Embed various OCSP fields.
Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Dr. Stephen Henson
parent
44c734e95c
commit
a332635ea0
@ -62,7 +62,7 @@
|
|||||||
#include "ocsp_lcl.h"
|
#include "ocsp_lcl.h"
|
||||||
|
|
||||||
ASN1_SEQUENCE(OCSP_SIGNATURE) = {
|
ASN1_SEQUENCE(OCSP_SIGNATURE) = {
|
||||||
ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
|
ASN1_EMBED(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
|
||||||
ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING),
|
ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING),
|
||||||
ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0)
|
ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0)
|
||||||
} ASN1_SEQUENCE_END(OCSP_SIGNATURE)
|
} ASN1_SEQUENCE_END(OCSP_SIGNATURE)
|
||||||
@ -70,7 +70,7 @@ ASN1_SEQUENCE(OCSP_SIGNATURE) = {
|
|||||||
IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE)
|
IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE)
|
||||||
|
|
||||||
ASN1_SEQUENCE(OCSP_CERTID) = {
|
ASN1_SEQUENCE(OCSP_CERTID) = {
|
||||||
ASN1_SIMPLE(OCSP_CERTID, hashAlgorithm, X509_ALGOR),
|
ASN1_EMBED(OCSP_CERTID, hashAlgorithm, X509_ALGOR),
|
||||||
ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING),
|
ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING),
|
||||||
ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING),
|
ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING),
|
||||||
ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER)
|
ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER)
|
||||||
@ -95,7 +95,7 @@ ASN1_SEQUENCE(OCSP_REQINFO) = {
|
|||||||
IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO)
|
IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO)
|
||||||
|
|
||||||
ASN1_SEQUENCE(OCSP_REQUEST) = {
|
ASN1_SEQUENCE(OCSP_REQUEST) = {
|
||||||
ASN1_SIMPLE(OCSP_REQUEST, tbsRequest, OCSP_REQINFO),
|
ASN1_EMBED(OCSP_REQUEST, tbsRequest, OCSP_REQINFO),
|
||||||
ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0)
|
ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0)
|
||||||
} ASN1_SEQUENCE_END(OCSP_REQUEST)
|
} ASN1_SEQUENCE_END(OCSP_REQUEST)
|
||||||
|
|
||||||
@ -151,7 +151,7 @@ IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP)
|
|||||||
|
|
||||||
ASN1_SEQUENCE(OCSP_RESPDATA) = {
|
ASN1_SEQUENCE(OCSP_RESPDATA) = {
|
||||||
ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),
|
ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),
|
||||||
ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID),
|
ASN1_EMBED(OCSP_RESPDATA, responderId, OCSP_RESPID),
|
||||||
ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME),
|
ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME),
|
||||||
ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP),
|
ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP),
|
||||||
ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)
|
ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)
|
||||||
@ -160,8 +160,8 @@ ASN1_SEQUENCE(OCSP_RESPDATA) = {
|
|||||||
IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA)
|
IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA)
|
||||||
|
|
||||||
ASN1_SEQUENCE(OCSP_BASICRESP) = {
|
ASN1_SEQUENCE(OCSP_BASICRESP) = {
|
||||||
ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
|
ASN1_EMBED(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
|
||||||
ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
|
ASN1_EMBED(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
|
||||||
ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING),
|
ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING),
|
||||||
ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)
|
ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)
|
||||||
} ASN1_SEQUENCE_END(OCSP_BASICRESP)
|
} ASN1_SEQUENCE_END(OCSP_BASICRESP)
|
||||||
|
|||||||
@ -93,7 +93,7 @@ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid)
|
|||||||
goto err;
|
goto err;
|
||||||
OCSP_CERTID_free(one->reqCert);
|
OCSP_CERTID_free(one->reqCert);
|
||||||
one->reqCert = cid;
|
one->reqCert = cid;
|
||||||
if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one))
|
if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest.requestList, one))
|
||||||
goto err;
|
goto err;
|
||||||
return one;
|
return one;
|
||||||
err:
|
err:
|
||||||
@ -115,8 +115,8 @@ int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
gen->type = GEN_DIRNAME;
|
gen->type = GEN_DIRNAME;
|
||||||
GENERAL_NAME_free(req->tbsRequest->requestorName);
|
GENERAL_NAME_free(req->tbsRequest.requestorName);
|
||||||
req->tbsRequest->requestorName = gen;
|
req->tbsRequest.requestorName = gen;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -230,7 +230,7 @@ int OCSP_resp_count(OCSP_BASICRESP *bs)
|
|||||||
{
|
{
|
||||||
if (!bs)
|
if (!bs)
|
||||||
return -1;
|
return -1;
|
||||||
return sk_OCSP_SINGLERESP_num(bs->tbsResponseData->responses);
|
return sk_OCSP_SINGLERESP_num(bs->tbsResponseData.responses);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Extract an OCSP_SINGLERESP response with a given index */
|
/* Extract an OCSP_SINGLERESP response with a given index */
|
||||||
@ -239,7 +239,7 @@ OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx)
|
|||||||
{
|
{
|
||||||
if (!bs)
|
if (!bs)
|
||||||
return NULL;
|
return NULL;
|
||||||
return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx);
|
return sk_OCSP_SINGLERESP_value(bs->tbsResponseData.responses, idx);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Look single response matching a given certificate ID */
|
/* Look single response matching a given certificate ID */
|
||||||
@ -255,7 +255,7 @@ int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
|
|||||||
last = 0;
|
last = 0;
|
||||||
else
|
else
|
||||||
last++;
|
last++;
|
||||||
sresp = bs->tbsResponseData->responses;
|
sresp = bs->tbsResponseData.responses;
|
||||||
for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
|
for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
|
||||||
single = sk_OCSP_SINGLERESP_value(sresp, i);
|
single = sk_OCSP_SINGLERESP_value(sresp, i);
|
||||||
if (!OCSP_id_cmp(id, single->certId))
|
if (!OCSP_id_cmp(id, single->certId))
|
||||||
|
|||||||
@ -79,53 +79,53 @@
|
|||||||
|
|
||||||
int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x)
|
int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x)
|
||||||
{
|
{
|
||||||
return (X509v3_get_ext_count(x->tbsRequest->requestExtensions));
|
return (X509v3_get_ext_count(x->tbsRequest.requestExtensions));
|
||||||
}
|
}
|
||||||
|
|
||||||
int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos)
|
int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos)
|
||||||
{
|
{
|
||||||
return (X509v3_get_ext_by_NID
|
return (X509v3_get_ext_by_NID
|
||||||
(x->tbsRequest->requestExtensions, nid, lastpos));
|
(x->tbsRequest.requestExtensions, nid, lastpos));
|
||||||
}
|
}
|
||||||
|
|
||||||
int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj,
|
int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj,
|
||||||
int lastpos)
|
int lastpos)
|
||||||
{
|
{
|
||||||
return (X509v3_get_ext_by_OBJ
|
return (X509v3_get_ext_by_OBJ
|
||||||
(x->tbsRequest->requestExtensions, obj, lastpos));
|
(x->tbsRequest.requestExtensions, obj, lastpos));
|
||||||
}
|
}
|
||||||
|
|
||||||
int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos)
|
int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos)
|
||||||
{
|
{
|
||||||
return (X509v3_get_ext_by_critical
|
return (X509v3_get_ext_by_critical
|
||||||
(x->tbsRequest->requestExtensions, crit, lastpos));
|
(x->tbsRequest.requestExtensions, crit, lastpos));
|
||||||
}
|
}
|
||||||
|
|
||||||
X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc)
|
X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc)
|
||||||
{
|
{
|
||||||
return (X509v3_get_ext(x->tbsRequest->requestExtensions, loc));
|
return (X509v3_get_ext(x->tbsRequest.requestExtensions, loc));
|
||||||
}
|
}
|
||||||
|
|
||||||
X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc)
|
X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc)
|
||||||
{
|
{
|
||||||
return (X509v3_delete_ext(x->tbsRequest->requestExtensions, loc));
|
return (X509v3_delete_ext(x->tbsRequest.requestExtensions, loc));
|
||||||
}
|
}
|
||||||
|
|
||||||
void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx)
|
void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx)
|
||||||
{
|
{
|
||||||
return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx);
|
return X509V3_get_d2i(x->tbsRequest.requestExtensions, nid, crit, idx);
|
||||||
}
|
}
|
||||||
|
|
||||||
int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
|
int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
|
||||||
unsigned long flags)
|
unsigned long flags)
|
||||||
{
|
{
|
||||||
return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value,
|
return X509V3_add1_i2d(&x->tbsRequest.requestExtensions, nid, value,
|
||||||
crit, flags);
|
crit, flags);
|
||||||
}
|
}
|
||||||
|
|
||||||
int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
|
int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
|
||||||
{
|
{
|
||||||
return (X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, loc) !=
|
return (X509v3_add_ext(&(x->tbsRequest.requestExtensions), ex, loc) !=
|
||||||
NULL);
|
NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -183,56 +183,56 @@ int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc)
|
|||||||
|
|
||||||
int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x)
|
int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x)
|
||||||
{
|
{
|
||||||
return (X509v3_get_ext_count(x->tbsResponseData->responseExtensions));
|
return (X509v3_get_ext_count(x->tbsResponseData.responseExtensions));
|
||||||
}
|
}
|
||||||
|
|
||||||
int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)
|
int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)
|
||||||
{
|
{
|
||||||
return (X509v3_get_ext_by_NID
|
return (X509v3_get_ext_by_NID
|
||||||
(x->tbsResponseData->responseExtensions, nid, lastpos));
|
(x->tbsResponseData.responseExtensions, nid, lastpos));
|
||||||
}
|
}
|
||||||
|
|
||||||
int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj,
|
int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj,
|
||||||
int lastpos)
|
int lastpos)
|
||||||
{
|
{
|
||||||
return (X509v3_get_ext_by_OBJ
|
return (X509v3_get_ext_by_OBJ
|
||||||
(x->tbsResponseData->responseExtensions, obj, lastpos));
|
(x->tbsResponseData.responseExtensions, obj, lastpos));
|
||||||
}
|
}
|
||||||
|
|
||||||
int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
|
int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
|
||||||
int lastpos)
|
int lastpos)
|
||||||
{
|
{
|
||||||
return (X509v3_get_ext_by_critical
|
return (X509v3_get_ext_by_critical
|
||||||
(x->tbsResponseData->responseExtensions, crit, lastpos));
|
(x->tbsResponseData.responseExtensions, crit, lastpos));
|
||||||
}
|
}
|
||||||
|
|
||||||
X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc)
|
X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc)
|
||||||
{
|
{
|
||||||
return (X509v3_get_ext(x->tbsResponseData->responseExtensions, loc));
|
return (X509v3_get_ext(x->tbsResponseData.responseExtensions, loc));
|
||||||
}
|
}
|
||||||
|
|
||||||
X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc)
|
X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc)
|
||||||
{
|
{
|
||||||
return (X509v3_delete_ext(x->tbsResponseData->responseExtensions, loc));
|
return (X509v3_delete_ext(x->tbsResponseData.responseExtensions, loc));
|
||||||
}
|
}
|
||||||
|
|
||||||
void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit,
|
void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit,
|
||||||
int *idx)
|
int *idx)
|
||||||
{
|
{
|
||||||
return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit,
|
return X509V3_get_d2i(x->tbsResponseData.responseExtensions, nid, crit,
|
||||||
idx);
|
idx);
|
||||||
}
|
}
|
||||||
|
|
||||||
int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value,
|
int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value,
|
||||||
int crit, unsigned long flags)
|
int crit, unsigned long flags)
|
||||||
{
|
{
|
||||||
return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid,
|
return X509V3_add1_i2d(&x->tbsResponseData.responseExtensions, nid,
|
||||||
value, crit, flags);
|
value, crit, flags);
|
||||||
}
|
}
|
||||||
|
|
||||||
int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc)
|
int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc)
|
||||||
{
|
{
|
||||||
return (X509v3_add_ext(&(x->tbsResponseData->responseExtensions), ex, loc)
|
return (X509v3_add_ext(&(x->tbsResponseData.responseExtensions), ex, loc)
|
||||||
!= NULL);
|
!= NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -334,14 +334,14 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
|
|||||||
|
|
||||||
int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len)
|
int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len)
|
||||||
{
|
{
|
||||||
return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len);
|
return ocsp_add1_nonce(&req->tbsRequest.requestExtensions, val, len);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Same as above but for a response */
|
/* Same as above but for a response */
|
||||||
|
|
||||||
int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len)
|
int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len)
|
||||||
{
|
{
|
||||||
return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val,
|
return ocsp_add1_nonce(&resp->tbsResponseData.responseExtensions, val,
|
||||||
len);
|
len);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -71,7 +71,7 @@
|
|||||||
* serialNumber CertificateSerialNumber }
|
* serialNumber CertificateSerialNumber }
|
||||||
*/
|
*/
|
||||||
struct ocsp_cert_id_st {
|
struct ocsp_cert_id_st {
|
||||||
X509_ALGOR *hashAlgorithm;
|
X509_ALGOR hashAlgorithm;
|
||||||
ASN1_OCTET_STRING *issuerNameHash;
|
ASN1_OCTET_STRING *issuerNameHash;
|
||||||
ASN1_OCTET_STRING *issuerKeyHash;
|
ASN1_OCTET_STRING *issuerKeyHash;
|
||||||
ASN1_INTEGER *serialNumber;
|
ASN1_INTEGER *serialNumber;
|
||||||
@ -105,7 +105,7 @@ struct ocsp_req_info_st {
|
|||||||
* certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
|
* certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
|
||||||
*/
|
*/
|
||||||
struct ocsp_signature_st {
|
struct ocsp_signature_st {
|
||||||
X509_ALGOR *signatureAlgorithm;
|
X509_ALGOR signatureAlgorithm;
|
||||||
ASN1_BIT_STRING *signature;
|
ASN1_BIT_STRING *signature;
|
||||||
STACK_OF(X509) *certs;
|
STACK_OF(X509) *certs;
|
||||||
};
|
};
|
||||||
@ -115,7 +115,7 @@ struct ocsp_signature_st {
|
|||||||
* optionalSignature [0] EXPLICIT Signature OPTIONAL }
|
* optionalSignature [0] EXPLICIT Signature OPTIONAL }
|
||||||
*/
|
*/
|
||||||
struct ocsp_request_st {
|
struct ocsp_request_st {
|
||||||
OCSP_REQINFO *tbsRequest;
|
OCSP_REQINFO tbsRequest;
|
||||||
OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
|
OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -211,7 +211,7 @@ struct ocsp_single_response_st {
|
|||||||
*/
|
*/
|
||||||
struct ocsp_response_data_st {
|
struct ocsp_response_data_st {
|
||||||
ASN1_INTEGER *version;
|
ASN1_INTEGER *version;
|
||||||
OCSP_RESPID *responderId;
|
OCSP_RESPID responderId;
|
||||||
ASN1_GENERALIZEDTIME *producedAt;
|
ASN1_GENERALIZEDTIME *producedAt;
|
||||||
STACK_OF(OCSP_SINGLERESP) *responses;
|
STACK_OF(OCSP_SINGLERESP) *responses;
|
||||||
STACK_OF(X509_EXTENSION) *responseExtensions;
|
STACK_OF(X509_EXTENSION) *responseExtensions;
|
||||||
@ -244,8 +244,8 @@ struct ocsp_response_data_st {
|
|||||||
* and CeloCom
|
* and CeloCom
|
||||||
*/
|
*/
|
||||||
struct ocsp_basic_response_st {
|
struct ocsp_basic_response_st {
|
||||||
OCSP_RESPDATA *tbsResponseData;
|
OCSP_RESPDATA tbsResponseData;
|
||||||
X509_ALGOR *signatureAlgorithm;
|
X509_ALGOR signatureAlgorithm;
|
||||||
ASN1_BIT_STRING *signature;
|
ASN1_BIT_STRING *signature;
|
||||||
STACK_OF(X509) *certs;
|
STACK_OF(X509) *certs;
|
||||||
};
|
};
|
||||||
|
|||||||
@ -109,7 +109,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
|
|||||||
if ((cid = OCSP_CERTID_new()) == NULL)
|
if ((cid = OCSP_CERTID_new()) == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
alg = cid->hashAlgorithm;
|
alg = &cid->hashAlgorithm;
|
||||||
ASN1_OBJECT_free(alg->algorithm);
|
ASN1_OBJECT_free(alg->algorithm);
|
||||||
if ((nid = EVP_MD_type(dgst)) == NID_undef) {
|
if ((nid = EVP_MD_type(dgst)) == NID_undef) {
|
||||||
OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
|
OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
|
||||||
@ -149,7 +149,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
|
|||||||
int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
|
int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm);
|
ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm);
|
||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash);
|
ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash);
|
||||||
|
|||||||
@ -75,7 +75,7 @@ static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent)
|
|||||||
BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
|
BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
|
||||||
indent += 2;
|
indent += 2;
|
||||||
BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
|
BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
|
||||||
i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm);
|
i2a_ASN1_OBJECT(bp, a->hashAlgorithm.algorithm);
|
||||||
BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
|
BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
|
||||||
i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING);
|
i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING);
|
||||||
BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
|
BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
|
||||||
@ -144,7 +144,7 @@ int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags)
|
|||||||
long l;
|
long l;
|
||||||
OCSP_CERTID *cid = NULL;
|
OCSP_CERTID *cid = NULL;
|
||||||
OCSP_ONEREQ *one = NULL;
|
OCSP_ONEREQ *one = NULL;
|
||||||
OCSP_REQINFO *inf = o->tbsRequest;
|
OCSP_REQINFO *inf = &o->tbsRequest;
|
||||||
OCSP_SIGNATURE *sig = o->optionalSignature;
|
OCSP_SIGNATURE *sig = o->optionalSignature;
|
||||||
|
|
||||||
if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0)
|
if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0)
|
||||||
@ -172,7 +172,7 @@ int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags)
|
|||||||
inf->requestExtensions, flags, 4))
|
inf->requestExtensions, flags, 4))
|
||||||
goto err;
|
goto err;
|
||||||
if (sig) {
|
if (sig) {
|
||||||
X509_signature_print(bp, sig->signatureAlgorithm, sig->signature);
|
X509_signature_print(bp, &sig->signatureAlgorithm, sig->signature);
|
||||||
for (i = 0; i < sk_X509_num(sig->certs); i++) {
|
for (i = 0; i < sk_X509_num(sig->certs); i++) {
|
||||||
X509_print(bp, sk_X509_value(sig->certs, i));
|
X509_print(bp, sk_X509_value(sig->certs, i));
|
||||||
PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i));
|
PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i));
|
||||||
@ -216,14 +216,14 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags)
|
|||||||
i = ASN1_STRING_length(rb->response);
|
i = ASN1_STRING_length(rb->response);
|
||||||
if ((br = OCSP_response_get1_basic(o)) == NULL)
|
if ((br = OCSP_response_get1_basic(o)) == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
rd = br->tbsResponseData;
|
rd = &br->tbsResponseData;
|
||||||
l = ASN1_INTEGER_get(rd->version);
|
l = ASN1_INTEGER_get(rd->version);
|
||||||
if (BIO_printf(bp, "\n Version: %lu (0x%lx)\n", l + 1, l) <= 0)
|
if (BIO_printf(bp, "\n Version: %lu (0x%lx)\n", l + 1, l) <= 0)
|
||||||
goto err;
|
goto err;
|
||||||
if (BIO_puts(bp, " Responder Id: ") <= 0)
|
if (BIO_puts(bp, " Responder Id: ") <= 0)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
rid = rd->responderId;
|
rid = &rd->responderId;
|
||||||
switch (rid->type) {
|
switch (rid->type) {
|
||||||
case V_OCSP_RESPID_NAME:
|
case V_OCSP_RESPID_NAME:
|
||||||
X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
|
X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
|
||||||
@ -286,7 +286,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags)
|
|||||||
if (!X509V3_extensions_print(bp, "Response Extensions",
|
if (!X509V3_extensions_print(bp, "Response Extensions",
|
||||||
rd->responseExtensions, flags, 4))
|
rd->responseExtensions, flags, 4))
|
||||||
goto err;
|
goto err;
|
||||||
if (X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
|
if (X509_signature_print(bp, &br->signatureAlgorithm, br->signature) <= 0)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
for (i = 0; i < sk_X509_num(br->certs); i++) {
|
for (i = 0; i < sk_X509_num(br->certs); i++) {
|
||||||
|
|||||||
@ -74,12 +74,12 @@
|
|||||||
|
|
||||||
int OCSP_request_onereq_count(OCSP_REQUEST *req)
|
int OCSP_request_onereq_count(OCSP_REQUEST *req)
|
||||||
{
|
{
|
||||||
return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList);
|
return sk_OCSP_ONEREQ_num(req->tbsRequest.requestList);
|
||||||
}
|
}
|
||||||
|
|
||||||
OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)
|
OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)
|
||||||
{
|
{
|
||||||
return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i);
|
return sk_OCSP_ONEREQ_value(req->tbsRequest.requestList, i);
|
||||||
}
|
}
|
||||||
|
|
||||||
OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one)
|
OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one)
|
||||||
@ -94,7 +94,7 @@ int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
|
|||||||
if (!cid)
|
if (!cid)
|
||||||
return 0;
|
return 0;
|
||||||
if (pmd)
|
if (pmd)
|
||||||
*pmd = cid->hashAlgorithm->algorithm;
|
*pmd = cid->hashAlgorithm.algorithm;
|
||||||
if (piNameHash)
|
if (piNameHash)
|
||||||
*piNameHash = cid->issuerNameHash;
|
*piNameHash = cid->issuerNameHash;
|
||||||
if (pikeyHash)
|
if (pikeyHash)
|
||||||
@ -145,8 +145,8 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
|
|||||||
OCSP_CERTSTATUS *cs;
|
OCSP_CERTSTATUS *cs;
|
||||||
OCSP_REVOKEDINFO *ri;
|
OCSP_REVOKEDINFO *ri;
|
||||||
|
|
||||||
if (rsp->tbsResponseData->responses == NULL
|
if (rsp->tbsResponseData.responses == NULL
|
||||||
&& (rsp->tbsResponseData->responses
|
&& (rsp->tbsResponseData.responses
|
||||||
= sk_OCSP_SINGLERESP_new_null()) == NULL)
|
= sk_OCSP_SINGLERESP_new_null()) == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
@ -195,7 +195,7 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
|
|||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
}
|
}
|
||||||
if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))
|
if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData.responses, single)))
|
||||||
goto err;
|
goto err;
|
||||||
return single;
|
return single;
|
||||||
err:
|
err:
|
||||||
@ -240,7 +240,7 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
rid = brsp->tbsResponseData->responderId;
|
rid = &brsp->tbsResponseData.responderId;
|
||||||
if (flags & OCSP_RESPID_KEY) {
|
if (flags & OCSP_RESPID_KEY) {
|
||||||
unsigned char md[SHA_DIGEST_LENGTH];
|
unsigned char md[SHA_DIGEST_LENGTH];
|
||||||
X509_pubkey_digest(signer, EVP_sha1(), md, NULL);
|
X509_pubkey_digest(signer, EVP_sha1(), md, NULL);
|
||||||
@ -256,7 +256,7 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (!(flags & OCSP_NOTIME) &&
|
if (!(flags & OCSP_NOTIME) &&
|
||||||
!X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0))
|
!X509_gmtime_adj(brsp->tbsResponseData.producedAt, 0))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|||||||
@ -182,7 +182,7 @@ static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
|
|||||||
unsigned long flags)
|
unsigned long flags)
|
||||||
{
|
{
|
||||||
X509 *signer;
|
X509 *signer;
|
||||||
OCSP_RESPID *rid = bs->tbsResponseData->responderId;
|
OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
|
||||||
if ((signer = ocsp_find_signer_sk(certs, rid))) {
|
if ((signer = ocsp_find_signer_sk(certs, rid))) {
|
||||||
*psigner = signer;
|
*psigner = signer;
|
||||||
return 2;
|
return 2;
|
||||||
@ -231,7 +231,7 @@ static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
|
|||||||
X509 *signer, *sca;
|
X509 *signer, *sca;
|
||||||
OCSP_CERTID *caid = NULL;
|
OCSP_CERTID *caid = NULL;
|
||||||
int i;
|
int i;
|
||||||
sresp = bs->tbsResponseData->responses;
|
sresp = bs->tbsResponseData.responses;
|
||||||
|
|
||||||
if (sk_X509_num(chain) <= 0) {
|
if (sk_X509_num(chain) <= 0) {
|
||||||
OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
|
OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
|
||||||
@ -292,8 +292,8 @@ static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
|
|||||||
/* Check to see if IDs match */
|
/* Check to see if IDs match */
|
||||||
if (OCSP_id_issuer_cmp(cid, tmpid)) {
|
if (OCSP_id_issuer_cmp(cid, tmpid)) {
|
||||||
/* If algoritm mismatch let caller deal with it */
|
/* If algoritm mismatch let caller deal with it */
|
||||||
if (OBJ_cmp(tmpid->hashAlgorithm->algorithm,
|
if (OBJ_cmp(tmpid->hashAlgorithm.algorithm,
|
||||||
cid->hashAlgorithm->algorithm))
|
cid->hashAlgorithm.algorithm))
|
||||||
return 2;
|
return 2;
|
||||||
/* Else mismatch */
|
/* Else mismatch */
|
||||||
return 0;
|
return 0;
|
||||||
@ -314,7 +314,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
|
|||||||
X509_NAME *iname;
|
X509_NAME *iname;
|
||||||
int mdlen;
|
int mdlen;
|
||||||
unsigned char md[EVP_MAX_MD_SIZE];
|
unsigned char md[EVP_MAX_MD_SIZE];
|
||||||
if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))
|
if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm.algorithm))
|
||||||
== NULL) {
|
== NULL) {
|
||||||
OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,
|
OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,
|
||||||
OCSP_R_UNKNOWN_MESSAGE_DIGEST);
|
OCSP_R_UNKNOWN_MESSAGE_DIGEST);
|
||||||
@ -380,7 +380,7 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
|
|||||||
OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
|
OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
gen = req->tbsRequest->requestorName;
|
gen = req->tbsRequest.requestorName;
|
||||||
if (!gen || gen->type != GEN_DIRNAME) {
|
if (!gen || gen->type != GEN_DIRNAME) {
|
||||||
OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
|
OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
|
||||||
OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
|
OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
|
||||||
|
|||||||
@ -186,19 +186,19 @@ typedef struct ocsp_service_locator_st OCSP_SERVICELOC;
|
|||||||
|
|
||||||
# define OCSP_REQUEST_sign(o,pkey,md) \
|
# define OCSP_REQUEST_sign(o,pkey,md) \
|
||||||
ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
|
ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
|
||||||
o->optionalSignature->signatureAlgorithm,NULL,\
|
&o->optionalSignature->signatureAlgorithm,NULL,\
|
||||||
o->optionalSignature->signature,o->tbsRequest,pkey,md)
|
o->optionalSignature->signature,&o->tbsRequest,pkey,md)
|
||||||
|
|
||||||
# define OCSP_BASICRESP_sign(o,pkey,md,d) \
|
# define OCSP_BASICRESP_sign(o,pkey,md,d) \
|
||||||
ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\
|
ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&o->signatureAlgorithm,NULL,\
|
||||||
o->signature,o->tbsResponseData,pkey,md)
|
o->signature,&o->tbsResponseData,pkey,md)
|
||||||
|
|
||||||
# define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
|
# define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
|
||||||
a->optionalSignature->signatureAlgorithm,\
|
&a->optionalSignature->signatureAlgorithm,\
|
||||||
a->optionalSignature->signature,a->tbsRequest,r)
|
a->optionalSignature->signature,&a->tbsRequest,r)
|
||||||
|
|
||||||
# define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
|
# define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
|
||||||
a->signatureAlgorithm,a->signature,a->tbsResponseData,r)
|
&a->signatureAlgorithm,a->signature,&a->tbsResponseData,r)
|
||||||
|
|
||||||
# define ASN1_BIT_STRING_digest(data,type,md,len) \
|
# define ASN1_BIT_STRING_digest(data,type,md,len) \
|
||||||
ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
|
ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user