OCSP response validation. More...
#include "ocsp/ocsp_resp_validate.h"#include "pkix/x509_cert_parse.h"#include "pkix/x509_cert_validate.h"#include "pkix/x509_sign_verify.h"#include "encoding/asn1.h"#include "encoding/oid.h"#include "debug.h"Go to the source code of this file.
Macros | |
| #define | TRACE_LEVEL OCSP_TRACE_LEVEL |
Functions | |
| error_t | ocspValidateResponse (const OcspResponse *response, const X509CertInfo *certInfo, const X509CertInfo *issuerCertInfo, const uint8_t *nonce, size_t nonceLen) |
| OCSP response validation. More... | |
| error_t | ocspCheckResponseSignature (const OcspBasicResponse *basicResponse, const X509CertInfo *issuerCertInfo) |
| Verify response signature. More... | |
| error_t | ocspCheckResponderCert (const OcspResponderId *responderId, const X509CertInfo *responderCertInfo, const X509CertInfo *issuerCertInfo) |
| Check responder's certificate. More... | |
| error_t | ocspCheckResponderId (const OcspResponderId *responderId, const X509CertInfo *issuerCertInfo) |
| Check responder identifier. More... | |
| error_t | ocspCheckCertId (const OcspCertId *certId, const X509CertInfo *certInfo, const X509CertInfo *issuerCertInfo) |
| Check certificate identifier. More... | |
| error_t | ocspCheckValidity (const OcspSingleResponse *singleResponse) |
| Check the validity interval of the OCSP response. More... | |
| error_t | ocspCheckNonce (const OcspExtensions *extensions, const uint8_t *nonce, size_t nonceLen) |
| Check nonce. More... | |
Detailed Description
OCSP response validation.
License
SPDX-License-Identifier: GPL-2.0-or-later
Copyright (C) 2010-2025 Oryx Embedded SARL. All rights reserved.
This file is part of CycloneCRYPTO Open.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- Version
- 2.5.4
Definition in file ocsp_resp_validate.c.
Macro Definition Documentation
◆ TRACE_LEVEL
| #define TRACE_LEVEL OCSP_TRACE_LEVEL |
Definition at line 32 of file ocsp_resp_validate.c.
Function Documentation
◆ ocspCheckCertId()
| error_t ocspCheckCertId | ( | const OcspCertId * | certId, |
| const X509CertInfo * | certInfo, | ||
| const X509CertInfo * | issuerCertInfo | ||
| ) |
Check certificate identifier.
- Parameters
-
[in] certId Pointer to the certificate identifier [in] certInfo End entity certificate [in] issuerCertInfo Issuer's certificate
- Returns
- Error code
Definition at line 357 of file ocsp_resp_validate.c.
◆ ocspCheckNonce()
| error_t ocspCheckNonce | ( | const OcspExtensions * | extensions, |
| const uint8_t * | nonce, | ||
| size_t | nonceLen | ||
| ) |
Check nonce.
- Parameters
-
[in] extensions Pointer to the OCSP extensions [in] nonce Pointer to the random nonce (optional parameter) [in] nonceLen Length of the nonce, in bytes (optional parameter)
- Returns
- Error code
Definition at line 483 of file ocsp_resp_validate.c.
◆ ocspCheckResponderCert()
| error_t ocspCheckResponderCert | ( | const OcspResponderId * | responderId, |
| const X509CertInfo * | responderCertInfo, | ||
| const X509CertInfo * | issuerCertInfo | ||
| ) |
Check responder's certificate.
- Parameters
-
[in] responderId Pointer to the responder identifier [in] responderCertInfo Responder's certificate [in] issuerCertInfo Issuer's certificate
- Returns
- Error code
Definition at line 248 of file ocsp_resp_validate.c.
◆ ocspCheckResponderId()
| error_t ocspCheckResponderId | ( | const OcspResponderId * | responderId, |
| const X509CertInfo * | issuerCertInfo | ||
| ) |
Check responder identifier.
- Parameters
-
[in] responderId Pointer to the responder identifier [in] issuerCertInfo Issuer's certificate
- Returns
- Error code
Definition at line 291 of file ocsp_resp_validate.c.
◆ ocspCheckResponseSignature()
| error_t ocspCheckResponseSignature | ( | const OcspBasicResponse * | basicResponse, |
| const X509CertInfo * | issuerCertInfo | ||
| ) |
Verify response signature.
- Parameters
-
[in] basicResponse Pointer to the basic response [in] issuerCertInfo Issuer's certificate
- Returns
- Error code
Definition at line 130 of file ocsp_resp_validate.c.
◆ ocspCheckValidity()
| error_t ocspCheckValidity | ( | const OcspSingleResponse * | singleResponse | ) |
Check the validity interval of the OCSP response.
- Parameters
-
[in] singleResponse Pointer to the OCSP response
- Returns
- Error code
Definition at line 427 of file ocsp_resp_validate.c.
◆ ocspValidateResponse()
| error_t ocspValidateResponse | ( | const OcspResponse * | response, |
| const X509CertInfo * | certInfo, | ||
| const X509CertInfo * | issuerCertInfo, | ||
| const uint8_t * | nonce, | ||
| size_t | nonceLen | ||
| ) |
OCSP response validation.
- Parameters
-
[in] response Pointer to the OCSP response to be verified [in] certInfo End entity certificate [in] issuerCertInfo Issuer's certificate [in] nonce Pointer to the random nonce (optional parameter) [in] nonceLen Length of the nonce, in bytes (optional parameter)
- Returns
- Error code
Definition at line 57 of file ocsp_resp_validate.c.