generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Run util/openssl-format-source -v -c .

Browse Source 
Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Matt Caswell
2015-01-22 01:01:16 +00:00
parent e3db68b766
commit a8b966f48f
1020 changed files with 242626 additions and 243393 deletions
Download Patch File Download Diff File Expand all files Collapse all files

360
demos/asn1/ocsp.c
View File

@@ -1,6 +1,7 @@
/* ocsp.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2000.
*/
/* ====================================================================
* Copyright (c) 2000 The OpenSSL Project. All rights reserved.
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -59,114 +60,111 @@
#include <openssl/asn1t.h>
#include <openssl/x509v3.h>
/*-
/*-
Example of new ASN1 code, OCSP request
OCSPRequest ::= SEQUENCE {
tbsRequest TBSRequest,
optionalSignature [0] EXPLICIT Signature OPTIONAL }
OCSPRequest ::= SEQUENCE {
tbsRequest TBSRequest,
optionalSignature [0] EXPLICIT Signature OPTIONAL }
TBSRequest ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
requestorName [1] EXPLICIT GeneralName OPTIONAL,
requestList SEQUENCE OF Request,
requestExtensions [2] EXPLICIT Extensions OPTIONAL }
TBSRequest ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
requestorName [1] EXPLICIT GeneralName OPTIONAL,
requestList SEQUENCE OF Request,
requestExtensions [2] EXPLICIT Extensions OPTIONAL }
Signature ::= SEQUENCE {
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
Signature ::= SEQUENCE {
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
Version ::= INTEGER { v1(0) }
Version ::= INTEGER { v1(0) }
Request ::= SEQUENCE {
reqCert CertID,
singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
Request ::= SEQUENCE {
reqCert CertID,
singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
CertID ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
issuerNameHash OCTET STRING, -- Hash of Issuer's DN
issuerKeyHash OCTET STRING, -- Hash of Issuers public key
serialNumber CertificateSerialNumber }
CertID ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
issuerNameHash OCTET STRING, -- Hash of Issuer's DN
issuerKeyHash OCTET STRING, -- Hash of Issuers public key
serialNumber CertificateSerialNumber }
OCSPResponse ::= SEQUENCE {
responseStatus OCSPResponseStatus,
responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
OCSPResponse ::= SEQUENCE {
responseStatus OCSPResponseStatus,
responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
OCSPResponseStatus ::= ENUMERATED {
successful (0), --Response has valid confirmations
malformedRequest (1), --Illegal confirmation request
internalError (2), --Internal error in issuer
tryLater (3), --Try again later
--(4) is not used
sigRequired (5), --Must sign the request
unauthorized (6) --Request unauthorized
}
OCSPResponseStatus ::= ENUMERATED {
successful (0), --Response has valid confirmations
malformedRequest (1), --Illegal confirmation request
internalError (2), --Internal error in issuer
tryLater (3), --Try again later
--(4) is not used
sigRequired (5), --Must sign the request
unauthorized (6) --Request unauthorized
}
ResponseBytes ::= SEQUENCE {
responseType OBJECT IDENTIFIER,
response OCTET STRING }
ResponseBytes ::= SEQUENCE {
responseType OBJECT IDENTIFIER,
response OCTET STRING }
BasicOCSPResponse ::= SEQUENCE {
tbsResponseData ResponseData,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
BasicOCSPResponse ::= SEQUENCE {
tbsResponseData ResponseData,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
ResponseData ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
responderID ResponderID,
producedAt GeneralizedTime,
responses SEQUENCE OF SingleResponse,
responseExtensions [1] EXPLICIT Extensions OPTIONAL }
ResponseData ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
responderID ResponderID,
producedAt GeneralizedTime,
responses SEQUENCE OF SingleResponse,
responseExtensions [1] EXPLICIT Extensions OPTIONAL }
ResponderID ::= CHOICE {
byName [1] Name, --EXPLICIT
byKey [2] KeyHash }
ResponderID ::= CHOICE {
byName [1] Name, --EXPLICIT
byKey [2] KeyHash }
KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
--(excluding the tag and length fields)
KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
--(excluding the tag and length fields)
SingleResponse ::= SEQUENCE {
certID CertID,
certStatus CertStatus,
thisUpdate GeneralizedTime,
nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
singleExtensions [1] EXPLICIT Extensions OPTIONAL }
SingleResponse ::= SEQUENCE {
certID CertID,
certStatus CertStatus,
thisUpdate GeneralizedTime,
nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
singleExtensions [1] EXPLICIT Extensions OPTIONAL }
CertStatus ::= CHOICE {
good [0] IMPLICIT NULL,
revoked [1] IMPLICIT RevokedInfo,
unknown [2] IMPLICIT UnknownInfo }
CertStatus ::= CHOICE {
good [0] IMPLICIT NULL,
revoked [1] IMPLICIT RevokedInfo,
unknown [2] IMPLICIT UnknownInfo }
RevokedInfo ::= SEQUENCE {
revocationTime GeneralizedTime,
revocationReason [0] EXPLICIT CRLReason OPTIONAL }
RevokedInfo ::= SEQUENCE {
revocationTime GeneralizedTime,
revocationReason [0] EXPLICIT CRLReason OPTIONAL }
UnknownInfo ::= NULL -- this can be replaced with an enumeration
UnknownInfo ::= NULL -- this can be replaced with an enumeration
ArchiveCutoff ::= GeneralizedTime
ArchiveCutoff ::= GeneralizedTime
AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
ServiceLocator ::= SEQUENCE {
issuer Name,
locator AuthorityInfoAccessSyntax }
ServiceLocator ::= SEQUENCE {
issuer Name,
locator AuthorityInfoAccessSyntax }
-- Object Identifiers
-- Object Identifiers
id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }
id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp }
id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
id-pkix-ocsp-crl OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
id-pkix-ocsp-response OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }
id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp }
id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
id-pkix-ocsp-crl OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
id-pkix-ocsp-response OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
*/
@@ -175,193 +173,189 @@
DECLARE_STACK_OF(Request)
typedef struct {
ASN1_INTEGER *version;
GENERAL_NAME *requestorName;
STACK_OF(Request) *requestList;
STACK_OF(X509_EXTENSION) *requestExtensions;
ASN1_INTEGER *version;
GENERAL_NAME *requestorName;
STACK_OF(Request) *requestList;
STACK_OF(X509_EXTENSION) *requestExtensions;
} TBSRequest;
typedef struct {
X509_ALGOR *signatureAlgorithm;
ASN1_BIT_STRING *signature;
STACK_OF(X509) *certs;
X509_ALGOR *signatureAlgorithm;
ASN1_BIT_STRING *signature;
STACK_OF(X509) *certs;
} Signature;
typedef struct {
TBSRequest *tbsRequest;
Signature *optionalSignature;
TBSRequest *tbsRequest;
Signature *optionalSignature;
} OCSPRequest;
typedef struct {
X509_ALGOR *hashAlgorithm;
ASN1_OCTET_STRING *issuerNameHash;
ASN1_OCTET_STRING *issuerKeyHash;
ASN1_INTEGER *certificateSerialNumber;
X509_ALGOR *hashAlgorithm;
ASN1_OCTET_STRING *issuerNameHash;
ASN1_OCTET_STRING *issuerKeyHash;
ASN1_INTEGER *certificateSerialNumber;
} CertID;
typedef struct {
CertID *reqCert;
STACK_OF(X509_EXTENSION) *singleRequestExtensions;
CertID *reqCert;
STACK_OF(X509_EXTENSION) *singleRequestExtensions;
} Request;
/* Response structures */
typedef struct {
ASN1_OBJECT *responseType;
ASN1_OCTET_STRING *response;
ASN1_OBJECT *responseType;
ASN1_OCTET_STRING *response;
} ResponseBytes;
typedef struct {
ASN1_ENUMERATED *responseStatus;
ResponseBytes *responseBytes;
ASN1_ENUMERATED *responseStatus;
ResponseBytes *responseBytes;
} OCSPResponse;
typedef struct {
int type;
union {
X509_NAME *byName;
ASN1_OCTET_STRING *byKey;
}d;
int type;
union {
X509_NAME *byName;
ASN1_OCTET_STRING *byKey;
} d;
} ResponderID;
typedef struct {
ASN1_INTEGER *version;
ResponderID *responderID;
ASN1_GENERALIZEDTIME *producedAt;
STACK_OF(SingleResponse) *responses;
STACK_OF(X509_EXTENSION) *responseExtensions;
ASN1_INTEGER *version;
ResponderID *responderID;
ASN1_GENERALIZEDTIME *producedAt;
STACK_OF(SingleResponse) *responses;
STACK_OF(X509_EXTENSION) *responseExtensions;
} ResponseData;
typedef struct {
ResponseData *tbsResponseData;
X509_ALGOR *signatureAlgorithm;
ASN1_BIT_STRING *signature;
STACK_OF(X509) *certs;
ResponseData *tbsResponseData;
X509_ALGOR *signatureAlgorithm;
ASN1_BIT_STRING *signature;
STACK_OF(X509) *certs;
} BasicOCSPResponse;
typedef struct {
ASN1_GENERALIZEDTIME *revocationTime;
ASN1_ENUMERATED * revocationReason;
ASN1_GENERALIZEDTIME *revocationTime;
ASN1_ENUMERATED *revocationReason;
} RevokedInfo;
typedef struct {
int type;
union {
ASN1_NULL *good;
RevokedInfo *revoked;
ASN1_NULL *unknown;
} d;
int type;
union {
ASN1_NULL *good;
RevokedInfo *revoked;
ASN1_NULL *unknown;
} d;
} CertStatus;
typedef struct {
CertID *certID;
CertStatus *certStatus;
ASN1_GENERALIZEDTIME *thisUpdate;
ASN1_GENERALIZEDTIME *nextUpdate;
STACK_OF(X509_EXTENSION) *singleExtensions;
CertID *certID;
CertStatus *certStatus;
ASN1_GENERALIZEDTIME *thisUpdate;
ASN1_GENERALIZEDTIME *nextUpdate;
STACK_OF(X509_EXTENSION) *singleExtensions;
} SingleResponse;
typedef struct {
X509_NAME *issuer;
STACK_OF(ACCESS_DESCRIPTION) *locator;
} ServiceLocator;
/* Now the ASN1 templates */
IMPLEMENT_COMPAT_ASN1(X509);
IMPLEMENT_COMPAT_ASN1(X509_ALGOR);
//IMPLEMENT_COMPAT_ASN1(X509_EXTENSION);
// IMPLEMENT_COMPAT_ASN1(X509_EXTENSION);
IMPLEMENT_COMPAT_ASN1(GENERAL_NAME);
IMPLEMENT_COMPAT_ASN1(X509_NAME);
ASN1_SEQUENCE(X509_EXTENSION) = {
ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(X509_EXTENSION);
ASN1_SEQUENCE(Signature) = {
ASN1_SIMPLE(Signature, signatureAlgorithm, X509_ALGOR),
ASN1_SIMPLE(Signature, signature, ASN1_BIT_STRING),
ASN1_SEQUENCE_OF(Signature, certs, X509)
ASN1_SIMPLE(Signature, signatureAlgorithm, X509_ALGOR),
ASN1_SIMPLE(Signature, signature, ASN1_BIT_STRING),
ASN1_SEQUENCE_OF(Signature, certs, X509)
} ASN1_SEQUENCE_END(Signature);
ASN1_SEQUENCE(CertID) = {
ASN1_SIMPLE(CertID, hashAlgorithm, X509_ALGOR),
ASN1_SIMPLE(CertID, issuerNameHash, ASN1_OCTET_STRING),
ASN1_SIMPLE(CertID, issuerKeyHash, ASN1_OCTET_STRING),
ASN1_SIMPLE(CertID, certificateSerialNumber, ASN1_INTEGER)
ASN1_SIMPLE(CertID, hashAlgorithm, X509_ALGOR),
ASN1_SIMPLE(CertID, issuerNameHash, ASN1_OCTET_STRING),
ASN1_SIMPLE(CertID, issuerKeyHash, ASN1_OCTET_STRING),
ASN1_SIMPLE(CertID, certificateSerialNumber, ASN1_INTEGER)
} ASN1_SEQUENCE_END(CertID);
ASN1_SEQUENCE(Request) = {
ASN1_SIMPLE(Request, reqCert, CertID),
ASN1_EXP_SEQUENCE_OF_OPT(Request, singleRequestExtensions, X509_EXTENSION, 0)
ASN1_SIMPLE(Request, reqCert, CertID),
ASN1_EXP_SEQUENCE_OF_OPT(Request, singleRequestExtensions, X509_EXTENSION, 0)
} ASN1_SEQUENCE_END(Request);
ASN1_SEQUENCE(TBSRequest) = {
ASN1_EXP_OPT(TBSRequest, version, ASN1_INTEGER, 0),
ASN1_EXP_OPT(TBSRequest, requestorName, GENERAL_NAME, 1),
ASN1_SEQUENCE_OF(TBSRequest, requestList, Request),
ASN1_EXP_SEQUENCE_OF_OPT(TBSRequest, requestExtensions, X509_EXTENSION, 2)
ASN1_EXP_OPT(TBSRequest, version, ASN1_INTEGER, 0),
ASN1_EXP_OPT(TBSRequest, requestorName, GENERAL_NAME, 1),
ASN1_SEQUENCE_OF(TBSRequest, requestList, Request),
ASN1_EXP_SEQUENCE_OF_OPT(TBSRequest, requestExtensions, X509_EXTENSION, 2)
} ASN1_SEQUENCE_END(TBSRequest);
ASN1_SEQUENCE(OCSPRequest) = {
ASN1_SIMPLE(OCSPRequest, tbsRequest, TBSRequest),
ASN1_EXP_OPT(OCSPRequest, optionalSignature, Signature, 0)
ASN1_SIMPLE(OCSPRequest, tbsRequest, TBSRequest),
ASN1_EXP_OPT(OCSPRequest, optionalSignature, Signature, 0)
} ASN1_SEQUENCE_END(OCSPRequest);
/* Response templates */
ASN1_SEQUENCE(ResponseBytes) = {
ASN1_SIMPLE(ResponseBytes, responseType, ASN1_OBJECT),
ASN1_SIMPLE(ResponseBytes, response, ASN1_OCTET_STRING)
ASN1_SIMPLE(ResponseBytes, responseType, ASN1_OBJECT),
ASN1_SIMPLE(ResponseBytes, response, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(ResponseBytes);
ASN1_SEQUENCE(OCSPResponse) = {
ASN1_SIMPLE(OCSPResponse, responseStatus, ASN1_ENUMERATED),
ASN1_EXP_OPT(OCSPResponse, responseBytes, ResponseBytes, 0)
ASN1_SIMPLE(OCSPResponse, responseStatus, ASN1_ENUMERATED),
ASN1_EXP_OPT(OCSPResponse, responseBytes, ResponseBytes, 0)
} ASN1_SEQUENCE_END(OCSPResponse);
ASN1_CHOICE(ResponderID) = {
ASN1_EXP(ResponderID, d.byName, X509_NAME, 1),
ASN1_IMP(ResponderID, d.byKey, ASN1_OCTET_STRING, 2)
ASN1_EXP(ResponderID, d.byName, X509_NAME, 1),
ASN1_IMP(ResponderID, d.byKey, ASN1_OCTET_STRING, 2)
} ASN1_CHOICE_END(ResponderID);
ASN1_SEQUENCE(RevokedInfo) = {
ASN1_SIMPLE(RevokedInfo, revocationTime, ASN1_GENERALIZEDTIME),
ASN1_EXP_OPT(RevokedInfo, revocationReason, ASN1_ENUMERATED, 0)
ASN1_SIMPLE(RevokedInfo, revocationTime, ASN1_GENERALIZEDTIME),
ASN1_EXP_OPT(RevokedInfo, revocationReason, ASN1_ENUMERATED, 0)
} ASN1_SEQUENCE_END(RevokedInfo);
ASN1_CHOICE(CertStatus) = {
ASN1_IMP(CertStatus, d.good, ASN1_NULL, 0),
ASN1_IMP(CertStatus, d.revoked, RevokedInfo, 1),
ASN1_IMP(CertStatus, d.unknown, ASN1_NULL, 2)
ASN1_IMP(CertStatus, d.good, ASN1_NULL, 0),
ASN1_IMP(CertStatus, d.revoked, RevokedInfo, 1),
ASN1_IMP(CertStatus, d.unknown, ASN1_NULL, 2)
} ASN1_CHOICE_END(CertStatus);
ASN1_SEQUENCE(SingleResponse) = {
ASN1_SIMPLE(SingleResponse, certID, CertID),
ASN1_SIMPLE(SingleResponse, certStatus, CertStatus),
ASN1_SIMPLE(SingleResponse, thisUpdate, ASN1_GENERALIZEDTIME),
ASN1_EXP_OPT(SingleResponse, nextUpdate, ASN1_GENERALIZEDTIME, 0),
ASN1_EXP_SEQUENCE_OF_OPT(SingleResponse, singleExtensions, X509_EXTENSION, 1)
ASN1_SIMPLE(SingleResponse, certID, CertID),
ASN1_SIMPLE(SingleResponse, certStatus, CertStatus),
ASN1_SIMPLE(SingleResponse, thisUpdate, ASN1_GENERALIZEDTIME),
ASN1_EXP_OPT(SingleResponse, nextUpdate, ASN1_GENERALIZEDTIME, 0),
ASN1_EXP_SEQUENCE_OF_OPT(SingleResponse, singleExtensions, X509_EXTENSION, 1)
} ASN1_SEQUENCE_END(SingleResponse);
ASN1_SEQUENCE(ResponseData) = {
ASN1_EXP_OPT(ResponseData, version, ASN1_INTEGER, 0),
ASN1_SIMPLE(ResponseData, responderID, ResponderID),
ASN1_SIMPLE(ResponseData, producedAt, ASN1_GENERALIZEDTIME),
ASN1_SEQUENCE_OF(ResponseData, responses, SingleResponse),
ASN1_EXP_SEQUENCE_OF_OPT(ResponseData, responseExtensions, X509_EXTENSION, 1)
ASN1_EXP_OPT(ResponseData, version, ASN1_INTEGER, 0),
ASN1_SIMPLE(ResponseData, responderID, ResponderID),
ASN1_SIMPLE(ResponseData, producedAt, ASN1_GENERALIZEDTIME),
ASN1_SEQUENCE_OF(ResponseData, responses, SingleResponse),
ASN1_EXP_SEQUENCE_OF_OPT(ResponseData, responseExtensions, X509_EXTENSION, 1)
} ASN1_SEQUENCE_END(ResponseData);
ASN1_SEQUENCE(BasicOCSPResponse) = {
ASN1_SIMPLE(BasicOCSPResponse, tbsResponseData, ResponseData),
ASN1_SIMPLE(BasicOCSPResponse, signatureAlgorithm, X509_ALGOR),
ASN1_SIMPLE(BasicOCSPResponse, signature, ASN1_BIT_STRING),
ASN1_EXP_SEQUENCE_OF_OPT(BasicOCSPResponse, certs, X509, 0)
ASN1_SIMPLE(BasicOCSPResponse, tbsResponseData, ResponseData),
ASN1_SIMPLE(BasicOCSPResponse, signatureAlgorithm, X509_ALGOR),
ASN1_SIMPLE(BasicOCSPResponse, signature, ASN1_BIT_STRING),
ASN1_EXP_SEQUENCE_OF_OPT(BasicOCSPResponse, certs, X509, 0)
} ASN1_SEQUENCE_END(BasicOCSPResponse);