENERAL_NAME *tsa; + STACK_OF(X509_EXTENSION) *extensions; +} TS_TST_INFO; + +/*- +PKIStatusInfo ::= SEQUENCE { + status PKIStatus, + statusString PKIFreeText OPTIONAL, + failInfo PKIFailureInfo OPTIONAL } + +From RFC 1510 - section 3.1.1: +PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String + -- text encoded as UTF-8 String (note: each UTF8String SHOULD + -- include an RFC 1766 language tag to indicate the language + -- of the contained text) +*/ + +/* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */ -/* Possible values for status. */ # define TS_STATUS_GRANTED 0 # define TS_STATUS_GRANTED_WITH_MODS 1 # define TS_STATUS_REJECTION 2 @@ -43,7 +199,10 @@ typedef struct TS_tst_info_st TS_TST_INFO; # define TS_STATUS_REVOCATION_WARNING 4 # define TS_STATUS_REVOCATION_NOTIFICATION 5 -/* Possible values for failure_info. */ +/* + * Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c + */ + # define TS_INFO_BAD_ALG 0 # define TS_INFO_BAD_REQUEST 2 # define TS_INFO_BAD_DATA_FORMAT 5 @@ -53,15 +212,67 @@ typedef struct TS_tst_info_st TS_TST_INFO; # define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 # define TS_INFO_SYSTEM_FAILURE 25 +typedef struct TS_status_info_st { + ASN1_INTEGER *status; + STACK_OF(ASN1_UTF8STRING) *text; + ASN1_BIT_STRING *failure_info; +} TS_STATUS_INFO; + +DECLARE_STACK_OF(ASN1_UTF8STRING) +DECLARE_ASN1_SET_OF(ASN1_UTF8STRING) + +/*- +TimeStampResp ::= SEQUENCE { + status PKIStatusInfo, + timeStampToken TimeStampToken OPTIONAL } +*/ + +typedef struct TS_resp_st { + TS_STATUS_INFO *status_info; + PKCS7 *token; + TS_TST_INFO *tst_info; +} TS_RESP; + +/* The structure below would belong to the ESS component. */ + +/*- +IssuerSerial ::= SEQUENCE { + issuer GeneralNames, + serialNumber CertificateSerialNumber + } +*/ + +typedef struct ESS_issuer_serial { + STACK_OF(GENERAL_NAME) *issuer; + ASN1_INTEGER *serial; +} ESS_ISSUER_SERIAL; -typedef struct TS_status_info_st TS_STATUS_INFO; -typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL; -typedef struct ESS_cert_id ESS_CERT_ID; -typedef struct ESS_signing_cert ESS_SIGNING_CERT; +/*- +ESSCertID ::= SEQUENCE { + certHash Hash, + issuerSerial IssuerSerial OPTIONAL +} +*/ -DEFINE_STACK_OF(ESS_CERT_ID) +typedef struct ESS_cert_id { + ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */ + ESS_ISSUER_SERIAL *issuer_serial; +} ESS_CERT_ID; -typedef struct TS_resp_st TS_RESP; +DECLARE_STACK_OF(ESS_CERT_ID) +DECLARE_ASN1_SET_OF(ESS_CERT_ID) + +/*- +SigningCertificate ::= SEQUENCE { + certs SEQUENCE OF ESSCertID, + policies SEQUENCE OF PolicyInformation OPTIONAL +} +*/ + +typedef struct ESS_signing_cert { + STACK_OF(ESS_CERT_ID) *cert_ids; + STACK_OF(POLICYINFO) *policy_info; +} ESS_SIGNING_CERT; TS_REQ *TS_REQ_new(void); void TS_REQ_free(TS_REQ *a); @@ -70,7 +281,7 @@ TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length); TS_REQ *TS_REQ_dup(TS_REQ *a); -#ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_FP_API TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a); int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a); #endif @@ -85,7 +296,7 @@ TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a, TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a); -#ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_FP_API TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a); int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a); #endif @@ -99,7 +310,7 @@ TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length); TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token); TS_RESP *TS_RESP_dup(TS_RESP *a); -#ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_FP_API TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a); int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a); #endif @@ -120,7 +331,7 @@ TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp, long length); TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a); -#ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_FP_API TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a); int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a); #endif @@ -156,18 +367,11 @@ ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a, const unsigned char **pp, long length); ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a); +void ERR_load_TS_strings(void); + int TS_REQ_set_version(TS_REQ *a, long version); long TS_REQ_get_version(const TS_REQ *a); -int TS_STATUS_INFO_set_status(TS_STATUS_INFO *a, int i); -const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *a); - -const STACK_OF(ASN1_UTF8STRING) * -TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *a); - -const ASN1_BIT_STRING * -TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *a); - int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint); TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a); @@ -177,7 +381,7 @@ X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a); int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len); ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a); -int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy); +int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy); ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a); int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce); @@ -190,7 +394,7 @@ STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a); void TS_REQ_ext_free(TS_REQ *a); int TS_REQ_get_ext_count(TS_REQ *a); int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); -int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos); +int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos); int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); @@ -251,8 +455,7 @@ STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a); void TS_TST_INFO_ext_free(TS_TST_INFO *a); int TS_TST_INFO_get_ext_count(TS_TST_INFO *a); int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); -int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj, - int lastpos); +int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos); int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); @@ -300,9 +503,34 @@ typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec, typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *, void *); -typedef struct TS_resp_ctx TS_RESP_CTX; - -DEFINE_STACK_OF_CONST(EVP_MD) +typedef struct TS_resp_ctx { + X509 *signer_cert; + EVP_PKEY *signer_key; + STACK_OF(X509) *certs; /* Certs to include in signed data. */ + STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */ + ASN1_OBJECT *default_policy; /* It may appear in policies, too. */ + STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */ + ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */ + ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */ + ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */ + unsigned clock_precision_digits; /* fraction of seconds in time stamp + * token. */ + unsigned flags; /* Optional info, see values above. */ + /* Callback functions. */ + TS_serial_cb serial_cb; + void *serial_cb_data; /* User data for serial_cb. */ + TS_time_cb time_cb; + void *time_cb_data; /* User data for time_cb. */ + TS_extension_cb extension_cb; + void *extension_cb_data; /* User data for extension_cb. */ + /* These members are used only while creating the response. */ + TS_REQ *request; + TS_RESP *response; + TS_TST_INFO *tst_info; +} TS_RESP_CTX; + +DECLARE_STACK_OF(EVP_MD) +DECLARE_ASN1_SET_OF(EVP_MD) /* Creates a response context that can be used for generating responses. */ TS_RESP_CTX *TS_RESP_CTX_new(void); @@ -314,11 +542,8 @@ int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer); /* This parameter must be set. */ int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); -int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx, - const EVP_MD *signer_digest); - /* This parameter must be set. */ -int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy); +int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy); /* No additional certs are included in the response by default. */ int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); @@ -327,7 +552,7 @@ int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); * Adds a new acceptable policy, only the default policy is accepted by * default. */ -int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy); +int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy); /* * Adds a new acceptable message digest. Note that no message digests are @@ -440,25 +665,42 @@ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, | TS_VFY_SIGNER \ | TS_VFY_TSA_NAME) -typedef struct TS_verify_ctx TS_VERIFY_CTX; +typedef struct TS_verify_ctx { + /* Set this to the union of TS_VFY_... flags you want to carry out. */ + unsigned flags; + /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */ + X509_STORE *store; + STACK_OF(X509) *certs; + /* Must be set only with TS_VFY_POLICY. */ + ASN1_OBJECT *policy; + /* + * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the + * algorithm from the response is used. + */ + X509_ALGOR *md_alg; + unsigned char *imprint; + unsigned imprint_len; + /* Must be set only with TS_VFY_DATA. */ + BIO *data; + /* Must be set only with TS_VFY_TSA_NAME. */ + ASN1_INTEGER *nonce; + /* Must be set only with TS_VFY_TSA_NAME. */ + GENERAL_NAME *tsa_name; +} TS_VERIFY_CTX; int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); /* * Declarations related to response verification context, + * they are defined in ts/ts_verify_ctx.c. */ + +/* Set all fields to zero. */ TS_VERIFY_CTX *TS_VERIFY_CTX_new(void); void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx); void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); -int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f); -int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f); -BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b); -unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, - unsigned char *hexstr, long len); -X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s); -STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs); /*- * If ctx is NULL, it allocates and returns a new object, otherwise @@ -497,17 +739,18 @@ int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg); * ts/ts_conf.c */ +#ifndef OPENSSL_NO_STDIO X509 *TS_CONF_load_cert(const char *file); STACK_OF(X509) *TS_CONF_load_certs(const char *file); EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); +#endif const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, TS_RESP_CTX *ctx); -#ifndef OPENSSL_NO_ENGINE int TS_CONF_set_crypto_device(CONF *conf, const char *section, const char *device); int TS_CONF_set_default_engine(const char *name); -#endif +#ifndef OPENSSL_NO_STDIO int TS_CONF_set_signer_cert(CONF *conf, const char *section, const char *cert, TS_RESP_CTX *ctx); int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, @@ -515,8 +758,7 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, int TS_CONF_set_signer_key(CONF *conf, const char *section, const char *key, const char *pass, TS_RESP_CTX *ctx); -int TS_CONF_set_signer_digest(CONF *conf, const char *section, - const char *md, TS_RESP_CTX *ctx); +#endif int TS_CONF_set_def_policy(CONF *conf, const char *section, const char *policy, TS_RESP_CTX *ctx); int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); @@ -535,12 +777,12 @@ int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, * The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ - -int ERR_load_TS_strings(void); +void ERR_load_TS_strings(void); /* Error codes for the TS functions. */ /* Function codes. */ +# define TS_F_D2I_TS_RESP 147 # define TS_F_DEF_SERIAL_CB 110 # define TS_F_DEF_TIME_CB 111 # define TS_F_ESS_ADD_SIGNING_CERT 112 @@ -585,6 +827,7 @@ int ERR_load_TS_strings(void); # define TS_F_TS_RESP_SET_TST_INFO 150 # define TS_F_TS_RESP_SIGN 136 # define TS_F_TS_RESP_VERIFY_SIGNATURE 106 +# define TS_F_TS_RESP_VERIFY_TOKEN 107 # define TS_F_TS_TST_INFO_SET_ACCURACY 137 # define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138 # define TS_F_TS_TST_INFO_SET_NONCE 139 @@ -604,6 +847,7 @@ int ERR_load_TS_strings(void); # define TS_R_CERTIFICATE_VERIFY_ERROR 100 # define TS_R_COULD_NOT_SET_ENGINE 127 # define TS_R_COULD_NOT_SET_TIME 115 +# define TS_R_D2I_TS_RESP_INT_FAILED 128 # define TS_R_DETACHED_CONTENT 134 # define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 # define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 @@ -636,8 +880,7 @@ int ERR_load_TS_strings(void); # define TS_R_VAR_LOOKUP_FAILURE 136 # define TS_R_WRONG_CONTENT_TYPE 114 -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif +#endif #endif |