Timestamp Protocol Wrapper (RFC 3161)

openssl-sys/src/handwritten/x509.rs

@@ -210,8 +210,18 @@ extern "C" {
 
     pub fn X509_to_X509_REQ(x: *mut X509, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> *mut X509_REQ;
 
+    pub fn X509_ALGOR_new() -> *mut X509_ALGOR;
     pub fn X509_ALGOR_free(x: *mut X509_ALGOR);
 
+    pub fn X509_ALGOR_set0(
+        alg: *mut X509_ALGOR,
+        aobj: *mut ASN1_OBJECT,
+        ptype: c_int,
+        pval: *mut c_void,
+    ) -> c_int;
+
+    pub fn X509_ALGOR_cmp(alg0: *const X509_ALGOR, alg1: *const X509_ALGOR) -> c_int;
+
     pub fn X509_REVOKED_new() -> *mut X509_REVOKED;
     pub fn X509_REVOKED_free(x: *mut X509_REVOKED);
 }

openssl-sys/src/lib.rs

@@ -62,6 +62,7 @@ mod openssl {
     pub use self::ssl::*;
     pub use self::ssl3::*;
     pub use self::tls1::*;
+    pub use self::ts::*;
     pub use self::types::*;
     pub use self::x509::*;
     pub use self::x509_vfy::*;
@@ -92,6 +93,7 @@ mod openssl {
     mod ssl;
     mod ssl3;
     mod tls1;
+    mod ts;
     mod types;
     mod x509;
     mod x509_vfy;

openssl-sys/src/ts.rs

@@ -0,0 +1,131 @@
+use libc::*;
+
+use super::*;
+
+pub enum TS_MSG_IMPRINT {}
+pub enum TS_REQ {}
+pub enum TS_RESP {}
+pub enum TS_TST_INFO {}
+pub enum TS_RESP_CTX {}
+pub enum TS_VERIFY_CTX {}
+
+pub const TS_VFY_SIGNATURE: c_uint = 0x1;
+pub const TS_VFY_VERSION: c_uint = 0x2;
+pub const TS_VFY_POLICY: c_uint = 0x4;
+pub const TS_VFY_IMPRINT: c_uint = 0x8;
+pub const TS_VFY_DATA: c_uint = 0x10;
+pub const TS_VFY_NONCE: c_uint = 0x20;
+pub const TS_VFY_SIGNER: c_uint = 0x40;
+pub const TS_VFY_TSA_NAME: c_uint = 0x80;
+
+pub const TS_VFY_ALL_IMPRINT: c_uint = TS_VFY_SIGNATURE
+    | TS_VFY_VERSION
+    | TS_VFY_POLICY
+    | TS_VFY_IMPRINT
+    | TS_VFY_NONCE
+    | TS_VFY_SIGNER
+    | TS_VFY_TSA_NAME;
+pub const TS_VFY_ALL_DATA: c_uint = TS_VFY_SIGNATURE
+    | TS_VFY_VERSION
+    | TS_VFY_POLICY
+    | TS_VFY_DATA
+    | TS_VFY_NONCE
+    | TS_VFY_SIGNER
+    | TS_VFY_TSA_NAME;
+
+pub const TS_STATUS_GRANTED: c_uint = 0;
+pub const TS_STATUS_GRANTED_WITH_MODS: c_uint = 1;
+pub const TS_STATUS_REJECTION: c_uint = 2;
+pub const TS_STATUS_WAITING: c_uint = 3;
+pub const TS_STATUS_REVOCATION_WARNING: c_uint = 4;
+pub const TS_STATUS_REVOCATION_NOTIFICATION: c_uint = 5;
+
+extern "C" {
+    pub fn TS_MSG_IMPRINT_new() -> *mut TS_MSG_IMPRINT;
+    pub fn TS_MSG_IMPRINT_free(a: *mut TS_MSG_IMPRINT);
+    pub fn TS_MSG_IMPRINT_set_algo(a: *mut TS_MSG_IMPRINT, alg: *mut X509_ALGOR) -> c_int;
+    pub fn TS_MSG_IMPRINT_get_algo(a: *mut TS_MSG_IMPRINT) -> *mut X509_ALGOR;
+    pub fn TS_MSG_IMPRINT_set_msg(a: *mut TS_MSG_IMPRINT, d: *mut c_uchar, length: c_int) -> c_int;
+    pub fn TS_MSG_IMPRINT_get_msg(a: *mut TS_MSG_IMPRINT) -> *mut ASN1_OCTET_STRING;
+
+    pub fn TS_REQ_new() -> *mut TS_REQ;
+    pub fn TS_REQ_free(a: *mut TS_REQ);
+    pub fn d2i_TS_REQ(a: *mut *mut TS_REQ, pp: *mut *const c_uchar, length: c_long) -> *mut TS_REQ;
+    pub fn i2d_TS_REQ(a: *const TS_REQ, pp: *mut *mut c_uchar) -> c_int;
+    pub fn TS_REQ_set_version(a: *mut TS_REQ, version: c_long) -> c_int;
+    pub fn TS_REQ_set_msg_imprint(a: *mut TS_REQ, msg_imprint: *mut TS_MSG_IMPRINT) -> c_int;
+    pub fn TS_REQ_get_msg_imprint(a: *mut TS_REQ) -> *mut TS_MSG_IMPRINT;
+    pub fn TS_REQ_set_nonce(a: *mut TS_REQ, nonce: *const ASN1_INTEGER) -> c_int;
+    pub fn TS_REQ_set_cert_req(a: *mut TS_REQ, cert_req: c_int) -> c_int;
+
+    pub fn TS_RESP_new() -> *mut TS_RESP;
+    pub fn TS_RESP_free(a: *mut TS_RESP);
+    pub fn d2i_TS_RESP(
+        a: *mut *mut TS_RESP,
+        pp: *mut *const c_uchar,
+        length: c_long,
+    ) -> *mut TS_RESP;
+    pub fn i2d_TS_RESP(a: *const TS_RESP, pp: *mut *mut c_uchar) -> c_int;
+
+    pub fn TS_VERIFY_CTX_new() -> *mut TS_VERIFY_CTX;
+    pub fn TS_VERIFY_CTX_free(ctx: *mut TS_VERIFY_CTX);
+    #[cfg(ossl110)]
+    pub fn TS_VERIFY_CTX_set_imprint(
+        ctx: *mut TS_VERIFY_CTX,
+        hexstr: *mut c_uchar,
+        length: c_long,
+    ) -> *mut c_uchar;
+    pub fn TS_RESP_verify_response(ctx: *mut TS_VERIFY_CTX, response: *mut TS_RESP) -> c_int;
+
+    pub fn TS_REQ_to_TS_VERIFY_CTX(req: *mut TS_REQ, ctx: *mut TS_VERIFY_CTX)
+        -> *mut TS_VERIFY_CTX;
+
+    pub fn TS_RESP_CTX_new() -> *mut TS_RESP_CTX;
+    pub fn TS_RESP_CTX_free(ctx: *mut TS_RESP_CTX);
+    pub fn TS_RESP_CTX_set_signer_cert(ctx: *mut TS_RESP_CTX, signer: *mut X509) -> c_int;
+    pub fn TS_RESP_CTX_set_signer_key(ctx: *mut TS_RESP_CTX, key: *mut EVP_PKEY) -> c_int;
+    pub fn TS_RESP_CTX_add_md(ctx: *mut TS_RESP_CTX, md: *const EVP_MD) -> c_int;
+
+    pub fn TS_RESP_create_response(ctx: *mut TS_RESP_CTX, req_bio: *mut BIO) -> *mut TS_RESP;
+
+    pub fn TS_RESP_get_tst_info(a: *mut TS_RESP) -> *mut TS_TST_INFO;
+    pub fn TS_TST_INFO_get_time(a: *const TS_TST_INFO) -> *const ASN1_STRING;
+    pub fn TS_TST_INFO_free(a: *mut TS_TST_INFO);
+}
+
+cfg_if! {
+    if #[cfg(any(ossl110, libressl280))] {
+        extern "C" {
+            pub fn TS_REQ_set_policy_id(
+                a: *mut TS_REQ,
+                policy: *const ASN1_OBJECT
+            ) -> c_int;
+            pub fn TS_RESP_CTX_set_def_policy(
+                ctx: *mut TS_RESP_CTX,
+                def_policy: *const ASN1_OBJECT
+            ) -> c_int;
+        }
+    } else {
+        extern "C" {
+            pub fn TS_REQ_set_policy_id(
+                a: *mut TS_REQ,
+                policy: *mut ASN1_OBJECT
+            ) -> c_int;
+            pub fn TS_RESP_CTX_set_def_policy(
+                ctx: *mut TS_RESP_CTX,
+                def_policy: *mut ASN1_OBJECT
+            ) -> c_int;
+        }
+    }
+}
+
+cfg_if! {
+    if #[cfg(ossl110)] {
+        extern "C" {
+            pub fn TS_RESP_CTX_set_signer_digest(
+                ctx: *mut TS_RESP_CTX,
+                signer_digest: *const EVP_MD,
+            ) -> c_int;
+        }
+    }
+}

openssl/src/asn1.rs

@@ -651,6 +651,18 @@ impl Asn1OctetStringRef {
     }
 }
 
+impl PartialEq for Asn1OctetStringRef {
+    fn eq(&self, other: &Self) -> bool {
+        self.as_slice() == other.as_slice()
+    }
+}
+
+impl PartialEq for Asn1OctetString {
+    fn eq(&self, other: &Self) -> bool {
+        Asn1OctetStringRef::eq(self, other)
+    }
+}
+
 foreign_type_and_impl_send_sync! {
     type CType = ffi::ASN1_OBJECT;
     fn drop = ffi::ASN1_OBJECT_free;

openssl/src/lib.rs

@@ -193,6 +193,8 @@ pub mod ssl;
 pub mod stack;
 pub mod string;
 pub mod symm;
+#[cfg(all(not(boringssl), not(libressl)))]
+pub mod ts;
 pub mod version;
 pub mod x509;